But Mr. Biden’s comments highlight the fact that NATO and the European Union have never acted in concert in response to a large-scale cyber attack. As Russia was blamed for the SolarWinds supply chain attack in late 2020 and early 2021, which affected the US government and hundreds of global companies, only Washington announced significant sanctions. And Mr. Biden himself backed off from transitional warnings that he would authorize a cyberattack.
“I have chosen proportionality,” he said last year when imposing sanctions. “The United States does not want to start a cycle of escalation and conflict with Russia. We want a stable, predictable relationship.”
Biden’s staff have since given up hope of stability and predictability with Putin. The administration is rapidly returning to deterrence strategies while also mapping out what efforts the United States could engage in to disrupt Russian cyber activities without triggering a direct conflict with Moscow. That’s where Miss Neuberger’s trip fits; she worked in both defensive and offensive operations while she served with the National Security Agency.
Some of the hacking techniques that Russia perfected in Ukraine have already been used in the United States. The actions taken by Russia to influence the 2014 Ukrainian elections became the model for election interference in 2016. Four years ago, the Department of Homeland Security warned that Russia has targeted US and European nuclear power plants and utilities with malware capable of crippling them; USA respond kindly.
But the Russians have never carried out a major disruptive attack on the United States; even the Colonial Pipeline attack, which led to long gas lines last year, a criminal ransomware case has gone awry. U.S. intelligence officials suspect that Putin will launch direct, disruptive attacks on American infrastructure and believe he will avoid a direct confrontation with the United States.
“The last thing they want to do is escalate the conflict with the United States in the midst of trying to go to war with Ukraine,” said Dmitri Alperovitch, founder of Silverado Policy Accelerator, a think tank and former chief technology officer. an official from the cybersecurity firm CrowdStrike, noted recently.
American officials say they agree. But that is a prediction, they note, not a guarantee. Two weeks ago, the Cybersecurity and Infrastructure Agency warned US companies to watch out for signs of Russian-made malware, and last week the UK did the same.
https://www.nytimes.com/2022/02/01/us/politics/russia-ukraine-cybersecurity-nato.html US sends officials to help NATO tackle Russia’s cyberattacks