On March 21, 2022, President Biden issued a statement reiterating warnings that Russia is “exploring” options for potential cyberattacks against the United States in retaliation for sanctions against Russia for its invasion of Ukraine, citing “evolving intelligence.” The President also stressed the danger to executives at a meeting of the Business Roundtable, stating “one of the tools [Putin] is most likely to use, in my view and our view, is cyber, cyberattacks,” and indicating that while Putin has not used this weapon yet, it is “part of his playbook.” While Russia is unlikely to do something substantial that would risk retaliation by the United States, a small disruptive strike that impacts the U.S. economy for days, weeks, or even months still appears possible in order to “make a point.”
The warnings were echoed by Deputy National Security Advisor for Cyber and Emerging Technology, Anne Neuberger, who stated that while there is no certainty of such an attack on the United States, President Biden’s statement should be viewed as a “call to action,” with a particular focus on critical infrastructure, such as dams, electric grids, oil and gas production, water systems, and food production and distribution. Many of these critical functions are operated by the private sector, some of whom may not have deployed cybersecurity defenses consistent with best practices and may not be prepared for such a cyberattack. Businesses who are unprepared or have left known vulnerabilities unpatched are easy targets for a cyberattack.
Russian hackers are often considered by security experts to be some of the world’s most advanced and sophisticated, and a cyberattack by them against critical infrastructure may be highly disruptive. An annual report by the Office of the Director of National Intelligence regarding threats against U.S. national security released earlier this month confirmed this belief, stating “Russia is particularly focused on improving its ability to target critical infrastructure… because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis.”
Neuberger also indicated that federal agencies have briefed more than 100 companies on the elevated threats, including information about preparing for a cyberattack. The renewed warnings from President Biden together with the guidance provided in these briefings from federal agencies should serve as a reminder for U.S. business of all types, especially those involved in critical infrastructure, to accelerate efforts to defend against a cyberattack. For more information on steps that businesses can implement now to protect against potential cyberattacks, see our previous article, Security Measures to Deploy Now to Defend Against a Russian Cyberattack.
As the Russia-Ukraine war continues, so too do new business and legal implications for companies around the world.