Reads Like U.S. Is In CyberWar With Russia: “Technical experts funded by USAID are providing hands-on support to essential service providers within the Ukrainian government” FBI “direct support”

For Perspective… NBC News (24 February 2022): The sources said the options presented include pre-emptive responses to Russia’s invasion of Ukraine, irrespective of whether Russian launches its own cyberattacks on the U.S. in retaliation for sanctions. They said most of the potential cyberattacks under consideration are designed to disrupt but not destroy, and therefore fall short of an act of war by the United States against Russia. They say the idea is to harm networks, not people. Officials are debating the legal authorities under which the attacks would take place — whether they would be covert action or clandestine military activity. Either way, the U.S. would not publicly acknowledge carrying out the operations, the sources say. U.S. Cyber Command, the National Security Agency, the CIA and other agencies would have a role to play in the operations, the sources said. “Our response will be harsh and measured, but not so severe as to encourage Putin to take more drastic steps,” one U.S. official said. The White House did not initially respond to a request for comment. After publication, Emily Horne, a spokesperson for the National Security Council, said in a statement, “This report is wildly off base and does not reflect what is actually being discussed in any shape or form.””

United States Department of State
Washington DC
10 May 2022

U.S. Support for Connectivity and Cybersecurity in Ukraine  

Office of the Spokesperson 

Leading up to and during Russia’s unprovoked and illegal further invasion of Ukraine, the United States is supporting Ukraine’s continued access to the Internet and to enhance Ukraine’s cyber defenses. These efforts, coordinated across the U.S. government, include: 

The Federal Bureau of Investigation (FBI) has provided direct support to its Ukrainian national security and law enforcement partners, including briefing Ukrainian partners on Russian intelligence services’ cyber operations; sharing cyber threat information about potential or ongoing malicious cyber activity; helping to disrupt nation-state efforts to spread disinformation and target the Ukrainian government and military; and sharing investigative methods and cyber incident response best practices. The FBI also has received threat intelligence and leads from its Ukrainian partners for action using the FBI’s unique investigative and intelligence capabilities.  FBI, State, and other U.S. government agencies have also assisted Ukraine with identifying and procuring hardware and software to support network defense. 

Technical experts funded by the U.S. Agency for International Development (USAID) are providing hands-on support to essential service providers within the Ukrainian government including government ministries and critical infrastructure operators to identify malware and restore systems after an incident has occurred. This support builds on long standing USAID support building cyber resilience among regional utilities, particularly in the energy sector.  USAID and the Department of State are also exploring new mechanisms to leverage the services offered by U.S. and Ukrainian cybersecurity service providers to support and reinforce the Government of Ukraine’s own cyber defense efforts. 

USAID has provided more than 6,750 emergency communications devices, including satellite phones and data terminals, to essential service providers, government officials, and critical infrastructure operators in key sectors such as energy and telecommunications. 

The Department of Energy (DOE) and other interagency partners are working with Ukraine on efforts related to further integrating Ukraine’s electrical grid with the European Network of Transmission System Operators for Electricity (ENTSO-E), including meeting cybersecurity requirements and enhancing the resilience of its energy sector. Full ENTSO-E integration is key to protecting Ukraine’s financial, energy, and national security. 

The Cybersecurity and Infrastructure Security Agency (CISA) has exchanged technical information on cybersecurity threats related to Russia’s unprovoked further invasion of Ukraine with key partners, including Ukraine. On February 26, CISA issued an alert providing technical details and mitigation guidance on destructive malware targeting organizations in Ukraine. 

Prior to February 2022, the U.S. government worked closely with Ukrainian government ministries and critical infrastructure sectors to support Ukraine’s cyber resilience, including by providing over $40 million in cyber capacity development assistance since 2017. Among these efforts:  

Beginning in 2020, USAID launched an ambitious $38 million cybersecurity reform program that will work over the next several years to strengthen Ukraine’s cybersecurity legal and regulatory environment, build Ukraine’s cyber workforce and strengthen course offerings at leading Ukrainian universities, and develop connections between critical infrastructure operators and private sector solution providers. This program has embedded more than 20 technical experts within the Government of Ukraine to bolster Ukraine’s cyber response and recovery capabilities, and deployed cybersecurity software and hardware tools to ensure the resilience of critical infrastructure to physical and cyber attacks. 

DOE has a long-standing relationship with the energy sector in Ukraine, including work with Ukrainian utilities to help enhance their cybersecurity posture. In the leadup to Russia’s further invasion of Ukraine, DOE, leveraging the expertise of our National Labs, worked with utilities to focus on potential near-term cybersecurity enhancements, while also continuing our work on long-term resilience efforts. 

The Treasury Department has worked with the National Bank of Ukraine (NBU), via the Software Engineering Institute (SEI), to support NBU’s Computer Security Incident Response Team (CSIRT) to improve cybersecurity information sharing in Ukraine’s financial services sector. Leading up to Russia’s further invasion of Ukraine, Treasury offered NBU assistance on specific cybersecurity issues while continuing to work on longer-term cybersecurity projects to better ensure the cyber resilience of Ukraine’s financial sector. 

From December 2021 to February 2022, cyber experts from U.S. Cyber Command conducted defensive cyber operations alongside Ukrainian Cyber Command personnel, as part of a wider effort to increase cyber resilience in critical networks. Cyber professionals from both countries sat side by side, looking for adversary activity and identifying vulnerabilities.  In addition to this effort, the team provided remote analytic and advisory support aligned to critical networks from outside Ukraine. 

The U.S. government’s efforts, closely coordinated with private sector and international partners, support Ukraine’s network defenders and telecommunications professionals, who continue to defend Ukrainian networks and repair infrastructure, often at direct risk to their lives.  The United States condemns actions that block or degrade access to the Internet in Ukraine, which sever critical channels for sharing and learning information, including about the war. 

United States Department of State
Washington DC
10 May 2022

Attribution of Russia’s Malicious Cyber Activity Against Ukraine  

Antony J. Blinken, Secretary of State 

The United States is joining with allies and partners to condemn Russia’s destructive cyber activities against Ukraine.  In the months leading up to and after Russia’s illegal further invasion began, Ukraine experienced a series of disruptive cyber operations, including website defacements, distributed denial-of-service (DDoS) attacks, and cyber attacks to delete data from computers belonging to government and private entities – all part of the Russian playbook.  For example, the United States has assessed that Russian military cyber operators have deployed multiple families of destructive wiper malware, including WhisperGate, on Ukrainian Government and private sector networks.  These disruptive cyber operations began in January 2022, prior to Russia’s illegal further invasion of Ukraine and have continued throughout the war. 

Today, in support of the European Union and other partners, the United States is sharing publicly its assessment that Russia launched cyber attacks in late February against commercial satellite communications networks to disrupt Ukrainian command and control during the invasion, and those actions had spillover impacts into other European countries.  The activity disabled very small aperture terminals in Ukraine and across Europe.  This includes tens of thousands of terminals outside of Ukraine that, among other things, support wind turbines and provide Internet services to private citizens. 

As nations committed to upholding the rules-based international order in cyberspace, the United States and its allies and partners are taking steps to defend against Russia’s irresponsible actions. The U.S. Government has developed new mechanisms to help Ukraine identify cyber threats and recover from cyber incidents. We have also enhanced our support for Ukraine’s digital connectivity, including by providing satellite phones and data terminals to Ukrainian government officials, essential service providers, and critical infrastructure operators. We praise Ukraine’s efforts—both in and outside of government—to defend against and recover from such activity, even as its country is under physical attack.