President Joe Biden issued a dire warning on Monday that Russia is considering cyberattacks against the United States. The war in Ukraine is going rather poorly for Russia, with Western-supplied weapons wreaking havoc on Russia’s military while sanctions pummel Russia’s economy. Therefore, it’s possible that Putin will try to use cyberattacks to hit back at the United States and if he does Texas could be the target.
Texas is no stranger to Russian mischief in cyberspace. In 2020, the Austin-based company SolarWinds was at the center of one of the worst hacks in American history. SolarWinds makes software that organizations use to manage and monitor their IT systems, so after intruders got into SolarWinds they managed to penetrate the networks of hundreds of businesses and government agencies. The perpetrators were believed to be from the SVR, Russia’s foreign intelligence agency.
Texas’ status as an energy powerhouse makes it a potential target for cyberattacks. If Russia hacked the oil and gas infrastructure, which experts warn is vulnerable to such attacks, it would have major repercussions for the rest of the country. There would also be consequences for the U.S. allies in Europe, who are looking to American energy to reduce their dependence on Russian oil and gas.
To get an idea of what such an attack could look like, one only needs to look at the Colonial Pipeline hack last year. As the result of a ransomware attack, a pipeline that carries fuel from Texas to the northeast went offline for five days, causing gasoline shortages across the East Coast. While the hackers were likely Russian, they are not believed to be affiliated with the Russian government and were motivated by money rather than politics (the perpetrators even issued a statement after the attack that they would be more careful about picking targets in the future). However, if criminals can pull it off it’s not hard to imagine a nation-state doing something similar.
Indeed, the FBI sent out a warning last week that Russian hackers had begun scanning the networks of five U.S. energy firms. Officials say this “preparatory activity” is likely about disruptive or destructive acts rather than espionage. Hackers will scout out the networks they wish to penetrate beforehand, akin to armies conducting reconnaissance before an offensive
There’s other critical infrastructure in Texas to worry about besides oil and gas. Cyberattacks on hospitals are a serious danger since they can directly lead to lives lost. Texas has the largest medical center in the world and ranks second in the nation for ransomware attacks on healthcare organizations. ERCOT could be a target given its high-profile failure during Winter Storm Uri and the lack of connection with the national grid would make it harder for the state to get outside help (on the other hand, the Texas grid might not be a prime target since the effect would be largely localized to the state).
If Russia were to conduct a cyberattack against critical infrastructure in Texas or anywhere else in the country, the United States could respond in kind. The United States possesses significant offensive cyber capabilities of its own and has managed to penetrate Russian critical infrastructure in the past. However, that would come with serious escalation risks.