The Washington PostDemocracy Dies in Darkness
The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

The U.S. could publicize any Russian election hacking plans much faster

The Cybersecurity 202

A newsletter briefing on cybersecurity news and policy.

Welcome to The Cybersecurity 202! I hope everyone had a good Pi Day yesterday. I made no pies, but had pretty good luck with Nell Lewis’s Kentucky butter cake this weekend. 

Below: Lawmakers want a briefing on Russian cyberthreats to critical infrastructure, and European banks are isolating computer networks from Russian employees. 

Back in 2016, U.S. officials waited months to officially blame Russia for trying to influence the election by hacking Democrats' emails.

Now researchers are urging the government to move a lot faster in the 2022 and 2024 elections to release any information it might garner about potential Russian cyber and disinformation campaigns.

The goal is to subvert Kremlin plans, blunt the force of any hack and release operations and help guard against American voters being taken in by phony claims during an election cycle.

It’s modeled on a rapid declassification of intelligence on Russia’s Ukraine invasion, which was widely celebrated by analysts who said it blunted Russian efforts to justify the invasion and helped strengthen U.S. allies’ opposition.

  • “There’s a recognition, especially when the public imagination is the target, that there’s more that can be done to blunt those efforts,” Gavin Wilde, a former Russian-focused National Security Council official, told me.

Wilde, who’s now a managing consultant at the Krebs Stamos Group, co-authored a paper with Justin Sherman, a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative, that advocated for such intelligence declassification.

In 2016

The traditional hesitancy to declassify and release intelligence has often worked against U.S. interests — especially where Russia’s concerned. 

That hesitancy has usually been driven by concern about giving the adversary a heads up about how U.S. intelligence agencies are getting their information. But it’s also made it easier for Russian information operations to have a greater impact, including by influencing U.S. public opinion.

  • For example: It wasn’t until October 2016 that the U.S. government officially blamed Russia for hacking and leaking emails from the Democratic National Committee and the Hillary Clinton campaign — months after the emails had been released online and begun to sway public opinion.
  • Some information about Russian hacking operations in the election didn’t come out until the release of the Mueller report in 2018. Per that report, Kremlin hackers breached voter rolls in at least two states before the 2016 contest, but there’s no evidence they changed any votes.
Ukraine war

The government moved much faster when it came to Russia's invasion of Ukraine.

The Biden administration took a novel approach to Russia, rapidly declassifying and releasing intelligence about the Kremlin’s invasion plans and phony justifications for the operation.

The move to release information in advance of the Ukraine invasion was widely celebrated by analysts who said it blunted Russian efforts to justify the invasion and helped strengthen U.S. allies’ opposition. 

“In 2016, you had an effort by Obama and [Director of National Intelligence James] Clapper to say, ‘let’s get all of our cards on the table,’ but it was still a post hoc diagnosis. Whereas, this time there’s clearly political will at the senior levels to bless getting out ahead [of Russian operations],” Wilde told me. 

Looking ahead

U.S. officials have been trying to learn the lessons of 2016. When Iran launched an operation to sow fear and doubts around the 2020 election, officials rapidly exposed details of the operation. That scheme involved posing as the Proud Boys, a far-right group, and threatening violence against registered Democrats if they didn’t vote for President Donald Trump. 

There’s no evidence of major interference by the Kremlin in the 2020 presidential election. But such interference may be more likely in 2022 and 2024 given U.S.-Russia tensions following the Ukraine invasion and a spate of punishing U.S. sanctions

Lawmakers are increasingly concerned that Russian President Vladimir Putin will turn to election interference as a way to retaliate against the United States for harsh sanctions, as Rep. Eric Swalwell (D-Calif.) told me recently.

The status of Ukraine has also frequently been a topic in Russian disinformation campaigns targeting the West. 

“A common theme from 2016 onward is that Ukraine’s trajectory is a motivating factor for Russian influence efforts against U.S. elections,” Wilde said. I would certainly bet on 2024 being another trial run for some of these operations, so we should steel ourselves.”

The keys

Researchers found new malware that wipes computer data in Ukraine

The malicious software has been “seen on a few dozen systems in a limited number of organizations,” cybersecurity firm ESET said. It’s not clear who is behind it.

In other Ukraine news:

  • A bipartisan group of nearly two dozen senators wants a DHS briefing about CISA’s response to the war. The lawmakers praised CISA for providing guidance to U.S. industry but want more details about the risks to critical sectors, the agency's response to Russian disinformation and international cooperation. Read the letter here.
  • Ukrainian cybersecurity firms have joined the fight against Russia, raising questions about ethics, risk and potential fallout. The Kyiv-based firm Hacken has “turned into one of Ukraine's most active hacking groups, designing cyberweapons and launching attacks on Russian critical infrastructure in an effort to disrupt Moscow's invasion of Ukraine,” Politico Europe’s Laurens Cerulus writes.
  • The cybercriminal world is fracturing as the war in Ukraine continues, Accenture’s Cyber Threat Intelligence team said. That has boosted the threat to Western companies, with “pro-Russian actors galvanizing against Western targets, especially in the resources, government, media, financial and insurance industries,” it said. CyberScoop’s AJ Vicens has more on the report here.

