U.S. officials wonder: Where are Russia's much-feared cyberattacks?

There's a particularly unnerving scenario for a Russian cyberattack casting its shadow in the head of an American politician who oversees intelligence issues.

Mark Warner leads the Senate intelligence committee, which gets him regular intelligence briefings and better-than-average access to U.S. state secrets.

The Virginia Democrat has been voicing his concern at recent public events about the risk of a cyberattack strikinga NATO country, potentially broadening the Ukraine war.

He's also a former tech executive and the scenarios he's raised go something like this: A computer virus hits a Polish hospital and Polish patients die.Speaking at a think-tank event Monday, he wondered aloud whether that would trigger NATO's mutual-defence agreement under Article 5.

Another possible scenario he raised is a hack that could shutdown traffic lights, resulting inAmerican soldiers gettinginto a vehicle accident.

In the meantime he's been watchingand waiting,and now he's wondering: Where are the Russian hackers?

That question of why Russia hasn't unleashed its notorious digital warriors in the current conflict over Ukraine was a prevailing theme Monday at a panel Warner participated induring an event at the Center for Strategic and International Studies.

"I have questioned our leaders: 'Why haven't we seen the real [Russian hacking] A Team?' " Warner said,echoing comments he made last week at a Senate hearing.

"I'm still relatively amazed they have not matched the level of maliciousness that their cyber-arsenal includes. Will we see that in the coming days? I think that remains a possibility."

He noted that before the invasion, hackersbrought down the websites of Ukraine banks and government offices, but they used relatively simple data-wiping malware.

He said we still haven't seen so-called worms like those in the devastating WannaCry and NotPetyacyberattacks a few years back, which burrowed through computer systems around the world and even struck hospitals.

'Not out of the woods yet'

Warner's not alone in wondering why Russia'scyber realm has been so quiet. After all, Russian President Vladimir Putin once compared his country's hackers to artists,likening them to painters who wake upinspired to defend their motherland.

So far those artisans of digital mayhem haven't caused any obvious disruption to Western computer systems, whether theybe non-state actors like those Putin alluded to, or from his state security agencies.

A former top U.S. cybersecurity official said there's been widespread astonishment that a country renowned for hacking hasn't deployed thatweapon.At least not yet.

"I think everyone's been somewhat surprised," said Chris Painter, head of the Global Forum on Cyber Expertise Foundation and aformer official in the U.S. State Department and White House.

"But I don't think we're anywhere near out of the woods yet."

Greg Rattray, the head of cyber-defence company Next Peak LLC, also wondered why we haven't seen non-state-led ransomware attacks against Western organizations.

These attacks, Rattray said, are still occurring at normal volumes."Maybe even less than normal [volumes]," hesaid during Monday'sCenter for Strategic and International Studiesevent.

Gen. Paul Nakasone, who leads the U.S. Defence Department'sCyber Command, told a Senate intelligence hearing last week that there are four categories of attack he's worried about.

One is a spreading-malware attack like the one Warner referenced. Another is ransomware, like the blackmail attack on a pipeline last year that caused havoc at U.S. gas stations. A third involves proxies, where non-state hackers get a green-light from the Russian government to conduct an attack. And, finally, he worries about attacks on an Eastern European ally.

A specific target not mentioned at that Senate hearing was banks; the New York Post, however, has reported thatfinancial companies are seeing more attackslately, buthave repelled them so far.

Nakasone said he's still concerned.

"We're 15 days into this conflict," he said. "By no means are we sitting back and taking this casually."

So why haven't we seen them yet?

Nakasone offered two explanations for why we haven't yet seen widespread technological disruptions as part of the Russian response: It's possible Russia made a strategic choice not to launch cyberattacks yet, but he also credited work the U.S. did with Ukraine before the invasion to patch up digital vulnerabilities.

Painter said it could be a multitude of factors Russia could be waiting for a specific moment, or it could be reluctant to damage Ukrainian equipment it hopes to inherit if it successfully replaces the government. Also, he said, Russian cyber-operators could easily be swamped right now, tied up with spying on Ukrainian allies.

Ukrainian defences also deserve respect, Painter said, notingthecountry has much better protection than it did in 2015 when its power grid was hacked and shut down.

At the end of the day, hewarned, it's impossible to stop every attack from a dedicated adversary like Russia: "You could be very good at defence they're still going to get in," he said.

"That's what we haven't seen. And I do think we will see that. That it's being held in reserve [by Russia to be used later]."

Rattray raised an entirely different possibility: that, as capable as Russia's hackers are, they might not be quite as masterful as their reputation.

U.S. capabilities a possible deterrent

What's also true is that hacking carries risks for Russia, too.

U.S. President Joe Biden has been warning Putin, including in a face-to-face meeting, that the U.S. would respond to hacks on vital infrastructure.

The U.S. has spent months conducting drills for hacking scenarios, with the president briefed on a range of potential American counter-responses.

Some of the options presented to Biden, according to NBC News,are unprecedented and devastating: disrupting internet connectivity in Russia, shutting off electrical power, and tampering with railroad switches to make it harder to resupply Russian troops in Ukraine.

Painter seriously doubts the U.S. would go that far.

"We're not going to do things like turn off the lights in Moscow," he said Monday. "We're not gonna have this disproportionate thing where we go after civilian targets in Russia. We're just not going to do that. Nor should we."

He also poured cold water on Ukraine'sideatokickRussia off the internet and its .ru domains.He said the U.S. doesn't want to see rival nations start a competing internet any more than it wants a competing international financial system.

Rattray agreed that U.S. cyberattacks against Russia could be seen as escalatory and smash norms in a way that could makeconflicts more dangerous.

U.S. releasing secret intelligence

The U.S. has already developed a non-lethal online tactic in this war: It hasrepeatedly released secret intelligence, spreading word of Russian invasion plans.

Warner said it's no accident so many countries sided with the U.S. and Ukraine including in a lopsided vote at the United Nations.

For years Russia outwitted its rivals in online information campaigns, but he said that releasing intel in real time has helped the U.S. pre-emptively thwart Russian disinformationand primed democracies to respond.

"It really has left Putin exposed as being the absolute culprit in starting this war," Warnersaid Monday.

He also applaudedCongress for passing cybersecurity legislation he sponsored, which requires companies operating key U.S. infrastructure to quickly report any cyber-hacks.