Russia and a host of other bad actors are active in Ukrainian cyberspace in everything from intelligence gathering to criminal pursuits, according to National Security Agency (NSA) Director of Cybersecurity Rob Joyce.
Yet the United States employs a wide range of tactics to identify and eliminate these cyber threats, he said.
Bad Actors
Nation-states often use proxies in conducting cyber attacks, said Joyce, so it’s not always easy to tell who the true enemy is.“There is this scale that goes from black to white, and there are shades of gray all the way between. I can absolutely tell you that there are nation-state hackers by day, who use their tools and capabilities and knowledge to do criminal things by night,” Joyce said.
In Ukraine, that combination of identities can be especially difficult to sort out, according to Joyce, because some hackers are Russians motivated by patriotism but not aligned with the Russian government. Yet some hackers who work for the Russian government operate under the guise of patriotic hackers.
Russian Hackers
The Russians have demonstrated significant capability in the cyber fight against Ukraine, including attacking their ability to use Navstar GPS satellites and launching at least nine unique wiper viruses into the Ukrainian cyber environment, Joyce said. Wiper viruses are malware that erases a computer’s hard drive.Hackers also attack Ukrainian financial institutions, government personnel, and businesses in an effort to disrupt Ukrainian society.
There is also a lot of intelligence-gathering activity—sometimes in creative ways, Joyce said. “We’re watching the Russian hackers log into public-facing webcams to watch convoys and trains delivering aid.
“They’re looking at the coffee shop security camera and seeing the road they need to see.”
Active Defense
To combat Russian and other hackers, the NSA has a strategy of “active defense,” which Joyce likens to defending the goal in a soccer match.If you give an opponent unlimited shots on goal, they will eventually score, Joyce said.
“The idea behind active defense is to use tools and capabilities to make sure they don’t get to do that [opportunity] unimpeded,” he said.
“We have a set of people who get up in the morning and go to bed at night thinking, “How do I give the adversary a bad day, using what NSA has or knows?” Joyce said.
Since the NSA mostly gathers information rather than undertaking operations, that involves working with panthers like the FBI, Cyber Command, the State Department, and the Treasury, according to Joyce.
“Our Adversary Defeat function is figuring out how we operationalize the SIGINT. We know how do we find the partner who can do something effectively, that takes a [bad] actor out of the ecosystem or disrupts them from being able to have those free kicks on goal.”
Those actions could include law enforcement, diplomatic engagement, and sanctions by the Treasury’s Office of Foreign Assets Control.
“It’s a wide array of tools,” Joyce said.
