NSA cyber director warns of Russian digital assaults on global energy sector
National Security Agency Cyber Director Rob Joyce said Thursday he remains concerned about significant cyberattacks from Russia, warning that Moscow could unleash digital assaults on the global energy sector in the coming months.
“I would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally,” Joyce said. “As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level, which is going to cause them to reevaluate, try different strategies to extricate themselves.”
The remarks came as Joyce briefed reporters about the agency’s annual year in review report, which focuses in part on Russian cyberattacks in Ukraine. Joyce said NSA has seen “spillover” from Ukrainian hacks to neighboring countries and particularly Poland due to its status as a supply channel to Ukraine.
The report portrays cyberspace as a critical domain in the Ukraine war and notes that in the weeks leading up to and following Russia’s invasion at least seven new families of destructive data wipers were used.
Joyce said there was an “enormous amount of activity” in cybersecurity this year and it often felt as if the U.S. was “one bad compromise away from Colonial Pipeline.” He added that there were “some really heinous intrusions across 2022 as well.”
Russian threats extended beyond Ukraine, the report said, with hacktivists targeting the defense industrial base and even NATO, whose communications and weapons systems “were in the
crosshairs of our adversaries.”
The report also focused on the NSA’s Cyber Collaboration Center, which works with defense industrial base companies to detect cyberthreats. According to the report, CCC hosted 10,000 “robust bidirectional exchanges” between industry and NSA officials swapping cyber intelligence.
CCC and the United Kingdom’s National Cyber Security Center worked together this year on a “critical cryptographic vulnerability” in Microsoft Windows, the report said. The vulnerability could allow attackers to manipulate public certificates to spoof their identity, the NSA said.
“The CCC has worked on almost every major cyber incident and vulnerability that made the news this last year,” CCC Chief Morgan Adamski told reporters.
Over the past year, the CCC nearly tripled its partnerships, Joyce said, and now works with more than 300 collaborators in the defense industrial base and threat analysis communities. Joyce said the CCC’s 300-plus partners collectively defended an estimated 2 billion endpoints globally in 2022.
The intense cyber activity around the Ukraine war has spurred more companies to invest in cyber, Joyce said.
“I truly believe a lot of the focus and rigor driven by the conflict in Ukraine improved our networks substantially,” Joyce said. “I witnessed boards and corporations willing to invest in cybersecurity resources at a level we’ve never seen before.”
Joyce also was asked about the cyberthreat posed by Chinese ownership of TikTok, which is now the target of Congressional legislation announced Tuesday.
“People are always looking for the smoking gun in these technologies and I would say I characterize it much more as a loaded gun,” Joyce said.
He said he is not expecting “individualized targeting” through TikTok since millions of people use it.
“Where I’m concerned is the overall ability to do large scale influence … either promoting the information they [China] want those millions and millions of people to see or suppressing lines of efforts that they don’t want carried forward,” Joyce said.
Corrected Dec. 15, 2022: The original version of this story mistakenly quoted Joyce referring to GPS attacks. He was actually referencing a ransomware attack on the Brazilian meatpacking company JBS.
This story was featured in CyberScoop Special Report: War in Ukraine