Russia-Ukraine War: Former NSA heads, IDF's Unit 8200 predict more cyberattacks

SECURITY AND DEFENSE: “The Ukraine war will be a watershed event in the history of cyber,” said former National Security Agency and US Cyber Command chief Adm. Mike Rogers in an interview.

 A Russian flag is seen on the laptop screen in front of a computer screen on which cyber code is displayed, in this illustration picture taken March 2, 2018. (photo credit: REUTERS/KACPER PEMPEL/ILLUSTRATION/FILE PHOTO)
A Russian flag is seen on the laptop screen in front of a computer screen on which cyber code is displayed, in this illustration picture taken March 2, 2018.

Western businesses are likely to become cyber targets in an economic war with Russia in an unprecedented way in the coming weeks, former National Security Agency and US Cyber Command chief Adm. Mike Rogers told The Jerusalem Post in an interview this week.

Rogers, who is now an operating partner at cybersecurity powerhouse Team8, spoke to the Post along with former Unit 8200 chief and co-founder and managing partner of Team8 Nadav Zafrir, warning, “The Ukraine war will be a watershed event in the history of cyber.”

The former NSA director started by saying that in the cyber conflicts between Russia, Ukraine and others: “There has been more going on than what has been actively reported. The reporting is minimizing” the extent of cyberwarfare, suggesting there may be “a lot more going on” in terms of hacked critical infrastructure and other areas.

According to Rogers, there are at least four major differences between this cyber conflict and any prior one.

First, he said: “Cyber has played a significant role from the very beginning [of the Russia-Ukraine war]. It has not been quite as impactful as it might have been... but there have been significant elements in the information and disinformation dynamic.”

 NADAV ZAFRIR (left) and Mike Rogers. (credit: TEAM8) NADAV ZAFRIR (left) and Mike Rogers. (credit: TEAM8)

Next, he said: “Each of the primary combatants turned to external capacity – the patriotic hacker approach – to augment others.”

Third, he stated: “There have been independent actors like Anonymous, which... showed up and said ‘we’re going to take a position on this and show our displeasure.’”

Asked if Anonymous was the most effective of the cyber actors trying to go after Russia, Rogers replied, “I wouldn’t say more effective. Part of their tradecraft” is getting publicity and rattling nation-states in a way beyond criminal actors’ abilities.

Last, he noted, “The role of businesses – look at how private business, major cybersecurity firms in the US and elsewhere,” are acting.

“Russia has turned to this segment.... The private sector is providing capacity and increasing the cyber arena to augment government, not just hacker ties. Companies are saying ‘we will help augment your capabilities,’ primarily on the defensive side, to an extent we have not seen before. This is game-changing,” he said.

Echoing these ideas, Zafrir said, “The private sector’s involvement has been unprecedented,” adding that a mix of the private and public sector “find themselves in the midst of this, in a crossfire. And they need to take a stand. Not just take a stand. Some are literally involved in fighting in cyber in an unprecedented way.”

The Team8 chief said, “The infrastructure between the private sector and government has been blurred. When war breaks out – CEOs and boards are having to make” new kinds of decisions “because everything is blurred.

“If things continue to deteriorate, if the war does not end soon,” Zafrir cautioned, “we’ll see nation-states, Russia with affiliates – it could mean companies within Russia going after targets in the West in order to retaliate against [Western] sanctions.”

Next, he said that both sides have the same tools for retaliating, such that the West “needs to be aware that Russia might retaliate in the cyber realm against [Western] infrastructure like food manufacturing or utilities, which are already on high alert.”

Rogers interjected, “In the coming weeks, we are going to see Western businesses become cyber targets in an economic war between nation-states. We have seen penetration, theft of IP [intellectual property], espionage to generate revenues for criminal groups, ransomware,” but we never saw an enemy who systematically used businesses as a “vehicle to influence your society with cyber, to change public opinion and to hurt your economy.”

Commenting on US President Joe Biden’s big cyber speech earlier this week, as well as others in the US administration sounding the alarm of possible imminent massive cyberattacks, he noted “increasing intelligence concerns that they [Russia] will probably go after significant economic targets” in the US.

Zafrir added, “Mike and I, coming from the government side and now the cyberdefense side, can create that bridge” between the public and private sectors to form a unified cyberdefense.

Taking off from Zafrir’s public-private sectors comment, Rogers said, “The solution in terms of capacity will be predominantly driven by the private sector, with a government piece to it. The international implications for governments” are astounding.

“It is one thing for you to tell companies: you need to stop criminals” from robbing or hacking your clients, by “putting floodlights, fences and having strong cybersecurity. It is an interesting question: if private industry is a target in a war through cyber, what is the role of government in all of this? How do you optimize and partner together, because government can’t do it by itself?” he asked.

Next, they were asked about whether the Biden administration should have, or should now use, cyber offensive capabilities more preemptively against Russia to deter further broad aggression against Ukraine or cyber aggression against the US. Specifically, it was noted that some former US cyber officials had sometimes been frustrated by paralysis on cyber offense due to concerns of out-of-control escalations.

