(U//FOUO) DHS Bulletin: Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine

The following bulletin was first reported on by CNN on January 24, 2022, though the bulletin itself was not made publicly available by the network.  It was subsequently posted online by numerous local government agencies throughout the U.S.

Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine

Page Count: 4 pages
Date: January 23, 2022
Restriction: For Official Use Only
Originating Organization: Department of Homeland Security, Office of Intelligence and Analysis
File Type: pdf
File Size: 464,007 bytes
File Hash (SHA-256): C079E2F2D3F33C888124FCAA1886FCB990AC3C8789032185D140DA1DD014C446

Download File

(U//FOUO) We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.

• (U) Russia’s cyber program is a key element of its broader view and military doctrine of “information confrontation”—a concept that values technical cyber operations and the psychological effects that can be achieved in an information environment, according to a 2021 NATO report. Moscow’s cyber operations are designed to provide flexible options that can be used in both peacetime and wartime to achieve desired end states. Russia almost certainly considers cyber attacks an acceptable option to respond to adversaries because it lacks symmetrical economic and diplomatic responses, according to the Intelligence Community’s 2021 Annual Threat Assessment.

• (U) Russia continues to target and gain access to critical infrastructure in the United States. During a campaign that started in March 2016, Russian Government cyber actors compromised US energy networks, conducting network reconnaissance and lateral movement, and collected information pertaining to industrial control systems, according to a Cybersecurity and Infrastructure Security Agency (CISA) alert. Separately, Russian state-sponsored cyber actors have successfully compromised routers, globally, and US state and local government networks, according to a CISA alert and a joint US-UK report.

• (U//FOUO) Russia has demonstrated the ability to conduct disruptive and destructive cyber attacks in other countries, using techniques that could be leveraged against US critical infrastructure networks. In both 2015 and 2016—progressively more capable year-over-year—Russian military intelligence (GRU) actors successfully launched cyber attacks against the Ukrainian power grid, temporarily interrupting the supply of power to hundreds of thousands of Ukrainians, according to a US indictment of GRU officers. In 2017, Russian actors used malware to target a Saudi Arabian refinery, infecting the safety systems and leading to the temporary shutdown of the plant, according to a Department of Treasury sanctions announcement.

Share this: