WASHINGTON – The United States is stepping up digital incursions into Russia's electric power grid in a warning to President Vladimir Putin and a demonstration of how the Trump administration is using new authorities to deploy cybertools more aggressively, current and former government officials said.
In interviews over the past three months, the officials described the previously unreported deployment of U.S. computer code inside Russia's grid and other targets as a classified companion to more publicly discussed action directed at Moscow's disinformation and hacking units around the 2018 midterm elections.
Advocates of the more aggressive strategy said it was long overdue, after years of public warnings from the Department of Homeland Security and the FBI that Russia has inserted malware that could sabotage U.S. power plants, oil and gas pipelines, or water supplies in any future conflict with the United States.
But it also carries significant risk of escalating the daily digital Cold War between Washington and Moscow.
The administration declined to describe specific actions it was taking under the new authorities, which were granted separately by the White House and Congress last year to U.S. Cyber Command, the arm of the Pentagon that runs the military's offensive and defensive operations in the online world.
But in a public appearance Tuesday, President Donald Trump's national security adviser, John Bolton, said the United States was now taking a broader view of potential digital targets as part of an effort "to say to Russia, or anybody else that's engaged in cyberoperations against us, 'You will pay a price.' "
Power grids have been a low-intensity battleground for years.
Since at least 2012, current and former officials say, the United States has put reconnaissance probes into the control systems of the Russian electric grid.
But now the U.S. strategy has shifted more toward offense, officials say, with the placement of potentially crippling malware inside the Russian system at a depth and with an aggressiveness that had never been tried before. It is intended partly as a warning and partly to be poised to conduct cyberstrikes if a major conflict broke out between Washington and Moscow.
The commander of U.S. Cyber Command, Gen. Paul Nakasone, has been outspoken about the need to "defend forward" deep in an adversary's networks to demonstrate that the United States will respond to the barrage of online attacks aimed at it.
"They don't fear us," he told the Senate a year ago during his confirmation hearings.
But finding ways to calibrate those responses so that they deter attacks without inciting a dangerous escalation has been the source of constant debate.
Trump issued new authorities to Cyber Command last summer in a still-classified document known as National Security Presidential Memoranda 13, giving Nakasone far more leeway to conduct offensive online operations without receiving presidential approval.
But the action inside the Russian electric grid appears to have been conducted under little-noticed new legal authorities, slipped into the military authorization bill passed by Congress last summer. The measure approved the routine conduct of "clandestine military activity" in cyberspace, to "deter, safeguard or defend against attacks or malicious cyberactivities against the United States."
Under the law, those actions can now be authorized by the defense secretary without special presidential approval.
"It has gotten far, far more aggressive over the past year," one senior intelligence official said, speaking on the condition of anonymity but declining to discuss any specific classified programs. "We are doing things at a scale that we never contemplated a few years ago."
The critical question — impossible to know without access to the classified details of the operation — is how deep into the Russian grid the United States has bored. Only then will it be clear whether it would be possible to plunge Russia into darkness or cripple its military — a question that may not be answerable until the code is activated.
Both Nakasone and Bolton, through spokesmen, declined to answer questions about the incursions into Russia's grid. Officials at the National Security Council also declined to comment but said they had no national security concerns about the details of the New York Times' reporting about the targeting of the Russian grid, perhaps an indication that some of the intrusions were intended to be noticed by the Russians.
Trump not briefed
Speaking Tuesday at a conference sponsored by the Wall Street Journal, Bolton said: "We thought the response in cyberspace against electoral meddling was the highest priority last year, and so that's what we focused on. But we're now opening the aperture, broadening the areas we're prepared to act in."
He added, referring to nations targeted by U.S. digital operations, "We will impose costs on you until you get the point."
Two administration officials said they believed Trump had not been briefed in any detail about the steps to place "implants" — software code that can be used for surveillance or attack — inside the Russian grid.
Pentagon and intelligence officials described broad hesitation to go into detail with Trump about operations against Russia for concern over his reaction — and the possibility that he might countermand it or discuss it with foreign officials, as he did in 2017 when he mentioned a sensitive operation in Syria to the Russian foreign minister.
Because the new law defines the actions in cyberspace as akin to traditional military activity on the ground, in the air or at sea, no such briefing would be necessary, they added.