Middleboro Review 2: POLITICO NIGHTLY: How real is Russia’s cyber threat?

Wednesday, March 23, 2022

POLITICO NIGHTLY: How real is Russia’s cyber threat?

Presented by

U.S. Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks during a White House daily press briefing at the James S. Brady Press Briefing Room of the White House. | Alex Wong/Getty Images

WEB OF UNCERTAINTY — “As the world’s most technically advanced nation, the United States is also potentially the most vulnerable to foreign cyberthreats,” John Markoff warned in The New York Times more than two decades ago, in October 1999.

Like the nuclear threat of the Cold War, which loomed over daily life for nearly half a century, the possibility of “simultaneous computer network attacks against banking, transportation, commerce and utility targets — as well as against the military,” as the Times put it long before the internet was a central to society as it is today, has become part of the backdrop of modern life.

Those fears became more vivid — more real — than ever before on Monday evening, when President Joe Biden, addressing business leaders, said “the magnitude of Russia’s cyber capacity is fairly consequential and it’s coming.”

Trillions of dollars have been spent on cybersecurity this century. Despite that, as a society, we are less resilient to cyberattacks today than we were in 1999. Ridesharing services that rely on networked communications and positioning systems have largely replaced taxis that relied on drivers who knew their way around; smartphones have become essential to the conduct of business; even grocery stores are growing dependent on sophisticated computational surveillance systems.

Even so, it is hard to know what to make of Biden’s warning.

On the one hand, he is privy to secret intelligence, and that intelligence was right about Vladimir Putin’s willingness to invade Ukraine with an army of tanks and airplanes.

On the other, cyber pundits have so far been mistaken about the cyberwar that was supposed to accompany Putin’s Ukraine invasion. “They will do things that will ruin people and cause great harm. This is a serious thing. It’s not just about making the lights go on and off,” Lt. Gen. Ben Hodges, the former commanding general of the U.S. Army Europe, told POLITICO’s Maggie Miller in January. And Jonathan Reiber, the former chief strategy officer for cyber policy in Obama’s Pentagon said in January, “This may end up being the first declared hostility where cyberspace operations are a part of an integrated offensive military invasion.”

That hasn’t happened. Even as Ukraine has been pummeled by bombs and artillery strikes, cyberattacks have been — so far — muted in Ukraine, and there haven’t yet been any notable attacks on the U.S.

In an article coming Wednesday morning in POLITICO that examines why Russia hasn’t launched major cyberattacks in Ukraine (and is available to POLITICO Pro subscribers right now ), Hodges acknowledges that the “cyber juggernaut” he expected never materialized. It’s unclear whether this is because Russia didn’t want to, or because it couldn’t.

Russia’s brutal invasion has lacked strategic coherence, in the cyber realm as in others. Had cyberattacks made it harder for Ukrainians to communicate, it seems inevitable that Volodymyr Zelenskyy would have been less effective at drumming up international support for Ukraine. The exact extent of Russia’s cyber capabilities remains opaque.

If Russia is capable of a serious cyberattack against the U.S., then now, after Russia has been frustrated in its attempt to swiftly conquer Ukraine, could be the moment when it comes. Because cyberattacks are generally difficult to definitively attribute, they could provide a way for Putin to bring the war to Americans while making it difficult for U.S. policymakers to retaliate in kind.

Plus, as Biden said Monday, in the U.S. it’s the private sector, not the government, that largely decides “the protections we will or will not take” against cyberattacks that might disrupt our electricity or our water supplies. He called on business leaders to do their part to “secure every American’s privacy.”

So far, since Markoff’s essay in 1999, the possibility of what was then called an electronic Pearl Harbor, and more recently a cyber Pearl Harbor, has remained just that: a possibility. The cyberattacks that have taken place, like the Colonial Pipeline ransomware incident, have been headaches for their targets but not world-historical catastrophes.

If a momentous, long-feared attack from Russia does come, that could change. The world could be reshaped in unpredictable ways, as it was after Sept. 11, 2001, and as it was after the onset of the pandemic.

