The Brookings Institute discusses how the US has not yet seen the worst of Russian cyber attacks, thus far only having dealt with bots, trolls, and propaganda rather than crippling critical infrastructure:
In the West, Russia’s cyberattacks so far have been at the service of its disinformation operations: stolen data used to embarrass individuals, spin a narrative, discredit democratic institutions and values, and sow social discord. This was the pattern Russian operators followed in the United States, France, and Germany during the countries’ 2016–17 elections. Hacking email accounts of individuals or campaigns, leaking that stolen information using a proxy (primarily WikiLeaks), and then deploying an army of disinformation agents (bots, trolls, state controlled media) to disseminate and amplify a politically damaging narrative. Such cyber-enabled interference falls below the threshold of critical infrastructure attacks of significant consequence that could result in “loss of life, significant destruction of property, or significant impact on [national security interests].”
The nightmare of cyberattacks crippling critical infrastructure systems still has the sound of science fiction to most Americans. But in Ukraine, this nightmare is real. As the laboratory for Russian activities, Ukraine has seen a significant uptick in attacks on its critical infrastructure systems since the 2013–14 Maidan revolution. A barrage of malware, denial of service attacks, and phishing campaigns bombard Ukraine’s critical infrastructure environments on a daily basis. In December 2015, a well-planned and sophisticated attack on Ukraine’s electrical grid targeted power distribution centers and left 230,000 residents without power the day before Christmas. The attackers were able to override operators’ password access to the system and also disable backup generators.
Ukraine is all too familiar with Russian attacks against critical infrastructure. For a while it almost appeared as if Ukraine was some kind of testbed or cyber range of sorts for Russia to try and perfect its attack capabilities against electric power plants and substations.
Imagine the chaos a debilitating critical infrastructure attack would have on the US population. There has been a lot of news lately about Russia being embedded in the US power networks. This is no longer an “if it is possible” scenario, but rather “when will it occur”.