tag:theconversation.com,2011:/ca/topics/cyber-warfare-7023/articlesCyber warfare – The Conversation2023-10-25T04:20:34Ztag:theconversation.com,2011:article/2162022023-10-25T04:20:34Z2023-10-25T04:20:34ZGovernments and hackers agree: the laws of war must apply in cyberspace<figure><img src="https://images.theconversation.com/files/555727/original/file-20231025-18-4px7lq.jpg?ixlib=rb-1.1.0&rect=90%2C54%2C5916%2C3953&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/london-united-kingdom-04-05-2022-2270339069">Shutterstock</a></span></figcaption></figure><p>There are rules in war. International humanitarian law regulates what combatants can and can’t do, with the goal of protecting civilians and limiting suffering.</p>
<p>Most of these laws were developed during the 19th and 20th centuries. But in our own century a new kind of battlefield has emerged: the domain of cyberattacks, digital campaigns and online information operations. All these have played a heightened role in Russia’s war in Ukraine and, increasingly, in the current Israel–Hamas conflict.</p>
<p>There is a persistent myth that cyberspace is a lawless wild west. This could not be further from the truth. There is a clear international consensus that existing laws of war apply online. </p>
<p>In the past month, we have seen three significant developments in this area. Rules for “civilian hackers” have begun to gain traction. A new international humanitarian report has recommended ways forward for governments, tech companies and others. And the International Criminal Court has for the first time signalled that it considers cyber warfare to fall within its jurisdiction.</p>
<h2>Rules for hacktivists</h2>
<p>On October 4 2023, two advisers to the International Committee of the Red Cross proposed <a href="https://blogs.icrc.org/law-and-policy/2023/10/04/8-rules-civilian-hackers-war-4-obligations-states-restrain-them/">a set of rules for “civilian hackers” during war</a>. The proposals include things like “do not conduct any cyber operation against medical and humanitarian facilities” and “when planning a cyber attack against a military objective, do everything feasible to avoid or minimize the effects your operation may have on civilians”.</p>
<p>The authors were motivated by <a href="https://blogs.icrc.org/law-and-policy/2023/10/04/8-rules-civilian-hackers-war-4-obligations-states-restrain-them/">evidence of online attacks</a> disrupting banks, companies, pharmacies, hospitals, railway networks and civilian government services.</p>
<p>Cyber, digital and information operations – used alongside “real-world” military operations – have risen into the mainstream during Russia’s war in Ukraine. Many operations are carried out by civilian groups not formally connected to the military.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/russia-is-using-an-onslaught-of-cyber-attacks-to-undermine-ukraines-defence-capabilities-177638">Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities</a>
</strong>
</em>
</p>
<hr>
<p>These manoeuvres are not spectacular. However, as <a href="https://nsc.crawford.anu.edu.au/department-news/20103/address-gchq-director-sir-jeremy-fleming">Jeremy Fleming</a> (former head of GCHQ, United Kingdom’s electronic spy agency) put it:</p>
<blockquote>
<p>it was never our understanding that a catastrophic cyberattack was central to Russia’s use of offensive cyber in their military doctrine. To think otherwise, misjudges how cyber has an effect in military campaigns. That’s not to say that we haven’t seen cyber in this conflict. We have – and lots of it.</p>
</blockquote>
<p>After the proposed rules for civilian hackers were published, something extraordinary happened.</p>
<p>Two of the largest hacktivist groups actively engaged on opposite sides of the war in Ukraine are the Russian-affiliated Killnet and the Ukrainian IT Army. Spokespeople for both groups <a href="https://www.bbc.com/news/technology-67029296">vowed to the BBC</a> they would uphold the rules.</p>
<h2>Digital threats during armed conflict</h2>
<p>It is not just actors in Ukraine, and not just hacktivist groups, who must comply with the laws of war in cyberspace. </p>
<p>On October 18, the International Committee of the Red Cross published the final report of its global advisory board on <a href="https://www.icrc.org/en/document/protecting-civilians-against-digital-threats-during-armed-conflict">digital threats during armed conflicts</a>.</p>
<p>The report is the culmination of two years of work. The board comprises a diverse group of experts spanning the geopolitical spectrum, including the United States, Russia, China, South Africa, Mexico, India and Australia (including me).</p>
<p>We worked on “the international consensus that the established principles and rules of [international humanitarian law] apply to all forms of warfare and to all kinds of weapons, be they new or old, digital or physical”.</p>
<p>To safeguard civilians against digital threats, the report includes 25 action-oriented recommendations for belligerents, states, tech companies and humanitarian organisations.</p>
<p>Since 2013, <a href="https://digitallibrary.un.org/record/753055?ln=en">negotiated agreements at the United Nations</a> have recognised that existing international law applies to what states do in cyberspace.</p>
<p>In 2021, Russia, China, the US, Australia and every country in the United Nations went one step further, <a href="https://digitallibrary.un.org/record/3934214?ln=en">explicitly recognising</a> the application of the laws of war to cyber operations.</p>
<p>The International Committee of the Red Cross – its mission being “to prevent suffering by promoting and strengthening humanitarian law and universal humanitarian principles” – has also affirmed this many times, including via the reports above.</p>
<h2>The International Criminal Court weighs in</h2>
<p>Of course, agreeing to the rules doesn’t prevent irresponsible actors from breaking them. And this is where the third significant development comes in.</p>
<p>In September 2023, Karim A.A. Khan, the prosecutor of the International Criminal Court, <a href="https://digitalfrontlines.io/2023/08/20/technology-will-not-exceed-our-humanity/">signalled</a> the court would begin “collecting and reviewing” evidence of cyber warfare. It will also examine “misuse of the internet to amplify hate speech and disinformation, which may facilitate or even directly lead to the occurrence of atrocities”.</p>
<p>This is the first time the International Criminal Court has expressly indicated cyber warfare and misuse of the internet fall within its jurisdiction. This puts governments, militaries, tech companies and hacktivists on notice that they do not act with impunity in cyberspace.</p>
<p>As the war drags on in Ukraine and conflict escalates between Israel and Hamas (including <a href="https://www.politico.eu/article/israel-hamas-war-hackers-cyberattacks/">increasing reports</a> of hacktivism), all parties would do well to reflect that the rules of cyber warfare are clear.</p>
