US, allies ready to retaliate for Russian cyber attacks, say officials

The United States and its allies are prepared to respond to Russian cyber attacks amid escalating tensions over Ukraine, with the scope of retaliatory actions or sanctions depending on the severity of the hacks, US and European officials said on Tuesday.

US President Joe Biden, speaking hours after Ukraine reported its defense ministry and two banks had been hacked, told reporters that Washington was coordinating closely with NATO allies and other partners to expand defenses against threats in cyberspace.

The attacks, believed by Western security experts to have been carried out by Russia, were not unexpected, US and European officials said, requesting anonymity.

Russia’s Federal Security Service did not immediately reply to a request for comment from Reuters.

“The President has said we will respond to Russian actions short of a military invasion,” said one US official. “But what is decided depends on the extent of the cyber attacks. There are so many ranges, it’s hard to go into specifics.”

One European diplomat said cyber attacks were a longstanding component of Russian strategy, and had been used by Moscow in past military confrontations with Georgia and Ukraine.

“It’s part of their playbook,” the official said, underscoring Western resolve to use concerted action to hold Moscow accountable for cyber attacks and other “misbehavior.”

While US, European and Canadian officials have worked out a detailed package of sanctions if Russian forces invade Ukraine, there is no similarly detailed plan for how to respond to cyber attacks, the sources said.

That is partly because it can take time to pinpoint who was responsible, especially in the case of distributed denial of service (DDOS) attacks, said the officials. DDOS attacks work by directing a firehose of internet traffic from a multitude of sources against a server or other target.

More aggressive and damaging attacks are likely to draw a fiercer response.

And some countries – including France -generally prefer to avoid publicly attributing blame for cyber attacks, said one of the European officials.

The response could involve actions other than sanctions, including physical or cyber attacks on servers involved, said one cyber expert familiar with Western planning.

Many Russians held responsible for past cyber attacks have appeared on sanctions blacklists, but more could be added, two of the officials said.

Negotiations between US and European officials in recent weeks have focused more on fine tuning the sanctions likely to be imposed in the event of a physical invasion – and their impact on Russia and the imposing countries – rather than mapping out a menu of options for cyber attacks, said one European official.

“There’s no detailed roadmap for what do in the event of a cyber attack,” said one European diplomat. “That will depend on the specifics of the case.”