UPDATE: April 2022 - The Justice Department revealed last month that four Russian hackers, three of whom worked for the Kremlin's FSB spy agency and one who worked for the Russian Ministry of Defense, had been indicted last year for targeting "thousands of computers, at hundreds of companies and organizations, in approximately 135 countries," including the United States. The hacking occurred between 2012 and 2017, the purpose being to allow the FSB to "disrupt and damage such computer systems at a future time of its choosing."

At this time, the four Russians are still believed to be in Russia, a country that does not allow their citizens to be extradited to the United States. News of the sealed indictment was released as the Biden administration continues to warn critical infrastructure players of Russian cyber capabilities and the belief that Russia may soon employ their hacking skills in conjunction with their invasion of the Ukraine.

While news of the indictments may be new, those Americans who are involved in cyber security are well aware of Russian intent and ability as it pertains to cyber attacks and the potential disruption of critical U.S. infrastructure. Our 2018 article, "Russian Hackers Penetrate U.S. Power Grid", reported on our Department of Homeland Security having identified successful attempts by Russian state players to gain access to many U.S. electric utility control rooms.

Is it just coincidental that these indictments did not occur during the Trump administration, but did occur within the first year of the Biden administration? Let's hope Mr. Trump's fear of confronting Mr. Putin did not affect the workings of the U.S. Justice Department.

June 2021 - As most of you may recall, Colonial Pipeline was hit by a ransomware cyberattack in early May of this year. Colonial operates the largest gasoline and fuel pipeline in the Eastern United States. The attack, which has been traced to a Russian-based criminal organization known as DarkSide, caused Colonial to shut down their entire pipeline operation. This shutdown resulted in over a weeklong gasoline shortage along the East Coast.

But now there is some good news to report coming out of this attack. In fact, the good news is threefold:

1) Ransomware Recovery

U.S. law enforcement and intelligence services (who Donald Trump repeatedly stated were not as believable as Russian President Vladimir Putin) were able to recover over half of the $4.4m ransomware paid by Colonial. The exact details of this U.S. cyber operation were not released, but it is important for the world to know that the good guys also can play the cyberattack game and we are pleased to see the U.S. going after the bad guys for a change.

(Biden Oval Office image from wikipedia)
2) Cybersecurity Focus

Unlike his predecessor, Joe Biden is taking cybersecurity seriously and his administration is taking action to improve our cybersecurity defenses and to take on the criminals who seemingly have launched these attacks with impunity. The initial Biden actions include:

Instructing federal agencies to adopt "zero trust" environments for their computer infrastructure
Addressing software vulnerabilities by establishing security standards for software vendors to meet before a federal agency acquires or upgrades their software system(s).
Establishing a Cyber Incident Review Board" modeled on the National Transportation Safety Board, which will investigate cybersecurity incidents and make recommendations for improving security
Removing barriers that hamper sharing of cyber threat intelligence within the government and between the government and private companies

(Summit photo from Rollcall)
3) Retaliation

In phone calls and at their summit meeting earlier this month, Mr. Biden also made it clear to Mr. Putin that the current administration won't roll over for Mr. Putin as the previous administration did, warning the Russian strongman that the U.S. will, if necessary, retaliate in kind to attacks on our infrastructure. Mr. Biden told Mr. Putin that he expected Mr. Putin to punish Russian perpetrators of cyberattacks and, if the attackers were part of Russia's espionage agencies or military, then expect the United States to respond at a time and place of our choosing.

We've been waiting for years to hear good news like this. As we reported in our 2018 article, "Russian Hackers Penetrate U.S. Power Grid", Russia and other nation states have been actively testing their cyber capabilities to infiltrate U.S. infrastructure in preparation for a possible cyber war. Let's hope the U.S. government has enough time to prepare us before that day comes.

Home About Us Contact Us