<p>Bombs or bytes, missiles or malware, international humanitarian law applies.</p><img src="https://counter.theconversation.com/content/216202/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Professor Johanna Weaver was a member of the ICRC Global Advisory Board on Digital Threats During Armed conflict referred to in this article. </span></em></p>Cyberspace is a battlefield in modern conflicts – and combatants must follow international humanitarian law to protect civilians.Johanna Weaver, Director, ANU Tech Policy Design Centre, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2084662023-08-18T03:23:21Z2023-08-18T03:23:21ZThe US navy is still more powerful than China’s: more so than the Australian government is letting on<p>The federal Labor government today used the ALP national conference to address <a href="https://www.theguardian.com/australia-news/live/2023/aug/18/alp-national-conference-2023-day-2-aukus-unions-australian-labor-party-anthony-albanese-brisbane-politics-live">internal dissent</a> over the controversial AUKUS security pact and its plan for acquiring nuclear-powered submarines.</p>
<p>Taxpayers have been asked to fund these subs at an extreme cost, <a href="https://www.theguardian.com/world/2023/mar/14/aukus-nuclear-submarines-australia-commits-substantial-funds-into-expanding-us-shipbuilding-capacity">up to A$368 billion</a>, and with many risks in the procurement cycle. This decision, and the price tag, can only be justified by the consideration that Australia would likely join the US in a war against China to protect Taiwan.</p>
<p>But the government hasn’t specifically acknowledged that. Its public rationale for going ahead with the subs is to counter China’s growing military influence in the Asia-Pacific, especially in the maritime domain.</p>
<p>“China’s military buildup is now the largest and most ambitious we have seen by any country since the end of the second world war,” <a href="https://www.theguardian.com/australia-news/2022/jun/11/australian-defence-minister-warns-china-risks-sparking-arms-race">according</a> to Defence Minister Richard Marles.</p>
<p>But how great is China’s naval capability?</p>
<p>The truth is the US navy, alongside its allied navies, especially Japan, remains much more powerful compared with China’s navy – and that’s likely to continue. </p>
<p>The Australian government isn’t being fully open about the cost-benefit analysis. It hasn’t publicly laid out its case for why its pursuit of such extremely expensive subs in relatively small numbers would help redress negative implications of the Chinese military buildup for Australian security.</p>
<p>What’s more, the AUKUS arrangements add little to the security commitment the US and Australia already have. We already have the closest possible alliance with the US, and even the government has said to our Asian neighbours that AUKUS doesn’t upgrade the security guarantees of the US to Australia.</p>
<p>So how do we assess the naval balance of power between China and the US, and do the AUKUS submarines arriving in the 2030s figure in those assessments?</p>
<h2>Comparing their navies: the old way</h2>
<p>A traditional way of assessing the balance of naval power is to count and compare the number of warships operated by each country. Even on that metric, the US isn’t outgunned by China, based on recent data.</p>
<p>China is frequently described as the world’s largest navy. But the US has <a href="https://crsreports.congress.gov/product/pdf/RL/RL33153/267">more of the most important types of major warships</a>, which are suitable for maritime warfare. The count only shifts in China’s favour for lighter and less heavily armed ships, such as frigates and coastal patrol vessels.</p>
<p>China’s advantage in lighter classes of warships could be particularly important in a conflict contained largely within the Taiwan Strait and other coastal areas near China.</p>
<p>On the other hand, even though the US doesn’t normally deploy all its naval force to the Western Pacific, it could deliver overwhelming naval power in the region in most circumstances if war was imminent.</p>
<h2>The ‘missile age’</h2>
<p>In today’s world, the ability of a country to carry out missile strikes is a far more important consideration than simply the number of warships. </p>
<p>The US can readily compensate for China’s numerical advantage in light warship numbers with “stand-off” missiles, which can be launched from long distances (more than 1,500km).</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-much-anticipated-defence-review-is-here-so-what-does-it-say-and-what-does-it-mean-for-australia-204267">The much-anticipated defence review is here. So what does it say, and what does it mean for Australia?</a>
</strong>
</em>
</p>
<hr>
<p>In modern war, the count of “weapons platforms” (any structure from which weapons can be deployed, including ships) is far less important than the number of missiles that can be fired from a variety of platforms against enemy targets.</p>
<p>A US think tank <a href="https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/230109_Cancian_FirstBattle_NextWar.pdf?VersionId=WdEUwJYWIySMPIr3ivhFolxC_gZQuSOQ">has estimated</a> that in the event of China starting a war with Taiwan, the US could fire more than 5,000 anti-ship missiles over the first 3-4 weeks.</p>
<p>The simulation was pessimistic about whether this number would be adequate to hold the Chinese attack at bay or defeat it in the first weeks, but it still saw China suffer significant ship losses. The simulation didn’t include US attacks on Chinese naval bases, which could significantly alter the missile advantage in favour of the US.</p>
<p>In a war between the US and China, we could expect the US would be prepared to undertake crippling cruise missile strikes on naval bases and other targets inside China. Even on short warning, the US navy could, for example, launch more than 1,000 cruise missiles against the Chinese mainland in an initial engagement over several days if it chose to do so.</p>
<p>According to the <a href="https://crsreports.congress.gov/product/pdf/RL/RL33153/267">US Congressional Research Service</a>, the US navy has 9,000 missile vertical launch tubes to deliver long-range cruise missiles, compared with China’s 1,000.</p>
<p>The Australian public need not be so spooked about China’s naval buildup, given the US’s supremacy in the “missile age”. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1638301318161870848"}"></div></p>
<h2>The US also has the cyber advantage</h2>
<p>The US navy also has superior cyber capabilities compared with the Chinese navy.</p>
<p>Its cyber resources are concentrated in its “Tenth Fleet”, with <a href="https://www.fcc.navy.mil/About-Us/">more than 19,000 active and reserve personnel</a>. It has 26 active commands, 40 cyber mission force units, and 29 reserve commands around the world, which could be available to strike China in the event of war. Such missions would likely aim to disable, disrupt or destroy the command and control and fighting effectiveness of the Chinese navy.</p>
