Sourceree SHIELD Intelligence Services
Christian Faranda, Foreign Policy Analyst
Select excerpt from March 2022: SHIELDWatch Newsletter
The world has been nervously holding its breath in anticipation of the Russian invasion of Ukraine for weeks. Global defense leaders strategized intervention efforts, the traffic out of Kyiv headed towards Poland intensified, and cybersecurity agencies warned businesses to brace for potential impact. Finally, in the early morning hours of February 24, 2022, Russian forces crossed into Ukraine, propelling world leaders - who had been working overtime to prevent the conflict - into an unavoidable Plan B. As we refresh our feeds optimistically, awaiting news of the preservation of Ukraine’s sovereignty and safety for its residents, this post will examine how the Russian invasion could threaten US businesses’ cybersecurity.
The anxiety surrounding the Russian threat to Ukraine prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to sound the alarm for businesses and agencies to take “urgent, near-term steps” against cyber threats to critical infrastructure. Shortly after CISA’s warning, the Department of Homeland Security published a memo stating, “Russia maintains a range of offensive cyber tools that it could employ against US networks.” Businesses based in the United States that have partnerships or locations in Ukraine have an added risk. A 2017 Russian military intelligence cyberattack on a Ukrainian software provider spread, causing billions of dollars of damage worldwide. Pennsylvania businesses alone represent billions of dollars of US business activity in Ukraine:
- Westinghouse Electric, based out of Cranberry, signed an estimated $30 billion deal to build nuclear reactors at four separate sites in Ukraine in 2017, partnering with Ukrainian company Turboatom. Westinghouse was one of the multiple victims identified in the 2018 federal indictment of Russian government hackers threatening the victim’s “most sensitive secrets and data.”
- XCoal Energy & Resources of Latrobe began providing anthracite to Ukraine utility Centrenergo in a 2017 deal with a potential value of $79 million. The Reading Blue Mountain & Northern Railroad headquartered in Port Clinton was a major part of this deal, on deck to transport 700,000 tons of coal.
- GE Transportation of Erie signed a $1 billion agreement in 2018 to help modernize Ukraine’s rail system.
The US-Ukraine Business Council (USUBC) aims to advance US trade and investment interests in Ukraine's emerging market; advocate for measures to improve conditions for bilateral trade and investment; and promote strong, friendly bilateral ties between the United States and Ukraine. As of February 2022, USUBC has 200+ entities engaged in their mission varying from non-profits, large corporations across multiple sectors, religious organizations, investment funds, law offices, and higher education institutes. All of these entities with a footprint in Ukraine, especially those with US critical infrastructure functions, will need to be on watch as Russia expands into the country. The full list of USUBC entities can be found here.
Just prior to the invasion, unaffiliated but suspected Russian hackers superficially attacked Ukrainian government websites, while also conducting a destructive malware operation against government, non-profit, and information technology organizations in Ukraine. The malware operation was discovered by the Microsoft Threat Intelligence Center which identified the attack as “designed to render targeted devices inoperable.” A former Obama administration defense official remarked that Russia’s invasion of Ukraine would be the first time “cyberspace operations” were part of an integrated offensive military invasion, further commenting that targets would be government senior leader communications and the military as well as Ukrainian national critical infrastructure, to include energy, manufacturing, and media.
In addition to US concerns, European partners are preparing for residual effects in Ukraine as well as direct cyber incursions by the Russians within their borders. The United Kingdom’s National Cyber Security Centre warned large organizations to bolster their cyber security resilience amid the deepening tensions over Ukraine and the European Central Bank which has oversight of Europe's biggest lenders, is warning banks against the threat of cyber-attacks on banks launched from Russia.
US and global businesses are right to be concerned about potential cyber fallout from Russian hackers using the Ukraine invasion to expand the reach of their attack capabilities. The 2021 Colonial Pipeline ransomware attack perpetrated by Russian cybercriminals cost Colonial Pipeline a reported tens of millions of dollars to fully restore its systems after paying the $5 million ransom. The cost to American consumers was immeasurable. Russian hacking groups have also targeted the US government. In the SolarWinds breach of 2020, a hacking group believed to be associated with Russian intelligence gained access to at least 9 US government agencies and 100 businesses.
FALLOUT FROM UKRAINE: The Impact on Global Energy and Cybersecurity
Full Report Includes
- Billions at Risk for Pennsylvania Companies with Ties to Ukraine - US Officials Warn Against Increased Cyber Attacks following Russian Invasion -Sourceree SHIELD Intelligence Services
- The Plot to Destroy Ukraine -RUSI
- Russia's Hostile Measures: Combating Russian Gray Zone Aggression Against NATO in the Contact, Blunt, and Surge Layers of Competition -RAND Corporation
- Pirates without Borders: The Propagation of Cyberattacks through Firms' Supply Chains -Federal Reserve Bank of New York Staff Reports, no. 937
To View Full Report, Click Here
