Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime

US Sends Top Cyber Official to Europe Amid Ukraine Crisis

Deputy National Security Adviser Anne Neuberger to Speak With EU Counterparts
US Sends Top Cyber Official to Europe Amid Ukraine Crisis
File image of U.S. Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger

With tensions mounting on Ukraine's eastern border, where Russia has massed some 100,000 troops, U.S. cybersecurity officials have grown increasingly concerned over the threat of direct cyberwarfare carried out against Ukrainian networks, and perhaps retaliatory attacks on Western nations intervening. As such, the U.S. dispatched its top cyber official to Europe on Tuesday to discuss the Russian cyberthreat.

See Also: Gartner Market Guide for DFIR Retainer Services

Deputy National Security Adviser for Cyber and Emerging Technology Anne Neuberger will meet with European Union cybersecurity officials, along with representatives from NATO in Brussels, a senior Biden administration official told CNN.

Neuberger is also poised to meet Polish and Baltic officials and members of the Bucharest Nine, including NATO members Poland, Lithuania, Romania, Slovakia, Latvia, Bulgaria, the Czech Republic, Hungary and Estonia.

"Across all of these engagements, our focus is on ensuring that the U.S. and our allies and partners are prepared for any cyber-related contingency and prepared to respond in the current environment," the administration official said, according to The Hill. "We will also discuss how we will coordinate and support Ukraine, and each other, in the event that cyberattacks occur."

Neuberger will also meet with representatives from Germany and France, the official said.

Growing Concerns

Neuberger's trip comes amid poor diplomatic relations between the Kremlin and the West, which has promised to support Ukraine against cyber and kinetic threats.

Russian President Vladimir Putin has worked to prevent Ukraine's entry into NATO and has requested a NATO troop removal from Eastern Europe - terms that have drawn international condemnation. With the threat of possible invasion looming, foreign policy experts have increasingly pointed to cyberwarfare as a main weapon at the Russians' disposal.

On Monday, Symantec's Threat Hunter Team also outlined a specific Russian cyberespionage campaign conducted on a Ukrainian network in 2021. Symantec, a part of Broadcom Software, calls the group in question Shuckworm. Researchers say the group has leveraged phishing emails to inject remote access tools for reconnaissance and possible data exfiltration, and they point to other "living off the land" tools upon which the group has relied (see: Report Details Russian Cyberespionage Efforts in Ukraine).

The firm said the alleged spies, who are linked to Russia's Federal Security Service, or FSB - the main successor to the Soviet Union's KGB - use malicious Microsoft Word attachments to plant backdoors that allow for persistence and the delivery of more malware.

A recent report published by the Security Service of Ukraine, or SSU, pointed to similar findings. According to that report, the Shuckworm group has been responsible for over 5,000 attacks against more than 1,500 Ukrainian government systems since 2014.

Rhetoric Worsens

At the same time, rhetoric between the Kremlin and the West has become more pointed. U.S. President Joe Biden has warned Putin to de-escalate and seek diplomatic solutions and has said the U.S. is prepared to issue severe sanctions if Putin's troops use force. On Monday, Press Secretary Jen Psaki confirmed that the U.S. and the U.K. are prepared to punish Russian elites close to Putin with asset freezes and travel bans if Russia crosses into Ukraine, according to Reuters.

Still, experts fear possible kinetic action will first be enabled, or exacerbated, by direct military cyberattacks on Ukrainian infrastructure.

"In many cases, the balance of cyberwarfare capabilities is seriously tipped to one side or the other. Knowing the cyberwarfare capabilities of Russia, the U.S. recognizes the need to assist Russia's potential targets in defending themselves from this threat," says Erich Kron, a former security manager for the U.S. Army’s 2nd Regional Cyber Center.

And any response, he adds, will demand international collaboration.

"Much like we have seen consortiums formed to deal with economic threats such as ransomware originating from this region, combined efforts to counter [these] threats will become as common as our joint kinetic efforts have been in the past," says Kron, who is currently a security awareness advocate for the firm KnowBe4.

Other experts say network defenders - particularly suppliers to larger companies or government agencies - must understand the capabilities of this adversary.

"These [Russian] cybercriminals terrorize specific individuals and know exactly what information they need to compromise their victims," says Sami Knuutinen, a technical expert with the security firm LogPoint. "The instigators behind these attacks … typically have the resources, manpower and experience to do real damage."

Officials warn that any wide-scale cyberattack carried out by the Russians would likely be accompanied by a complex disinformation campaign meant to confuse Ukrainian citizens and undermine the government, led by Volodymyr Zelenskyy.

U.S. Ambassador to the United Nations Linda Thomas-Greenfield (Photo: U.S. Embassy Namibia via Flickr)

New Developments

Ukrainian news agency Ukrinform reported on Tuesday that a delegation led by EU Commissioner for Neighborhood and Enlargement Olivér Várhelyi visited Ukraine's state service for Special Communications and Information Protection to confirm the political and economic union's support for Ukraine and to build out its cybersecurity capacity.

"You have to move in this direction very fast if you want to have concrete results," the EU commissioner said, according to the Ukrainian outlet.

The same report indicates that Ukraine has pursued the following cybersecurity initiatives: creating a National Center for Reservation of State Information Resources and a secure internet access system, among others.

The announcements follow a string of cyberattacks on Ukrainian targets earlier in January, which affected the websites of its ministries of Education and Science, Foreign Affairs, Energy, Environmental Protection, Emergency Services, Treasury and others.

Late last week, NATO Secretary General Jens Stoltenberg said at an event that "NATO is the foundation for peace and stability" and that the military alliance will continue to communicate with Russia to find a political solution.

And on Monday, tensions spilled over to a United Nations Security Council meeting, where top diplomats from the U.S. and Russia had a verbal spat over Russia's antics and the West's response.

"Russia's actions strike at the very heart of the U.N. Charter," said U.S. Ambassador to the U.N. Linda Thomas-Greenfield. "This is as clear and consequential a threat to peace and security as anyone can imagine."

"We continue to hope Russia chooses the path of diplomacy over the path of conflict in Ukraine. But we cannot just wait and see," she said, calling Russia's mobilization of troops the largest in Europe in decades.

In response, Russian Ambassador Vasily Nebenzya accused Washington of "whipping up tensions and rhetoric and provoking escalation."


About the Author

Dan Gunderman

Dan Gunderman

Former News Desk Staff Writer

As staff writer on the news desk at Information Security Media Group, Gunderman covered governmental/geopolitical cybersecurity updates from across the globe. Previously, he was the editor of Cyber Security Hub, or CSHub.com, covering enterprise security news and strategy for CISOs, CIOs and top decision-makers. He also formerly was a reporter for the New York Daily News, where he covered breaking news, politics, technology and more. Gunderman has also written and edited for such news publications as NorthJersey.com, Patch.com and CheatSheet.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.