The US military's Cyber Command has gotten more aggressive than ever against Russia in the past year, placing "potentially crippling malware" in systems that control the country's electrical grid, says a report. Made possible by little-noticed legal authority granted last summer by Congress, Cyber Command's strategy shift from a defensive to offensive posture is meant in part as a warning shot, but it's also designed to enable paralysing cyberattacks in the event of a conflict, The New York Times said Saturday, quoting unnamed officials.
The agency's actions can now be OK'd by the defense secretary without a special presidential thumbs-up, the Times said. And the recent moves appear to have taken place under a military authorization bill Congress passed in 2018 that gives the go-ahead for "clandestine military activity" in cyberspace to "deter, safeguard or defend against attacks or malicious cyberactivities against the United States."
The more-aggressive stance comes amid worries about Russian interference in the 2020 US presidential election, but Russia's shutdown of part of Ukraine's power grid in 2015, as well as reports that a Russian government-sponsored group ID'ed as Dragonfly or Energetic Bear had been able to gain access to the control rooms of US electric utilities in 2017.and concerns around have been ramping up for some time. Red flags have included
Cyber Command also received new authority last year from the US president under a still-classified document called National Security Presidential Memoranda 13, the Times said. The agency's "Russia Small Group" tapped that authority to, among other things, "overwhelm" computers used by the Internet Research Agency, the Russia-backed group indicted by the US Department of Justice for a campaign of fake news and trolling during the 2016 election.
The Times said Cyber Command is concerned Russia could trigger selective power outages in key states during the 2020 election and that it needs a way to discourage such attacks. But the agency and the US have to consider their moves carefully in this international game of cyberchess.
"The question now is whether placing the equivalent of land mines in a foreign power network is the right way to deter Russia," the Times report says. "While it parallels Cold War nuclear strategy, it also enshrines power grids as a legitimate target."
Cyber Command didn't respond to a request for comment.
In related news, Bloomberg reported Friday that a Russia-linked hacking group that shut down an oil and gas facility in Saudi Arabia in 2017 has been probing utilities in the US since late last year.
Originally published June 15, 11:26 a.m. PT.
Update, 11:33 a.m.: Adds mention of Bloomberg report.