Cyber Cold War? The US and Russia talk tough, but only diplomacy will ease the threat

Over the past few years, tensions have been rising between Russia and the United States — not in conventional military terms, but in cyberspace. The issue came to a head at this month’s summit in Geneva, when US President Joe Biden threatened reprisals^[1] over allegedly Russian-backed cyber-attacks on US targets.

This confrontation first rose to global attention in 2016, when the US Central Intelligence Agency (CIA) reported Russia had directly influenced the outcome of the presidential election^[2], favouring the Republican candidate Donald Trump by hacking and leaking 60,000 emails^[3] from the private account of Democratic nominee Hillary Clinton’s campaign director.

Then, in 2020, a major cyber attack on IT firm SolarWinds^[4] compromised the security of a wide range of US government and industry entities, including the Pentagon and the Department of Homeland Security.

Trump administration Secretary of State Mike Pompeo held Russia responsible^[5] for the incident, although Trump himself went against the consensus, seeking to downplay the attack and blame China instead^[6].

Microsoft president Brad Smith described it as the “largest and most sophisticated attack the world has ever seen^[7]”. Microsoft began investigating the attack after many of its customers were caught up in it, including major tech companies and federal agencies^[8].

Russia denied^[9] any involvement in the SolarWinds incident, publicly rejecting what it described as “unfounded attempts of the US media to blame Russia for hacker attacks on US governmental bodies”.

The attack was ultimately attributed to a cyber-criminal group called Nobelium^[10], which has continued to be active and allegedly perpetrated a series of cyber-attacks earlier this year^[11], although there is no clear evidence it did so with Kremlin backing.

Fuel pipelines and black angus steak

More recently, the US Colonial Pipeline ransomware attack^[12], which crippled the largest oil pipeline in the US, was attributed to a Russian cyber-mercenary gang codenamed DarkSide^[13].

That was followed last month by an attack on meat processor JBS, shutting down parts of its operations in the US, Canada and Australia, and severely disrupting global meat supplies. This time the FBI pointed the finger at REvil, another profitable Russian-based cyber-criminal group^[14].

In both of these cases, the victims reportedly paid ransoms to resume their operations. While this is expensive and arguably encourages future attacks, disruptions in operations can be even more costly^[15].

The FBI claims to have recovered^[16] more than US$2 million of the ransom paid by the Colonial Pipeline Company.

Read more: The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a 'wicked' problem^[17]

A few weeks before the Colonial Pipeline attack, the Biden administration imposed economic sanctions on Russia^[18] over its cyber-meddling in US elections. But the US has now understandably made combating ransomware attacks its top priority.

The Ransomware Task Force^[19], convened in December 2020 by Microsoft and leading tech security firms, called for global cooperation^[20] to tackle the ransomware threat and break its business model.

Does the US engage in similar activities?

The US is certainly known for its cyber-offensive capabilities. Perhaps the most widely reported engagement was the 2010 Stuxnet attack^[21] on Iran’s nuclear program.

In 2015, the US Cyber Command and National Security Agency successfully hacked key members of ISIS^[22], while the following year Wikileaks revealed^[23] the CIA had developed a powerful suite of hacking tools.

The US has both the capability and the motivation to conduct extensive cyber-infiltration of its adversaries.

Read more: Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory^[24]

At this month’s US-Russia summit in Geneva, Biden talked about establishing cyber-norms and declaring certain critical infrastructure as off-limits^[25].

This list identified 16 sectors^[26] that should be excluded from offensive action, including government facilities, IT systems, energy infrastructure, and food and agriculture — all four of which have come under suspected Russian-backed attack in recent years.

Some cyber-security advocates have criticised US strategies in recent years as being too weak^[27]. Biden’s comments at the Geneva summit seem to be an attempt to strike a firmer tone.

So is this the start of a cyber-war?

Cyberspace is considered the fifth domain for warfare^[28], after land, sea, air and space. But the truth is that IT systems are now so ubiquitous that they are also firmly embedded in the four other domains too^[29], meaning a successful cyber attack can weaken an enemy in many kinds of ways.

This in turn can make it hard to even define what counts as an offensive act of cyber-war^[30], let alone identify the aggressor.

Although the Kremlin continues to deny any association with cyber-criminal gangs such as DarkSide or REvil, Russia nevertheless stands accused of giving them safe harbour^[31].

How do we stop global cyber attacks?

The recent Ransomware Task Force report^[32] specifically attempted to address the issue of ransomware. But it also offers useful advice for countering state-backed cyber-crime. It recommends:

• coordinated, international diplomatic and law-enforcement efforts to confront cyber-threats

• establishing relevant agencies to manage cyber incidents

• internationally coordinated efforts to establish frameworks to help organisations that are subject to cyber-attacks.

Successfully stamping out international cyber-attacks will be tremendously hard, and is ultimately only achievable with good diplomacy, trust, cooperation and communication.

While global superpowers continue to sponsor cyber-attacks on foreign shores while decrying attacks against their own assets, all we end up with is the virtual equivalent of mutually assured destruction^[33].

References

1. ^{^} threatened reprisals (www.theguardian.com)
2. ^{^} directly influenced the outcome of the presidential election (www.theguardian.com)
3. ^{^} hacking and leaking 60,000 emails (www.theguardian.com)
4. ^{^} major cyber attack on IT firm SolarWinds (www.businessinsider.com.au)
5. ^{^} held Russia responsible (www.wsj.com)
6. ^{^} seeking to downplay the attack and blame China instead (www.abc.net.au)
7. ^{^} largest and most sophisticated attack the world has ever seen (www.reuters.com)
8. ^{^} major tech companies and federal agencies (www.npr.org)
9. ^{^} Russia denied (www.facebook.com)
10. ^{^} Nobelium (msrc-blog.microsoft.com)
11. ^{^} series of cyber-attacks earlier this year (blogs.microsoft.com)
12. ^{^} US Colonial Pipeline ransomware attack (theconversation.com)
13. ^{^} Russian cyber-mercenary gang codenamed DarkSide (www.entrepreneur.com)
14. ^{^} REvil, another profitable Russian-based cyber-criminal group (www.bbc.com)
15. ^{^} even more costly (blog.emsisoft.com)
16. ^{^} claims to have recovered (www.bbc.com)
17. ^{^} The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a 'wicked' problem (theconversation.com)
18. ^{^} imposed economic sanctions on Russia (www.npr.org)
19. ^{^} Ransomware Task Force (www.zdnet.com)
20. ^{^} called for global cooperation (securityandtechnology.org)
21. ^{^} 2010 Stuxnet attack (www.washingtonpost.com)
22. ^{^} successfully hacked key members of ISIS (www.npr.org)
23. ^{^} revealed (www.washingtonpost.com)
24. ^{^} Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory (theconversation.com)
25. ^{^} certain critical infrastructure as off-limits (geneva.usmission.gov)
26. ^{^} 16 sectors (www.cisa.gov)
27. ^{^} criticised US strategies in recent years as being too weak (www.bloomberg.com)
28. ^{^} fifth domain for warfare (www.aspistrategist.org.au)
29. ^{^} firmly embedded in the four other domains too (www.ida.org)
30. ^{^} offensive act of cyber-war (www.bushcenter.org)
31. ^{^} safe harbour (www.9news.com.au)
32. ^{^} Ransomware Task Force report (securityandtechnology.org)
33. ^{^} mutually assured destruction (www.secplicity.org)