Play Live Radio
Next Up:
0:00 0:00
Available On Air Stations

Sounding The Alarm About A New Russian Cyber Threat

An ethernet cable connects a router device inside a communications room at an office in London on May 15, 2017.
Chris Ratcliffe
Bloomberg via Getty Images
An ethernet cable connects a router device inside a communications room at an office in London on May 15, 2017.

In a rare joint statement, the U.S and U.K. last week warned that Russia is actively preparing for a future cyberwar against the West.

Of particular concern, according to a joint technical alert issued by the U.S. Computer Emergency Response Team, is a Russian cyberattack on network infrastructure devices such as routers, switches and firewalls. Compromised routers, the alert says, help Russia "support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations."

So what should individuals or companies or government officials be looking for?

Jeanette Manfra, the Department of Homeland Security's cybersecurity chief, tells NPR that one technique to compromise security is called "spoofing."

"It allows an actor to pretend that they're the computer, or the device that you think you're talking to, so they get into the middle of a connection between two different devices, and they can spy on the traffic that is going back and forth, they can manipulate the traffic," she says.

Interview Highlights

On what action Americans should take

It's reasonably simple: The vendors [of network infrastructure devices, like routers and switches] are putting out guidance, or have been putting out guidance that are specific to the make and model of their network device. So organizations need to go check what the vendor is, the make and the model – you can get online, you can download the vendor guidance for how to address it.

On the government's responsibility in trying to prevent cyberattacks

We've been issuing guidance or alerts, whether it's vulnerabilities that we see. We've been issuing a series of alerts on North Korean activity. But of course we want to continue to ensure that there are consequences for malicious behavior. My department is focused on defense and ensuring that network defenders have what they need. But there are other tools that the government has to deter this activity, whether that's sanctions, criminal penalties, diplomatic engagement – there's a lot that the government is doing to try to impose consequences on this type of irresponsible behavior.

On whether a cyberattack should be considered an act of war

This has been a question our government has been thinking about for some time. I think of it in terms of actions against our critical infrastructure and our country that would have consequences about public health or safety or economic security – we would take that very, very seriously.

Steve Tripoli and Ana Lucia Murillo edited and produced this interview for broadcast. Heidi Glenn adapted it for the Web.

Copyright 2021 NPR. To see more, visit

Rachel Martin is a host of Morning Edition, as well as NPR's morning news podcast Up First.