Joint efforts have stymied Russian digital probes in Ukraine, and the United States must continue to build cyber relationships with allies and partners, the chairman of the Senate Armed Services Committee said Wednesday.
Sen. Jack Reed, D-R.I., told the Defense Writers Group that he and other officials will be paying close attention to lessons learned from the Kremlin’s invasion of Ukraine, which began Feb. 24 and is still ongoing.
While acknowledging he has no specific knowledge of operational details, Reed said U.S. operations with the Ukrainians have been “extremely important in informing the Ukrainians of the situation and also of disrupting attacks by Russian cyber hackers on Ukrainian targets,” adding that’s “a lesson we’ll definitely look at.”
The Financial Times reported that the United States sent cyber forces to Ukraine ahead of Moscow’s invasion to help bolster its defenses.
Gen. Paul Nakasone, commander of U.S. Cyber Command, told Congress recently that his organization has worked closely with the Ukrainians since the Russians shut down their energy sector in 2015.
“We had hunt-forward teams from U.S. Cyber Command in Kyiv. We worked very, very closely with a series of partners at NSA and private sector to be able to provide information. … These are all impacts that I think have played positively early on,” Nakasone told the Senate Intelligence Committee March 10.
So-called hunt-forward operations involve physically sending defensively oriented cyber teams to foreign nations to search for threats on their networks at the invitation of host nations. Officials say these activities are mutually beneficial because they help bolster the security of partner nations and provide Cyber Command and the United States advanced notice of adversary tactics, allowing the U.S. to harden systems at home against these observed threats.
Reed said that the operations in and with Ukraine have demonstrated the importance of developing appropriate relationships with allies and partners in terms of sharing cyber information and techniques.
Can cyber operations trigger NATO’s Article V?
The White House and others have warned that the Russians may look to execute cyber ops against the United States and its NATO allies as a means of retaliating for severe economic sanctions levied on them for their invasion of Ukraine.
While U.S. and NATO officials have previously asserted that a cyber operation could trigger the alliance’s Article V, a collective defense mechanism which stipulates that an attack on one nation equates an attack on all, Reed said there isn’t a good definition for when cyberattacks might reach that threshold.
“One of the problems with cyber is we have not written rules of the road,” he said. “We had an intrusion in our presidential election by the Russians [in 2016] and there was no formal mechanism to report them or to sanction them. We’re still in a very early stage. My instincts are it will be a function of scale and probably of the human consequences.”
For example, if a cyberattack takes out a small portion of a nation’s electric grid and no one is hurt, that might not be enough to trigger Article V, he said. However, a cyberattack that causes significant casualties would likely cause NATO to act, he added.