From Russia with Love: Understanding the Russian Cyber Threat to U.S. Critical Infrastructure and What to Do about It
19 Pages Posted: 2 Jun 2017 Last revised: 3 Dec 2017
Date Written: May 31, 2017
Abstract
In December 2016, the U.S. Department of Homeland Security disclosed that malicious software (malware) found on a computer system owned by a Vermont utility called the Burlington Electric Company was the same variant as that used to breach the Democratic National Committee (DNC). This admittedly overhyped episode is the latest in a string of cybersecurity incidents that involve U.S. critical infrastructure (CI) and that have been linked to Russia. Already, a number of nations have seen their systems compromised by such attempts, such as Ukraine, which experienced several of its substations crashing in December 2015 in “the first-ever confirmed cyberattack against grid infrastructure.” Unfortunately, the same pattern played out in Ukraine on December 23, 2016. This Article examines the most recent such hacks and investigates the current state of U.S. efforts to advance cybersecurity, including to what extent the recently released draft Version 1.1 of the National Institute of Standards and Technology (NIST) Cybersecurity Framework will contribute to safeguarding vulnerable U.S. CI, and what further steps — such as an effective deterrence strategy — are needed going forward.
Keywords: Cybersecurity, Critical Infrastructure, Cyber Attack, Russia, NIST Cybersecurity Framework
Suggested Citation: Suggested Citation