Dina Temple-Raston on Anticipating Russian Cyberattacks
By Natasha Wood, MALD 2024 Candidate, The Fletcher School
On December 11, 2023, the Hitachi Center for Technology and International Affairs at The Fletcher School hosted reporter Dina Temple-Raston for a talk titled “Cyber Conflict in Ukraine: On the frontlines of the world’s first real hybrid war.” Temple-Raston was a counterterrorism correspondent for NPR for more than 10 years and is currently the host of the cyber and intelligence podcast “Click Here” by Recorded Future News. The event was co-hosted by the Tufts Program in Cyber Security and Policy.
Temple-Raston shared intriguing insights from her recent journey to Ukraine, driven by a specific curiosity: unraveling why cyberattacks have not featured prominently in Russia’s war against Ukraine.
Temple-Raston described a sharp contrast between her first impression of Kyiv and the reality of living under the constant threat of a Russian attack. “I was expecting [Kyiv] to be slightly nicer than the Soviet Union, and I was totally wrong. It’s like Vienna,” she said, describing a bustling city with vibrant streets and open storefronts.
However, the danger of a Russian attack remains ever-present. “You end up just listening for any single sound that tells you when the bombs are coming,” Temple-Raston said, but she praised Ukraine’s sophisticated aid defenses, which shoot down the vast majority of Russian missiles and drones.
Like other cybersecurity experts, Temple-Raston expected that the kinetic escalation of the war in Ukraine would come with an onslaught of Russian cyber attacks in the first few months. One reason that did not happen, she explains, is because of a secret U.S. Cyber Command (USCYBERCOM) mission launched in December 2021 designed to target and dismantle potentially harmful networks. “What most people don’t know… is that on any week of the year, CYBERCOM has military operators deployed… all over the [world] trying to help people clean up their networks,” she said.
The December 2021 mission in Ukraine initially included twelve CYBERCOM forward operators and four targeted networks, including a power grid, and military communications channels. By the end of the mission, 40 operators were working side by side with Ukrainian counterparts, and found 90 pieces of malware.
“We don’t know that those 90 pieces of malware were 90 separate Russian events,” Temple-Raston clarified. “But we do know that when they went to push the button, they kept pushing it, and it wasn’t working, because [the operation] had secretly taken it out,” she said, referring to Russian efforts to launch cyberattacks in advance of the escalation on February 24, 2022.
Temple-Raston also suggested that while the Kremlin and its affiliated hackers are formidable, they probably struggled to figure out how to respond to CYBERCOM’s December 2021 operation.
“They build a plan and it’s a great plan,” she said, referring to Russian attempts at cyberattacks at the beginning of the escalation. “But if something goes wrong in that plan, they’re terrible at coming up with creative solutions to get around that problem. They have some people who are good at thinking out of the box, but most people don’t.”