That's according to Snehal Antani, the founder of cybersecurity company Horizon3 who recently retired as the first chief technical officer for the Army's Joint Special Operations Command (JSOC).
"Cyber becomes a reaction that is below the threshold of war that becomes an attractive option," Antani explained. "Now, when you think about how the Russians operate, sure, they could directly attack and let everyone know it was them. But they also have built a very robust proxy network of criminal organizations and others that are effectively cutouts, so they can direct and guide proxies, cutouts, criminal organizations to operate on their behalf and ensure that they are below the threshold of war."
It is "very difficult" to attribute blame for cyberattacks to specific countries and "very easy" for countries to "allay suspicion toward someone else," according to Antani.
"Cyberattacks are an ecosystem of state and non-state actors that have financial and/or political alignment to work together" to coordinate attacks against their adversaries, he said.
Driving forces behind Russian cyberattacks during Putin's Ukraine invasion include heavy Western sanctions against Russia and the impacts of corporate giants pulling services out of the country in protest of the war in Ukraine.
"Citizens are going to notice that McDonald's is closed, and that starts to drive holes into the narrative that the Russian government provides on success and global acceptance of what they're doing," Antani said. "We have not seen that before, especially in a digitally integrated economy. If you think about World War II, at no point was the GM factory in Michigan really under direct threat by the people we were at war with."
The FBI earlier this week announced it would be partnering with the private sector to combat foreign cyberattacks against U.S. entities.
"Today, with the ongoing conflict raging in Ukraine, we’re particularly focused on the destructive cyber threat posed by the Russian intel services, and cybercriminal groups they protect and support," FBI Director Christoper Wray said in remarks Tuesday before the Detroit Economic Club.
"We have cyber personnel working closely with the Ukrainians and our other allies abroad and with the private sector and our partners here."
Wray cited Russia's 2017 NotPetya ransomware attack that destroyed systems in the U.S., Europe and elsewhere, creating nearly $10 million in damage in "one of the most damaging cyberattacks in the history of cyberattacks."
In 2021, cyber experts linked several threat groups that conducted attacks on the Colonial Pipeline, meat producer JBS, Microsoft and other U.S. organizations and agencies to Russian hackers, though exact identities and origins remain unclear. Putin denied speculation that Russia was behind the pipeline attack that caused gas shortages up and down the East Coast for several days until the energy company paid a ransom of some $4 million.
Antani added that there are certain activities that would cross the threshold of war, such as a cyberattack against a health care or transportation system that would result in loss of life.
Those activities, therefore, are likely "not at the top of the list" for nation-states like Russia to execute. Antani anticipates that Russian cyberattacks will likely cause "inconvenience, internal strife and anger" rather than loss of life because Putin does not want to cross the threshold of war in attacks against NATO countries.
If Russia synchronizes already high gas prices with a cyberattack similar to the one against Colonial Pipeline, for example, Americans would be severely inconvenienced with record-high gas prices.
Such an attack would cause so much "internal strife and distraction" that it could deflect some attention off of Russia and toward U.S. internal conflict, Antani said.
U.S. entities should be actively boosting their cyber defenses and testing their systems so that they are prepared in the event of a cyberattack from a foreign adversary, similar to protecting the perimeter of a property under the threat of attack, according to Antani.
He also encourages partnerships between the public and private sector in "collaborating at an operational level, whether it's sharing threat intelligence, sharing fix actions or patch recommendations, or even sharing code and alerts and so on."