Rogers said, “The position turned during the Trump administration” to be more aggressive, “and it was publicized that cyber was used against ISIS a couple of times, and a couple of times steps were taken against Russia post-2016,” after Russia used cyber influence campaigns to try to influence the US election.

“There is one thing holding back this conflict at the moment: nobody wants this to escalate beyond a conflict in the Ukraine.... One of the reasons you have seen a very measured response is that both nations [the US and Russia] have attack capabilities with nuclear capacities, chemical weapons, and this [restraint] could all change,” if one side acts too aggressively, he said.

On the other hand, he said, “We have seen the US use intelligence to come out very publicly to show its insight and awareness to Russia, to say: we are aware and, to deter them, don’t even think about going down this road.

“Cyber exists in a broader strategic context.... We want to be very measured and specific. This is why we restrict selling Ukraine certain types of weapons. We have opted not to be public in the cyber domain, and perhaps are not using the full range of capabilities,” said Rogers.

Zafrir added, “In this specific conflict, and this is not just true among the West, the US and NATO, Russia also is being careful about what it uses and what it does not use.... So this hasn’t escalated to wherever it might. Let’s hope it does not. So being very measured and careful makes a lot of sense in the current crisis.”

On the flip side, he noted, “There is a spectrum of possible escalation. Just like with [the] kinetic [arena], so, too, in cyber. Preemptive against an imminent threat does make sense.”

Continuing, he stated, “Going forward – it is almost obvious – our lives are more and more dependent on digital transformation and data. We have already passed a threshold.

“Think about COVID without our dependence on the digital sphere. The world would have looked a lot worse than it did. It took on 90% of the workforce almost overnight.”

REGARDING ISRAELI-IRANIAN cyber wars, Zafrir said, “You cannot look at cyber as a separate dimension... There are going to be economic, political, diplomatic, cyber and kinetic interactions between Israel and its enemies, and Iran included.

“Both Israel and, unfortunately, Iran are countries where cyber is a strong capability and an advanced capability. It is almost natural, as we exchange different jabs – some of it will be by cyber,” he said.

In addition, he said, “The Israeli perspective, which is first and foremost the government across all the offices, private sector, including all of the businesses which are multinational, and the military and intelligence organizations – all work together and are orchestrated by the Israel National Cyber Directorate (INCD) to achieve a threshold of cyber hygiene.”

He warned, “There are a lot of attacks taking advantage where [companies] are just not set in the right place [in plugging known cyber holes] and should have been set in the right place.”

Also, he said that the wide Israeli cyber teams try to “create a deterrent so that there are other consequences.... Sometimes the consequences are directly cyber, or there might be a different aspect. Cyber is just one look.

“The Iranians have a high capability, working with locally produced [tools] and some which have been shared among what used to be called ‘the axis of evil.’ We need to be on very high alert. We will see more of this,” he said.

ASKED WHETHER the US and Israel have both made sufficient progress and achieved enough public awareness after suffering new levels of mega hacks in 2020 and early 2021, Rogers said that today the issue is no longer about awareness but about “what is the smartest way to defend?”

Discussing the impact of the SolarWinds, mega food producer JBS and REvil hacks on cyber preparedness, he said, “The events highlighted are really just mere steps in a change I have watched unfold over the last decade.... The president just signed the National Defense Authorization Act which requires 17 segments of critical infrastructure to notify CISA [Cybersecurity and Infrastructure Security Agency] at Homeland Security within 72 hours,” calling this a major positive move.

Still, he said, “I don’t think anyone would say we made enough progress,” but he added that business officials have “made great inroads acknowledging the problem.”

Instead of merely increasing awareness, now the focus is on “how do we optimize relations and develop solutions on a national scale for 335 million people and the No. 1 economy in the world?”

Zafrir responded, “Doing this in Israel is a little bit easier. We are a much smaller community.... We made a lot of progress... Take Hillel Yaffe Hospital [hacked in 2021]. It is one thing refreshing to see. I was at a conference the day before yesterday. The CEO of the hospital got up in front of the crowd and said: ‘Hey guys, this is what happened; this is what we have to deal with.’”

INCD Director Gabi Portnoy and his deputy “were there to support that. Hopefully, by the sheer fact of being open about it with the rest of the hospitals, this will” lower the chances of a similar attack succeeding in the future.

“It is a question of expectations.... Because of limited metaphors, we see this as an extensive and new kind of warfare. We think about war and peace.... That is not what the future holds. There is going to be some level of confrontation and limited action... all of the time,” he said.

Moreover, he stated, “The expectations that these incidents are not going to happen are not realistic,” summarizing that the digital sphere has optimized and improved “everyone’s lives in most aspects, but also we are more vulnerable.”

Rogers concluded, “Defining success or failure cannot be whether a system was penetrated. Talk to me about resiliency and how good the recovery was.”