Cyberattacks can have temporary effects, or they can have more lasting ones. A blackout that lasted months would transform life, as food spoiled and hospital generators ran out of gas, and might be treated as an act of war.

To be clear, these are purely speculative threats. They don’t seem realistic, nor worth worrying about. Planning for very low probability but very high impact events — a cyber black swan — is nearly impossible. It feels a little irresponsible even to speculate about them.

But then, the idea that the world would endure nearly two years of lockdowns as businesses shut globally once seemed far-fetched too.

Welcome to POLITICO Nightly. Reach out with news, tips and ideas at nightly@politico.com. Or contact tonight’s author at kkakaes@politico.com, or on Twitter at @kkakaes.

A message from Altria:

Moving beyond smoking. Altria’s companies are leading the way in moving adult smokers away from cigarettes – by taking action to transition millions toward less harmful choices. We are investing in a diverse mix of businesses to broaden options beyond traditional, combustible cigarettes. See how we’re moving.

WHAT'D I MISS?

— Jackson defends sentencing record, parries Supreme Court expansion questions: Judge Ketanji Brown Jackson offered her first direct rebuttal today to Republican attacks on her record, declining to say whether she supports adding seats to the Supreme Court and defending her record on child pornography sentencing . In response to questions from Senate Judiciary Chair Dick Durbin (D-Ill.) and the panel’s top Republican, Iowa Sen. Chuck Grassley, Jackson described her stance on expanding the nine-member high court as identical to the one Justice Amy Coney Barrett shared pre-confirmation: That’s up to Congress. During her confirmation hearing, Barrett said the number of seats is left “open to Congress,” when senators asked her whether the Constitution mentions the size of the Supreme Court.

— Russia launched hypersonic missiles due to a low stockpile, sources say: The leading theory for why Russia launched hypersonic missiles into Ukraine last week is that it’s running out of precision-guided weapons to strike faraway targets, a senior U.S. defense official and a Western official familiar with assessments told POLITICO . Russia said it shot Kh-47M2 Kinzhal hypersonic missiles at a weapons depot in western Ukraine on Friday, though it remains unclear if that was actually the target. Still, Biden confirmed Russia’s use of the weapons Monday, stating the Russian military launched them “because it’s the only thing that they can get through with absolute certainty.”

People arrive on the train as many flee their home towns that are under Russian military attack in Lviv, Ukraine. | Joe Raedle/Getty Images

— Pentagon scrambles to replenish weapons stocks sent to Ukraine: The Pentagon is rushing to replace thousands of U.S.-made Javelin and Stinger missiles pulled from European and American stockpiles for use in Ukraine. But the multibillion-dollar effort is still waiting on the military and defense industry to figure out how to ramp up production quickly. Congress has declared it’s all-in on the restocking effort, forking over $3.5 billion to the Pentagon this month alone as part of a $1.5 trillion government spending package. What’s unclear is how and when the Pentagon will spend that money.

— Psaki tests positive for Covid-19, will skip Biden’s Europe trip: White House press secretary Jen Psaki has tested positive for Covid-19, she announced today . Biden is scheduled to depart on Wednesday for Brussels, where he will attend a NATO summit, a G-7 meeting and a European Council session — all concerning Russia’s invasion of Ukraine. Biden is then scheduled to travel to Warsaw on Friday for a meeting with Polish President Andrzej Duda on the subject of “the humanitarian and human rights crisis” caused by the invasion of Ukraine, according to the White House.

JOIN THURSDAY FOR A CONVERSATION ON CRYPTOCURRENCY AND REGULATION: Cryptocurrency has gone mainstream. With the market now valued at $1.8 trillion, Washington’s oversight of the fast-growing industry remains in its infancy. How should Congress and federal agencies shape future regulation of digital asset markets? Join POLITICO in person or virtually for a deep-dive discussion on what’s next for crypto, regulation and the future of finance. Programming will run from 5 p.m. to 6 p.m. EDT with a reception from 6 p.m. to 7 p.m. EDT. REGISTER HERE.

