As Russian forces continue their steady build-up along Ukraine’s borders, the threat of war in central Europe grows. Russian troops and equipment are flowing west from bases in the vast east of the country, as NATO forces move to shore up the alliance’s eastern flank and some NATO member states have begun to render more substantial assistance to Kyiv. Diplomatic efforts are continuing.

While many military analysts believe that Russian forces are still several weeks away from being ready to mount a cross-border movement in force, this conflict, if it comes, will not likely not be confined to Ukraine. As has occurred in past crises between Ukraine and Russia, Kyiv is likely to see significant cyber disruptions as tensions intensify. Indeed, Ukraine was hit by a cyberattack earlier this month that affected dozens of government websites, most with defacement and some with data destruction.

Unlike in past crises, however, the effects may be felt beyond Ukraine if the U.S. and NATO military build-up in Eastern Europe continues or if the allies move forward on sanctions and other efforts to target Russia.

On January 24, as the Pentagon announced plans to put 8,500 U.S. troops on standby for rapid movement to Europe, press reports detailed a January 23 Intelligence and Analysis Bulletin sent to state and local law enforcement across the United States by the U.S. Department of Homeland Security. The DHS warning was pointed: "We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a U.S. or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security." Russia is a full-spectrum cyber actor and has a "range of offensive cyber tools" it could use against U.S. networks, including "a low-level denial of service attack" or a "destructive" attack on critical infrastructure.

The DHS bulletin followed on the heels of a January 18 CISA Insights, issued “to ensure that senior leaders at every organization in the United States are aware of critical cyber risks and take urgent, near-term steps to reduce the likelihood and impact of a potentially damaging compromise.” The CISA document then listed a number of steps that organizations should take without delay.

While the situation in and around Ukraine remains fluid, the potential for conflict and past use of cyber in Russia – Ukraine bilateral crises heightens the risk for a disruptive cyber event. The steps outlined in CISA Insights are prudent measures that we recommend to our clients.

Next steps

Organizations, in particular those of strategic value to the U.S. and allied nations, should prepare for a potential increase in cyberattacks should hostilities between Russia and Ukraine continue to increase. The CISA Insights released on January 18, 2022, lists a number of steps that organizations should take without delay.