Staff Sgt. Wendell Myler, a cyber warfare operations journeyman assigned to the 175th Cyberspace Operations Group of the Maryland Air National Guard, monitors live cyberattacks on the operations floor of the 27th Cyberspace Squadron, known as the Hunter’s Den, at Warfield Air National Guard Base, Middle River, Md., June 3, 2017. (J.M. Eddins Jr./U.S. Air Force)
WASHINGTON — U.S. Cyber Command is closely tracking the potential for renewed Russian cyberattacks in the spring as Ukraine and Russia launch offensives to seize Ukrainian territory, the command’s leader told senators on Tuesday.
Army Gen. Paul Nakasone warned the Senate Armed Services Committee that Russia remains a “very capable adversary” in cyberspace and could unleash a barrage of cyberattacks against Ukraine and the West as part of a military push deeper into Ukraine or reprisal for a successful Ukrainian counteroffensive.
“By no means is this done,” said Nakasone, who also serves as the director of the National Security Agency. “As Russia looks at armaments coming into [Ukraine], as Russia looks at different support, how do they react? This is something that we’re working closely every single day on.”
Nakasone disputed a prevailing view that Russia has not been as aggressive in the cyber realm as on the physical battlefield since launching a full-scale invasion of Ukraine last year. Russians have been “very active” in conducting disruptive and destructive operations against Ukraine, including attacks on government websites that intensified as the invasion got underway, he said.
Those efforts did not have the crippling effect Russia intended partly because of U.S. involvement, Nakasone said. A “hunt-forward” team deployed to Kyiv, Ukraine’s capital, in December 2021 to shore up Ukrainian cyber defenses and U.S. agencies and private companies continue to help, he said.
“We’ve been able to bring a series of partners, including the private sector, that have tremendous capability and capacity against the Russians,” Nakasone said.
The U.S. military is also working with the FBI and the Cybersecurity and Infrastructure Security Agency within the U.S. Department of Homeland Security to ensure the security of domestic infrastructure, he said. Information on the type of tradecraft that Russia uses in its cyberattacks is also passed on to NATO, he said.
The military alliance, whose members have rallied around Ukraine, has been of particular interest to Russian computer operatives, according to a June 2022 investigation by Microsoft. American organizations were the top targets of Russian hacking attempts outside of Ukraine while Poland, the gateway for Western-supplied military and humanitarian aid to Ukraine, was second.
Russia was able to successfully penetrate the defenses of governments, think tanks, humanitarian organizations, technology companies and critical infrastructure suppliers 29% of the time, according to the Microsoft report. About 25% of those breaches resulted in stolen data.
Nakasone said Tuesday that U.S. Strategic Command is ensuring the security of the most important network: nuclear command, control and communications. The NC3 system connects senior nuclear commanders with their nuclear forces.
“As we move forward, we continue full spectrum operations with a series of partners to include Ukraine to provide them assistance as they battle the Russians,” Nakasone said.
Viktor Zhora, a top official at Ukraine’s cyber defense agency, said in January that Russia most often uses data erasing malware in its cyberattacks but also sometimes pairs cyberattacks with missile strikes.
In November, Russian hackers carried out 10 attacks per day to maximize the effect of Russian bombardment of energy facilities and other critical civilian infrastructure, according to a report that the Ukraine agency released in January. The Russian campaign to plunge Ukrainians into darkness and cold reached a critical point on Nov. 24, when several waves of cyber and missile attacks forced all Ukraine’s nuclear plants offline.
