The Times Australia
Mirvac Harbourside
The Times World News

.

Cyber Cold War? The US and Russia talk tough, but only diplomacy will ease the threat

  • Written by Ahmed Ibrahim, Lecturer (Computing and Security), Edith Cowan University

Over the past few years, tensions have been rising between Russia and the United States — not in conventional military terms, but in cyberspace. The issue came to a head at this month’s summit in Geneva, when US President Joe Biden threatened reprisals[1] over allegedly Russian-backed cyber-attacks on US targets.

This confrontation first rose to global attention in 2016, when the US Central Intelligence Agency (CIA) reported Russia had directly influenced the outcome of the presidential election[2], favouring the Republican candidate Donald Trump by hacking and leaking 60,000 emails[3] from the private account of Democratic nominee Hillary Clinton’s campaign director.

Then, in 2020, a major cyber attack on IT firm SolarWinds[4] compromised the security of a wide range of US government and industry entities, including the Pentagon and the Department of Homeland Security.

Trump administration Secretary of State Mike Pompeo held Russia responsible[5] for the incident, although Trump himself went against the consensus, seeking to downplay the attack and blame China instead[6].

Microsoft president Brad Smith described it as the “largest and most sophisticated attack the world has ever seen[7]”. Microsoft began investigating the attack after many of its customers were caught up in it, including major tech companies and federal agencies[8].

Russia denied[9] any involvement in the SolarWinds incident, publicly rejecting what it described as “unfounded attempts of the US media to blame Russia for hacker attacks on US governmental bodies”.

The attack was ultimately attributed to a cyber-criminal group called Nobelium[10], which has continued to be active and allegedly perpetrated a series of cyber-attacks earlier this year[11], although there is no clear evidence it did so with Kremlin backing.

Fuel pipelines and black angus steak

More recently, the US Colonial Pipeline ransomware attack[12], which crippled the largest oil pipeline in the US, was attributed to a Russian cyber-mercenary gang codenamed DarkSide[13].

That was followed last month by an attack on meat processor JBS, shutting down parts of its operations in the US, Canada and Australia, and severely disrupting global meat supplies. This time the FBI pointed the finger at REvil, another profitable Russian-based cyber-criminal group[14].

In both of these cases, the victims reportedly paid ransoms to resume their operations. While this is expensive and arguably encourages future attacks, disruptions in operations can be even more costly[15].

The FBI claims to have recovered[16] more than US$2 million of the ransom paid by the Colonial Pipeline Company.

Read more: The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a 'wicked' problem[17]

A few weeks before the Colonial Pipeline attack, the Biden administration imposed economic sanctions on Russia[18] over its cyber-meddling in US elections. But the US has now understandably made combating ransomware attacks its top priority.

The Ransomware Task Force[19], convened in December 2020 by Microsoft and leading tech security firms, called for global cooperation[20] to tackle the ransomware threat and break its business model.

Fuel pump with sign saying 'Sorry Out Of Service' The Colonial Pipeline ransomware attack hit Americans where it hurts: the gas station. Eric S. Lesser/EPA

Does the US engage in similar activities?

The US is certainly known for its cyber-offensive capabilities. Perhaps the most widely reported engagement was the 2010 Stuxnet attack[21] on Iran’s nuclear program.

In 2015, the US Cyber Command and National Security Agency successfully hacked key members of ISIS[22], while the following year Wikileaks revealed[23] the CIA had developed a powerful suite of hacking tools.

The US has both the capability and the motivation to conduct extensive cyber-infiltration of its adversaries.

Read more: Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory[24]

At this month’s US-Russia summit in Geneva, Biden talked about establishing cyber-norms and declaring certain critical infrastructure as off-limits[25].

This list identified 16 sectors[26] that should be excluded from offensive action, including government facilities, IT systems, energy infrastructure, and food and agriculture — all four of which have come under suspected Russian-backed attack in recent years.

Some cyber-security advocates have criticised US strategies in recent years as being too weak[27]. Biden’s comments at the Geneva summit seem to be an attempt to strike a firmer tone.

So is this the start of a cyber-war?

Cyberspace is considered the fifth domain for warfare[28], after land, sea, air and space. But the truth is that IT systems are now so ubiquitous that they are also firmly embedded in the four other domains too[29], meaning a successful cyber attack can weaken an enemy in many kinds of ways.

This in turn can make it hard to even define what counts as an offensive act of cyber-war[30], let alone identify the aggressor.

Although the Kremlin continues to deny any association with cyber-criminal gangs such as DarkSide or REvil, Russia nevertheless stands accused of giving them safe harbour[31].

How do we stop global cyber attacks?

The recent Ransomware Task Force report[32] specifically attempted to address the issue of ransomware. But it also offers useful advice for countering state-backed cyber-crime. It recommends:

  • coordinated, international diplomatic and law-enforcement efforts to confront cyber-threats

  • establishing relevant agencies to manage cyber incidents

  • internationally coordinated efforts to establish frameworks to help organisations that are subject to cyber-attacks.

Successfully stamping out international cyber-attacks will be tremendously hard, and is ultimately only achievable with good diplomacy, trust, cooperation and communication.