<p>For example, it was US navy cyber personnel, alongside Ukrainian counterparts, who <a href="https://www.cybercom.mil/Media/News/Article/3229136/before-the-invasion-hunt-forward-operations-in-ukraine/">successfully blocked</a> what could have been <a href="https://www.cybercom.mil/Media/News/Article/3256645/us-cyber-command-2022-year-in-review/">crippling cyber attacks</a> by Russia ahead of its invasion in early 2022.</p>
<p>In contrast, China doesn’t appear to have a dedicated naval cyber command, corresponding forces, or such a substantial global footprint.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/deterring-china-isnt-all-about-submarines-australias-cyber-offence-might-be-its-most-potent-weapon-204749">Deterring China isn't all about submarines. Australia's 'cyber offence' might be its most potent weapon</a>
</strong>
</em>
</p>
<hr>
<p>The International Institute for Strategic Studies (IISS) <a href="https://www.iiss.org/globalassets/media-library---content--migration/files/research-papers/cyber-power-report/cyber-capabilities-and-national-power---net-assessment.pdf">has assessed</a> that China is at least ten years behind the US in its cyber power.</p>
<p>This judgement is based on the US’s industrial and technological supremacy, and its much longer history of integrating cyber operations into military planning.</p>
<p>In a war with China, the US could count on the active support of key allies, such as the United Kingdom, Canada and Australia, through remote cyber military attacks against China. </p>
<p>The AUKUS pact enhances the strength of this cyber alliance. Australia having nuclear-powered submarines doesn’t hugely change the US/China balance of power. </p>
<p>The allied cyber capabilities together far outweigh those of China. China has no strong cyber allies and has <a href="https://www.iiss.org/research-paper//2021/06/cyber-capabilities-national-power">weak cyber defences compared with the US</a>.</p>
<h2>What about the long term?</h2>
<p>The Congressional Research Service’s <a href="https://crsreports.congress.gov/product/pdf/RL/RL33153/267">May 2023 report</a> assesses that the naval balance remains in favour of the US, especially in submarine capability.</p>
<p>It finds China would have to maintain its robust naval buildup and modernisation for quite some time if that were to change (though it doesn’t estimate a timeline for this). If that transpires, the report concludes China “might eventually draw even with or surpass the United States in overall naval capability”, though in my view this outcome is far from certain.</p>
<p>I estimate the US advantage in naval power over China will likely remain in place for at least the next decade, and probably longer. The government owes the Australian public a granular accounting of the military balance for the longer term.</p><img src="https://counter.theconversation.com/content/208466/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Greg Austin consults for the International Institute for Strategic Studies whose work is cited in this article. </span></em></p>Part of the rationale for acquiring nuclear-powered subs is to counter China’s growing military influence. But the US navy still remains much more powerful than China’s.Greg Austin, Adjunct Professor, Australia-China Relations Institute, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2047492023-05-04T05:58:31Z2023-05-04T05:58:31ZDeterring China isn’t all about submarines. Australia’s ‘cyber offence’ might be its most potent weapon<figure><img src="https://images.theconversation.com/files/524258/original/file-20230504-14-7qzz0j.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6016%2C4016&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>Australia doesn’t need to wait ten or 20 years for its new submarines, or for long-range missiles, to project effective military power against China.</p>
<p>It has the ability to use its cyber forces to strike strategic targets inside China now, or for the sake of deterrence, to hold out that threat.</p>
<p>Cyber attacks are aimed at breaking into enemy military networks to disrupt or disable their systems. They can be used against a variety of weapons and communications systems.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/russia-is-using-an-onslaught-of-cyber-attacks-to-undermine-ukraines-defence-capabilities-177638">Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities</a>
</strong>
</em>
</p>
<hr>
<p>Cyber forces are now an integral part of a country’s strike capability in wartime. The United States is even now planning wartime cyber attacks against China, should they be needed. According to 2018 figures, the Americans have a force of <a href="https://misi.tech/docs/Nakasone_03-25-21.pdf">around 240,000 defence personnel and contractors</a> in place to contribute to cyber defence and cyber attack, with up to one-third likely available to support the latter.</p>
<p>In the event of war, these US cyber attacks could be sustained across the full range of Chinese war capacity. The aim would be to gain what’s called “decision dominance”. This is the “disintegration” of China’s systems and decision-making, “thereby defeating their offensive capabilities” – if we can interpret remarks of the former commander of US Indo-Pacific Command, <a href="https://www.pacom.mil/Media/Speeches-Testimony/Article/2101115/transforming-the-joint-force-a-warfighting-concept-for-great-power-competition/">Admiral Philip Davidson</a>, to be a reference to China.</p>
<p>Australia has been much more guarded in discussing cyber offence than the US, but the two allies are in step. Canberra is in the process of tripling the size of its offensive cyber forces under <a href="https://www.asd.gov.au/about/redspice">Project Redspice</a>, announced last year.</p>
<p>It could attack military command and control assets anywhere in China in the event of war. Softer targets might include critical national infrastructure, such as the energy grid supporting the war effort.</p>
<p>Australia’s cyber force will remain small compared with the US. But it can also call on private domestic or foreign corporations to design attack packages against China, as the US does. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/budget-2022-9-9-billion-towards-cyber-security-aims-to-make-australia-a-key-offensive-cyber-player-180321">Budget 2022: $9.9 billion towards cyber security aims to make Australia a key 'offensive' cyber player</a>
</strong>
</em>
</p>
<hr>
<p>Australia is aiming for world-class offensive options in cyberspace. The AUKUS allies coordinate closely together on cyber operations, and this area of activity is a prime focus for the new grouping.</p>
<p>In 2020, the United Kingdom set up a new organisation, its <a href="https://www.gov.uk/government/organisations/national-cyber-force">National Cyber Force</a>, dedicated to offensive strike operations.</p>
<p>As part of this “cyber three” alliance with the US and UK, Australia’s cyber force will likely remain the country’s most powerful strike capability against China for decades to come.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1508526221935603716"}"></div></p>
<h2>China’s cyber security weakness</h2>
