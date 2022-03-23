As the war in Ukraine intensifies, so do the fears of Sen. Mark Warner, D-Va., about Russian cyber-attacks aimed at the American economy in retaliation for economic sanctions imposed on Russia and its leaders.

Warner, chairman of the Senate Intelligence Committee and co-chair of the Senate Cybersecurity Caucus, said U.S. businesses and other institutions need to be prepared for digital attacks on their information systems if Russian President Vladimir Putin strikes back against opponents of his invasion of Ukraine.

It hasn't happened yet, "but as we see Putin more and more isolated and being less successful on the battlefield, this possibility is real," he said in a press briefing on Wednesday.

What would such an attack do?

Warner, who made his fortune in telecommunications before entering politics, can't say, but he worries about the consequences if either Russia or the U.S. unleash their full arsenal of sophisticated cyber weapons.

"We've never seen what cyber-escalation looks like," he said.

Virginians have felt the effects of cyber crime, with ransomware attacks that forced the shutdown of a major gasoline supply pipeline on the East Coast almost a year ago and temporarily crippled the General Assembly's automated systems in December as the legislative session neared.

The ransomware attack on the assembly's information technology systems affected the ability of the Division of Legislative Services to draft bills and resolutions requested by legislators, blocked access to computer files for staff of the assembly money committees days before then-Gov. Ralph Northam proposed a new, two-year state budget, and shut down the assembly voicemail system, among its effects.

Ultimately, the Division of Legislative Automated Systems was able to move to a backup system designed to maintain "continuity of government" in case of a disaster. The attacker left a ransom note, but without a set financial demand, and the state did not pursue the option of paying.

David Burhop, director of the legislative IT agency, said Wednesday that he still can't talk about how the attackers penetrated the system.

"We definitely don't want to provide any technical information that could be used to bring further disruption to the Commonwealth," Burhop said in an email. "My agency has taken the steps necessary in mitigating the vulnerabilities associated with the breach and will continue to strengthen our defenses every day. "

Asked about the potential for cyber-attacks by Russia, he said, "We are on high alert all of the time given our recent experience and the events overseas."

The Virginia State Police are leading the criminal investigation of the attack. The malware that infected the legislative systems did not affect the computer systems of the executive branch of government, which also faces incessant attempts to breach its IT networks.

The Virginia Information Technologies Agency estimates that the state experienced more than 66 million attempted cyber-attacks last year and its security teams blocked more than 50,000 pieces of malware. VITA, as it is known, provides IT services to 65 executive branch agencies and some 55,000 state employees.

Many attacks in Virginia are not reported. The House and Senate have passed legislation to require all public bodies to report cyber-attacks to the Virginia Fusion Center for intelligence gathering within 24 hours. The U.S. Senate recently adopted legislation to require private companies responsible for critical infrastructure to report all cyber-attacks to the federal government.

"This is so important," said Warner, who sponsored the legislation to ensure the federal government can document attacks and share information confidentially with private companies to protect their systems.

Gov. Glenn Youngkin's administration has made cybersecurity a top priority, especially in consultation with private companies that control much of the "critical infrastructure" that makes modern society work.

Secretary of Administration Lyn McDermid convened a call with business leaders last week to update them about potential cyber-attacks that could affect their industries. More than 300 people participated, representing critical businesses and government agencies at every level.

"I'm pretty happy with the amount of communication, coordination and information sharing," said McDermid, a former chief information officer for the Federal Reserve Bank of Richmond and Dominion Energy, owner of Virginia's largest electric utility.

One of the issues that the General Assembly must resolve when it convenes in special session on April 4 is how much money to provide McDermid's office for a comprehensive analysis of Virginia's cybersecurity programs. Youngkin had asked for $40 million over two years, but the competing budget proposals range from $10 million to $20 million.

The administration also is looking for a new chief information officer at VITA to replace Phil Wittmer, a former Kansas CIO who left after less than a month in the job, and a new chief operating officer after the subsequent departure of Jon Ozovek.

Michael Watson, the agency’s chief information security officer, is serving as acting CIO. "He's been in cyber forever and really knows his stuff," McDermid said.

Warner wants Congress to take further action to require minimum cybersecurity standards in critical sectors of the U.S. economy, such as energy, finance, telecommunications and health care.

"The challenge is if the bad guy can penetrate a company in any of those domains, you're only as strong as your weakest link," he said.

Warner cited the 2020 cyber-attack on the SolarWinds Corp., attributed to groups aligned with the Russian government. The attack ultimately infected the IT systems of 18,000 companies, as well as dozens of federal and state agencies, including the Virginia State Corporation Commission.

His biggest fear is the possibility that a Russian cyber-attack on Ukraine could affect neighboring countries, such as Poland, that are part of NATO. If such an attack caused a loss of life in a NATO country, he said that could trigger guarantees of mutual defense by the U.S. and other members.

"Could cyber escalation literally lead to military conflict?" Warner asked. "That is an open question."