Putin’s threat of ‘consequences’ heightens worries about Americans’ electricity

Maggie Miller

February 25, 2022 at 6:00 PM·10 min read

The war in Ukraine is renewing fears of a Russian cyberattack on the U.S. — and the danger that such a strike could spiral into a wider conflict between the two powers.

U.S. officials have worried for years about a potential Russian hack of critical systems such as the electric grid, which energy experts say is vulnerable to attacks that could cut off power for hours, days, weeks or even months. The United States would almost certainly respond to such an assault on Americans’ daily lives — and lawmakers and policymakers have said the options would need to include military reprisals or cyber counterattacks, not just more economic sanctions.

Washington has never made it clear what kind of hack would trigger an escalation, despite years of warnings from security agencies that Russia is probably laying the groundwork for a critical infrastructure attack that the U.S. would be ill-prepared to prevent.

“All these hypotheticals about what constitutes an attack… suddenly could move from hypothetical to real literally in the next few days,” Senate Intelligence Chair Mark Warner (D-Va.) said in an interview this week.

Russian President Vladimir Putin issued an ominous warning to nations like the U.S. in his Thursday morning speech announcing the invasion — saying that “whoever tries to hinder us” will face “consequences that you have never faced in your history.”

Later that day, President Joe Biden said from the White House that “if Russia pursues cyberattacks against our companies, our critical infrastructure, we're prepared to respond” — though he did not say what that response would entail.

Biden told Putin during a summit last summer that the United States’ critical infrastructure should be "off-limits" to digital assault, handing him a list of 16 sectors that the Department of Homeland Security has identified as especially vital to the national interest. Those include energy, water, financial services, health care, defense and the food supply.

But Russian government hackers have repeatedly made forays into U.S. critical infrastructure including the energy sector since 2016, the FBI and DHS have said. A 2019 “Worldwide Threat Assessment” by the U.S. intelligence community found that Russia has the capability to disrupt electrical distribution centers in the United States for “at least a few hours,” adding: “Moscow is mapping our critical infrastructure with the long-term goal of being able to cause substantial damage.”

A major attack on the U.S. grid could be especially devastating, plunging parts of the country into darkness for days or longer depending on the method of attack. Texas offered a peek at this scenario last year, when power failures triggered by cold weather left millions of people without power. More than 200 deaths were linked to the storm, two-thirds of them due to hypothermia.

Russian hackers demonstrated their ability to make such threats real by attacking Ukraine’s grid in 2015 and 2016, leaving portions of the country in the dark for several hours each time.

Criminal ransomware gangs based in Russia made the lesson even plainer for the U.S. in two critical infrastructure breaches last year — an attack on the East Coast’s main fuel supply line that triggered price spikes and gasoline shortages, and another that shut down more than a fifth of the nation’s beef supply.

If a cyberattack on the grid were massive enough, the U.S. might consider it an act of war on the same level as a physical strike against power plants. That could justify a response in kind by the United States and its NATO allies.

“Actually affecting the power grid in that way here in the U.S. would definitely be a big step up in terms of escalation,” said Michael Daniel, who was White House cybersecurity coordinator under President Barack Obama and now leads the Cyber Threat Alliance. “That would probably prompt the U.S. government to look at a wide variety of tools that it might have to try to signal the level of seriousness with which we are treating that, and also to try to impose costs and disruptions on the Russians.”

Sen. Angus King (I-Maine), who co-chaired a congressionally chartered cybersecurity commission, said last week that the U.S. would need to offer a serious response to attacks on its critical infrastructure.

“There is a range of responses, but to me the important thing is that A — there is a response, and B— the Russians know there will be a response. That’s called deterrence,” King said. “It could be sanctions, it could be any number of different things.”

NBC News reported Thursday that U.S. officials are considering preemptive attacks of their own on Russia’s critical infrastructure to hobble the Ukraine invasion, with options such as shutting off internet service, interrupting the electricity supply or tampering with railroad switches. White House press secretary Jen Psaki dismissed the report as “off base,” saying it “does not reflect what is actually being discussed in any shape or form.”

‘How deep did they get in?’

Warnings of a potential Russian attack on the U.S. electrical grid have escalated in recent months as tensions over Ukraine rose.

