author photo
By SecureWorld News Team
Thu | Jun 17, 2021 | 2:25 PM PDT

President Biden gave Russian President Vladimir Putin a warning this week, as the two sat face to face, talking about cyber issues:

"I pointed out to him, we have significant cyber capability. You know, he doesn't know exactly what it is, but it is significant," President Biden said after the summit between the two leaders.

"And if in fact they violate these basic norms, we will respond—cyber, he knows... cyber."

What could constitute a violation of norms in cyberspace and unleash some sort of U.S. cyber offensive? Attacking the nation's infrastructure.

Biden says he gave Putin a list of 16 U.S. sectors that need to be on Russia's no-hack list. This list appears to follow a critical infrastructure list identified by the Cybersecurity & Infrastructure Security Agency (CISA).

CISA highlights the following 16 sectors:

•  Chemical
•  Communications
•  Commercial Facilities
•  Critical Manufacturing
•  Dams
•  Defense
•  Emergency Services
•  Energy
•  Financial Services
•  Food and Agriculture
•  Government
•  Healthcare
•  Information Technology
•  Nuclear
•  Transportation
•  Water

Now that Putin has a warning and a list, will Russia suddenly play by new rules in cyberspace?

"There's no indication at all that he [Putin] actually went along with it," says Keir Giles, a Russia expert with the London-based Chatham House think tank. 

Putin and Russian state media after the Biden-Putin summit 

So what is Putin saying?

After the summit, Putin called the talks "constructive" but also acted mystified about why Russia keeps getting blamed for recent ransomware attacks against Colonial Pipeline and JBS, the world's largest producer of beef and poultry.

However, state-run media had a field day with the summit's cyber topic.

Co-hosts of Russia's 60 Minutes program suggested Russian hackers should "take away all meat" from Americans and said, "Our hackers didn't go far enough."

Nation-state expert: this is how Russia operates in cyberspace 

At least so far, there is no outward indication that Putin will call off the Russian cyberattack dogs.

But then again, how could he say something about that when Russia supposedly hasn't done anything? Putin claimed as much in his interviews leading up to the summit. 

Here is a brief clip from Putin's sit-down with NBC News. The reporter listed off the SolarWinds attack, Colonial Pipeline, JBS, Russian interference with the 2016 U.S. elections, and more. U.S. intelligence has attributed these attacks to Russia-linked threat actors.

Reporter: "Mr. President, are you waging a cyber war against America?"

Putin: "Where is evidence that this was indeed done? I will tell you that this person said that, and that person has said this, but where is the evidence that there is proof?

The latest thing. As far as I know, one of the latest attacks was against a pipeline system in the US. Right?"

Reporter: "Yes."

Putin:  " far as I know, the shareholders of this company, the company even made a decision to pay the ransom. They paid off the cyber gangsters. If you have listed an entire set of US Special Services, they are powerful, respectable, global. After all, they can find wherever the ransom was paid to. And once they do that, I hope they will realize that Russia has nothing to do with it.

Now, there's some kind of a cyber attack against a meat processing plant. Next time, they'll say there was an attack against some Easter eggs. It's becoming farcical like an ongoing farcical thing, a never ending farcical thing.

You said you have plenty of evidence, but you haven't cited any proof, yet again. This is an empty conversation, a pointless conversation, what exactly are we talking about?"

Retired U.S. Air Force Colonel and CNN Analyst Cedric Leighton expected Putin to say as much. Leighton is an expert on nation-state cyber threats who keynoted at the recent SecureWorld Gov-Ed conference.

He's been studying Putin's action for years. 

"He is living up to his training as a KGB officer, which is what he was during the Cold War. And he's very astute, and you have to give him a lot of credit for trying to steer the discussion in a different direction.

When he's asked these direct questions, he's not afraid to deny outright, or even call the idea laughable and say they would not mount an attack like this. But the thing is, it fits in directly with Russian military doctrine. The idea that you would go after the critical infrastructure of a country is part of every single facet of that doctrine."

This could be why Biden specifically warned Putin of attacks against U.S. infrastructure.

Russia based cyberattacks: leaders practice 'plausible deniability'

And Leighton says that going after our election infrastructure, our fuel infrastructure, and our food supply chain fits beautifully with Russia's modus operandi in cyber. And so does the ability to deny these attacks.

Take the Colonial Pipeline ransomware attack, for example. The FBI attributes the attack to DarkSide, a Russia-based cybercrime group. The group immediately apologized after the attack, saying they were 'apolitical' and not trying to shut down a pipeline, just make money.

Putin's comment, above, follows that narrative. He called the perpetrators "criminal gangsters," and this was likely intentional.  

"That is a lot of what Russia does in the cyber world, because you have entities that claim that they are private actors, that they are non-state actors, but they actually get some direction from the state, or at least there's acquiescence from the Russian government," says Leighton.

And they do it with impunity, and they will get away with as much as they possibly can. And Putin's words are an example of that; they are very clearly designed to deny what's going on, but also to in some ways give a wink and a nod to those within Russia who are doing this kind of thing.

They also want to actually physically disrupt some things when the time is right. And of course, it's the time and a place of their choosing, not of ours, and that makes defending ourselves against Russian attacks very, very difficult."

Right now, Colonel Leighton says ransomware is the instrument of choice for Russia's mission in cyber. And this is where the thinking can get off track in Western nations. Too often we view these attacks as one-offs.

"But you can't see it as an isolated incident because ransomware is actually part of a broader strategy. When you look at the way in which these operations were conducted, and the strategy that was involved was clearly to go after elements of the critical infrastructure.

Then they employed the technique of plausible deniability. This is something that intelligence agencies have used for many years, really for centuries.

In essence, what it means is, you have somebody go out and do your dirty work for you, but they don't officially belong to you or to your official organizations. So you can, truthfully in quotation marks, say, 'I did not do this.' This is exactly how Russia conducted its operations in 2016."

In that case, Leighton says Russia's Internet Research Agency did the dirty work. 

"The Internet Research Agency was a form of cutout that was doing the Kremlin's work for it. But the Kremlin could say, 'It is not us, we don't do these kinds of things.' And this is the kind of operation that is going on here with each and every one of these particular cases."

Are Russia and China working together on cyberattacks?

President Biden has laid down the law to Putin, and we're waiting to see how he and the cyber powers in Russia react.

There is also another concerning trend that Colonel Leighton is watching: the possibility that our two most powerful cyber adversaries may be teaming up.

"The other thing that you have to ask is whether or not our major adversaries are actually working together to achieve these kinds of events. In the case of Russia and China, there are plenty of indications that the leaders are. They have several agreements where they share intelligence with each other. They conduct military exercises with each other.

They're also working on 5G rollouts for their respective countries with each other. For example, the Chinese telecom entity, Huawei, is hiring Russian engineers to work on 5G rollouts in Russia, as well as in other countries. And the Chinese have benefited a lot from Russian military hardware and Russian intelligence gathering. So there's some degree of evidence that these two countries may very well be working with each other."

But for now, at least, the world is watching to see what happens between the U.S. and Russia in cyberspace. 

Biden himself told reporters the U.S. will be judging Russia's behavior.

"We'll find out whether we have a cybersecurity arrangement that begins to bring some order," Biden said.

And if not, we'll see if the U.S. will back up its warning to Russia with cyber action.