Officials from multiple US agencies met Thursday with executives from big US banks to discuss how they might respond to Russian hacking threats as US officials warn that Russia could invade Ukraine at any time, five people briefed on the meeting told CNN.
The meeting — which covered how to defend against potential Russia-backed hacking attempts against US financial institutions should the Biden administration sanction Russian entities — shows how US officials continue to see cyberspace as a domain of risk so long as the Ukraine crisis drags on. It comes as other critical infrastructure sectors, such as electric utilities, are on alert for any Russian activity.
The meeting came as President Joe Biden and his top officials spent the day laying out dire warnings about the potential for a Russian invasion. With an estimated 150,000 Russian troops positioned around the Ukrainian border, it was a day that underscored palpable concern that the pathway to a diplomatic off-ramp was growing exceedingly narrow.
Biden said Friday that he was convinced Russian President Vladimir Putin has made the decision to invade Ukraine, but emphasized that room for diplomacy remains.
The administration’s warnings have coincided with efforts to lay the groundwork for an array of sanctions the US and allies have promised would be deployed in the event of Russian military action.
Officials from the White House, Treasury Department, FBI and US Cybersecurity and Infrastructure Security Agency (CISA) attended the cybersecurity meeting Thursday, the people familiar with the meeting said. Executives from JPMorgan Chase and Citigroup, which is the only US bank currently operating in Ukraine, were invited.
“We have good insight into Russian capabilities, or those of aligned actors, based on past actions, so we’ve approached this [process] with those in mind,” one US official told CNN.
US officials such as CISA Director Jen Easterly continue to say there are “no specific credible threats to the US homeland’ stemming from the Russian military’s surrounding Ukraine. But officials are also preaching vigilance and, as CNN reported Monday, asking private executives to lower their thresholds for reporting suspicious digital activity to the government.
As US officials keep a close eye for any Russian hacking activity on US networks, they moved quickly on Friday to blame Russia’s GRU military intelligence agency for a cyberattack that temporarily blocked access to the websites of Ukrainian banks this week.
The banking sector got a lesson in the cyber risks that can come with geopolitics in 2012 and 2013, when, following Western sanctions on Iran’s nuclear program, Iranian hackers overwhelmed the websites of dozens of US banks with phony traffic, costing tens of millions of dollars in lost business.
The experience has loomed large in the minds of cybersecurity executives at US financial institutions, which have strengthened their defenses in recent years. Experts consider the financial and electric sectors two of the more mature in its cyber defenses.
A Treasury spokesperson declined to comment on Thursday’s meeting. JPMorgan Chase and Citigroup declined to comment.
A senior administration official told CNN that the White House and federal agencies have been preparing since November for “any potential disruptions to our critical infrastructure and possible impacts to individuals and communities.”
The potential cyber threat has also featured in so-called “tabletop” exercises that have taken place inside the administration in recent months, as officials across the government have met to game out response possibilities that come with Russian escalation and potential invasion.
“We have created a process for agencies to quickly assess the impact of cyber [and] physical incidents and to inform the White House of the same,” the official added.
One tipping point that could trigger Russia-backed hacking against US organizations is if the Biden administration imposes the “swift and severe” sanctions that officials have been promising if Russia further invades Ukraine.
US officials have sought input on potential market effects of any new sanctions, which officials have suggested would go further than any package prior, with potential targets ranging from financial institutions and networks to export controls designed to impair critical Russian economic sectors reliant on American software and equipment.
As tensions in the last several days have ratcheted up to their highest level yet, the tempo of the work to plan for what may occur in the wake of sanctions being put into place, already at a high level, has also increased, one official said.
Grid regulator tells utilities to be at ‘highest possible level’ of preparedness
Federal officials and executives from key sectors like banking and energy have been keeping a close eye on any potential spillover effects from US-Russia tensions over Ukraine. Those preparations included an Energy Department briefing on the history of Russian cyber capabilities in December for America’s largest utilities, and a previous classified briefing from Treasury for big banks, CNN previously reported.
North American electric utilities should be at their “highest possible level” of preparedness for “potential Russia-linked cyber and disinformation activity” in light of US-Russia tensions over Ukraine, the North American grid regulator said in an advisory to the power sector this week obtained by CNN.
The North American Electric Reliability Corporation (NERC) – a not-for-profit regulatory authority backed by the US and Canadian governments – said it was unaware of a “specific, credible threat to the North American electricity industry from Russia [or associated threat actors].”
But the regulator said it was making a “proactive recommendation” for the electric industry to be vigilant for any anomalous cyber activity.
“During these heightened tensions, NERC recommends that entities adopt the highest possible security posture for their most critical system assets and have response, mitigation, and staffing plans in place for this escalating conflict,” NERC said.
NERC regularly tracks various cyber threats and communicates with utilities about them.
The electric sector has also in the last year deployed additional threat-detection tools on the more sensitive industrial control systems that help deliver power as part of a US government-backed initiative.
“If one of us gets punched in the face, all of us know about it,” said Robert M. Lee, CEO of industrial cybersecurity firm Dragos, of the greater visibility of threats in the sector.
US electric utilities and officials have also carefully studied cyberattacks in 2015 and 2016 that cut power in parts of Ukraine, and which the Justice Department later blamed on Russia’s GRU.
The Department of Energy and the Pentagon’s research arm have in recent years hosted a series of drills for US grid operators to drill for mock cyberattacks modeled after the Ukrainian incident.
Patrick C. Miller, the CEO and owner of Oregon-based Ampere Industrial Security, said the NERC alert was in that spirit of preparing for advanced cyberattacks.
The Ukraine cyberattacks in 2015 and 2016 “established the fact that power systems” are now fair game for adversaries, Miller told CNN.
CNN’s Matt Egan contributed reporting.