The U.S. government must slash bureaucracy, foster improved cooperation, and treat hacking attacks as acts of war rather than isolated incidents.
Originally published in The National Interest.
Constant cyberattacks against U.S. military and civilian targets from foreign adversaries need to be treated as acts of war and addressed comprehensively, not in isolation.
Cyberspace is a global battlefield that blurs national boundaries. The current fragmented state of U.S. cyber defenses is a hacker’s dream. Before 9/11, the nation’s effort against Al Qaeda was siloed between the CIA and the FBI without communication. A similar situation persists in U.S. cyberdefenses.
An improved response requires integrated cooperation among the Defense Department’s Cyber Command, Department of Justice, states, and industry to formulate a comprehensive strategy to harden our infrastructure and protect state secrets from intruders.
“The line between nation-state and criminal actors is increasingly blurry as nation-states turn to criminal proxies as a tool of state power, then turn a blind eye to the cybercrime perpetrated by the same malicious actors,” Mieke Eoyang, Deputy Assistant Secretary of Defense for cyber policy, tolda subcommittee of the House Armed Services Committee last week. “China is the pacing threat to the Department [of Defense]. China uses cyber operations to erode our military overmatch and economic vitality, stealing U.S. intellectual property and research.”
In 2019, Chinese state-sponsored hackers belonging to the APT41 group hacked software development companies, telecommunications providers, social-media companies, video game companies, healthcare, non-profit organizations, think tanks in the U.S. and in about half a dozen other countries worldwide.
The FireEye cybersecurity firm noted in 2019 that these Chinese espionage hackers targeted companies whose capabilities align with the Chinese Communist Party’s Five-Year economic development plans.
The ransomware attack by the DarkSide hacking group against Colonial Pipeline, Co., stands as a reminder of the catastrophic bipartisan failure to take the cyberwarfare being waged against America seriously and strategically. Colonial Pipeline paid $90 million in Bitcoin to the hackers.
It showed how vulnerable critical pieces of the U.S. infrastructure are to hostile cyberwarriors. Hacking offers low-cost to China, Russia, Iran, or North Korea to hit America and its allies hard without the massive violent retaliation they could face in conventional warfare.
Infrastructure like pipelines and power grids would be logical targets in conventional warfare, as they are in cyberwarfare.
Two colonels belonging to China’s People’s Liberation Army (PLA) compiled a 1998 manifesto titled “Unrestricted Warfare” that sought to reimagine warfare. They saw that China could not then defeat the U.S. in a conventional land war akin to the 1991 Persian Gulf War. They advocated broadening China’s strategy to include economic and cyberwarfare among other things. They wrote:
Perhaps, in the not-too-distant future, the military means will be only one of all the available means in wars such as one of fighting terrorist organizations of the bin Laden category. A more effective means that can strike at bin Laden in a destructive way is perhaps not the cruise missile, but a financial suffocation war carried out on the Internet.
As means have become more complicated, there has emerged a consequence that is unexpected to all soldiers: the civilianization of war.
As professional soldiers’ war or quasi-war activities have increasingly become an important factor affecting national security, the issue as to which constitute the dominant force in future wars, an issue which has never been a question, has become a question worldwide. For example, the incidents of attacks conducted by “web rascals” on the network centers of the U.S. Defense Department and the Indian Defense Ministry were evidence in this regard.
Putin’s Russia also has made cyberwarfare a priority. An analysis of the Colonial ransomware attack suggests that a fingerprint used by the DarkSide hacking gang, believed to be linked with Unit 74455 of Russia’s military intelligence agency, the GRU, could be present. The GRU has been known to use ransomware to attack infrastructure targets. This same hacking unit extorted millions from big businesses in 2020 to “make the world better.”
“Thus, Russia continues a large-scale hybrid war against the United States and its allies, despite statements of the White House warning about the consequences of previous cyberattacks carried out on the territory of the United States,” the Delaware-based Robert Lansing Center for Global Threats and Democracy Studies wrote. “It confirms the hypothesis that Russia will continue its subversive operations abroad and expand its range of tools up to the chance to have critical impact on the state administration system and paralyze the work of a foreign state by infiltrating chaos in its social sphere.”
It seems to be working.
This time, millions of Americans along the East Coast faced “No Gas” signs at hundreds of gas stations. Had the shutdown lasted longer, it would have had an even greater ripple effect throughout the economy, impacting manufacturing and refining, and bringing mass transit to a screeching halt, an Energy Department report concluded.
Similarly, last year’s SolarWinds hack was tied to the Russians.
North Korea notably used similar tactics with its 2017 WannaCry ransomware attack that crippled parts of Britain’s National Health Service and thousands of computers worldwide.
Safeguards are needed to prevent future Colonial Pipeline intrusions akin to those found in the nuclear industry. Following 9/11, the nuclear power generating industry introduced safeguards that isolated computers responsible for the safe operation of the nation’s nuclear powerplants from the Internet at the direction of the Nuclear Regulatory Commission. Vital infrastructure must be isolated from email servers and from the Internet to harden them from attack.
Artificial Intelligence could offer the Pentagon more effective means for detecting and countering attackers, identifying attacks in progress, and possibly neutralize them. U.S. Cyber Command also is developing offensive cyber capabilities.
In the end, the U.S. government must slash the bureaucracy and foster improved cooperation to secure the nation’s military and civilian infrastructure.