As the Russian Threat to Ukraine Grows, U.S. Warns of Cyber Disruption
As the possibility of a Russian attack on Ukraine grows, America's federal cybersecurity agencies are advising operators of critical infrastructure - like seaports and pipelines - to step up their preparedness to counter Russian state-sponsored cyber operations.
"CISA, the FBI, and NSA encourage the cybersecurity community - especially critical infrastructure network defenders - to adopt a heightened state of awareness and to conduct proactive threat hunting," the three agencies said in a joint advisory issued Tuesday.
Russian cyber criminals and government units have been hacking critical infrastructure for years, from the Ukrainian power grid collapse of 2015 to the Maersk / APMT shutdown of 2017 to the Colonial Pipeline ransomware attack of 2021. Some cyber experts say that by this stage in the game, companies in targeted sectors should already be prepared for the threat.
"This activity is just a continuation of that long-standing tradition, and I read this advisory as another periodic reminder of the background radiation of global politics," said Tim Wade, CTO at cybersecurity consultancy Vectra, speaking to eSecurity Planet.
Ready or not, the cyberconflict in Ukraine is already under way. Russian state-backed hackers have stepped up their activity in Ukraine over the past month, U.S. officials told The New York Times. According to cybersecurity consultant Dmitri Alperovitch, these threat groups are actively at work in the networks of Ukrainian government ministries and power utility companies.
For shipping interests, the Russian cyber threat could create additional disruption for already-distressed supply chains. The infamous Maersk/APMT hack - which effectively shut APMT's terminal network worldwide and cost upwards of $300 million - was not even intentional: it was a side effect of a Russian malware attack on a Ukrainian accounting software platform.
In expectation of the heightened cyber activity that might accompany an invasion of Ukraine, officials in the EU are preparing their cyber defenses. Later this week, several EU governments will start a six-week exercise simulating a large-scale cyberattack on supply chains, according to Bloomberg. The objective is to test out Europe's vulnerabilities and crisis-response capabilities in the event of a sophisticated Russian hacking offensive.
In the event that conflict breaks out on Ukraine's borders, shipping interests might also be affected by GPS disruption. Russia has well-known capabilities for GPS spoofing at a regional level, which could affect (and has previously affected) navigation in some areas, particularly the Black Sea.
In addition, Russia has demonstrated advanced capabilities for attacking satellites, threatening the security of the GPS constellation itself. In November, U.S. Space Force Vice Chief of Space Operations Gen. David Thompson told the Washington Post that China and Russia conduct "reversible attacks" on American satellite assets regularly, and the threat is growing "every single day." This recurring activity includes temporary effects like jamming and laser blinding, but it could escalate to destructive attacks in the event of a conflict.
In November, Russia conducted a controversial test of an anti-satellite missile, striking a defunct Soviet-era satellite and scattering thousands of fragments of debris in orbit. Days after, a Russian state-owned television station aired a segment in which a prominent host connected that test with an explicit threat to the U.S.-operated GPS satellite constellation.
"We shot down the old Soviet Tselina-D satellite in space orbit," said Dmitry Kiselyov, the head of state media conglomerate Rossiya Segodnya and a host on channel Rossiya-1. "That was the completion of tests of Russia's anti-satellite system . . . It means that if NATO crosses our red line, it risks losing all 32 of its GPS satellites at once."
If Russia took the extreme decision to destroy or degrade the GPS constellation in space, vessels that rely on GPS for all of their electronic positioning would be immediately affected. Vessels fitted with multi-frequency GNSS receivers - increasingly common in modern units - would still have the use of positioning signals from the GLONASS, BeiDou and Galileo constellations, barring further disruption.