No Russian Cyberattack Yet But Likelihood Remains High, Says CISA Chief

Director Jen Easterly of the Cybersecurity and Infrastructure Security Agency said the wave of cyberattacks that Russian operatives are anticipated to launch against American networks has yet to materialize. The official earlier warned of such attacks in retaliation for economic sanctions imposed by the United States against the Putin regime in the wake of the invasion of Ukraine, C4ISRNET reported Saturday.

Easterly, however, said that while CISA has yet to identify any “specific attacks on the U.S.,” malicious cyber activity has long been part of Russia’s playbook. She said that her agency remains concerned that as the war in Ukraine drags on, the likelihood that Moscow will turn to retaliatory cyberattacks to push back against US-led sanctions grows.

Easterly, a 2022 Wash100 awardee, explained that Russian cyberattacks against the U.S. are likely to take three forms. In the first scenario, the U.S. might be hit in the crossfire of cyberattacks intended for Ukraine, not unlike the Notpetya attack in 2017. In the second, the U.S. may be targeted directly through a series of ransomware attacks, similar to the ones carried out against Colonial Pipeline and JBS Foods. Lastly, Russian state-sponsored cyber actors may attack America’s critical infrastructure, including the communications, energy and medical sectors.

In March, President Joe Biden also warned that Russian-led cyberattacks against the U.S. were virtually inevitable. He said Moscow was in the process of “exploring” such attacks, but the U.S. would use “every tool” to prevent and respond to such a move.