The war in Ukraine has prompted the United States to accelerate its investments in cybersecurity, despite constant – albeit unrealized – warnings of Russian cyberattacks on government agencies, electoral systems, and critical infrastructure.
After the invasion of Ukraine, federal agencies have invested millions in cyber technology, seized and sanctioned hacker forums, indicted Russian cybercriminals and issued almost weekly warnings about the latest threat risks.
Even lawmakers in Congress have ramped up their efforts, with the introduction of several cyberattack-related laws and the passage of a new law requiring companies in critical sectors to report significant cyberattacks within 72 hours and ransomware payments within 24 hours.
The law was passed in March as part of an omnibus spending bill that significantly increased funding for the Cybersecurity and Infrastructure Security Agency (CISA), which oversees federal cybersecurity infrastructure and enforcement.
“The war in Ukraine is kind of a pivotal event to get legislative initiative and impetus and get public support for making this an issue for their representatives to care about,” said Jason Blessing, senior research fellow at American Enterprise Institutes.
“As terrible as the war was, it is an opportunity for the US government to create more resilient cyber frameworks,” he added.
Lawmakers have also held several cybersecurity committee hearings in recent weeks, inviting experts – from the private sector and government – to comment on current cyber threats and how to mitigate them.
Though many of these efforts predated the Russian invasion, experts said the war in Ukraine gave momentum and priority to actions such as lawmakers passing the Cyber Incident Reporting Act and the Justice Department’s indictment of Russian hackers (DOJ ).
“The DOJ was clearly investigating the hackers charged in March for some time prior to this announcement, but I think it’s possible that the war prompted them to release these charges earlier than usual,” said Josephine Wolff. Associate Professor of Cybersecurity Policy at Tufts University Fletcher School.
The DOJ in March indicted four Russian nationals accused of hacking energy sectors in 135 countries. One of the indictments alleged that a Russian computer programmer and his co-conspirator had attacked a foreign oil facility and caused two separate emergency shutdowns.
“I think the war had some impact, but I think it’s difficult to separate that from the work already underway, and in some cases, rather than stimulating new initiatives, the war may have accelerated the timeline for things that were already in place.” were in the works,” added Wolff.
Although the US is sounding the cyber alarm, Russia is still showing restraint in the face of crippling economic sanctions. Pundits and policymakers are still warning that Russian cyber aggression is only a matter of time, especially with the upcoming midterm elections.
However, Russia has recently targeted critical infrastructure in European countries, including Ukraine and Germany.
Ukraine has been the target of numerous cyberattacks that have disrupted its government websites and critical infrastructure, including the country’s power grid.
And earlier this month, three Germany-based renewable energy companies announced they were hit by cyberattacks that disrupted operations and forced one company to shut down its IT systems.
The attack on the companies follows decisions by many western European countries to reduce their dependence on Russian oil and gas and switch to greener energy sources.
Sen. Mark Warner (D-Va.), chairman of the Senate Intelligence Committee, was among the loudest voices warning of Russian cyber aggression against the US. In a statement to The Hill, he said the resulting urgency and collaboration has strengthened the country’s cyber defenses, even as the attacks have not come to fruition.
“The possibility that Russia will increase its cyber aggression has forced the federal government to seriously consider worst-case scenarios and accelerate government and private sector investments to improve our country’s cybersecurity,” Warner said.