For many officials who have struggled for years to protect the United States’ critical infrastructure from cyberattacks, the only surprise about what happened over the past few days is that it lasted so long. When Leon E. Panetta was Secretary of Defense under President Barack Obama, Panetta warned of a “Cyber Pearl Harbor” that could turn off electricity and fuel. This phrase is often used to get Congress or corporations to spend more on Cyberdefense.
During the Trump administration, the Department of Homeland Security warned of Russian malware in the American power grid and in the United States made a not entirely secret effort to include malware on the Russian network as a warning.
But in the many simulations carried out by government agencies and electricity companies of what a strike against the American energy sector would look like, the effort has usually been viewed as some sort of terrorist attack – a mix of cyber and physical attacks – or a lightning bolt from Iran, China or Russia at the opening moments of a major military conflict.
But this case was different: a criminal actor who stalled the system while trying to extort money from a company. A senior government official in Biden called it “the ultimate mixed threat” as it was a crime to which the United States normally responded with arrests or charges, creating a major threat to the country’s energy supply chain.
By threatening to “disrupt” the ransomware group, Mr Biden may have signaled that the administration has taken action against these groups that goes beyond charges. This is what the United States Cyber Command did last year, ahead of the November presidential election, when its military hackers broke into the systems of another ransomware group called Trickbot and tampered with their command and control computer servers so that they could not use New Victims with Lock up ransomware. The fear at that time was that the ransomware group could sell its capabilities to governments, including Russia, that were trying to freeze voting tables.
On Monday, DarkSide argued that it was not operating on behalf of a nation-state, perhaps to distance itself from Russia.
“We are apolitical, we do not participate in geopolitics, we do not have to be tied to a defined government and look for our motives,” said a statement on the website. “Our goal is to make money and not create problems for society.”