The British Ministry of Defence (MoD) continues to follow Russia's special military operation in Ukraine, and it continues to see not only a failed invasion, but a failed occupation in the limited territory Russia has been able to bring under its military control.
US warnings of impending Russian cyberattacks.
US President Biden's warning, Monday, that Russia was likely to engage in cyberattacks against the US, continues to draw attention. Deputy National Security Advisor Anne Neuberger clarified the President's statement: “As the president has said, the United States is not seeking confrontation with Russia. But he has also said that if Russia conducts destructive cyberattacks against critical infrastructure, we will be prepared to respond.” National Security Advisor Jake Sullivan discussed some of the implications such an attack might have for NATO's collective defense agreement: "We could see circumstances wherein which a collective response by the alliance to a cyberattack would be called by an ally. That is absolutely something we and other countries could bring capacities to bear to help a country both defend itself and respond to a particular cyberattack." The FBI reports seeing signs of battlespace preparation against US energy providers, and the US Cybersecurity and Infrastructure Security Agency (CISA) continues to recommend that organizations take appropriate precautions.
The US has emphasized the importance of taking basic steps to improve cyber defenses and organizational resilience, Federal News Networks reports. "There is evolving intelligence that Russia may be exploring options for cyberattacks against the United States, CISA Director Jen Easterly told a session with critical infrastructure operators and stakeholders yesterday.
The UK's National Cyber Security Centre (NCSC) has seconded the White House warning. "In heightened periods of international tension all organisations should be vigilant to cyber risks, and for several months the NCSC has been advising organisations to bolster their cyber security," the Centre posted. "The NCSC has already published actionable guidance for organisations to reduce their risk of cyber compromises. While the NCSC are unaware of specific, targeted threats to the U.K. resulting from Russia’s illegal invasion of Ukraine, we recommend organisations follow this advice as a priority." That published guidance has much in common with CISA's Shields Up.
Russia's response to US and UK warnings against a Russian cyber threat.
Reuters quotes Kremlin spokesperson Dmitry Peskov as saying, "The Russian Federation, unlike many Western countries, including the United States, does not engage in state-level banditry." His contention, of course, is both pro forma and absurd: Russian privateering and direct state cyberattacks have been notorious données in cyberspace for two decades.
Andrey Krutskikh, a diplomat with a background in arms control who presently serves as director of the Russian Foreign Ministry's Department of International Information Security, struck a more statesmanlike tone than did Mr. Peskov. In an interview with Newsweek, Mr. Krutskikh pointed out the way in which cyberspace had become an international commons, and the importance of all sides working together to secure its beneficial use for all. He sees deniable cybercrime as a threat to international relations and security in cyberspace, and he regrets Western failure to take up the four points President Putin proposed in Geneva in 2020. "We were clear and candid with the suggestion to undertake concrete steps that would contribute to better security and trust." Unfortunately, he added, "there was no concrete reaction to our proposal."
The CyberWire's continuing coverage of the unfolding crisis in Ukraine may be found here.