US officials brace big banks for possible Russian hacking amid threats of sanctions


The meeting – which discussed how to defend against possible Russian-backed hacking attempts against US financial institutions should the Biden administration sanction Russian companies – shows how US officials continue to view cyberspace as a risk area, as long as the Ukraine crisis lasts. It comes as other critical infrastructure sectors, such as e.g. energy suppliers, are on alert against Russian activities.

The meeting came as President Joe Biden and his top officials spent the day issuing dire warnings of a possible Russian invasion. With an estimated 150,000 Russian troops stationed around Ukraine’s border, it was a day that underscored palpable concern that the path to a diplomatic offshoot was becoming ever narrower.

Biden said Friday he was confident Russian President Vladimir Putin made the decision to invade Ukraine, but stressed there was room for diplomacy.

The government’s warnings coincided with efforts to lay the groundwork for a series of sanctions promised by the US and its allies in the event of Russian military action.

Officials from the White House, Treasury Department, FBI and the US Agency for Cybersecurity and Infrastructure Security (CISA) attended the cybersecurity meeting on Thursday, people familiar with the meeting said. Invited were executives from JPMorgan Chase and Citigroup, the only US bank currently operating in Ukraine.

“We have a good insight into Russia’s capabilities or those of allied actors from previous actions, so we’ve taken on this issue [process] with those in mind,” a US official told CNN.

US officials, including CISA director Jen Easterly, continue to say there are “no specific credible threats to the US homeland” posed by the Russian military around Ukraine. But officials are also preaching vigilance and, as CNN reported Monday, are urging private executives to lower their threat thresholds for reporting suspicious digital activity to the government.

As US officials closely monitor any Russian hacking activity on US networks, on Friday they were quick to blame Russian military intelligence agency GRU for a cyberattack that temporarily blocked access to Ukrainian banks’ websites this week.

The banking sector received a lesson in the cyber risks that can accompany geopolitics in 2012 and 2013 when, following Western sanctions on Iran’s nuclear program, Iranian hackers flooded the websites of dozens of US banks with fake traffic costing tens of millions of dollars in lost business.

The experience has made a big splash in the minds of cybersecurity executives at US financial institutions, who have been beefing up their defenses in recent years. Experts consider the financial and electronics sectors to be two of the more mature cyber defense systems.

A Treasury Department spokesman declined to comment on Thursday’s meeting. JPMorgan Chase and Citigroup declined to comment.

A senior administration official told CNN that since November, the White House and federal agencies have been preparing for “possible disruptions to our critical infrastructure and possible impacts on individuals and communities.”

“Tabletop Exercises”

The potential cyber threat has also been the subject of so-called “tabletop” exercises that have taken place within the administration in recent months, as officials across the government met to play out possible responses to a Russian escalation and possible invasion.

“We have created a process that allows authorities to quickly assess the impact of cyber attacks [and] physical incidents and the White House,” the official added.

A tipping point that could trigger Russian-backed hacking against US organizations is if the Biden administration imposes the “quick and severe” sanctions officials have promised if Russia invades Ukraine further.

U.S. officials have sought opinions on potential market implications of new sanctions, which officials have suggested would go further than any package before it, with potential targets ranging from financial institutions and networks to export controls aimed at critical Russian Affecting economic sectors that depend on American software and equipment.

As tensions have reached their highest level in recent days, the pace of work to plan for what might happen after the imposition of sanctions has also picked up from an already high level, an official said.

The grid regulator is directing utilities to be at the “highest possible level” of readiness

Federal officials and leaders from key sectors like banking and energy are keeping a close eye on possible spillovers from US-Russia tensions in Ukraine. Those preparations included an Energy Department briefing on the history of Russia’s cyber capabilities in December for America’s largest utilities and an earlier secret Treasury Department briefing for big banks, CNN previously reported.

North American electric utilities should be prepared for “potential Russia-related cyber and disinformation activities” amid US-Russia tensions over Ukraine at their “highest possible levels,” North America’s grid regulator said in a recommendation for Energy Week obtained by CNN.

The North American Electric Reliability Corporation (NERC) — a non-profit regulator backed by the US and Canadian governments — said it was unaware of a “specific, credible threat posed by Russia to the North American electricity industry.” [or associated threat actors].”

However, the regulator said it is giving the electronics industry a “proactive recommendation” to watch out for anomalous cyber activity.

“During these heightened tensions, NERC recommends that organizations maintain the highest possible security posture for their most critical system assets and have response, mitigation and workforce plans in place for this escalating conflict,” NERC said.

NERC regularly monitors various cyber threats and communicates with utility companies about them.

The electrical sector has deployed additional threat detection tools in the more sensitive industrial control systems that help deliver power over the last year as part of a US government-backed initiative.

“If one of us gets punched in the face, we all know about it,” said Robert M. Lee, CEO of industrial cybersecurity company Dragos, of the greater visibility of threats in the sector.

US power companies and officials have also carefully investigated cyberattacks in 2015 and 2016 that cut power to parts of Ukraine and for which the Justice Department later blamed Russia’s GRU.

The Department of Energy and the Pentagon’s research branch have held a series of drills for US network operators in recent years to drill after the Ukrainian incident along the lines of mock cyberattacks.

Patrick C. Miller, the CEO and owner of Oregon-based Ampere Industrial Security, said the NERC alert is in that sense of preparing for advanced cyberattacks.

The cyberattacks in Ukraine in 2015 and 2016 “proved the fact that power systems are now fair game for adversaries,” Miller told CNN.

CNN’s Matt Egan contributed coverage.


About Author

Comments are closed.