While global superpowers continue to sponsor cyber-attacks on foreign shores while decrying attacks against their own assets, all we end up with is the virtual equivalent of mutually assured destruction[33].

References

  1. ^ threatened reprisals (www.theguardian.com)
  2. ^ directly influenced the outcome of the presidential election (www.theguardian.com)
  3. ^ hacking and leaking 60,000 emails (www.theguardian.com)
  4. ^ major cyber attack on IT firm SolarWinds (www.businessinsider.com.au)
  5. ^ held Russia responsible (www.wsj.com)
  6. ^ seeking to downplay the attack and blame China instead (www.abc.net.au)
  7. ^ largest and most sophisticated attack the world has ever seen (www.reuters.com)
  8. ^ major tech companies and federal agencies (www.npr.org)
  9. ^ Russia denied (www.facebook.com)
  10. ^ Nobelium (msrc-blog.microsoft.com)
  11. ^ series of cyber-attacks earlier this year (blogs.microsoft.com)
  12. ^ US Colonial Pipeline ransomware attack (theconversation.com)
  13. ^ Russian cyber-mercenary gang codenamed DarkSide (www.entrepreneur.com)
  14. ^ REvil, another profitable Russian-based cyber-criminal group (www.bbc.com)
  15. ^ even more costly (blog.emsisoft.com)
  16. ^ claims to have recovered (www.bbc.com)
  17. ^ The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a 'wicked' problem (theconversation.com)
  18. ^ imposed economic sanctions on Russia (www.npr.org)
  19. ^ Ransomware Task Force (www.zdnet.com)
  20. ^ called for global cooperation (securityandtechnology.org)
  21. ^ 2010 Stuxnet attack (www.washingtonpost.com)
  22. ^ successfully hacked key members of ISIS (www.npr.org)
  23. ^ revealed (www.washingtonpost.com)
  24. ^ Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory (theconversation.com)
  25. ^ certain critical infrastructure as off-limits (geneva.usmission.gov)
  26. ^ 16 sectors (www.cisa.gov)
  27. ^ criticised US strategies in recent years as being too weak (www.bloomberg.com)
  28. ^ fifth domain for warfare (www.aspistrategist.org.au)
  29. ^ firmly embedded in the four other domains too (www.ida.org)
  30. ^ offensive act of cyber-war (www.bushcenter.org)
  31. ^ safe harbour (www.9news.com.au)
  32. ^ Ransomware Task Force report (securityandtechnology.org)
  33. ^ mutually assured destruction (www.secplicity.org)

Read more https://theconversation.com/cyber-cold-war-the-us-and-russia-talk-tough-but-only-diplomacy-will-ease-the-threat-163171

Mirvac Harbourside

Times Magazine

YepAI Joins Victoria's AI Trade Mission to Singapore for Big Data & AI World Asia 2025

YepAI, a Melbourne-based leader in enterprise artificial intelligence solutions, announced today...

Building a Strong Online Presence with Katoomba Web Design

Katoomba web design is more than just creating a website that looks good—it’s about building an onli...

September Sunset Polo

International Polo Tour To Bridge Historic Sport, Life-Changing Philanthropy, and Breath-Taking Beau...

5 Ways Microsoft Fabric Simplifies Your Data Analytics Workflow

In today's data-driven world, businesses are constantly seeking ways to streamline their data anal...

7 Questions to Ask Before You Sign IT Support Companies in Sydney

Choosing an IT partner can feel like buying an insurance policy you hope you never need. The right c...

Choosing the Right Legal Aid Lawyer in Sutherland Shire: Key Considerations

Legal aid services play an essential role in ensuring access to justice for all. For people in t...

The Times Features

Macquarie Bank Democratises Agentic AI, Scaling Customer Innovation with Gemini Enterprise

Macquarie’s Banking and Financial Services group (Macquarie Bank), in collaboration with Google ...

Do kids really need vitamin supplements?

Walk down the health aisle of any supermarket and you’ll see shelves lined with brightly packa...

Why is it so shameful to have missing or damaged teeth?

When your teeth and gums are in good condition, you might not even notice their impact on your...

Australian travellers at risk of ATM fee rip-offs according to new data from Wise

Wise, the global technology company building the smartest way to spend and manage money internat...

Does ‘fasted’ cardio help you lose weight? Here’s the science

Every few years, the concept of fasted exercise training pops up all over social media. Faste...

How Music and Culture Are Shaping Family Road Trips in Australia

School holiday season is here, and Aussies aren’t just hitting the road - they’re following the musi...

The Role of Spinal Physiotherapy in Recovery and Long-Term Wellbeing

Back pain and spinal conditions are among the most common reasons people seek medical support, oft...

Italian Lamb Ragu Recipe: The Best Ragù di Agnello for Pasta

Ciao! It’s Friday night, and the weekend is calling for a little Italian magic. What’s better than t...

It’s OK to use paracetamol in pregnancy. Here’s what the science says about the link with autism

United States President Donald Trump has urged pregnant women[1] to avoid paracetamol except in ...