By Doug Kelly
America’s tech companies are our first line of defense against cyberattacks, safeguarding U.S. national security from techno-autocracies, such as Russia and China. But even as our adversaries grow bolder, some in Congress are pushing for legislation that would handicap the same U.S. tech companies that keep us safe. A new report reveals Russian cyber offensives against Ukraine are growing more frequent and more destructive – and underscores the need for Congress to strengthen, not weaken, our domestic tech industry.
Over the course of President Vladimir Putin’s brutal invasion of Ukraine, Russia-aligned actors have conducted a staggering 237 cyber operations against the country, including against the Ukrainian government and critical infrastructure sectors, such as financial services and communications. Of these attacks, 40 were destructive in nature, wiping data or destroying networks vital to civilian welfare. Several others were espionage-oriented operations, meant to lay the groundwork for longer-term surveillance.
Alarmingly, some of these cyberattacks were launched in tandem with missile and ground attacks, highlighting the destructive power of Russia’s hybrid warfare. For instance, Russian cyber actors deployed malware against a Ukrainian broadcasting company on March 1, the same day the Russian military launched a missile strike against a television tower in Kyiv. And on March 4, Russian malware compromised government servers in the city of Vinnytsia, whose airport was struck by eight Russian missiles just two days later.
Through its cyber operations, Russia is attempting to curb the Ukrainian public’s access to information, erode trust in institutions, disrupt access to basic services, and act as a force multiplier for Russia’s on the ground forces.
But make no mistake: the Kremlin will not stop at Ukraine. The report reveals that Moscow has already conducted cyber espionage against North Atlantic Treaty Organization (NATO) members. In addition, Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have repeatedly warned of Russian cyberattacks against U.S. critical infrastructure. While Moscow has so far concentrated its cyber resources on attacking and defending itself from Ukrainian groups, it’s only a matter of time before additional U.S. targets come under the gun.
The U.S. tech industry is our best defense against Russian cyber threats. Already, American companies have played a vital role in the conflict, working with Ukrainian organizations to share real-time threat assessments and protect critical infrastructure. Many maintain open channels with U.S., European Union (EU), and NATO officials, sharing intelligence for assessing cyber threats and vulnerabilities. Meanwhile, America’s domestic technology firms are investing billions in bolstering cybersecurity, while domestic social media platforms are countering dangerous disinformation sewn by the Kremlin.
Congress’ anti-innovation bills would limit the ability of U.S. tech companies to protect the nation from cyber threats and maintain an open and free internet. By breaking up large firms, depleting corporate resources, restricting companies’ business lines, and prohibiting mergers, the bills would have a chilling effect on private sector investment in those technologies and stifle innovation. One study found that the bills could cost $300 billion, inflicting real pain on both U.S. suppliers and consumers.
To undercut the U.S. tech industry is to undercut U.S. national security. Congress must take steps to foster more domestic innovation, or risk making the United States vulnerable to Russian and Chinese cyber actors.