Return to

Dec. 17, 2015
Notes from the Pentagon

Russian cybersecurity intelligence targets critical U.S. infrastructure
U.S. intelligence agencies recently identified a Russian cybersecurity firm, which has expertise in testing the network vulnerabilities of the electrical grid, financial markets and other critical infrastructure, as having close ties to Moscow’s Federal Security Service, the civilian intelligence service.

The relationship between the company and the FSB, as the spy agency is known, has heightened fears among U.S. cyberintelligence officials that Moscow is stepping up covert efforts to infiltrate computer networks that control critical U.S. infrastructure such as oil and gas pipelines and transportation.

The effort appears to be part of FSB and Russian military cyberwarfare reconnaissance targeting, something the Pentagon calls preparation of the battlefield for future cyberattacks. The Russian company is taking steps to open a U.S. branch office as part of the intelligence-gathering, said officials familiar with reports of the effort who spoke on background.

Officials familiar with reports about the company did not identify it by name. However, security officials are quietly alerting government security officials and industry cybersecurity chiefs about the Russian firm and its covert plans for operations in the United States.

The Russian firm is said to have extensive technical experience in security vulnerabilities of supervisory control and data acquisition systems that are used to remotely control critical infrastructure.

These systems are employed by both government and private-sector system controllers for equipment running water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power grids, wind farms and large communication systems.

In September, Director of National Intelligence James R. Clapper told Congress that Russian hackers have penetrated U.S. industrial control networks operating critical infrastructure. The objective of the hackers is to develop the capability to remotely access the control systems that “might be quickly exploited for disruption if an adversary’s intent became hostile,” Mr. Clapper said.

“Unknown Russian actors successfully compromised the product-supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors’ websites along with legitimate software updates,” Mr. Clapper stated in Sept. 10 testimony to the House Permanent Select Committee on Intelligence.

Russian hackers also were linked to cyberpenetrations of U.S. industrial control networks used for water and energy systems in 2014.

The Russian connection was identified through the use of malware called BlackEnergy that has been linked to Russian government cyberoperations dubbed Sandworm by security researchers.

Mr. Clapper also testified that the Russian Defense Ministry has created a military cybercommand for offensive attacks. Additionally, the Russian military is setting up a specialized branch for computer network attacks.

Gen. Valery Gerasimov, chief of the General Staff of the Armed Forces of Russia, told foreign military attaches in Moscow on Monday that increased military activities by NATO and the development of global missile defenses were “creating a threat of new conflicts and escalation of existent conflicts,” the official Interfax news agency reported.

“The NATO military policy unfriendly towards Russia is a source of concern,” Gen. Gerasimov said. “The alliance continues to expand its military presence and is stepping up the activity of the bloc’s armed forces along the perimeter of borders of the Russian Federation.”

Because of the deployment of a global missile defense network and the development of new means of armed struggle, including hypersonic weapons, “the problem of upsetting the existent strategic balance of force has been growing,” said the general, referring to high-speed strike weapons.

The Pentagon is developing a conventional rapid-attack capability called “prompt global strike,” which can target any spot on Earth in 30 minutes.

Russia has stepped up nuclear threats against the United States and NATO in response to deployment of missile defenses in Europe.

In recent months, Russian President Vladimir Putin has issued an unprecedented number of threats to use nuclear weapons, most notably after the Russian military annexation of Ukraine’s Crimea last year. On Dec. 11, Mr. Putin said he hoped nuclear weapons would not be needed during operations in Syria.

“Particular attention must be paid to the consolidation of the combat potential of the strategic nuclear forces and the execution of space-based defense programs,” Mr. Putin was quoted as saying at the meeting with his defense chiefs. “We need, as our plans specify, to equip all components of the nuclear triad with new arms.”

Lt. Gen. Ben Hodges, commander of U.S. Army forces in Europe, told reporters last week that Russian nuclear threats are troubling in the current security environment.

“The way that senior Russian officials have talked about Denmark as a nuclear target, Sweden as a nuclear target, Romania as a nuclear target, sort of an irresponsible use of the nuclear word, if you will, you can understand why our allies on the eastern flank of NATO — particularly in the Baltic region — are nervous, are uneasy,” Gen. Hodges said.

Additionally, the Russian military has conducted “large snap exercises without announcement,” which also has increased fears of a Moscow threat, he said.

Online supporters and members of the Islamic State group took to social media this week to denounce the newly formed Saudi Arabian-led coalition of Muslim-majority states opposing jihadi terrorism.

The anti-terrorism coalition comprises 34 Islamic nations that the Riyadh government announced Tuesday will share intelligence and train and equip military and security forces to target Islamic State terrorists.

The step appears to be a reaction to the Obama administration’s weak response to the Islamic State, which controls significant territory in Syria and Iraq and is expanding to Libya, Afghanistan and Egypt.

Saudi Foreign Minister Adel al-Jubeir said troops from the nations would be deployed. “Nothing is off the table,” he told reporters in Paris. “It depends on the requests that come, it depends on the need and it depends on the willingness of countries to provide the support necessary.”

A center will be set up in Riyadh to coordinate military operations from the combined coalition, which includes Egypt, Qatar, the United Arab Emirates, Turkey, Malaysia, Pakistan and several African states. Iran is not part of the group, a reflection of Saudi opposition to Iran.

Online jihadi reaction was negative.

According to U.S. security officials who monitor pro-Islamic State Twitter and Facebook accounts, jihadi posters called the Saudi-led Islamic coalition a war against “mujahedeen groups” backed by the United States that is targeting all Islamist programs.

Jihadis from the Islamic State and rival al Qaeda terrorist organization issued threats against Saudi Arabia for forming the coalition and vowed to carry out attacks against Saudi leaders.

British-based Islamist Hani al-Sibai on Twitter called the coalition a force “to fight Islam led by the Commander of the Faithful Obama.”

Jihadis also criticized the group for failing to declare war on the Syrian regime and its supporters, Russia and Iran, and for not targeting Israel.

The Pentagon has tried for several years to mothball the A-10 close air support strike jet. But each time, its fans on Capitol Hill add defense budget language preventing the Air Force from retiring any more squadrons.

The Air Force argues that it has other planes for that role. But the Warthog’s fans say it is the only armored jet that can fly low over the battlefield, pick out targets and pinpoint cannon and machine gun fire.

American commanders running the task force to counter the Islamic State group appear to be siding with the fans, not the Pentagon.

In Wednesday’s tweet from Task Force Inherent Resolve on recent airstrikes, there is a photograph of the venerable A-10 in flight. The jet has been flying missions since early in the 15-month-old air assault.

Thus, the disrespected A-10 has become one of the war’s prominent symbols of success.

  • Contact Bill Gertz on Twitter via @BillGertz.

  • Return to