<p>Of course, success isn’t assured with cyber attacks. But causing disruption on a significant scale can be achieved with a highly focused effort across all phases of offensive cyber operations, especially in coordination with our allies.</p>
<p>The most important phase is the first one: ensuring up-to-date intelligence on the other side’s systems. The effort put into cyber intelligence against China’s armed forces is actually the foundation of cyber offensive teams, even if the intelligence people aren’t counted as having an “offensive” role.</p>
<p>China is adept at cyber offence. But contrary to popular belief, cyber security isn’t a strong point for China, and this makes it particularly vulnerable to attack in wartime. The International Institute for Strategic Studies <a href="https://www.iiss.org/globalassets/media-library---content--migration/files/research-papers/cyber-power-report/cyber-capabilities-and-national-power---china.pdf">has assessed</a> that China has certain fundamental weaknesses that will take many years to overcome, including in its cyber security industry, education and policy.</p>
<p>Chinese leaders <a href="https://www.thechinastory.org/chinas-cyber-defence-weakness-military-consequences/">believe</a> they’re well behind the US and allies in terms of military cyber capability. This will likely <a href="https://www.iiss.org/sv/events/2020/06/chinas-weak-cyber-defences/">constrain their choices</a> about starting any war over Taiwan.</p>
<h2>Political sensitivities?</h2>
<p>There’s no need for Australia to be shy about this offensive capability against China on political grounds, because China is planning to do the same against us in the event of war.</p>
<p>China is already conducting cyber espionage on Australia and other countries in preparation for a major crisis. It’s almost certainly <a href="https://www.iiss.org/globalassets/media-library---content--migration/files/research-papers/cyber-power-report/cyber-capabilities-and-national-power---china.pdf">developing capabilities</a> to disable enemy military systems and infrastructure if needed.</p>
<p>Defence Minister Richard Marles <a href="https://www.minister.defence.gov.au/media-releases/2023-03-14/aukus-nuclear-powered-submarine-pathway">recently restated</a> the long-held view that the more offensive capabilities we have, for example through submarines, the more the country can contribute to allied deterrence of potential aggressors.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119">Australia is under sustained cyber attack, warns the government. What's going on, and what should businesses do?</a>
</strong>
</em>
</p>
<hr>
<p>Australian political leaders must prioritise the military’s ability to attack targets in China at scale, in the unlikely event of war. And leaders need to ensure cyber forces have more highly trained people dedicated to this task and a more powerful domestic cyber industry.</p>
<p>For military and political leaders to go down this path more robustly, the Australian Defence Force will also need to reassess the military balance of power in the Asia-Pacific to take account of the US and its allies’ cyber superiority over China.</p>
<p>This might also allow Australians to feel more secure about possible Chinese military threats. The choices Chinese leaders might make in provoking a crisis will be shaped by their view that their armed forces aren’t as competitive in this dimension of US and allied military power.</p><img src="https://counter.theconversation.com/content/204749/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Greg Austin does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Contrary to popular belief, cyber security isn’t a strong point for China and this makes it particularly vulnerable to attack in wartime.Greg Austin, Adjunct Professor, Australia-China Relations Institute, University of Technology SydneyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/2031462023-04-03T20:10:08Z2023-04-03T20:10:08ZRussia’s shadow war: Vulkan files leak show how Putin’s regime weaponises cyberspace<p>Recent revelations about the close partnership between the Kremlin and <a href="https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics">NTC Vulkan</a>, a Russian cybersecurity consultancy with links to the military, provide some rare insights into how the Putin regime weaponises cyberspace. </p>
<p>More than 5,000 documents have been leaked by an anonymous <a href="https://www.techtimes.com/articles/289822/20230331/vulkan-files-unmask-putin-russia-launched-shocking-cyberwarfare-world.htm">whistleblower</a>, angry at Russia’s conduct in the war in Ukraine. They purport to reveal details about hacking tools to seize control of vulnerable servers; domestic and international disinformation campaigns; and ways to digitally monitor potential threats to the regime. </p>
<p>Although caution is always necessary before accepting claims about cyber capabilities, it’s noteworthy several Western intelligence agencies have <a href="https://www.washingtonpost.com/national-security/2023/03/30/russian-cyberwarfare-documents-vulkan-files/">confirmed</a> the documents appear genuine.</p>
<p>The leak also corroborates the view of many strategists: that the Russian government regards offensive cyber capabilities as part of a holistic effort to degrade its enemies. This includes the sowing of mistrust via social media, the gathering of <em><a href="https://www.washingtonpost.com/posteverything/wp/2017/01/13/how-russian-kompromat-destroys-political-opponents-no-facts-required/">kompromat</a></em> (compromising material), and the ability to target crucial infrastructure. </p>
<p>That list of enemies is a long one, and has grown since Putin’s full-scale invasion of Ukraine in February 2022. Naturally, the Kremlin’s just-released 2023 <a href="https://www.rbc.ru/rbcfreenews/6426ad869a79473fe8810ade">Foreign Policy Concept</a> identifies the United States as the “main source of threats” to Russian security.</p>
<p>But Ukraine, every NATO and European Union member, and several other states are identified as “<a href="https://www.1news.co.nz/2022/03/07/new-zealand-joins-russias-unfriendly-countries-list/">unfriendly countries</a>”, including Australia, Japan, Singapore and New Zealand.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1641455526491074560"}"></div></p>
<h2>War in the shadows</h2>
<p>Russia utilises a range of methods to wage war in cyberspace.</p>
<p>On one end of the spectrum, it uses groups attached to official agencies, such as the GRU (military intelligence) and the FSB (ostensibly domestic intelligence, but also carries out missions overseas).</p>
<p>The GRU’s groups include <a href="https://www.wired.com/story/russia-gru-sandworm-serebriakov/">Sandworm</a> and <a href="https://www.crowdstrike.com/blog/who-is-fancy-bear/">Fancy Bear</a>. Another group, <a href="https://www.crowdstrike.com/adversaries/cozy-bear/">Cozy Bear</a>, is associated with the FSB.</p>
<p>One or more of these groups have been responsible for a series of prominent cyber attacks on a range of targets, including:</p>
<ul>
