FBI 'concerned' about Russian cyberattacks on critical US infrastructure: Wray
FBI Director Christopher Wray said Tuesday the FBI is "concerned' with the possibility of Russian cyberattacks against critical U.S. infrastructure in the wake of Russia's war with Ukraine.
"The reason we're concerned about it is not just based on our longstanding understanding of how the Russians operate, but it's actually the product of specific investigative work and surveillance work that we've been doing all together," Wray told an audience at the Detroit Economic Club.
"Most cyberattacks don't just happen in an instant. There's activity that leads up to it. There's scanning and researching, researching a victim, scanning for vulnerabilities and systems. There's developing access to those systems. So, there's a whole range of preparatory work, which is what we've been seeing," he said.
It comes as the FBI has seen five U.S. energy companies have their systems scanned, according to a source familiar with the situation, outlined in an agency bulletin first reported by CBS News. ABC News has confirmed the bulletin's contents.
"Today, with the ongoing conflict raging in Ukraine, we're particularly focused on the destructive cyber threat posed by the Russian intel services, and cybercriminal groups they protect and support," Wray said in prepared remarks. "We have cyber personnel working closely with the Ukrainians and our other allies abroad, and with the private sector and our partners here."
On Monday, President Joe Biden urged American businesses to shore up their cyber defenses, saying the threat of a cyberattack on the U.S. has grown now that Russian President Vladimir Putin has his "back against the wall."
"I have previously warned about the potential that Russia could conduct malicious cyber activity against the United States, including as a response to the unprecedented economic costs we've imposed on Russia alongside our allies and partners," Biden said in a statement. "It's part of Russia's playbook. Today, my Administration is reiterating those warnings based on evolving intelligence that the Russian Government is exploring options for potential cyberattacks."
Echoing his comments was the deputy national security adviser for Cyber and Emerging Technology Anne Neuburger at Monday's White House press briefing. She did not go into details about what exactly officials are seeing, but stressed to reporters the government has stepped up preparations for a cyber attack.
"Just last week, federal agencies convened in more than 100 companies to share new cybersecurity threat information, in light of this evolving threat intelligence. During those meetings, we shared resources and tools to help companies harden their security. Like advisory sourced from sensitive threat intelligence and hands on support from local FBI field offices, and sister regional offices, including their shields up program," Neuberger said.
Neuberger said there was not evidence of a specific cyberattack, but "some preparatory activity" that prompted the White House to give classified briefings to companies in sectors they thought could be impacted -- without detailing what sectors that included, despite being pressed for more specifics several times during the briefing.
Homeland Security Secretary Alejandro Mayorkas and the Cybersecurity and Infrastructure Security Agency Director Jenn Easterly both said DHS has resources to combat cyberattacks for private businesses and urged companies to protect themselves.
"Organizations of every size and across every sector should continue enhancing their cybersecurity defenses," Mayorkas said.
Last week, Mayorkas was asked about the threat of ransomware attacks as the conflict in Ukraine continues.
He said in 2021 there was a 300% increase in the number of ransomware attacks from 2020 -- with ransomware losses totally close to $300 million. He urged companies to sure up their cyber defenses, especially while the conflict continues.
"Some of those measures are so simple and accessible. changing one's password making one's password strong multi factor authentication, backing up one system, there are elementary steps that one can take," he told reporters Thursday.
"We have been leaning so far forward in communicating with the private sector, which owns the vast majority of critical infrastructure to equip them to prevent a threat from materializing, to respond swiftly and effectively to an attack should it [occur], and to prove resilient in contemporaneous with the Russian attack and the real possibility that Russia might seek to retaliate via a cyber channel."
As a result of major cyber-attacks in 2021, the Biden administration has tightened cyberattack reporting regulations for certain portions of critical infrastructure, such as pipelines and airlines.
Industry and experts are taking this warning from the White House seriously.
"While Russia has not yet launched more aggressive or destructive cyber-attacks that have impaired critical infrastructure or deleted sensitive data in Ukraine or elsewhere, the administration's comments suggest recent intelligence indicates Russian cyber operators are conducting digital reconnaissance or electronically probing electronic systems in the United States that could lead to those types of operations," Javed Ali, the former senior counterterrorism Director at the National Security Council told ABC News.
"These public statements that seem to give clues about Russian cyber threats and other military developments from different intelligence sources and methods are part of the Biden administration's overall strategy to put pressure on Putin and demonstrate that the United States and its partners have advance notice of Russia's intentions," he said.
Critical infrastructure companies are monitoring the threat, including the Tennessee Valley Authority, a company that provides electricity for 153 local power companies in Tennessee and surrounding states.
"TVA continually monitors for ever-changing threats to cybersecurity," a company spokesperson told ABC News. "We use a multi-layer security strategy, including a combination of hardware, software and procedural controls, to secure our critical generation, transmission and business infrastructure systems. TVA's cybersecurity team monitors the entire enterprise 24/7 and coordinates with federal security agencies to rapidly implement new protective measures for targeted cybersecurity issues."