“There’s gradations before you get to disrupting critical infrastructure,” said Michael Daniel, who was the National Security Council’s cybersecurity coordinator during the Obama administration.
The U.S. also would most likely avoid going after civilian targets such as Russian citizens’ electricity, even in response to Russian cyberattacks on the United States or NATO. Instead, any U.S. action would be gradual, proportional and aimed at warning Russia to stop, said Robert M. Lee, who worked in cyber warfare operations with the National Security Agency until 2015.
“Are they going to take down the power grid [in Moscow]? No,” said Lee, who is now CEO of the cybersecurity firm Dragos. He added: “You’re [just] trying to shape behavior and signal, ‘Hey we see you, and we’re willing to escalate this. Please don’t punch back or we’ll go to the next phase.”
At the moment, U.S. government hackers are probably avoiding taking any actions that Putin’s government could interpret as an escalation that would trigger a reprisal, Lee and two other former hackers said in interviews. Espionage will continue as usual, but burrowing deeper into critical infrastructure or going after new systems not already compromised would be discouraged.
For the same reason, they said, the U.S. would probably not assist Ukraine’s defense by launching offensive cyberattacks against Russia’s military or government to avoid being pulled into the conflict.
In interviews with POLITICO, Lee, two other former U.S. government hackers involved in cyber operations against foreign networks, and a former intelligence official who was involved in discussions about such operations, described the complications of wielding Washington’s formidable hacking arsenal. These include tools that intelligence agencies have implanted in foreign networks for espionage purposes, but which also could be repurposed to cripple a power plant serving a military…