Mason Professors Explain What a Russian Cyber Attack Might Look Like and How to Mitigate It

A new alert from the Department of Homeland Security details actions by the Russian government targeting government installations inside the United States. “[E]ntities as well as organizations in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors” are among those the Homeland Security and the FBI say have been victimized by “Russian government cyber actors.”

George Mason University adjunct public policy professor Richard Kauzlarich and Jim Jones, an associate professor of digital forensics and cyber analysis, are not surprised.

Kauzlarich was deputy assistant secretary of state in the Bureau of European Affairs in 1991 to 1993 and was responsible for relations with the former Soviet Union. He is now director of Mason’s Center for Energy Science and Policy and an expert on the geopolitics of energy security.

“Already we were aware of the threat, from Russian hacking of the Ukranian power grid to allegations that Russia hacked the Baku-Tbilisi-Ceyhan pipeline,” said Kauzlarich, whose center organized a symposium on grid security in October 2017. “Russia has the capability and intent—and will take the opportunity—to strike the U.S.”

Success for attackers might come piecemeal, Jones said. Instead of disrupting an entire infrastructure sector or even multiple sectors simultaneously, attackers are likely to cause a disruption on parts of the critical infrastructure, such as part of an electrical grid or water treatment systems.

“The critical infrastructure is not one thing,” Jones said. “This is good news as it’s harder to compromise big portions of the critical infrastructure. But it’s bad news because it’s harder to secure since all the pieces are different.”

The threat, Kauzlarich said, will not be repelled by force but by “smart cyber engineers and policymakers understanding the danger to the electrical grid, including nuclear power facilities.”

Creating those responders to a Russian cyber attack “will require a public-private partnership involving the private sector, government and academic centers like those at George Mason University,” Kauzlarich said.

“Good cyber practices will make attacks harder,” Jones said. “Patching systems, blocking what you don’t need and segmenting and monitoring your networks. The key point is that cyber attackers will get in, but when they do, we want to make sure we see them as soon as possible. This is known as reducing the attacker's ‘dwell time’—how long they are on our network before we know it, and it limits the damage they can do.”

Richard Kauzlarich can be reached at rkauzlar@gmu.edu.

Jim Jones can be reached at 703-993-5599 or jjonesu@gmu.edu.

For more information, contact Buzz McClain at 703-727-0230 or bmcclai2@gmu.edu.