European banks prepare to isolate their Russian networks

At least one bank has cut off its Russian staff’s access to its corporate networks, while two other European banks are making preparations to do so, Bloomberg News’s Steven Arons reports. The banks are preparing to make the changes so they can limit their vulnerability to cyberattacks in the wake of Russia’s war with Ukraine.

Banks are also adding additional safeguards to defend themselves from cyberattacks:

  • Deutsche Bank is transferring essential IT tasks outside of Russia, Bloomberg News reports. The bank has seen “increased cyberattacks” since Russia invaded Ukraine, it said in a report.
  • Societe Generale asked its staff to be extra vigilant in their online communications, Bloomberg News previously reported.

Top U.K. court denies WikiLeaks founder’s extradition appeal

It’s a serious blow to Julian Assange’s attempt to block extradition from the United Kingdom to the United States, Reuters’s Alistair Smout and Michael Holden report. U.S. authorities want Assange to go on trial before a U.S. court on charges including hacking crimes for conspiring to break the password of a government computer.

U.K. Home Secretary Priti Patel still has to ratify the extradition decision. After that, Assange can try to challenge the decision through a process in which a judge looks into its legitimacy.

U.S. authorities have agreed to transfer Assange to his native country of Australia to serve his sentence if he is convicted. They have also pledged to not hold him in total isolation or at a “supermax” facility if he serves time in the United States. Assange’s lawyers have called the decision to extradite him based on those guarantees “highly disturbing.”

Hill happenings

Biden’s nomination of cyber-focused central bank official appears all but doomed

Sen. Joe Manchin III (D-W.Va.) decided to oppose President Biden’s nomination of Sarah Bloom Raskin as the Fed’s top banking regulator because of her stance on energy policy, Rachel Siegel reports. That means she faces a fraught, if not impossible, road to confirmation in a tightly divided Senate.

Raskin would have brought cybersecurity chops as the Fed’s vice chair for supervision. As the Treasury Department’s deputy secretary during the Obama administration, she led an effort to standardize approaches to financial cybersecurity among G-7 nations. This month, four former cybersecurity officials asked Senate leaders to quickly confirm Raskin because “the potential for significant cyber impacts is ever more apparent and urgent.”

Here’s how White House spokesman Chris Meagher responded to Manchin’s announcement:

Republican lawmakers demand answers about deportation of cybercriminal to Russia

U.S. authorities deported Russian criminal hacker Aleksei Burkov to Russia in what appeared to be a rare extradition in September, Miriam Berger reported. Now, around six months later, the top Republicans on four key House committees want national security adviser Jake Sullivan to explain why Burkov was deported before his sentence was up. They also want to know where Burkov is now, whether he is being held accountable for hacking in Russia, and what the U.S. government received in exchange for his deportation, if anything.

Intel chair 'amazed' Russia hasn't launched full-scale cyberwarfare  (The Hill)

Chat room

CISA partner Girls Who Code is highlighting “women who work in the cybersecurity field.” The organization — along with CISA Director Jen Easterly — on Monday highlighted CISA's Florida cybersecurity coordinator, Yolanda Williams. More from CISA:


Easterly also celebrated Pi day yesterday with a pizza pie riff on CISA's long-running metaphor for foreign disinformation campaigns that divide the public on contentious topics.

Industry report

Ukrainian hackers say HackerOne is blocking their bug bounty payouts (TechCrunch)

Ukraine war has insurers worried about cyber policies (Wall Street Journal)

Government scan

The Central Intelligence Agency has a new CIO (The Record)

CISA ‘Cyber Storm’ exercise simulated response to critical infrastructure attack (The Record)

Global cyberspace

Denial-of-service attack knocked Israeli government sites offline (CyberScoop)

How Ukraine won the #LikeWar (Politico Magazine)

China claims it captured NSA spy tool that already leaked (The Register)

Russians' demand for VPNs skyrockets after Meta block (Reuters)

Leaked chats show Russian ransomware gang discussing Putin’s invasion of Ukraine (The Intercept)

Privacy patch

A US surveillance program tracks nearly 200,000 immigrants. What happens to their data? (The Guardian)

Your connected car knows you. The tussle for that data's hitting high gear (Reuters)


  • Cyberspace Solarium Commission executive director Mark Montgomery speaks at an American Enterprise Institute event on gray-zone warfare that begins on Wednesday at 9:30 a.m.
  • The Atlantic Council hosts an event on China’s role in setting technology standards on Wednesday at noon. 
  • The Senate Banking Committee holds a hearing on the use of cryptocurrencies in illicit finance on Thursday at 10 a.m.
  • National Institute of Standards and Technology acting director James K. Olthoff testifies at a House Science Committee hearing on technical standards on Thursday at 10 a.m.

Secure log off

Thanks for reading. See you tomorrow.