The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Fears mount about Russian cyberattacks in Ukraine

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! I give “Being the Ricardos” a B-minus overall, but the performances were great, especially J.K. Simmons as William Frawley. It sparked some real “Nick at Nite” memories. 

Below: Senators want details about government cyber protections for the transportation sector, and a Russian extradited to the United States may have inside information about the Kremlin's 2016 election interference. 

Fears are mounting about possible Russian cyberattacks of Ukraine

Fears are mounting about a possible Russian military invasion of Ukraine — and the cyberattacks that would undoubtedly come with it.

Ukraine has been the target of Russia’s most brazen cyber operations in recent years. Such attacks would surely accompany any land invasion launched by the roughly 175,000 Russian troops currently massed on the Ukraine border.

A case in point: In the most significant known cyberattack against an electric grid to date, Kremlin hackers briefly shut off power for thousands of Ukrainian citizens in 2015. An attack of similar magnitude during a military conflict could sow chaos among the populace and dramatically reduce Ukraine’s ability to defend itself. 

Cybersecurity experts are already noting an uptick in Russian cyber intrusions into Ukrainian government and civilian computer networks that could lay the groundwork for a major cyberattack. 

U.S. and United Kingdom officials are trying to forestall such attacks. They’ve sent cyberwarfare experts to Ukraine to help improve preparations and planning, the New York Times reports. But with Russia’s immense offensive cyber capabilities, it’s unlikely Ukraine could fully fend off an attack. 

U.S. officials believe Russian President Vladimir Putin may also opt to launch cyberattacks that cripple Ukrainian infrastructure in place of a physical invasion, the Times reports. 

The situation offers a harrowing example of the major role cyber capabilities are likely to play in any future military conflict — especially those involving the top tier of cyber-capable nations including Russia and China. 

“We can certainly anticipate [Russian military action in Ukraine] will be accompanied by disinformation operations of all kinds and cyber incidents. ... It’s part of their toolbox,” Suzanne Spaulding, a top government cyber official during the Obama administration and director of the Defending Democratic Institutions project at the Center for Strategic and International Studies, told me. 

“Going forward, all physical kinetic military action that would be occurring in Eastern Europe will be preceded by a cyber pulse,” Tom Kellermann, head of cybersecurity strategy at VMware predicted to the Hill.  

Russia is no stranger to mixing cyberattacks with conventional military operations

Russia peppered Ukrainian computers with malware during 2014, according to the cybersecurity firm FireEye — probably aimed at stealing information to aid its invasion of Crimea that year.

  • The nation’s 2008 invasion of Georgia was accompanied by “denial-of-service” cyberattacks, which rendered numerous Georgian government websites inoperable by flooding them with more Internet traffic than they could handle.
  • Russia pummeled Estonia with a denial-of-service attack in 2007 that’s widely viewed as the first major case of nation-on-nation hacking.
  • There’s also the 2017 NotPetya malware bug, which U.S. officials say was initially unleashed by the Russian military and aimed at crippling computers in Ukraine. It spread far more widely, wreaking havoc across dozens of nations in what the White House called at the time the “most destructive and costly cyberattack in history.”

The Biden administration is pushing to forestall a Ukraine invasion. Officials are prepping a raft of sanctions targeting Russia’s financial sector and preparing a range of export controls, as Paul Sonne, Ellen Nakashima and Michael Birnbaum report.

Biden told Putin during a phone call last week that the United States will “respond decisively” to an invasion, according to a statement by press secretary Jen Psaki

The intense focus on the Ukraine conflict has distracted from other points of U.S.-Russia tension, including a Biden administration push for Putin to rein in Russia-based criminal ransomware attacks that pummeled U.S. schools, local governments and businesses last year. 

There’s some evidence that effort may have yielded positive results. But rising tensions between the nation could thwart any progress. 

The keys

A bipartisan group of senators wants to know how the Biden administration is defending the transportation sector against hacking

The lawmakers are asking for a trove of information from Homeland Security Secretary Alejandro Mayorkas and Transportation Secretary Pete Buttigieg, including how the departments “detect, prevent, and respond to cyber threats” and the roles of each department’s subcomponents in protecting critical transportation infrastructure. 

