Intelligence and national security agencies across the US government met on Friday to discuss how the Biden administration might respond to cyberattacks from Russia in light of the Ukraine crisis, three US officials familiar with the meeting told CNN.
The meeting – which convened officials from the White House, intelligence agencies, Department of Homeland Security and other agencies via videoconference – underscores how the Biden administration sees cyberspace as a key front in the tensions over Russia’s threat to again invade Ukraine.
The focus of the meeting was how US agencies can work with companies across critical sectors of the economy to respond to potential hacking incidents, whether from criminal operations or state actors, the three officials said.
One issue raised was the possibility of an uptick in ransomware attacks on US companies by Russian-speaking criminal gangs, two of the officials said. Another point of discussion was how the US can provide cybersecurity assistance for Ukraine, whose government faced a string of cyberattacks in mid-January, two of the US officials said.
There’s a “specific, credible threat” to Ukrainian infrastructure right now, but not to US infrastructure, one official told CNN. The goal is to be ready if that changes, and for federal officials to be able to respond with affected companies should any big hacks take place.
The interagency meeting comes as US officials have urged companies to be on high alert for hacking threats from Russia, with the FBI surveying companies for signs of compromise.
Officials from the FBI and the Department of Homeland Security briefed state and local government officials Monday on potential Russian hacking threats, asking attendees to lower their thresholds for reporting unusual cyber activity, two people familiar with the call told CNN. Yahoo News first reported on the Monday briefing.
Ransomware attacks from Russian-speaking hackers have hobbled US critical infrastructure companies in the past year, including an incident last year that forced major US fuel transporter Colonial Pipeline to shut down for days.
Russia has historically been reluctant to crack down on cybercriminals operating from its soil – so long as the hackers leave Russian organizations alone.
But in recent weeks – as Russia has massed more than 100,000 troops at Ukraine’s border – Russian authorities have also taken the rare step of arresting high-profile cybercriminals. White House officials believe Russia’s domestic intelligence agency in January arrested the person responsible for the cyberattack on Colonial Pipeline attack.
A senior administration official previously denied any connection between tensions over Ukraine and the FSB arrests.
But Dmitri Alperovitch, a cybersecurity expert who is chairman of the non-profit Silverado Policy Accelerator, sees the Russian move as “ransomware diplomacy.” It was a signal, he previously told CNN, from the Kremlin that if the US retaliates with harsh sanctions over Russian aggression in Ukraine, any semblance of US-Russia cooperation on cybercrime could disappear.
A National Security Council spokesperson did not immediately respond to a request for comment.
“While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for Russia to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine,” a senior administration official previously told CNN.
This story has been updated with further developments Monday.