<li><p>the <a href="https://www.reuters.com/article/usa-military-cyberattack-idINKCN0QB2CH20150806">Pentagon</a> in 2015</p></li>
<li><p>the Ukrainian <a href="https://cyberlaw.ccdcoe.org/wiki/Power_grid_cyberattack_in_Ukraine_(2015)">power grid</a> in 2015</p></li>
<li><p>the 2016 <a href="https://www.theguardian.com/technology/2016/jul/29/cozy-bear-fancy-bear-russia-hack-dnc">Democratic National Convention</a></p></li>
<li><p>the 2017 <a href="https://resources.infosecinstitute.com/topic/apt-sandworm-notpetya-technical-overview/">NotPetya</a> ransomware attacks, which targeted Ukraine but spread globally</p></li>
<li><p>German and French <a href="https://www.reuters.com/article/france-election-cyber-germany-idUSL1N1IB1SL">elections</a> in 2017 and 2018 </p></li>
<li><p>the <a href="https://securingdemocracy.gmfus.org/incident/russian-gru-connected-fancy-bear-hacking-group-targets-international-olympic-committee/">International Olympic Committee</a></p></li>
<li><p>US-based NGOs and <a href="https://www.gmfus.org/news/gmf-statement-2018-cyber-attacks">think tanks</a></p></li>
<li><p><a href="https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development">COVID-19 vaccine data</a></p></li>
<li><p>the 2021 <a href="https://www.bloomberg.com/news/articles/2021-07-06/russian-state-hackers-breached-republican-national-committee">Republican National Committee</a></p></li>
<li><p>and a 2022 attempt to cause a <a href="https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/">power blackout</a> in Ukraine.</p></li>
</ul>
<p>At the other end of the spectrum, Russian information operations regularly use armies of bots and trolls, as well as unsuspecting “<a href="https://academic.oup.com/ia/article/94/5/975/5092080">citizen curators</a>”, to spread false narratives. </p>
<p>Doing so is cheap and increases the distance between the attacker and its agents, allowing for plausible deniability.</p>
<p>Like biological warfare, it also weaponises the targets to do the job of spreading the narrative disease for it. </p>
<p>Russian information campaigns operate globally, among nations it considers its friends as well as its adversaries. Russian-weaponised media can be found in <a href="https://www.brookings.edu/blog/order-from-chaos/2022/02/08/russias-wagner-group-in-africa-influence-commercial-concessions-rights-violations-and-counterinsurgency-failure/">Africa</a>, where the Russian Wagner paramilitary organisation has been especially active, as well as in <a href="https://www.nytimes.com/2022/03/29/technology/twitter-russia-india.html">South Asia</a> and <a href="https://theconversation.com/russian-trolls-targeted-australian-voters-on-twitter-via-auspol-and-mh17-101386">Australia</a>.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/russian-trolls-targeted-australian-voters-on-twitter-via-auspol-and-mh17-101386">Russian trolls targeted Australian voters on Twitter via #auspol and #MH17</a>
</strong>
</em>
</p>
<hr>
<p>In many respects, Russian information operations mimic Soviet geopolitical doctrine during the Cold War. This focused on courting areas of the world where the West was weakest.</p>
<p>But in the grey space between official agencies, useful idiots and unwitting proxies is an area of increasing emphasis of Russian cyberwar: outsourcing. Some of these, such as Vulkan, retain an aura of respectability as consultancies that do government work as well as contracting to other firms.</p>
<p>They also include the Internet Research Agency in St Petersburg, which was used to coordinate social media attacks on the US Democratic Party during the 2018 mid-term elections, leading to an <a href="https://www.justice.gov/file/1035477/download">indictment</a> by the Department of Justice. </p>
<p>Others are <a href="https://www.state.gov/transnational-organized-crime-rewards-program-2/maksim-viktorovich-yakubets/">organised criminal gangs</a>, like the aptly named “EvilCorp”, that use malware to harvest people’s banking details or personal information.</p>
<p>The November 2022 breach of Australia’s private health insurer <a href="https://www.aljazeera.com/news/2022/11/11/australian-police-blame-russian-hackers-for-medical-records-leak">Medibank</a> was one example, which exposed patients’ sensitive health details such as treatments for drug addiction or HIV.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1591920169785479169"}"></div></p>
<h2>The Vulkan revelations</h2>
<p>The Vulkan leak adds more detail to what we know about Russian methods, tactics and targets in cyberspace. The GRU group Sandworm is identified as having authorised Vulkan to help build “<a href="https://www.lemonde.fr/en/pixels/article/2023/03/30/skan-the-cyberattack-tool-developed-by-vulkan_6021229_13.html">Skan-V</a>”, a piece of software that can monitor the internet to detect vulnerable servers to hack.</p>
<p>Another Vulkan project, known as “<a href="https://www.theguardian.com/technology/2023/mar/30/vulkan-files-leak-reveals-putins-global-and-domestic-cyberwarfare-tactics">Fraction</a>”, was designed to monitor social media sites for key words to identify regime opponents, both at home and abroad.</p>
<p>An even larger project in which Vulkan seems to have been engaged was “<a href="https://www.lemonde.fr/en/pixels/article/2023/03/30/inside-vulkan-the-digital-weapons-factory-of-russian-intelligence-services_6021230_13.html">Amezit</a>”. This is a tool that would enable operators to seize control of the internet both inside Russia and in other nations, and hijack information flows.</p>
<p>To function, its users need to be able to control physical infrastructure such as mobile phone towers and wireless internet nodes. Amezit can then be used to mimic legitimate sites and social media profiles, scrub content that might be deemed hostile, and replace it with disinformation.</p>
<p>Given the requirement to possess physical infrastructure, it’s clear Azemit was designed not solely as a piece of software, but to operate in tandem with the coercive instruments of a state.</p>
<p>This has internal uses as well as external ones. Domestically, it could be used to silence dissent in restive Russian regions. In a war zone, such as Ukraine, it could be used alongside Russia’s armed forces to intercept government communications and swap genuine information sources for false ones.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/as-russia-wages-cyber-war-against-ukraine-heres-how-australia-and-the-rest-of-the-world-could-suffer-collateral-damage-177909">As Russia wages cyber war against Ukraine, here's how Australia (and the rest of the world) could suffer collateral damage</a>
</strong>
</em>
</p>
<hr>
<p>The Vulkan leak also included information on physical objects. Although not a concise target list, its software allowed users to map physical infrastructure. This included airports worldwide, the Swiss Ministry of Foreign Affairs, and the Muhlberg <a href="https://www.spiegel.de/international/world/the-vulkan-files-a-look-inside-putin-s-secret-plans-for-cyber-warfare-a-4324e76f-cb20-4312-96c8-1101c5655236">nuclear power plant</a> near Bern.</p>