The letter also presses for an update to the transportation sector’s cybersecurity risk plan, which dates back to 2015 — that's practically ancient in the fast-paced world of cybersecurity. Ten senators signed on to the letter, which was led by Sens. Jacky Rosen (D-Nev.) and Roger Wicker (R-Miss.). 

The letter cites numerous cyber threats to transportation infrastructure — most prominently a 2021 ransomware attack on Colonial Pipeline that threatened to cut off gas supplies to the southeastern United States. 

A Russian hacker extradited to the United States reportedly has information on Russia’s 2016 election interference

Prosecutors last month extradited Vladislav Klyushin from Switzerland to the United States after he was charged with hacking and fraud in connection with a campaign against private companies that prosecutors said netted tens of millions of dollars worth of inside information. But Klyushin’s greater value could be inside information about Russia’s 2016 election operations, Bloomberg’s Henry Meyer, Irina Reznik and Hugo Miller report, citing people close to the Kremlin and Russia’s security services.

Russian intelligence has concluded that Klyushin “has access to documents relating to a Russian campaign to hack Democratic Party servers during the 2016 U.S. election,” Bloomberg reports. “His transfer to the U.S. represents a serious intelligence blow to the Kremlin, several of the people said, one that would deepen if Klyushin decides to seek leniency from U.S. prosecutors by providing information about Moscow’s inner workings,” Meyer, Reznik and Miller write.

The charges against Klyushin involve an elaborate insider trading scheme. He and associates allegedly hacked into companies that top firms use to file Securities and Exchange Commission reports and then bought and sold stocks based on the secret information. 

“The U.S. government has not publicly connected Klyushin to Russian interference in the 2016 election. But one of Klyushin's co-defendants in the securities fraud case is Ivan Ermakov, who was one of a dozen GRU officers whom a federal grand jury indicted in 2018 for interfering in the 2016 election by hacking and leaking documents from the Democratic National Committee,” as CNN’s Sean Lyngaas reports.

Klyushin may also have access to information about other Russian intelligence operations, sources told Bloomberg. 

The fight to end the filibuster could deliver election security reforms (if it works)

Senate Majority Leader Charles E. Schumer (D-N.Y.) set Jan. 17 as a deadline for changing Senate filibuster rules if Republicans continue to block voting rights legislation, John Wagner reports. The move is “Schumer’s strongest endorsement yet of trying to muscle through legislation that has been stymied because of Senate rules requiring a 60-vote threshold,” John writes.

One of the bills Senate Democrats want to pass is the Freedom to Vote Act, which primarily focuses on ballot access but is also chock-full of proposals sought by election security advocates. It would:

  • Require states to conduct post-election audits
  • Set up an advisory committee focused on election audits at the Commerce Department
  • Formally add “election infrastructure” to the Department of Homeland Security’s list of “critical infrastructure” sectors
  • Block states from using voting machines that aren’t manufactured or assembled in the United States and require them to have their software “developed and stored in the United States”

Reining in the filibuster is an uphill climb because all 50 Senate Democrats must  be onboard including moderates who’ve rejected changing the filibuster such as Sens. Joe Manchin III (D-W. V.) and Kyrsten Sinema (D-Ariz.). In a letter to lawmakers, Schumer emphasized that legislation proposed by Senate Democrats aims to counter “voter suppression and election nullification laws.” 

Chat room

As we approach the anniversary of the Jan. 6 Capitol attacks, election security expert and Georgetown University professor Matt Blaze examines how disinformation trumped facts about election integrity that day. 

Cyber insecurity

Opinion | The cybersecurity risk to our water supply is real. We need to prepare. (Mark Montgomery and Samantha F. Ravich)

Broward Health discloses data breach affecting 1.3 million people (Bleeping Computer)

Global cyberspace

Poland purchased NSO's Pegasus after Netanyahu meeting, report says (Haaretz)

One of Europe’s biggest suspected cryptocurrency fraudsters arrested in Spain (El Pais)

Securing the ballot

Peter Navarro: Trump distributed bogus election fraud research to 'every' congressional Republican (Rolling Stone)


  • The Atlantic Council hosts an event on the next National Defense Strategy on Wednesday at 2 p.m.

Secure log off

Thanks for reading. See you tomorrow.