The Justice Department just unsealed charges against three Russian nationals accused of mounting cyberattacks on U.S. critical infrastructure that cost Americans more than $62 million. It is good to see federal prosecutors doing their job on paper. But indictments are only the first step in a fight that is playing out in the digital shadows — and too often the public sees the paperwork while the hackers keep the keys.
What the DOJ announced
The Department of Justice and the FBI say a grand jury returned an indictment charging three Russians with cybercrimes that targeted essential U.S. systems. The alleged attacks hit hospitals, businesses, and other vital services and caused major financial harm. Federal officials described the scheme as part of a broader pattern of Russian-linked cyber operations. The indictment lays out criminal counts and seeks to hold the men accountable in U.S. courts.
Why this matters: critical infrastructure is not a game
We need to stop thinking of cyberattacks as annoyances or math problems for nerds to solve. When hackers go after power grids, hospitals, or water systems, real people suffer. Losing more than $62 million in a few incidents is not just a line on a balance sheet — it is delayed care, clogged supply chains, and higher costs for consumers. The indictment shows the scale of the threat and why we must treat cyber defense as national security, not just a tech support issue.
Don’t be fooled: indictments aren’t the same as deterrence
Filing charges is necessary. It’s also easy. The hard part is stopping the attacks before they happen or making sure perpetrators answer for them. If the accused live behind a friendly border that refuses to hand them over, the indictment is mostly symbolic. Meanwhile, companies and local governments keep finding out the hard way that their networks are soft targets. We should applaud the DOJ, but let’s not pretend a paper charge will suddenly make Moscow change its habits.
What should happen next
We need a three-part plan: beef up American cyber defenses, punish bad actors with real costs, and force private firms to raise their game. That means stronger federal standards for critical infrastructure, smarter sanctions and asset seizures for state-backed cybercriminals, and legal teeth for holding companies accountable when they ignore basic protections. If we keep treating cyber policy as a checklist and a press release, Americans will keep paying the bill — in money and safety.

