US sends top security official to help Nato brace for Russian cyber attacks

WASHINGTON (NYTIMES) - The White House dispatched its top cyber-security official to the North Atlantic Treaty Organisation (Nato) on Tuesday (Feb 1) in what it described as a mission to prepare allies to deter, and perhaps disrupt, Russian cyber attacks on Ukraine, and to brace for the possibility that sanctions on Moscow could lead to a wave of retaliatory cyber attacks on Europe and the United States.

The visit by the official, Ms Anne Neuberger, the deputy national security adviser for cyber and emerging technology, underscored recent intelligence assessments that an invasion of Ukraine would almost certainly be preceded by renewed cyber attacks on Ukraine's electric grid, its communications systems and its government ministries.

All of those systems have been Russian targets in the past six years. Ukraine has often been President Vladimir Putin's testing ground for Russia's arsenal of cyberweapons.

"We have been warning for weeks and months, both publicly and privately, that cyberattacks could be part of a broad-based Russian effort to destabilise and further invade Ukraine," the White House said in a statement announcing Ms Neuberger's arrival at Nato headquarters in Brussels.

After speaking with the North Atlantic Council, Nato's main policy body, she will go on to Poland, where she will meet with Baltic officials responsible for cyber defence.

In January, hackers brought down dozens of government websites in Ukraine, and Microsoft warned that it had detected a dangerous form of malware in government and private computer networks in the country.

The US government has been quietly sending teams into Ukraine in recent weeks to help shore up the country's defences, and it is preparing to do the same with Nato countries on the alliance's eastern flank.

But those experts are reporting back to Washington that there is relatively little they can do to fundamentally harden Ukraine's networks in a few weeks.

Ms Neuberger's trip is largely focused on how to coordinate a Nato response should Russia again attack parts of the power grid in Ukraine or take out communications in an effort to destabilise the government of President Volodymyr Zelenskyy.

One senior administration official noted recently that American intelligence assessments suggested that "getting a friendly government in place is Mr Putin's first objective", and if he could accomplish that without occupying the country and sparking an insurgency, "that would be his best option".

The official spoke on the condition of anonymity to talk about American assessments of Mr Putin's next moves.

If Russia conducts cyber attacks on Ukraine that are not connected to a traditional military invasion, American officials acknowledge it is uncertain whether Europe would agree to invoke the sanctions that the US has promised would follow a ground assault.

As United States President Joe Biden himself acknowledged in a news conference two weeks ago, the allies are divided on what kind of sanctions or other steps would be triggered by an action that falls short of a full-fledged invasion.

When the White House tried to explain what Mr Biden meant when he questioned how the West would respond to a "minor incursion" into Ukrainian territory, White House press secretary Jen Psaki suggested in a statement that he had "cyber attacks and paramilitary tactics" in mind, which fall short of traditional military attacks.

Still, she said that "those acts of Russian aggression will be met with a decisive, reciprocal and united response".

But Mr Biden's comments highlighted the reality that Nato and the European Union have never acted in concert in responding to a broad cyberattack.

When Russia was blamed for the SolarWinds supply chain attack in late 2020 and early 2021, which affected the US government and hundreds of global firms, only Washington announced significant sanctions. And Mr Biden himself pulled back from warnings during the transition to the presidency that he would authorise a counter cyber attack.

"I chose to be proportionate," he said last year when he imposed the sanctions.

"The United States is not looking to kick off a cycle of escalation and conflict with Russia. We want a stable, predictable relationship."

Mr Biden's staff has since all but abandoned hope of stability and predictability with Mr Putin.

The administration is quickly returning to strategies of deterrence while mapping out what kind of efforts the US could engage in to disrupt Russian cyberoperations without triggering direct conflict with Moscow.

That is where Ms Neuberger's trip fits in; she worked on both defensive and offensive operations when she served at the National Security Agency.

Some of the cyber attack techniques that Russia has perfected in Ukraine have been used in the US.

Actions that Russia took to influence the 2014 Ukrainian election became the model for election interference in 2016.

Four years ago, the Department of Homeland Security warned that Russia had targeted American and European nuclear power plants and water and electric systems with malware that could potentially paralyse them; the US responded in kind.

But the Russians have never pulled off a major disruptive attack on the US; even the Colonial Pipeline attack, which led to long gasoline lines last year, was a criminal ransomware case gone bad.

US intelligence officials doubt that Mr Putin will launch direct, disruptive attacks on American infrastructure and believe that he will avoid a direct confrontation with the US.

"The last thing they'll want to do is escalate a conflict with the United States in the midst of trying to fight a war with Ukraine," Mr Dmitry Alperovitch, a founder of Silverado Policy Accelerator, a think-tank, and the former chief technology officer of the cyber-security firm CrowdStrike, noted recently.

American officials say they agree. But that is a prediction, they note, not a guarantee.

Two weeks ago, the Cybersecurity and Infrastructure Security Agency issued a warning to American companies to be on the lookout for telltale signs of Russian-created malware, and last week, Britain did the same.