On the heels of US President Joe Biden’s warning of a Russian cyberattack on America’s critical infrastructure, the assistant director of the FBI’s Cyber Division testifies “there are compromises against some” of the 16 critical infrastructure sectors considered to be “off-limits.”
In June, 2021, President Biden told reporters he gave Russian President Vladimir Putin a list of 16 critical infrastructure sectors that were “off-limits” to cyberattacks.
Today, Bryan Vorndran, Assistant Director at the FBI’s Cyber Division, testified before the House Judiciary Committee that there were compromises against some of those 16 critical infrastructure sectors.
However, the FBI official wouldn’t identify which sectors had compromises, nor could he answer whether the compromises came from Russia or some other entity, nor could he speak to the extent of the compromises.
Also in today’s “Oversight of the Federal Bureau of Investigation, Cyber Division” hearing:
- Rep Matt Gaetz entered content from Hunter Biden’s laptop into the official record
- Chairman Jerry Nadler initially objected to Gaetz’s request “pending further investigation,” but later allowed it
- Witness from the FBI testified there were no “swaps or concessions” made for convicted Russian hacker Aleksei Burkov’s deportation to Moscow in 2021
“There are compromises against some of those 16 critical infrastructure sectors that you mentioned — I can’t speak specifically to which ones” — Bryan Vorndran, FBI
When asked by Representative Andy Biggs if there had been “any cybersecurity attacks or breaches” on the list of 16 critical infrastructure sectors given to Putin, Vorndran at first testified that he didn’t know the answer.
However, he backtracked moments later, recalling, “There are compromises against some of those 16 critical infrastructure sectors that you mentioned — I can’t speak specifically to which ones.”
The confusion may have had to do with the line of questioning, in that Biggs didn’t ask if Russia specifically had conducted the attacks, so the “compromises” mentioned by Vorndran may or may not have been attributed to Russia.
When later asked by Representative Darrell Issa if a Russia-based organization had recently tried to hack US assets, the FBI official said he wanted to consult with someone about what was and wasn’t classified before answering.
“The threat from Russia in the criminal sense and the nation state sense is very, very real” — Bryan Vorndran, FBI
The 16 critical infrastructure sectors that Biden told Putin were “off-limits” are listed on the US Cybersecurity & Infrastructure Security Agency’s (CISA) website, and they include:
- Commercial Facilities
- Critical Manufacturing
- Defense Industrial Base
- Emergency Services
- Financial Services
- Food and Agriculture
- Government Facilities
- Healthcare and Public Health
- Information Technology
- Nuclear Reactors, Materials, and Waste
- Transportation Systems
- Water and Wastewater Systems
Last week, Politico reported that Russian hackers had recently scanned the networks of at least five US energy companies, along with 18 other US defense, financial services, and IT firms.
“The scanning […] really is a reconnaissance phase to understand what the net defense side of that company would look like and whether there are vulnerabilities that can or cannot be exploited” — Bryan Vorndran, FBI
When asked by House Committee on The Judiciary Chairman Jerry Nadler about possible motivations for scanning American energy companies, Vorndran likened it to a bank robber scoping-out their next big heist.
“In order for a criminal to conduct a bank robbery, it’s undoubtedly true that that criminal is going to likely to conduct reconnaissance surveillance to understand when the bank may be open, when the bank may be closed, what the security posture looks like,” said Vorndran.
“And the scanning […] really is a reconnaissance phase to understand what the net defense side of that company would look like and whether there are vulnerabilities that can or cannot be exploited.
“It’s an extremely important part of the overall attack cycle,” he added.
“Russia is one of the two most capable cyber adversaries we face globally […] They are a formidable foe” — Bryan Vorndran, FBI
When asked by Representative Sheila Jackson Lee if Russia could win a war with cyberattacks, Vorndran responded:
“Russia is one of the two most capable cyber adversaries we face globally. Whether they have the ability to completely destabilize our country and win a war is a whole different conversation, but they are a formidable foe.”
“There was no swap or concession [for Russian hacker Burkov’s release]” — Bryan Vorndran, FBI
With the notion of Russia being a “formidable foe” in the cyber arena, Representative Jim Jordan asked why Aleksei Burkov, a Russian hacker, who in 2020, pleaded guilty and was sentenced to nine years in a US prison for running a website that “sold more than 150,000 stolen credit card accounts” resulting in “more than $20 million in fraudulent purchases on US cards” was suddenly deported from the US to Russia in September, 2021.
The FBI’s assistant director for cyber said he didn’t know why Burkov, whom CNN reported was seen as “a key player in Russia’s cybercriminal underworld” by US officials, was allowed to board a commercial flight back to Moscow.
Jordan: “Mr. Vorndran, why did the Biden administration release Burkov?”
Vorndran: “Sir, Mr. Burkov was investigated by the US Secret Service, not by the FBI.
“I don’t know specifics; what I do know is that there was no swap or concession, and it’s my understanding that his release –“
Jordan: “We didn’t get anything for him?”
Vorndran: “Sir, to the best of my knowledge, there were no swaps or concessions.”
In October, 2021, The Daily Beast tried to find out who was ultimately responsible for letting Burkov go but was given the runaround, being told by the White House and Departments of Justice and State to talk to ICE, while the FBI said to talk to the Secret Service, and the Secret Service referred the publication back to ICE.
“I’m not here to talk about the [Hunter Biden] laptop; I’m here to talk about the FBI’s cyber program” — Bryan Vorndran, FBI
Representative Matt Gaetz used his time to ask Vorndran about Hunter Biden’s laptop — where it was and if he had investigated whether the First Family may be compromised “as a result of the Hunter Biden laptop.”
Vorndran testified he didn’t know the location of the president’s son’s laptop, and it was not in his “purview of investigative responsibilities” to answer such questions.
Gaetz tried to enter an external drive containing the contents of Hunter Biden’s laptop into the official record under a unanimous consent request, but Chairman Nadler initially objected to his request “pending further investigation.”
“It’s a unanimous consent request, and I object pending further investigation,” said Nadler, adding, “It may very well be entered into the record after we look at it further.”
Update: Content from Hunter Biden’s laptop was later entered into the record.