As 2015 came to a close, the lights went out throughout a large portion of Ukraine as Russian hackers remotely took over an electric utility’s control centre and shut down one power plant after another, leaving the company’s workers powerless as they watched their screens.
The next year, the same event occurred, but this time in and around Kyiv, the Ukrainian capital.
In response, the United States and the United Kingdom have secretly dispatched cyberwarfare experts to Ukraine in the hopes of better preparing the country to deal with what they believe will be the next move by Russian President Vladimir V. Putin as he threatens the former Soviet republic: not an invasion with the 175,000 troops he has amassed on the border, but cyberattacks that bring Ukraine’s electric grid, banking system, and other critical components of its economy and government down.
According to American intelligence estimates, Russia’s purpose would be to make Ukraine’s president, Volodymyr Zelensky, seem incompetent and helpless — and even offer a reason for an invasion.
In some ways, the Russian cybercampaign against Ukraine has never ended, according to American authorities, despite the fact that it has been operating at a low level until lately. Although public emphasis has been focused on the military increase, American officials and analysts have said in interviews that the activity has been ramped up over the last month notwithstanding this.
Officials in the United States think that a military invasion is far from likely. Sullivan, who serves as President Biden’s national security advisor, stated at a meeting of the Council on Foreign Relations that the United States government believes he has not yet made a decision. Russian cyberactivity was not specifically mentioned by Mr. Sullivan, but it has been a major focus at the White House, the Central Intelligence Agency, the National Security Agency, and the United States Cyber Command, whose “cyber mission forces” are deployed around the world to identify vulnerabilities in the system.
An estimated dozen officials, all of whom sought anonymity because the material was taken from secret intelligence and delicate conversations about how to lessen the Russian threat, described Russia’s cyberactivity. Those discussions have centred on whether Mr. Putin believes that hurting Ukraine’s infrastructure is his greatest chance of accomplishing his principal aim, which is the ouster of the Ukrainian government and the installation of a puppet leader in its place.
It would be calculated, according to a senior intelligence officer, that such an assault would not need him to occupy the nation or incur as many of the penalties that would almost definitely be imposed as a result of a conventional military invasion.
Mr. Putin has already begun to work on gaining support at home as well as in Africa, South and Central America, and the Middle East. According to U.S. and allied officials, Russian-led information campaigns have focused on defaming the Ukrainian government and accusing its leader of causing a humanitarian crisis in the country’s east, where Ukrainian government forces have been battling Russia-backed separatists for several years.
Officials from the United States refused to provide details on the cyberteams that have been deployed in Ukraine. A statement from the Biden administration noted merely that “we have long supported Ukraine’s efforts to strengthen its cyberdefenses and boost its cyberresilience.” The Biden administration did not elaborate.
While neither government would disclose specifics, officials from the United States stated the country was planning a bigger deployment that would include resources from the United States Cyber Command (US Cyber Command). However, it is uncertain how much good a larger group of people might achieve beyond displaying solidarity.
The Ukrainian grid, which is linked to the Russian grid, was constructed during the Soviet era. Russian components have been used in the update. In fact, the programme is as well-known to the attackers as it is to its operators. And although Ukraine has repeatedly said that it would work to repair its system, Mr. Putin’s hackers, or at the very least organisations loyal to him, have shown time and time again that they are capable of bringing portions of the nation to a standstill via hacking.
Sean Plankey, a former Energy Department cyberexpert who is now an executive at DataRobot, said in an interview that Russian hackers understand every connection in the architecture — and that they are most likely aided by insiders.
According to Representative Mike Gallagher, a Republican from Wisconsin who, along with Mr. King, serves as co-chair of the Cyberspace Solarium Commission, the United States should attempt to deter a cyberattack on Ukraine by making it clear that such an attack would result in a swift and severe response.
Because Russia can operate beneath a thin veneer of denial, cyberoperations continue to have appeal for the Russian government over full-scale military operations. And over the past decade, Mr. Putin has proved that even the most flimsiest of disguises provides sufficient protection.
When it comes to state involvement, “you can be fairly certain that what we observed was state activity, employing the false flag of criminal behaviour,” said Jim Richberg, a former national intelligence manager for cyber who is now a vice president at Fortinet, an information security company. “They intended it to have such a widespread effect on essential infrastructure in Ukraine and to give the impression that it was a criminal operation gone bad,” says the author.