DHS’ Cybersecurity and Infrastructure Security Agency said in an alert this month that owners and operators of critical infrastructure should strengthen their cybersecurity practices to counter potential Russian threats. Those included water plants, communications networks and in particular, the power grid.

Separately, the cybersecurity company Dragos recently tracked a hacking group that is “doing reconnaissance on electric and natural gas sites here in the United States,” founder and CEO Robert M. Lee said in an interview this month.

Energy Secretary Jennifer Granholm urged energy executives in a letter Wednesday to “prepare to the highest possible level” for Russian hacking. Her department last year launched a 100-day plan to improve the grid’s cyber defenses.

Still, Granholm wrote Wednesday, “There remains no specific credible threat to the homeland from Russia, that I am aware of.”

The latest warnings follow years of efforts by the U.S. electric power sector to absorb the lessons of the 2015 and 2016 blackouts in Ukraine, whose power system shares some of the vulnerabilities of the American grid. (U.S. power plants also use more automated systems than their Ukrainian counterparts, which would complicate the task of bringing them back online.) But those preparations are not yet complete.

“Are we better off than we were five or six years ago when Russia undertook that activity in December of 2015 in Ukraine? Absolutely,” said Daniel, the former White House cyber coordinator. “Do I think we’re where I would say we are very well off? No, I'm afraid I couldn’t say that.”

Power industry experts disagree, though, on whether hackers could trigger a widespread power outage in the U.S.

A massive outage would be difficult to pull off through a remote hack alone, said cyber risk consultant Tom Alrich, saying it would require Russians to create a cascading blackout in which the failure of a small piece of the grid could trigger wider disruptions. Such a scenario played out in parts of Canada, the Midwest and the Northeast in 2003, when tree branches touching power lines in Ohio set off a series of failures that caused millions of people to lose power for several hours.

After those outages, a standards-setting body called the North American Electric Reliability Corp. has issued a series of rules aimed at preventing such a snowball effect on the grid, Alrich said. At this point, he said, "it would be almost impossible to cause a cascading outage" — a scenario that would require something like 20 to 30 attacks on various parts of the grid.

But former NERC official Tobias Whitney said several scenarios exist in which a wide-scale disruption would be possible. For instance, hackers could trigger mass outages by downing a control center and backup control for a large transmission operator or a critical transmission substation, said Whitney, who is now vice president of strategy and policy at the cybersecurity firm Fortress.

Experts believe that Russian hackers trying to bring down part of the U.S. grid would probably enter via a side route — breaking into a major energy provider’s networks by infecting a software update from a less secure company. Such a strategy would have been long planned out.

“If they’ve done it, they’ve done it. They are sitting in there,” said Eric Byres, founder and chief technical officer of cybersecurity group aDolus. “That typically takes six to 12 months to execute, so they won’t be doing it tomorrow. The question will be, how deep did they get in, and how destructive they want to be.”

Options for Biden

The next question is how the U.S. would respond.

One option, of course, is for Biden to impose more sanctions, on top of the economic penalties he announced Thursday for banks, oligarchs and other targets in Russia and its ally Belarus. Biden left plenty of room to ramp up the pressure later — he announced no sanctions for now on Putin’s personal wealth or Russia’s oil and gas companies.

A second possibility: The United States could use its own fearsome cyber capability to launch a counterattack on Russia.

The military’s U.S. Cyber Command has demonstrated its ability to strike Russia before — for example, by temporarily shutting down a St. Petersburg-based disinformation factory during the 2018 midterm elections, as The Washington Post later disclosed. The U.S. has also installed probes in the Russian electric grid since at least 2012, and under the Trump administration began implanting malware there at a newly aggressive pace, The New York Times reported in 2019.

A cyberattack against Russia could similarly hobble critical systems for months or longer. The best-known example, a computer worm called Stuxnet believed to be the work of the U.S. and Israel, sabotaged Iran’s nuclear program by destroying centrifuges before being discovered in 2010.

The third and most serious scenario is that an attack on the U.S. grid could trigger Article 5 of the NATO treaty, which requires all members to step in if one member is attacked. NATO declared in 2019 that a major cyberattack against one member state would qualify for such a response.

