One genuine piece of news behind the U.S. sanctions against Russian individuals and organizations is the attribution to Russia of a cyberhacking campaign that has targeted critical U.S. infrastructure.
The details: Per the Treasury Department’s statement, “Since at least March 2016, Russian government cyber actors have also targeted … the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors.”
The Department of Homeland Security has previously reported on cyber intrusions into critical infrastructure but has only identified an “Advanced Persistent Threat” without pointing the finger at a suspected culprit. In a move surely coordinated with Treasury’s announcement, the DHS updated its alert to note the Russian attribution and describe a “multi-stage campaign” into energy sector networks that included collection of “information pertaining to Industrial Control Systems.”
Why it matters: This attribution reinforces the need to secure critical infrastructure and continues a series of actions that have picked up steam since Homeland Security Advisor Tom Bossert told an audience last June that the U.S. government would “call out bad behavior and impose costs on our adversaries.” These include removal of Kaspersky from U.S. government systems, special counsel indictments,naming-and-shaming of Russia for the NotPetya attacks and this week’s sanctions and attribution.
What's next: These moves aren’t yet enough to stop Russia’s bad behavior. But it’s hard to imagine matters ending here.