Russia hasn’t had success marrying cyber effects with traditional warfighting means as part of its ongoing war against Ukraine, but the country has had cyber successes in other areas and continues to target U.S. support of Ukraine, a National Security Agency (NSA) official said on Tuesday.
Against the U.S., Russia is “most of the pressure” on the defense industrial base (DIB) “and logistical transport companies who are moving lethal aid,” Rob Joyce, director of cybersecurity at the NSA, said at an event hosted by the Center for Strategic and International Studies (CSIS).
“They are under daily pressure from the Russians,” he said. “Again, that looks a lot like intelligence. To understand what the West is delivering, what the U.S. supporting, what we’re doing.”
The event was moderated by James Lewis, director of the strategic technologies program at CSIS, who asked Joyce whether Russian cyber capabilities were overestimated going into their invasion of Ukraine.
Joyce replied that “I think where the overestimation happened was the concept of combined arms.” The Russians “haven’t demonstrated the ability to do sophisticated use of complex things” between physical and cyberspace, he said.
Still, Russia has demonstrated they are capable in other aspects of cyber.
On the other hand, Joyce said “I think people have underestimated how much game they brought,” Joyce said, mentioning Russia’s disabling of terminals in Europe and Ukraine that partially disrupted commercial communications satellite provider Viasat [VSAT] at the outset of the invasion.
Russia has also attacked Ukraine with new data-wiping malware viruses and continues attempts to be disruptive against Ukrainian financial and government entities, individuals and individual businesses, as well as ongoing intelligence collection, Joyce said.
Beyond those traditional exploits, Russia is also being “creative,” he said.
“There’s creative things going on, like we’re watching the Russian hackers log into public facing webcams, to watch convoys and trains delivering aid,” he said. “But they’re also hacking those webcams where there’s zero days or N-days where they can log in and instead of using the town square that’s available to the internet, they’re looking out the coffee shop security camera and seeing the road they need to see. So, things like that are ongoing.”
Ukraine has shown resiliency in the face of Russian cyber-attacks, with one lesson being that the country has practiced its cyber defenses “for years,” Joyce said. This practice has resulted in the understanding of the need to back up data and systems, he said.
“They’ve gotten to the point where the Ukrainian [system administrators] knew they had to have backups and when they got a wiper virus, they shrugged their shoulder, they clean the machine, they reloaded from backup and they moved on,” he said.
Ukraine cyber defenses have also benefited from U.S. resources and “pro bono” support from industry, Joyce said. A key move that bolstered Ukrainian resiliency in cyberspace was moving out of their domestic data centers and “into the Western cloud” companies, going from two system administrators to a far greater number of operators and maintainers who also have access to threat information to rapidly implement defenses, he said.
“You got the benefit of NSA working with those companies to take the Russian threats from foreign Intel and injecting that in,” Joyce said. “I wasn’t going to find those two server admins in Ukraine and be able to help them directly like that. But that cloud environment gave them a much more resilient space.”