That could bring every NATO-allied nation into conflict with Russia — raising the possibility of a coordinated response against Moscow that could ramp up the conflict exponentially.

The U.S. even has a precedent for wielding deadly force against a hacker: In 2015, it used a drone strike in Syria to kill a high-level ISIS operative suspected of helping hack U.S. Central Command’s social media accounts, publishing personal information of U.S. troops and using Twitter to encourage terrorist attacks on Americans.

But the U.S. has also hesitated at times to offer a forceful response to Russian hacking for fear of triggering a cycle of escalations that would bring greater damage for the United States. That was one factor in the Obama administration’s slow-to-unwind reaction to Russia’s interference in the 2016 presidential election.

Some security experts and lawmakers have argued for years that a conventional — or “kinetic” — military response should be one option on the table for responding to a major cyberattack. But realistically, the U.S. would use physical force only if the hack had endangered health and safety.

“The U.S. has always reserved the right to respond to malicious cyber activity with both cyber and kinetic tools,” said Mark Montgomery, senior director of the Foundation for Defense of Democracies. “Should someone attack us in a significant way with a cyber tool, they can expect that our response might be in either realm.”

The line dividing these various options has never been quite clear, Warner acknowledged.

“I’m not sure we’ve put out red lines for our adversaries, or for that matter fully warned Americans about the consequences,” the Senate intelligence chair said. “We’ve been talking about this potential for a long time. Thank God we’ve never seen the full effects of an attack.”

Catherine Morehouse contributed to this report.

