In the Cold War-era movie classic, Dr. Strangelove, B-52 pilot Major Kong briefs his crew: \u201cWell, boys, I reckon this is it \u2013 nuclear combat,\u00a0toe-to-toe\u00a0with the Roosskies.\u201d\u00a0 We\u2019re not quite there yet, but it\u2019s getting interesting.\u00a0 In 2018 we\u2019ve apparently reached another red line, this time, cyber.On 15 March, 2018, the US Government imposed sanctions against 5 entities and 19 individuals named as violators of the Countering America\u2019s Adversaries Through Sanctions Act (CAATSA) as well as Executive Order (E.O.) 13694, \u201cBlocking the Property of Certain Persons Engaging in Significant Malicious Cyber-Enabled Activities.\u201d\u00a0 Russia was identified as the bad actor responsible for cyber intrusions in our US election process and our energy grid, both components of our National Critical Infrastructure.Once famous for its collective farms, the former USSR now has farms of another type, troll farms.\u00a0 Among the organizations and individuals sanctioned is the Internet Research Agency, the propaganda shop that flooded American social media with divisive and hate-mongering posts during, and after, the 2016 presidential election.The dezinformatsiya, or disinformation, campaign is alive and well in modern Mother Russia.\u00a0 Thanks to loosened, if any, US media standards, we now get our news from the same sources that once created stories such as the AIDS virus being created at Ft. Detrick by the U.S. military. No \u2013 just to clear up any potential confusion \u2013 it wasn\u2019t.So today I come here not to pontificate, but to educate.\u00a0 There\u2019s a whole generation that has grown up thinking Russia is just another country and we should all throw a pinecone into the fire and sing Kumbaya. Likewise, the new crop of cyberdefenders understand the threat comes from Russia, but still wonder why.\u00a0 For what reason would a country not at war with us wish to attack our national critical infrastructure?\u00a0 For Russia it\u2019s not just a job, it\u2019s a belief system.So, Russia got sanctioned \u2013 what does that mean to me?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Well, if you\u2019re the U.S. government, it means a lot of work. Treasury, State, Justice and most everybody else will be involved in freezing accounts, throwing out the requisite number of hapless diplomats, and whatever else is called for.\u00a0 On the Russian side, those U.S. diplomats have got to go as well.\u00a0 Why care?\u00a0 Well, even in the age of cyber, a lot gets done face-to-face.\u00a0 Remove the faces and you hobble the communication process, a process already complicated by bad feelings.If you\u2019re in the private sector, particularly Energy, sanctions affect probably not so much.\u00a0 Although attribution followed by indictments and sanctions are a fairly aggressive responses as far as cyber is concerned, the only actionable private sector intelligence pertains to IOC and associated files that may be used to bolster organizational cybersecurity. If you\u2019ve been following the alerts from US-CERT and your ISACs, you already know this.Any specific action to be taken or benefit to be derived is largely outside of the control of the private sector.\u00a0 For example, Russia\u2019s Main Intelligence Directorate (GRU) is a named bad actor.\u00a0 This not a surprise to any competent cyber defender.\u00a0 Though unquestionably bad actors, putting pressure upon Russia\u2019s military intelligence organization is simply not within private industry\u2019s cyber-sphere of influence.\u00a0So the private sector should just accept the fact that Russia is in our networks and reaching for our control systems and operational technology?\u00a0 Pretty much the answer is yes. Even with the backing of attribution by none other than the United Stated Government, there is no legal (or questionably legal but desired) recourse for direct action by the private sector. This is a Government v. Government game.\u00a0 Indeed, private retaliation of any type (hack-back), though satisfying and thought to be a good idea by some members of Congress, would simply incite the ire of well-funded, largely unconstrained, Russian government supported cyber forces.\u00a0A good example of the current Russian mindset is its repeated disregard for international norms, laws, and international treaties (for one, the Chemical Weapons Convention, ratified by Russia and entered into force in 1997). Russia\u2019s blatant dismissal of UK Prime Minister May\u2019s threats of sanctions over a March 2018 attempted nerve-gas murder in England were not only a diplomatic faux pas, but Cold War-style jackassery of the worst kind.On the information sharing front, this crisis may have had a positive effect.\u00a0 The sudden, collated flood of U.S. government information being released because of the TA publication is helpful.\u00a0 It also shows how much information has been tied up in analytical processing or considered too sensitive for immediate release when it was fresh and perhaps most useful to private industry.\u00a0 Certainly there\u2019s more to come on that subject in the near future.ConclusionsWhat do I do?\u00a0 Pretty much nothing.\u00a0 Active measures sound great but set you up for a tidal wave of retaliation and liability for collateral damage. The private sector should sit this one out and let the respective governments play the \u201cMy button is bigger and more powerful\u201d game.Russia\u2019s military and civilian intelligence services directly target the US private sector and its national critical infrastructure \u2013 that\u2019s buzz speak for they\u2019re after our energy grid; gas, oil, and electric.\u00a0 Don\u2019t be misled by Sputnik news, the beauty of the Bolshoi Ballet, or the childlike denial of the Russian government. On the good\/bad cyberthreat binary scale \u2013 Russia is bad.Russia is hardly, if at all, deterred by sanctions.\u00a0 They seem to have learned from the playbook of North Korea and tend to follow punishment with a sudden flurry of more bad behavior.\u00a0 Until Uncle Sam puts his kinetic foot down, Russian Intrusions and campaigns will continue and most likely increase.\u00a0 Energy needs to up its game by patching, ISAC participation, and pressure on our elected officials to take care of the macro-problems while we focus on our sector.\u00a0 Your tax dollars have already paid for DHS and TSA assistance, so consider using them as appropriate.