Analysis: Hacks force Biden into more aggressive stance on Russia
A ransomware attack on JBS, the world's largest meatpacker, by a criminal group likely based in Russia has strengthened the Biden administration's resolve to hold Moscow responsible for costly cyber assaults - even if they are not directly linked to the Kremlin.
U.S. President Joe Biden has launched a review of the threat posed by ransomware attacks and he will discuss the issue of harboring such hackers with Russian President Vladimir Putin this month, the White House said on Wednesday.
"President Biden certainly thinks that President Putin and the Russian government has a role to play in stopping and preventing these attacks," White House press secretary Jen Psaki said Wednesday.
The JBS hack is the third major cyberattack linked to hackers from Russia since Biden took office in January, following attacks aimed at Colonial Pipeline Co and software made by SolarWinds Corp. JBS is a Brazilian company with extensive U.S. operations.
"Biden has indicated his willingness to hold Russia accountable in some way for the pipeline attack, even though it was carried out by a criminal organization," said Tom Bossert, a top homeland security adviser to former President Donald Trump. "That's a big leap forward."
The White House plans to use a June 16 summit between Biden and Russian President Vladimir Putin to deliver a clear message to the Russian leader, officials said. A next step could be destabilization of the computer servers used to carry out such hacks, some cyber experts say.
Biden has launched a review of the threat posed by ransomware attacks and he will discuss the issue of harboring such hackers with Russian President Vladimir Putin this month, the White House said on Wednesday.
Russia joined U.N. member states in endorsing a March report agreeing to voluntary norms around cyber crime, including a pledge to not conduct or knowingly support cyberattacks in violation of international law that intentionally damage or impairs critical infrastructure.
Biden, who has repeatedly taken aim at Russia for its jailing of Kremlin critic Alexei Navalny and a military buildup near Ukraine, will urge NATO allies, EU leaders and the Group of Seven rich countries to back a strong, unified stance on Russia at separate summits before he meets Putin, U.S. officials say.
Consensus is growing among Western allies that stronger action is needed, they say.
The White House said Tuesday it was engaging directly with the Russian government. The statement marks a clear shift toward a new and more assertive U.S. policy against Russia on hacking, say former and current U.S. security officials and analysts.
The White House response came after Senator Lindsey Graham and other Republicans criticized the Biden administration for a "weak" response to last month's ransomware attack on Colonial Pipeline, the largest fuel pipeline in the United States, by DarkSide, a group with ties to Russia.
U.S. officials said they sprang into action after both incidents. The White House also started a review of ransomware attacks, including a push to work with allies to "hold countries who harbor ransom actors accountable."
James Lewis, a cyber expert at the Center for Strategic and International Studies think tank, said people who brief Biden had told him they expect strong language from Biden at the meeting.
"Biden is tough. He's going to tell Putin, 'This is enough. You've got to stop or we'll do something back,'" Lewis said.
DISABLING HACKER INFRASTRUCTURE
The U.S. intelligence and military community has long had the capability to damage computer servers used by private hackers in other countries, but largely refrained, given diplomatic concerns about the consequences.
The JBS hack could signal a turning point.
Lewis said a surge in ransomware attacks had overshadowed diplomatic concerns in recent months.
"The Russians don't see any reason to stop. Until we do something, this is going to keep happening," he said. Biden's experts are working on a new doctrine.
Bossert said Russian-based hackers could well increase their attacks on U.S. companies in response to any foreign policy decisions taken at the upcoming G7, NATO and EU summits. That would give the United States more reasons to take down the infrastructure used to launch such attacks.
"The U.S. government should be prepared to use its capabilities to directly take down the infrastructure that would be used - whether belonging to a government or a proxy group - should cyber attacks escalate," he said.