Vulnerability Management, Threat Management

NSA director: Limited Russia cyberattacks so far, but threat remains

National Security Agency Director Gen. Paul Nakasone testifies before the Senate Intelligence Committee on March 10, 2022, in Washington. (Photo by Kevin Dietsch/Getty Images)

NSA Director and Commander of Cyber Command Paul Nakasone told lawmakers Thursday that he does not believe the threat of cyberwarfare in Russia's invasion of Ukraine has passed despite its very muted presence thus far.

Nakasone said they had seen "three or four" cyberattacks so far.

"We remain vigilant," he told a Senate hearing. "We're 15 days into this conflict. By no means are we sitting back and taking this casually, we are watching every single day for any type of unusual activity."

Though there have been no official attributions, external observers have noted two rounds of denial of services paired with text message spam meant to sew distrust in banks, three different forms of wiper malware used in limited attacks in Ukraine, and an attack on Viasat service in Europe causing outages and damaging equipment. Viasat is believed to be used by the Ukrainian military.

Though none of these attacks have been formally attributed to Russia, all have suspected links to the invasion due to timing and targeting.

While that is the presence of cyberwarfare, it is nowhere near the destructive capability Russia has demonstrated against Ukraine in even the last few years. In 2015 and 2016, Russia caused power outages in Ukraine. In 2017, it launched the NotPetya wiper causing billions of dollars globally in spillover damage after it overflowed from its Ukrainian targets.

Nakasone outlined four types of attacks of concern: An attack causing spillover like NotPetya, weaponizing ransomware attacks, the use of proxy groups, or a significant targeted attack on Eastern Europe.

While Russia has been relatively silent in the cyberwar space, Ukraine has launched its own cyber operations against Russia using a volunteer force, targeting a mix of business and government.

He detailed a varied list of why the worst fears of Russian cyberwar didn't come to fruition.

"This is part of Russians own strategic calculus," he said. "But secondly, a tremendous amount of work was done prior to the actual invasion by my agency, work that was done by Cyber Command, by interagency, by a series of private sector partners that hardened the infrastructure of the Ukraine," he said.

Finally, he said, "there have been actions taken since then that I think have contributed to the Russians in terms of the way that they approach the future." He did not elaborate on what those actions were.

"Not only are we vigilant, we're prepared and most important, we're sharing information and sharing our expertise with our partners," said Nakasone.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.