The United States and its allies are prepared to respond to Russian cyberattacks amid escalating tensions over Ukraine, with the scope of retaliatory actions or sanctions depending on the severity of the hacks, U.S. and European officials said on Tuesday.
U.S. President Joe Biden, speaking hours after Ukraine reported its defense ministry and two banks had been hacked, told reporters that Washington was coordinating closely with NATO allies and other partners to expand defenses against threats in cyberspace.
The attacks, believed by Western security experts to have been carried out by Russia, were not unexpected, U.S. and European officials said, requesting anonymity.
Russia’s Federal Security Service did not immediately reply to a request for comment from Reuters.
“The president has said we will respond to Russian actions short of a military invasion,” said one U.S. official. “But what is decided depends on the extent of the cyberattacks. There are so many ranges, it’s hard to go into specifics.”
One European diplomat said cyberattacks were a longstanding component of Russian strategy, and had been used by Moscow in past military confrontations with Georgia and Ukraine.
“It’s part of their playbook,” the official said, underscoring Western resolve to use concerted action to hold Moscow accountable for cyberattacks and other “misbehavior.”
While U.S., European and Canadian officials have worked out a detailed package of sanctions if Russian forces invade Ukraine, there is no similarly detailed plan for how to respond to cyberattacks, the sources said.
That is partly because it can take time to pinpoint who was responsible, especially in the case of distributed denial of service (DDOS) attacks, said the officials. DDOS attacks work by directing a fire hose of internet traffic from a multitude of sources against a server or other target.
More aggressive and damaging attacks are likely to draw a fiercer response. And some countries – including France – generally prefer to avoid publicly attributing blame for cyberattacks, said one of the European officials.
The response could involve actions other than sanctions, including physical or cyberattacks on servers involved, said one cyber expert familiar with Western planning.
Many Russians held responsible for past cyberattacks have appeared on sanctions blacklists, but more could be added, two of the officials said.
Negotiations between U.S. and European officials in recent weeks have focused more on finetuning the sanctions likely to be imposed in the event of a physical invasion – and their impact on Russia and the imposing countries – rather than mapping out a menu of options for cyberattacks, said one European official.
“There’s no detailed roadmap for what do in the event of a cyberattack,” said one European diplomat. “That will depend on the specifics of the case.”