The Conversation
Mutton, an Indigenous woolly dog, died in 1859 − new analysis confirms precolonial lineage of this extinct breed, once kept for their wool
Dogs have lived with Indigenous Americans since before they came to the continent together 10,000 years ago. A new analysis reveals the lineage of one 1800s ‘woolly dog’ from the Pacific Northwest.
Associated Press
The Israel-Hamas war is testing whether campuses are sacrosanct places for speech and protest
“Where there is much desire to learn, there of necessity will be much arguing, much writing, many opinions; for opinion in good men is but knowledge in the making,” wrote poet John Milton, an alumnus of Cambridge University, in his 1644 treatise against censorship in publishing. “Give me the liberty to know, to utter, and to argue freely according to conscience, above all liberties.”
Yahoo Finance
Markets brace for Nvidia earnings: What to know this week
A crucial earnings report from AI leader Nvidia greets a stock market that hit new records last week.
AFP
US forces lose strategic African position in Niger
With the US troop withdrawal from military-led Niger underway and due to be over by September 15, Washington is preparing to abandon its strategic position in the Sahel where Russia and Iran are gaining ground.- Russian and Iranian advance - Niger demanded the US troop pull-out after Washington expressed concern about "potential Nigerien relations with Russia and Iran".
USA TODAY
Guns, inflation, Biden: Donald Trump prepares to counter jury verdict in hush money case
Trump's NRA speech in Dallas heralded what could be a big week for him: A jury's decision in the New York hush money case.
CNN
Blue Origin will launch six tourists to the edge of space after nearly two-year hiatus
The NS-25 mission is expected to lift off on Sunday, ending a lengthy hiatus from crewed launches prompted by a failed uncrewed test flight in 2022.
CBS News
U.S. and Saudi Arabia near potentially historic security deal
United States National Security Advisor Jake Sullivan met with Crown Prince Mohammad bin Salam on Saturday to discuss a potentially historic bilateral agreement between the two nations.
Politico
Elon Musk launches Starlink satellite internet service in Indonesia
He took a speed test of the Starlink internet service with several health workers in Indonesia’s remote regions.
AFP
DR Congo thwarts Kinshasa 'coup attempt' : army
The DR Congo military on Sunday thwarted an attempted coup near the offices of President Felix Tshisekedi in Kinshasa involving "foreigners and Congolese", the army spokesperson said.He added that the "foreigners and Congolese ... including their leader" would "all no longer cause any harm".
CNN
Central US faces severe weather threat, with tornadoes, large hail and damaging winds possible
Millions across parts of the Central Plains are at risk for severe weather Sunday that could bring tornadoes, large hail and damaging winds to the area.
Associated Press
Senior Republican close to Trump criticizes Biden's arms holdup in speech to Israeli parliament
Elise Stefanik, a House Republican leader seen as a candidate to be Donald Trump's running mate, delivered a speech before Israel's parliament on Sunday in which she criticized President Joe Biden's approach to the war in Gaza. Stefanik, the fourth highest-ranked Republican in the House of Representatives, is the latest of several U.S. politicians from both sides of the aisle to visit Israel since Hamas' Oct. 7 attack ignited the war in Gaza.
AFP
Moroccan enterprises give jobs, hope to people with disabilities
Fadoua Lamrani was elated when she was hired as a waitress at a restaurant in Morocco which employs people with mental disabilities.-'Change society's view'- While Lamrani said she was still glad to be working at the restaurant, she also wanted to try her luck elsewhere, "like any other waitress in any other restaurant".
Reuters
Factbox-High-profile US trials where defendants took the stand
Donald Trump's lawyer said last week the former U.S. president had not decided whether to testify at his criminal trial stemming from hush money paid to a porn star, which would be an uncommon and risky move that some high-profile defendants have made at their own recent trials. Prosecutors said Bankman-Fried stole $8 billion in customer deposits to plug losses at his crypto-focused hedge fund, Alameda Research.
Yahoo Finance
Under Armour is collapsing — And Kevin Plank has to take the blame
The Under Armour meltdown continues.
NBC News
ADHD drug shortage shows signs of letting up, but some patients still struggle
ADHD medication shortages have largely been resolved, says the FDA. However, some doctors and patients still report difficulties in obtaining prescriptions.
Associated Press
Why US Catholics are planning pilgrimages in communities across the nation
A long-planned series of Catholic pilgrimages has begun across the United States this weekend, with pilgrims embarking on four routes before converging on Indianapolis in two months for a major gathering focusing on Eucharistic rites and devotions. The National Eucharistic Pilgrimage is beginning with Masses and other events in California, Connecticut, Minnesota and Texas. A small group of pilgrims plan to walk entire routes, but most participants are expected to take part for smaller segments.
Reuters
Hundreds of Tunisian president's supporters protest against 'foreign interference'
Hundreds of people demonstrated in Tunis on Sunday in support of President Kais Saied amid widespread criticism at home and abroad after a wave of arrests that included journalists, activists and lawyers. The European Union, France and the UN High Commissioner for Human Rights expressed concern at the arrests and at a police raid on the headquarters of the bar association this month in which two lawyers critical of the president were detained. Police this month arrested 10 people, including journalists, lawyers and officials of civil society groups, in what was described as crackdown by Amnesty International and Human Rights Watch, which called on Tunisia to respect free speech and civil liberties.
AFP
Dominican Republic votes for president in poll overshadowed by Haiti crisis
Polls opened in the Dominican Republic on Sunday, where President Luis Abinader is poised for comfortable reelection on the back of widespread support for his tough stance on migration from troubled neighbor Haiti.Polls show Abinader leading his closest rival Leonel Fernandez -- a 70-year-old three-time ex-president -- with 60 percent of voter support compared to 25 percent.
AFP
Taiwan coast guard ramps up island patrols ahead of inauguration
Taiwan's coast guard ramped up patrols over the weekend around outlying islands that have seen increased presence of Chinese vessels, the agency said Sunday, the day before Lai Ching-te's inauguration as Taiwan's new president.Taipei's Coast Guard Administration said Sunday it had sent personnel to "patrol all hours of the day and night" around Taiwan's three major outlying islands: Kinmen, Matsu and Penghu.
Reuters
Didi co-founder Liu steps down after decade at helm of Chinese ride-hailing company
Didi Global Inc's co-founder Jean Liu has stepped down from her roles as president and board director of China's biggest ride-hailing firm to take on a new role, according to an internal company memo. Didi, which is seen as China's answer to Uber but has faced prolonged regulatory scrutiny, will no longer have a position of president, it said in the memo seen by Reuters. Liu, a former Goldman Sachs banker who has been at the helm of Didi for a decade, will take on a new role as "permanent partner" and will maintain her current duties including serving as chief people officer, Liu and CEO Will Cheng said in the internal letter sent to employees on Sunday.

‘How deep did they get in?’

Options for Biden

Latest Stories