Like Russian troops remain piled up on Ukraine’s border, the possibility arises that tensions could escalate into a cyberattack with international ramifications. If so, the first sign to the US government will likely come in a Slack message read at Eric Goldstein’s desk in a nondescript office building in Ballston, Virginia.
Goldstein leads the Joint Cyber Defense Cooperation, launched last year to provide what the agency calls “visibility at scale” over the U.S. network and private sector critical infrastructure. This means that CISA could be on the front lines of any escalation by Russia that extends all the way to the US homeland. Officials and private sector leaders are hastily making adjustments, preparing and conducting war games in case Russia decides to launch direct attacks on US infrastructure, unleash a stream of destructive ransomware, or direct a tailored cyber attack against Ukraine that spreads on US networks.
The JCDC is so new that it still exists only virtually and has not yet moved into its physical space at CISA’s offices in Northern Virginia. It is intended to serve as a sort of unified command center for the US Internet infrastructure, bringing together nearly two dozen private-sector security and network firms; today, its Slack channel includes companies such as Cloudflare, CrowdStrike, Mandiant, Microsoft, Verizon, Google Cloud, and Amazon Web Services. In addition to CISA, representatives from the NSA, FBI, and US Cyber Command are involved on the government side.
The Collaboration Center provides network monitors with a place and community to quickly identify and share strange events, potential breaches, and suspicious activity. It faced its first crisis in early December with news of vulnerabilities in the widely used Log4j logging library. At the time, CISA director Jen Easterly called the vulnerability “the most serious” she had seen in her entire career, and the group moved quickly to address it – meeting on Saturday to discuss the initial dangers and until Monday launched a comprehensive GitHub page to coordinate mitigation efforts.
Now, just weeks later, the US government and the Biden administration’s cyber team face another serious risk as the White House warns of a possible Russian invasion of Ukraine, an event that many in the private sector and Western governments worry about. that it could spread, intentionally or accidentally, to computer networks far from an Eastern European battlefield. “We’re hoping to use the muscle memory we’ve built through Log4j to apply to potential activity arising from the Russia-Ukraine crisis,” said Easterly, who spoke to WIRED late last week in her first extended public comments about the looming war .
Shields up
Although they warned of a growing chance of war, officials in the US and UK were careful to say they saw no specific threats. Instead, they express a general concern about Russia’s geopolitical recklessness and its history of nefarious cyber activity, as well as the sheer complexity and interconnectedness of digital ecosystems.
“There are currently no specific credible threats to the US homeland arising from this particular Russian-Ukrainian crisis, but we are very aware of the potential for Russia to consider escalation in destabilizing ways that could affect others outside of Ukraine,” Easterly said. “In terms of how the U.S. and our partners might respond to an invasion, we’re also very concerned about the connectivity of infrastructure around the world and that you can have cascading impacts that could be intended or unintended.”
On Friday night, hours after White House National Security Adviser Jake Sullivan warned that the US believed a Russian invasion could be imminent and after the State Department urged all US citizens to evacuate Ukraine, CISA launched a new website called Shields Up. which warns of a growing threat of Russian military action affecting the online ecosystem. It follows similar efforts by the UK government and other European nations to prepare for the effects a Russian war could have on countries beyond Ukraine’s borders.