<p>What’s more, the document drop featured mapped clusters of <a href="https://www.silicon.co.uk/e-regulation/governance/leaked-vulkan-files-reveal-kremlins-cyberwarfare-tactics-504543">internet servers</a> in the United States. And the Skan-V project identified a site in the US labelled “<a href="https://ctexaminer.com/2023/03/30/fairfield-named-as-site-for-cyber-attack-in-lealked-russian-documents/">Fairfield</a>” as a potentially vulnerable point of entry.</p>
<p>If the documents are accurate, Vulkan’s work for the Russian government shows how extensive the Kremlin’s attempts have been to monitor digital infrastructure, collect information about vulnerabilities, and develop the capacity to hijack it.</p>
<h2>Combating Russian cyber attacks</h2>
<p>Cyber threats are insidious because they can be used in multiple combinations and aimed at different targets. Hack-and-leak campaigns against influential figures can be mixed with attempts to sabotage vital infrastructure, perform corporate espionage, undermine social cohesion and trust, and push fringe narratives to the political centre.</p>
<p>They can be drip-fed into the digital ecosystem. Or, much like the campaign that accompanied Russia’s takeover of Crimea in 2014, they can be employed <a href="https://www.businessinsider.com/russia-cyberattack-ukraine-2014-3">all at once</a> in a cyber-blizzard.</p>
<p>This makes cyber attacks very hard to build resilience against, and even harder to deter. They are a weapon of potentially mass disruption that can result in real casualties. Turning off the power grid in a city, for example, can lead to deaths among people on life support in hospitals, traffic accidents, and exposure to extreme cold in certain regions.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/a-year-on-russias-war-on-ukraine-threatens-to-redraw-the-map-of-world-politics-and-2023-will-be-crucial-197682">A year on, Russia's war on Ukraine threatens to redraw the map of world politics – and 2023 will be crucial</a>
</strong>
</em>
</p>
<hr>
<p>But beyond infrastructure and industry, such attacks also target <a href="https://www.tandfonline.com/doi/full/10.1080/23738871.2020.1797136">social pressure points</a>: a states’ institutions, ideas and people. This makes them especially useful in attacking democracies, making the open and free exchange of views a potential vulnerability.</p>
<p>As the Vulkan leaks demonstrate, hostile governments have greater ambitions in cyberspace than being able to switch off the lights. They seek to be able to encourage us to question what we believe to be true, and pit us against one another. </p>
<p>Recognising that will be a crucial step in preventing the poisonous seeds of disinformation from taking root.</p><img src="https://counter.theconversation.com/content/203146/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Matthew Sussex has previously received funding from the Australian Research Council, the Carnegie Foundation, the Lowy Institute, and various Australian government agencies.</span></em></p>More than 5,000 documents were leaked by an anonymous whistleblower.Matthew Sussex, Fellow, Strategic and Defence Studies Centre, Australian National UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1945322022-11-16T02:35:21Z2022-11-16T02:35:21ZA new cyber taskforce will supposedly ‘hack the hackers’ behind the Medibank breach. It could put a target on Australia’s back<figure><img src="https://images.theconversation.com/files/495540/original/file-20221116-23-4j6jho.jpeg?ixlib=rb-1.1.0&rect=287%2C0%2C7700%2C4311&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shutterstock</span></span></figcaption></figure><p>The Australian government is launching an offensive against cybercriminals, following a data breach that has exposed millions of people’s personal information.</p>
<p>On November 12, Minister for Cyber Security Clare O'Neil <a href="https://www.abc.net.au/news/2022-11-12/medibank-cyber-hack-optus-data-breach-task-force-afp/101647168">announced a taskforce</a> to “hack the hackers” behind the recent Medibank data breach. </p>
<p>The taskforce will be a first-of-its-kind permanent, joint collaboration between Australian Federal Police and the Australian Signals Directorate. Its 100 or so operatives will use the same cyber weapons and tactics as cybercriminals use, to hunt them down and eliminate them as a threat.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1591591081526775809"}"></div></p>
<p>Details on how the taskforce will operate remain murky, partly because it needs to keep this information away from criminals. But the fact remains that taking an offensive stance, while it <em>could</em> deter further attacks, could also put a big red cross on Australia’s back. </p>
<h2>Australia punches back</h2>
<p>It was only in 2016 that the Australian government first <a href="https://www.aspi.org.au/report/australias-offensive-cyber-capability">publicly acknowledged</a> it has <a href="https://www.theguardian.com/technology/2016/apr/21/malcolm-turnbull-reveals-cyber-attacks-breached-agencies">offensive cyber capabilities</a> housed in the Australian Signals Directorate – and that these are used against offshore cybercriminals. The admission came from then prime minister, Malcolm Turnbull, following attacks on the Bureau of Meteorology and Department of Parliamentary Services. </p>
<p>Australia has <a href="https://www.aspi.org.au/report/australias-offensive-cyber-capability">used cyber offensive</a> strategies a number of times in the past. This has included <a href="https://www.theguardian.com/technology/2016/nov/23/australia-taking-cyber-fight-to-isis-malcolm-turnbull-to-confirm#top">operations against</a> ISIS and, more recently, efforts to <a href="https://www.zdnet.com/article/australia-on-the-cyber-offence-to-bring-down-covid-19-scammers">disable scammers’ infrastructure</a> and access to stolen data at the start of the pandemic. Details of intelligence operations are generally kept under wraps, especially where the Australian Signals Directorate is involved.</p>
<h2>How might the taskforce operate?</h2>
<p>Minister O'Neil has said <a href="https://minister.homeaffairs.gov.au/ClareONeil/Pages/david-speers-interview-minister-clare-oneil-20221113.aspx">the new taskforce will</a>: </p>
<blockquote>
<p>scour the world, hunt down the criminal syndicates and gangs who are targeting Australia in cyber attacks and disrupt their efforts. </p>
</blockquote>
<p>As to whether it could launch a counterattack on the Medibank hackers, the resources are there, but working out the kinks will be crucial. Australia’s intelligence agencies have more resources than the average organised cyber gang, not to mention connections to other advanced intelligence agencies around the world.</p>
<p>However, one key issue with holding cybercriminals to account is attribution. A legitimate counterattack requires identifying the source of an attack beyond reasonable doubt. The Medibank data leak has been attributed to criminals based in Russia – most likely from, or at least associated with, the REvil cyber gang. </p>
