UM experts offer insight into potential Russian cybersecurity attacks

Since Russia invaded Ukraine, there have been fears of large-scale cyber attacks by Russian operators against the United States.

Professor Craig Morris gives his perspective on the Russian invasion of Ukraine during an ISS 352: Advanced Analytics II class on Feb. 24, 2022. Photo by HG Biggs.

On Monday, President Joe Biden and Anne Neuberger, the deputy national security adviser for cyber and emergency technology, warned businesses in the United States to shore up their defenses against cyberattacks.

Neuberger said there is no intelligence suggesting any concrete plans for cyberattacks against the United States and described Biden’s request as a “call to responsibility.”

As the U.S. began placing sanctions on Russia, reports began circulating that similar attacks were likely to hit the United States. USA Today and the New York Times recently published pieces about how Russian cyberattacks were likely to affect American businesses.

However, Craig Morris and Kevin Riehle, professors in the University of Mississippi Center for Intelligence and Security Studies, say Russia is unlikely to attempt any large-scale cyberattacks against the United States at this juncture.

“We didn’t get what we expected, based on what Russia has done before,” Morris, a former intelligence officer for the U.S. Air Force, said. “And you can take a look out there, Russia has a pretty good track record of using cyber, because cyber is not as dangerous as using military power.”

According to Morris, this is partly because cyber does not necessarily have the immediate and deadly effect associated with armed warfare, and it is also partly because there is a degree of plausible deniability in using cyberattacks.

“Russia could say, ‘Well, it’s not us,’” Morris said. “The Russian government could say it is some sort of hacker group, and unless you can prove it is the Russian government, they can continue to do this.”

Professors Craig Morris (left) and Kevin Riehle (right) join an ISS 352: Advanced Analytics II class on the morning of Feb. 24, 2022 to discuss the Russian invasion of Ukraine. Photo by HG Biggs.

However, Riehle believes that Russia is currently avoiding venturing into cyber-based attacks against the United States and other countries involved in NATO because they are trying to avoid pulling more countries into the conflict.

“There is a word that has been talked about a lot in the academic and think tank discussions, and that word is escalation,” Riehle, who formerly worked with the FBI and Defense Intelligence Agency, said. “Russia is concerned that if it uses any sort of attack, whether it be a physical attack or a virtual attack, against a NATO country that it could actually draw NATO into the conflict. The last thing Russia wants to do right now is to face NATO aircraft and tanks.”

Riehle believes the chance of cyberattacks against America or American companies, if more companies continue severing ties with Russia and if more sanctions are imposed on Russia by the United States, will increase.

President Vladimir Putin equated instituting sanctions that could cause economic strain on the Russian economy to participating in combat.

“McDonald’s Corporation just said it was pulling out of Russia. Starbucks, Coca-Cola, British Petroleum are all saying they are divesting themselves of interest in Russia,” Riehle said. “If Russia sees that as part of the war, Russia could consider something against those companies. But, then, it still faces the risk of escalation, so it has to weigh that war-time attack against the possibility of retaliation. If NATO were to somehow get pulled into this, then all bets are off.”

The companies Riehle believes to be the most at risk and the likeliest targets in the event of a cyberattack are the ones that are closest to the conflict in Ukraine.

“Is a U.S. business under threat?” Riehle said. “Maybe some U.S. businesses such as SpaceX, which is supplying communication satellite capabilities to the Ukrainian military. That is a direct support to the Ukrainian military, an active military country, and a counter military force to Russia, so they could be targeted because at that point, they are a combatant in the fight.”

Morris also believes that Russia will likely hold off on any large-scale attacks until they feel compelled or forced to risk escalating the conflict into a possible world war.

“Likely, they are going to be doing very small-scale things that are designed to be irritants, and probably, what’s even more likely, is propaganda and

misinformation type things-fake stories in the news-and things of that nature,” Morris said.

Riehle agrees that Russia is unlikely to do anything drastic involving cyberwarfare with the United States at this moment, but he would not say that Russia is doing nothing.

“Now, do we know Russia’s not doing anything in the cyberworld?” Riehle said. “Are we certain of that? Is there anything happening that is just one tool among many in a military toolbox? Are there things that they might be doing right now that are affecting this military campaign? Maybe, maybe.”

In 2017, a malware infection, called NotPetya, affected multiple networks, including a U.S. pharmaceutical company called Merck. The malware attack particularly affected Ukrainian infrastructure including the power companies, airports, public transport systems and banks. It was later determined that the malware was a targeted attack on Ukraine by Russia.

Students in ISS 352: Advanced Analytics II discuss Russia’s invasion of Ukraine with professors Craig Morris and Kevin Riehle on the morning of Feb. 24, 2022. Photo by HG Biggs.