U.S. President Biden has signed a new executive order imposing new sanctions on Russia for actions by "its government and intelligence services against the U.S. sovereignty and interests." The administration formally named Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures.
The SVR's compromise of the SolarWinds software supply chain gave it the ability to spy or potentially disrupt more than 16,000 computer systems worldwide, the administration claimed. The scope of this compromise is a national security and public safety concern and places an undue burden on the mostly private sector victims "who must bear the unusually high cost of mitigating this incident."
According to the executive order, the new sanctions send a signal that the U.S. will impose costs in a strategic and economically impactful manner on Russia if it continues or escalates its destabilizing international actions. This includes, in particular, efforts to undermine the conduct of free and fair democratic elections and democratic institutions in the U.S. and its allies and partners; engage in and facilitate malicious cyber activities against the U.S. foster and use transnational corruption to influence foreign governments; pursue extraterritorial activities targeting dissidents or journalists; undermine security in countries and regions important to United States national security; and violate well-established principles of international law, including respect for the territorial integrity of states.
In addition, the U.S. Department of Treasury designated six Russian technology companies that provide support to the Russian Intelligence Services' cyber program, ranging from providing expertise to developing tools and infrastructure to facilitate malicious cyber activities.
The Department of Treasury also sanctioned 32 entities and individuals carrying out Russian government-directed attempts to influence the 2020 U.S. president election, and other acts of disinformation and interference.
According to Tim Wade, Technical Director, CTO Team at Vectra, a San Jose, Calif.-based provider of technology which applies AI to detect and hunt for cyberattackers,“This action underscores the increasing degree to which nation states leverage non-government entities as a strategic extension of their state cyber capabilities, which include actors drawn from criminal organizations in addition to the private sector. In this specific case, the Treasury has drawn direct line of sight between these sanctions and the destabilizing role that the FSB, GRU, and SVR have played in the recent SolarWinds attacks. However, the degree to which this acts as an effective deterrence remains to be seen."
“The good news is that the U.S. government supports a Global Cybersecurity Approach, as no single country alone can win against global cybercrime and cyberattacks. A collaborative approach, where countries work together with transparency, is the only way to tackle cybercrime," says Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, a Washington D.C. based provider of cloud identity security solutions. "Holding accountable those countries whom provide safe havens for cyber terrorism with strong actions will be the best means of reducing future cyberattacks.”
“This Executive Order represents a solid diplomatic response to malicious activity conducted by the Russian Federation, and has already gained public support from the EU and NATO, among others. Despite the accusations being made by Washington, it is likely that Moscow will deny the alleged accusations and respond diplomatically as well, while avoiding any further escalation of malicious cyber activity," says Stefano De Blasi, Threat Researcher at Digital Shadows, a San Francisco-based provider of digital risk protection solutions. "Soft power measures, such as financial sanctions and condemnations from the international community, can be critical tools to respond to harmful activity. However, they are unlikely to cause significant disruptions in the short term.”