<p>This assumption is based on similarities between existing REvil sites on the dark web and the extortion site hosting the stolen Medibank data, as well as other similarities between the Medibank attack and REvil’s previous attacks.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/what-do-we-know-about-revil-the-russian-ransomware-gang-likely-behind-the-medibank-cyber-attack-194337">What do we know about REvil, the Russian ransomware gang likely behind the Medibank cyber attack?</a>
</strong>
</em>
</p>
<hr>
<p>That said, hackers can hide their identity by routing through (often unaware) third parties. So even if this attack is attributable to REvil, or its close associates, the attackers could easily deny involvement if taken to court.</p>
<p>The group could say its systems were used as unwitting hosts by another external perpetrator. Plausible deniability can almost always be maintained in such cases. Russia (and China) have had a <a href="https://www.afr.com/technology/scott-morrison-condemns-russia-for-cyber-attacks-20181004-h167iq">track record</a> of denying involvement in cyber espionage.</p>
<p>As such, it’s very difficult to prosecute cybercriminals – especially in cases where these criminals may be backed (officially or unofficially) <a href="https://www.wsj.com/articles/google-sees-russia-coordinating-with-hackers-in-cyberattacks-tied-to-ukraine-war-11663930801">by their government</a>. And if perpetrators can’t be put behind bars, they can simply lie low for a while before popping up somewhere else in cyberspace. </p>
<p>Beyond the Medibank hackers, the taskforce will also target other potential threats to Australia. In the case of inaccurate attribution in any of these operations, we might see tit-for-tat escalation. In a worst-case scenario, attacks based on incorrect attribution could start a cyberwar with another country.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/medibank-hackers-are-now-releasing-stolen-data-on-the-dark-web-if-youre-affected-heres-what-you-need-to-know-194340">Medibank hackers are now releasing stolen data on the dark web. If you're affected, here's what you need to know</a>
</strong>
</em>
</p>
<hr>
<h2>Defence before offence</h2>
<p>By actively seeking and trying to neutralise offshore gangs, Australia will put a target on its back. Russian-linked criminal gangs and others might be encouraged to retaliate and target our sectors, including critical infrastructure. </p>
<p>Boosting Australia’s cyber defences should be the top priority – arguably more so than retaliating. Especially since, even if the taskforce successfully mounts a counterattack on the Medibank hackers, it’s unlikely to recover any data stolen (since criminals make copies of stolen data). </p>
<p>Going after cybercriminals addresses the symptoms of the problem, not the root: the fact that our systems were vulnerable enough to be hacked in the first place. The Medibank breach, and <a href="https://www.abc.net.au/news/2022-11-12/medibank-cyber-hack-optus-data-breach-task-force-afp/101647168">the major Optus breach</a> preceding it, have both demonstrated that even businesses with seemingly strong cybersecurity protocols are vulnerable to attacks.</p>
<p>The best option from a rational and technical standpoint is to prevent, as much as possible, data being stolen in the first place. It might not be as flashy a solution, but it’s the best one in the longer term.</p><img src="https://counter.theconversation.com/content/194532/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mamoun Alazab does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Beyond neutralising the cybercriminals behind the Medibank breach, the taskforce will also seek out and attack other potential threats.Mamoun Alazab, Associate Professor, College of Engineering, IT and Environment, Charles Darwin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1800852022-04-05T12:49:51Z2022-04-05T12:49:51ZHow Ukraine has defended itself against cyberattacks – lessons for the US<figure><img src="https://images.theconversation.com/files/455884/original/file-20220401-58985-uqp83w.jpg?ixlib=rb-1.1.0&rect=0%2C9%2C6048%2C4001&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">As missiles rain down on Ukraine's telecommunications infrastructure, including Kyiv's TV tower, hackers have been attacking in cyberspace.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/graphic-content-topshot-a-fireman-runs-after-russian-news-photo/1238853231">Sergei Supinsky/AFP via Getty Images</a></span></figcaption></figure><p>In 2014, as Russia launched a proxy war in Eastern Ukraine and annexed Crimea, and in the years that followed, Russian hackers hammered Ukraine. The cyberattacks went so far as to knock out the power grid in parts of the country in 2015. Russian hackers stepped up their efforts against Ukraine in the run-up to the 2022 invasion, but with notably different results. Those differences hold lessons for U.S. national cyber defense.</p>
<p>I’m a <a href="https://cyber.fiu.edu/people/profiles/robpeacock.html">cybersecurity researcher</a> with a background as a political officer in the U.S. Embassy in Kyiv and working as an analyst in countries of the former Soviet Union. Over the last year, I led a <a href="https://www-origin.usaid.gov/sites/default/files/documents/USAID_UkraineCybersecurityChallenge_CaseStudy_final.pdf">USAID-funded program</a> in which Florida International University and Purdue University instructors trained more than 125 Ukrainian university cybersecurity faculty and more than 700 cybersecurity students. Many of the faculty are leading advisors to the government or consult with critical infrastructure organizations on cybersecurity. The program emphasized practical skills in using leading cybersecurity tools to defend simulated enterprise networks against real malware and other cybersecurity threats.</p>
<p>The invasion took place just weeks before the national cybersecurity competition was to be held for students from the program’s 14 participating universities. I believe that the training that the faculty and students received in protecting critical infrastructure helped reduce the impact of Russian cyberattacks. The most obvious sign of this resilience is the success Ukraine has had in <a href="https://www.washingtonpost.com/technology/2022/03/29/ukraine-internet-faq/">keeping its internet on</a> despite Russian <a href="https://therecord.media/meet-the-frontline-workers-keeping-the-internet-online-in-ukraine/">bombs</a>, sabotage and <a href="https://netblocks.org/reports/internet-disruptions-registered-as-russia-moves-in-on-ukraine-W80p4k8K">cyberattacks</a>. </p>
<h2>What this means for the U.S.</h2>
<p>On March 21, 2022, U.S. <a href="https://www.politico.com/news/2022/03/21/biden-russia-cyberattacks-00018942">President Joe Biden warned</a> the American public that Russia’s capability to launch cyberattacks is “fairly consequential and it’s coming.” As Deputy National Security Adviser Anne Neuberger explained, Biden’s warning was a call to prepare U.S. cyber defenses. </p>
