(NewsNation Now) — The United States has not seen a significant cyberattack since Russia invaded Ukraine but government officials and cybersecurity experts say the risk still remains.

According to one cybersecurity expert who spoke with NewsNation, Russia may be waiting for the right moment to launch wider cyberattacks, and the worst could still be ahead.

“I think they’re probably keeping it in reserve until things escalate and at such time they may take action on their objectives,” said Lou Rabon, CEO of Cyber Defense Group. “But once they do that, then the cat’s out of the bag: It will reveal where they have access. Right now, they may have access in organizations that don’t know that they’re in there.”

Although there are no current credible cyberthreats against the U.S., the federal government is urging companies to prepare and report suspicious activity to the FBI immediately.

This week, U.S. intelligence officials briefed Congress on potential threats to homeland security, emphasizing the most serious threats include cyberattacks.

Officials say China is the biggest cyberthreat due its substantial resources, but Russia also remains a concern because it sees cyberattacks as a military tool.

The FBI and NSA warned that the U.S. could be collateral damage if Russia launches additional cyberattacks against Ukraine, something the country tried in the early phases of the war.

Just last May, a ransomware attack shut down one of the largest oil pipelines in the U.S. The Colonial Pipeline, which supplies much of the gasoline for the Southeast, was halted for several days, leading many consumers to start panic-buying gas.

The FBI said a Russian hacking group called “Darkside” was behind the attack.

A new report from Bloomberg also sheds light on the cybersecurity threat. The news outlet reported that the night before Russia invaded Ukraine, hackers gained access to employees’ computers at more than a dozen natural gas-related companies, including Chevron.

The motive for that attack is still unknown.

Chevron said it’s using the best cybersecurity practices that have been advised by the government.

On Tuesday, a report from U.S. cybersecurity firm Mandiant revealed that hackers working on behalf of the Chinese government broke into the computer networks of at least six state governments over the last year. The report does not say which states were targeted, nor does it offer a motive for the attacks.

Some members of Congress are calling on lawmakers to fast-track cybersecurity legislation intended to protect private businesses.

U.S. Rep. Don Bacon, R-Neb., introduced H.R. 5658, the DHS Roles and Responsibilities in Cyber Space Act, which would require the Secretary of Homeland Security to assess its cyber incident response plan and procedures.

“We need to help this private industry defend themselves. If not, we have very important sectors in America vulnerable — they’re paying ransom,” Bacon said. “So, we’ve got to intervene here and do better.”