Over the past few years, tensions have been rising between Russia and the United States — not in conventional military terms, but in cyberspace. The issue came to a head at this month’s summit in Geneva, when US President Joe Biden threatened reprisals over allegedly Russian-backed cyber-attacks on US targets.
Then, in 2020, a major cyber attack on IT firm SolarWinds compromised the security of a wide range of US government and industry entities, including the Pentagon and the Department of Homeland Security.
Russia denied any involvement in the SolarWinds incident, publicly rejecting what it described as “unfounded attempts of the US media to blame Russia for hacker attacks on US governmental bodies”.
The attack was ultimately attributed to a cyber-criminal group called Nobelium, which has continued to be active and allegedly perpetrated a series of cyber-attacks earlier this year, although there is no clear evidence it did so with Kremlin backing.
That was followed last month by an attack on meat processor JBS, shutting down parts of its operations in the US, Canada and Australia, and severely disrupting global meat supplies. This time the FBI pointed the finger at REvil, another profitable Russian-based cyber-criminal group.
In both of these cases, the victims reportedly paid ransoms to resume their operations. While this is expensive and arguably encourages future attacks, disruptions in operations can be even more costly.
The FBI claims to have recovered more than US$2 million of the ransom paid by the Colonial Pipeline Company.
A few weeks before the Colonial Pipeline attack, the Biden administration imposed economic sanctions on Russia over its cyber-meddling in US elections. But the US has now understandably made combating ransomware attacks its top priority.
The US is certainly known for its cyber-offensive capabilities. Perhaps the most widely reported engagement was the 2010 Stuxnet attack on Iran’s nuclear program.
In 2015, the US Cyber Command and National Security Agency successfully hacked key members of ISIS, while the following year Wikileaks revealed the CIA had developed a powerful suite of hacking tools.
The US has both the capability and the motivation to conduct extensive cyber-infiltration of its adversaries.
This list identified 16 sectors that should be excluded from offensive action, including government facilities, IT systems, energy infrastructure, and food and agriculture — all four of which have come under suspected Russian-backed attack in recent years.
Cyberspace is considered the fifth domain for warfare, after land, sea, air and space. But the truth is that IT systems are now so ubiquitous that they are also firmly embedded in the four other domains too, meaning a successful cyber attack can weaken an enemy in many kinds of ways.
This in turn can make it hard to even define what counts as an offensive act of cyber-war, let alone identify the aggressor.
Although the Kremlin continues to deny any association with cyber-criminal gangs such as DarkSide or REvil, Russia nevertheless stands accused of giving them safe harbour.
How do we stop global cyber attacks?
The recent Ransomware Task Force report specifically attempted to address the issue of ransomware. But it also offers useful advice for countering state-backed cyber-crime. It recommends:
coordinated, international diplomatic and law-enforcement efforts to confront cyber-threats
establishing relevant agencies to manage cyber incidents
internationally coordinated efforts to establish frameworks to help organisations that are subject to cyber-attacks.
Successfully stamping out international cyber-attacks will be tremendously hard, and is ultimately only achievable with good diplomacy, trust, cooperation and communication.
While global superpowers continue to sponsor cyber-attacks on foreign shores while decrying attacks against their own assets, all we end up with is the virtual equivalent of mutually assured destruction.
