What’s Really Behind The Lack of Russian Cyber Activity?

So far, Vladimir Putin’s invasion of Ukraine and the imposition of crippling sanctions by the U.S. and Europe has not led to the massive Russian cyberattacks that most cybersecurity experts have been warning about. And while that could change at any time, there are some very good reasons why Putin may feel the need to keep his cyber forces (and criminal cyber gangs) in check — at least for the time being.

Since 2013, Russia has been trying to develop a state system of detection, prevention, and elimination of consequences of computer attacks (GosSOPKA). It has even gone as far as to propose detailed plans (the Digital Economy National Program) to disconnect Russian critical infrastructure from the global Internet while preserving the capability to launch attacks externally. 

However, funding challenges brought about by sanctions (first imposed in 2014 during the invasion of Crimea) have stalled many of the supporting activities of these initiatives and forced Putin to put the entire Russian national segment of the Internet on hold. Russia has suffered from a significant lack of investment and focus on cyber defense and security of its own critical infrastructure. This lack of investment has corresponded with a sharp increase in Russia’s dependence on pirated software (as much as 62% of the Russian market), creating even deeper and more widespread vulnerabilities.

The 2017 WannaCry outbreak was one of the first signs of Russia’s crumbling cybersecurity posture. The ransomware infected thousands of corporate and government networks. These include those at the Ministry of Interior, which has responsibilities for fighting cybercrime. Although Microsoft issued a timely patch for WannaCry, it was of little use in Russia because of the dependence of government ministries on pirated software.

Putin’s army has been shown to be inept and poorly led, and he’s sitting atop a crumbling morass of critical infrastructure that is as secure as a pirated copy of Windows 95.

Dan Verton

When a new variant of the NotPetya malware appeared in June of 2017 targeting Ukrainian institutions, it was quickly linked to the Russian government. And while the malware spread globally, it had the biggest impact on Russian organizations, among them the Russian natural gas giant Rosneft. 

U.S. Owns Russian Critical Infrastructure

The activities of the U.S. Cyber Command since 2018 might be the biggest reason for Putin’s hesitancy to conduct a major attack in cyberspace. In response to Russia’s meddling in U.S. elections, the Trump administration granted new authorities to Cyber Command in a still-classified document known as National Security Presidential Memoranda 13. It enabled Cyber Command to conduct offensive cyber operations against adversaries without receiving presidential approval.

Congress then vastly increased the legal authorities for U.S. Cyber Command to conduct “clandestine military activity” in cyberspace, to “deter, safeguard or defend against attacks or malicious cyber activities against the United States” as part of the 2019 Defense Authorization bill. The U.S. Secretary of Defense is allowed to carry out these activities without presidential authorization (seen by many as a deliberate move to keep then President Trump out of the loop so he would not divulge the existence of the classified programs to the Russians).

In reporting by The New York Times and other major media outlets, senior government officials have characterized these offensive programs as “doing things at scale that we never contemplated a few years ago.”

In 2019, the U.S. injected malware into portions of Russia’s electric power grid with the purpose of both pushing back against Russia’s own aggressive hacking of the U.S. grid, and as a potential future weapon should war break out between the countries. That effort has since expanded, according to officials, to include a “persistent presence” in Russian networks.

It is likely that Putin has been presented with a reality check by U.S. and NATO representatives that clearly illustrates the danger he faces if he chooses to expand the war in Ukraine by lashing out in cyberspace. If he can bring Ukraine to its knees without suffering the embarrassment of a debilitating cyber counterattack, that is what he will do. After all, Putin’s army has been shown to be inept and poorly led, and he’s sitting atop a crumbling morass of critical infrastructure that is as secure as a pirated copy of Windows 95.