— Cowboys for Trump founder convicted for breaching Capitol grounds on Jan. 6: Couy Griffin, a New Mexico county commissioner and the founder of Cowboys for Trump, was convicted for trespassing on the grounds of the U.S. Capitol on Jan. 6, 2021, joining a mob of thousands that forced then-Vice President Mike Pence and members of Congress to flee for safety . The verdict, delivered by U.S. District Judge Trevor McFadden after a two-day bench trial, capped a 14-month legal odyssey that forced the Justice Department to reveal the long-secret location that Pence fled to during the riot and raised questions about the level of culpability that belonged to each person who entered Capitol grounds that day — even if they committed no acts of violence or destruction.

— Trudeau will be prime minister until at least 2025: Justin Trudeau has brokered a deal with the left-leaning New Democrats that will keep his minority Liberal government in power until 2025. The Canadian prime minister announced Tuesday a formal entente that will see the NDP vote with his Liberal minority government on shared objectives until the House of Commons rises in June 2025. Canada’s next fixed election date is Oct. 25, 2025.

A message from Altria:

NIGHTLY NUMBER

67 percent

The percentage of voters who, if Russia launches cyberattacks on American companies, want the U.S. government and NATO to respond with attacks that are at least proportional, with 40 percent favoring an even more severe response, according to new Morning Consult polling.

DON’T MISS POLITICO’S INAUGURAL HEALTH CARE SUMMIT ON 3/31: Join POLITICO for a discussion with health care providers, policymakers, federal regulators, patient representatives, and industry leaders to better understand the latest policy and industry solutions in place as we enter year three of the pandemic. Panelists will discuss the latest proposals to overcome long-standing health care challenges in the U.S., such as expanding access to care, affordability, and prescription drug prices. REGISTER HERE.

PARTING WORDS

Florida Gov. Ron DeSantis. | Joe Raedle/Getty Images

DeSANTIS DIVES INTO NCAA DEBATE — Gov. Ron DeSantis slammed the NCAA for allowing a transgender swimmer to compete for and win a women’s championship, continuing the Republican governor’s attack on corporations and organizations over their positions on LGBTQ policies, Andrew Atterbury reports.

In criticizing the organization over Lia Thomas, the University of Pennsylvania’s athlete, DeSantis has joined a cast of conservatives who have railed against the NCAA over its stance on transgender athletes. Transgender women have been allowed to compete in women’s categories in the Olympics since 2003 and the NCAA since 2010.

“The NCAA is basically taking efforts to destroy women’s athletics,” DeSantis said today at a bill signing event outside of Tampa. “They’re trying to undermine the integrity of the competition, and they’re crowning somebody else the women’s champion.”

DeSantis and other GOP lawmakers have claimed that they are protecting the integrity of women’s sports, while supporters of Thomas and other transgender athletes say laws prohibiting them from competing are unnecessary and marginalize those athletes.

Florida’s Republican governor signed a proclamation honoring University of Virginia swimmer and Sarasota native Emma Weyant as the “best female” in the 500m freestyle race, taking a shot at Thomas, who beat Weyant by 1.75 seconds to win the NCAA title last week.

Utah gov takes different route: Utah Gov. Spencer Cox vetoed a ban on transgender students playing girls’ sports, becoming the second Republican governor to overrule state lawmakers who have taken on youth sports in a broader culture war over how Americans view gender and sexuality.

A message from Altria:

Moving beyond smoking. Altria’s companies are leading the way in moving adult smokers away from cigarettes. Today, we are taking action to transition millions toward less harmful choices.

From cigarettes to innovative alternatives. By investing in a diverse mix of businesses, Altria is working to further broaden options. Our companies are encouraging adult smokers to transition to a range of choices that go beyond traditional, combustible cigarettes.

From tobacco company to tobacco harm reduction company. And while Altria is moving forward to reduce harm, we are not moving alone. We are working closely with FDA and other regulatory bodies, and will work strictly under their framework.

See how we’re moving.