Over the past few years, tensions have been rising between Russia and the United States — not in conventional military terms, but in cyberspace. The issue came to a head at this month’s summit in Geneva, when US President Joe Biden threatened reprisals over allegedly Russian-backed cyber-attacks on US targets.
This confrontation first rose to global attention in 2016, when the US Central Intelligence Agency (CIA) reported Russia had directly influenced the outcome of the presidential election, favouring the Republican candidate Donald Trump by hacking and leaking 60,000 emails from the private account of Democratic nominee Hillary Clinton’s campaign director.
Then, in 2020, a major cyber attack on IT firm SolarWinds compromised the security of a wide range of US government and industry entities, including the Pentagon and the Department of Homeland Security.
Trump administration Secretary of State Mike Pompeo held Russia responsible for the incident, although Trump himself went against the consensus, seeking to downplay the attack and blame China instead.
Microsoft president Brad Smith described it as the “largest and most sophisticated attack the world has ever seen”. Microsoft began investigating the attack after many of its customers were caught up in it, including major tech companies and federal agencies.
Russia denied any involvement in the SolarWinds incident, publicly rejecting what it described as “unfounded attempts of the US media to blame Russia for hacker attacks on US governmental bodies”.
The attack was ultimately attributed to a cyber-criminal group called Nobelium, which has continued to be active and allegedly perpetrated a series of cyber-attacks earlier this year, although there is no clear evidence it did so with Kremlin backing.
Fuel pipelines and black angus steak
That was followed last month by an attack on meat processor JBS, shutting down parts of its operations in the US, Canada and Australia, and severely disrupting global meat supplies. This time the FBI pointed the finger at REvil, another profitable Russian-based cyber-criminal group.
In both of these cases, the victims reportedly paid ransoms to resume their operations. While this is expensive and arguably encourages future attacks, disruptions in operations can be even more costly.
The FBI claims to have recovered more than US$2 million of the ransom paid by the Colonial Pipeline Company.
A few weeks before the Colonial Pipeline attack, the Biden administration imposed economic sanctions on Russia over its cyber-meddling in US elections. But the US has now understandably made combating ransomware attacks its top priority.
Does the US engage in similar activities?
The US is certainly known for its cyber-offensive capabilities. Perhaps the most widely reported engagement was the 2010 Stuxnet attack on Iran’s nuclear program.
In 2015, the US Cyber Command and National Security Agency successfully hacked key members of ISIS, while the following year Wikileaks revealed the CIA had developed a powerful suite of hacking tools.
The US has both the capability and the motivation to conduct extensive cyber-infiltration of its adversaries.
At this month’s US-Russia summit in Geneva, Biden talked about establishing cyber-norms and declaring certain critical infrastructure as off-limits.
This list identified 16 sectors that should be excluded from offensive action, including government facilities, IT systems, energy infrastructure, and food and agriculture — all four of which have come under suspected Russian-backed attack in recent years.
Some cyber-security advocates have criticised US strategies in recent years as being too weak. Biden’s comments at the Geneva summit seem to be an attempt to strike a firmer tone.
So is this the start of a cyber-war?
Cyberspace is considered the fifth domain for warfare, after land, sea, air and space. But the truth is that IT systems are now so ubiquitous that they are also firmly embedded in the four other domains too, meaning a successful cyber attack can weaken an enemy in many kinds of ways.
This in turn can make it hard to even define what counts as an offensive act of cyber-war, let alone identify the aggressor.
Although the Kremlin continues to deny any association with cyber-criminal gangs such as DarkSide or REvil, Russia nevertheless stands accused of giving them safe harbour.
How do we stop global cyber attacks?
The recent Ransomware Task Force report specifically attempted to address the issue of ransomware. But it also offers useful advice for countering state-backed cyber-crime. It recommends:
- coordinated, international diplomatic and law-enforcement efforts to confront cyber-threats
- establishing relevant agencies to manage cyber incidents
- internationally coordinated efforts to establish frameworks to help organisations that are subject to cyber-attacks.
Successfully stamping out international cyber-attacks will be tremendously hard, and is ultimately only achievable with good diplomacy, trust, cooperation and communication.
While global superpowers continue to sponsor cyber-attacks on foreign shores while decrying attacks against their own assets, all we end up with is the virtual equivalent of mutually assured destruction.