Successfully stamping out international cyberattacks will be tremendously difficult, and it is only achievable with good diplomacy, trust, cooperation and communication.
Over the past few years, tensions have been rising between Russia and the United States -- not in conventional military terms, but in cyberspace. The issue came to a head at this month’s summit in Geneva, when U.S. President Joe Biden threatened reprisals over allegedly Russian-backed cyberattacks on U.S. targets.
This confrontation first rose to global attention in 2016, when the Central Intelligence Agency (CIA) reported Russia had directly influenced the outcome of the presidential election, favoring the Republican candidate Donald Trump by hacking and leaking 60,000 emails from the private account of Democratic nominee Hillary Clinton’s campaign director.
Then, in 2020, a major cyberattack on IT firm SolarWinds compromised the security of a wide range of U.S. government and industry entities, including the Pentagon and the Department of Homeland Security.
Trump administration Secretary of State Mike Pompeo held Russia responsible for the incident, although Trump himself went against the consensus, seeking to downplay the attack and blame China instead.
Microsoft President Brad Smith described it as the “largest and most sophisticated attack the world has ever seen.” Microsoft began investigating the attack after many of its customers were caught up in it, including major tech companies and federal agencies.
Russia denied any involvement in the SolarWinds incident, publicly rejecting what it described as “unfounded attempts of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies.”
The attack was ultimately attributed to a cyber-criminal group called Nobelium, which has continued to be active and allegedly perpetrated a series of cyber-attacks earlier this year, although there is no clear evidence it did so with Kremlin backing.
Fuel pipelines and black angus steak
That was followed last month by an attack on meat processor JBS, shutting down parts of its operations in the U.S., Canada and Australia, and severely disrupting global meat supplies. This time the FBI pointed the finger at REvil, another profitable Russian-based cyber-criminal group.
In both of these cases, the victims reportedly paid ransoms to resume their operations. While this is expensive and arguably encourages future attacks, disruptions in operations can be even more costly.
The FBI claims to have recovered more than US$2 million of the ransom paid by the Colonial Pipeline Company.
A few weeks before the Colonial Pipeline attack, the Biden administration imposed economic sanctions on Russia over its cyber-meddling in U.S. elections. But the U.S. has now understandably made combating ransomware attacks its top priority.
Does the US engage in similar activities?
The U.S. is certainly known for its cyber-offensive capabilities. Perhaps the most widely reported engagement was the 2010 Stuxnet attack on Iran’s nuclear program.
In 2015, the U.S. Cyber Command and National Security Agency successfully hacked key members of ISIS, while the following year Wikileaks revealed the CIA had developed a powerful suite of hacking tools.
The U.S. has both the capability and the motivation to conduct extensive cyber-infiltration of its adversaries.
At this month’s U.S.-Russia summit in Geneva, Biden talked about establishing cyber-norms and declaring certain critical infrastructure as off-limits.
This list identified 16 sectors that should be excluded from offensive action, including government facilities, IT systems, energy infrastructure, and food and agriculture -- all four of which have come under suspected Russian-backed attack in recent years.
Some cyber-security advocates have criticized U.S. strategies in recent years as being too weak. Biden’s comments at the Geneva summit seem to be an attempt to strike a firmer tone.
So is this the start of a cyber-war?
Cyberspace is considered the fifth domain for warfare, after land, sea, air and space. But the truth is that IT systems are now so ubiquitous that they are also firmly embedded in the four other domains too, meaning a successful cyberattack can weaken an enemy in many kinds of ways.
This in turn can make it hard to even define what counts as an offensive act of cybe -war, let alone identify the aggressor.
Although the Kremlin continues to deny any association with cyber-criminal gangs such as DarkSide or REvil, Russia nevertheless stands accused of giving them safe harbor.
How do we stop global cyberattacks?
The recent Ransomware Task Force report specifically attempted to address the issue of ransomware. But it also offers useful advice for countering state-backed cyber-crime. It recommends:
- Coordinated, international diplomatic and law-enforcement efforts to confront cyberthreats.
- Establishing relevant agencies to manage cyber incidents.
- Internationally coordinated efforts to establish frameworks to help organizations that are subject to cyber-attacks.
Successfully stamping out international cyberattacks will be tremendously hard, and is ultimately only achievable with good diplomacy, trust, cooperation and communication.
While global superpowers continue to sponsor cyberattacks on foreign shores while decrying attacks against their own assets, all we end up with is the virtual equivalent of mutually assured destruction.
This article was first posted on The Conversation.
NEXT STORY: In search of 5G/IoT situational awareness