To many officials who have struggled for years to protect the United States’ critical infrastructure from cyberattacks, the only surprise about the events of the past few days is that they took so long to happen. When Leon E. Panetta was defense secretary under President Barack Obama, Mr. Panetta warned of a “cyber Pearl Harbor” that could shut off power and fuel, a phrase often used in an effort to get Congress or corporations to spend more on cyberdefense.
During the Trump administration, the Department of Homeland Security issued warnings about Russian malware in the American power grid, and the United States mounted a not-so-secret effort to put malware in the Russian grid as a warning.
But in the many simulations run by government agencies and electric utilities of what a strike against the American energy sector would look like, the effort was usually envisioned as some kind of terrorist strike — a mix of cyber and physical attacks — or a blitz by Iran, China or Russia in the opening moments of a larger military conflict.
But this case was different: a criminal actor who, in trying to extort money from a company, ended up bringing down the system. One senior Biden administration official called it “the ultimate blended threat” because it was a criminal act, the kind the United States would normally respond to with arrests or indictments, that resulted in a major threat to the nation’s energy supply chain.
By threatening to “disrupt” the ransomware group, Mr. Biden may have been signaling that the administration was moving to take action against these groups beyond merely indicting them. That is what United States Cyber Command did last year, ahead of the presidential election in November, when its military hackers broke into the systems of another ransomware group, called Trickbot, and manipulated their command-and-control computer servers so that they could not lock up new victims with ransomware. The fear at that time was that the ransomware group might sell its skills to governments, including Russia, that sought to freeze up election tabulations.
On Monday, DarkSide argued it was not operating on behalf of a nation state, perhaps in an effort to distance itself from Russia.
“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for our motives,” it said in a statement posted on its website. “Our goal is to make money and not creating problems for society.”