The United States and Britain on Monday issued a first-of-its-kind joint warning about Russian cyberattacks against government and private organizations as well as individual homes and offices in both countries, a milestone in the escalating use of cyberweaponry between major powers. Although Washington and London have known for decades that the Kremlin was trying to penetrate their computer networks, the joint warning appeared to represent an effort to deter future attacks by calling attention to existing vulnerabilities, prodding individuals to mitigate them and threatening retaliation against Moscow if damage was done. “When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,” Rob Joyce, a special assistant to the president and the cybersecurity coordinator for the National Security Council, said in joint conference call with journalists by senior officials in Washington and London. That would include “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.”
Robert Hannigan, an executive with the cybersecurity company BlueVoyant and the former director of the British electronic spying agency GCHQ, said: “We have found the Russians in routers and deep inside networks for 20 years. But this is about saying to the Russians, ‘We know where you are pre-positioned and if something happens, we will know it is you.’”
The sweep and urgency of the statements from both sides of the Atlantic called to mind a computer-age version of a Cold War air raid drill, but asking citizens to upgrade their passwords rather than duck and cover.
Ciaran Martin, chief executive of Britain’s National Cyber Security Center, said Russia had targeted “millions” of devices in both countries, often seeking to hack into individual homes or small businesses or to control their routers. “Once you own the router, you own all the traffic, to include the chance to harvest credentials and passwords,” said Howard Marshall, deputy assistant director of the cyber division at the Federal Bureau of Investigation. “It is a tremendous weapon in the hands of an adversary.”