<p>The concern in the White House over cyberattacks is shared by <a href="https://finance.yahoo.com/video/cyberattack-threat-no-one-prepared-133939345.html">cybersecurity practitioners</a>. The Ukrainian experience with Russian cyberattacks provides lessons for how institutions ranging from electric power plants to public schools can contribute to strengthening a nation’s cyber defenses. </p>
<p>National cyber defense starts with governments and organizations <a href="https://acuityrm.com/resources/whitepaper/the-real-and-present-threat-of-a-cyber-breach-demands-real-time-risk-management-2/">evaluating risks</a> and increasing their capacity to meet the latest cybersecurity threats. After President Biden’s warning, Neuberger <a href="https://www.npr.org/2022/03/21/1087903332/us-companies-russia-cyberattacks-ukraine-infrastructure">recommended that organizations take five steps</a>: adopt multifactor password authentication, keep software patches up-to-date, back up data, run drills and cooperate with government cybersecurity agencies. </p>
<h2>Access control</h2>
<p>Cyber defense begins with the entryways into a nation’s information networks. In Ukraine in recent years, hackers entered poorly protected networks by techniques as simple as guessing passwords or intercepting their use on unsecure computers. </p>
<p>More sophisticated cyberattacks in Ukraine used social engineering techniques, including <a href="https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams">phishing emails</a> that tricked network users into revealing IDs and passwords. Clicking an unknown link can also open the door to tracking malware that can learn password information. </p>
<p>Neuberger’s recommendation for adopting <a href="https://www.cr-t.com/blog/why-multi-factor-authentication-is-way-better-than-just-passwords/">multifactor password authentication</a> recognizes that users will never be perfect. Even cybersecurity experts have made mistakes in their decisions to provide passwords or personal information on insecure or deceptive sites. The simple step of <a href="https://doi.org/10.1109/MSP.2011.144">authenticating a login</a> on an approved device limits the access a hacker can obtain from just gaining personal information. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/STI6vtKtHpU?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Multifactor authentication provides a major boost in network security.</span></figcaption>
</figure>
<h2>Software vulnerabilities</h2>
<p>The programmers who develop apps and networks are rewarded by improving performance and functionality. The problem is that even the best developers often overlook vulnerabilities as they add new code. For this reason, users should permit software updates because these are how developers patch uncovered weaknesses once identified.</p>
<p>Prior to the invasion of Ukraine, Russian hackers identified a <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-057a">vulnerability</a> in Microsoft’s leading data management software. This was similar to a weakness in network software that allowed Russian hackers to unleash the <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">NotPetya</a> malware on Ukrainian networks in 2017. The attack caused an estimated $10 billion in damage worldwide. </p>
<p>Just days before Russian tanks began crossing into Ukraine in February 2022, Russian hackers used a vulnerability in the market-leading data management software SQL to place on Ukrainian servers <a href="https://www.computerforensicsworld.com/what-is-wiper-ransomware/">“wiper” malware</a> that erases stored data. However, over the last five years Ukrainian institutions have significantly strengthened their cybersecurity. Most notably, Ukrainian organizations have shifted away from pirated enterprise software, and they integrated their information systems into the global cybersecurity community of technology firms and data protection agencies.</p>
<p>As a result, the Microsoft Threat Intelligence Center <a href="https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/">identified the new malware</a> as it began appearing on Ukrainian networks. The early warning allowed Microsoft to distribute a patch around the world to prevent the servers from being erased by this malware. </p>
<h2>Backing up data</h2>
<p>Ransomware attacks already frequently target <a href="https://www.beckershospitalreview.com/cybersecurity/meet-the-ransomware-gang-behind-235-attacks-on-us-hospitals-7-things-to-know.html">public and private organizations</a> in the U.S. The hackers lock out users from an institution’s data networks and demand payment to return access to them.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="the top left corner of a computer screen displaying text against a blank background" src="https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/455879/original/file-20220401-11604-sm5ak0.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">In ransomware attacks, hackers hold an organization’s data hostage.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/laptop-displays-a-message-after-being-infected-by-a-news-photo/802363994">Rob Engelaar/ANP/AFP via Getty Images</a></span>
</figcaption>
</figure>
<p>Wiper malware used in the Russian cyberattacks on Ukraine operates in a similar manner to ransomware. However, <a href="https://www.securitymagazine.com/articles/97176-wiperware-pseudo-ransomware-used-in-ukraine-cyberattacks">pseudo ransomware</a> attacks permanently destroy an institution’s access to its data. </p>
<p>Backing up critical data is an important step in reducing the impact of wiper or ransomware attacks. Some private organizations have even taken to <a href="https://www.nsa.gov/portals/75/documents/what-we-do/cybersecurity/professional-resources/csi-cloud-security-basics.pdf">storing data on two separate cloud-based systems</a>. This reduces the chances that attacks could deprive an organization of the data it needs to continue operating.</p>
<h2>Drills and cooperation</h2>
<p>The last set of Neuberger’s recommendations is to continually conduct cybersecurity drills while maintaining cooperative relationships with federal cyber defense agencies. In the months leading up to Russia’s invasion, Ukrainian organizations benefited from <a href="https://www.ft.com/content/1fb2f592-4806-42fd-a6d5-735578651471">working closely with U.S. agencies</a> to bolster the cybersecurity of critical infrastructure. The agencies helped scan Ukrainian networks for malware and supported penetration tests that use hacker tools to look for vulnerabilities that can give hackers access to their systems. </p>
<p>Small and large organizations in the U.S. concerned about cyberattacks should seek a strong relationship with a <a href="https://www.ciodive.com/news/5-federal-agencies-with-a-role-in-ensuring-enterprise-cybersecurity/424557/">wide-range</a> of federal agencies responsible for cybersecurity. <a href="https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/">Recent regulations</a> require firms to disclose information on cyberattacks to their networks. But organizations should turn to cybersecurity authorities before experiencing a cyberrattack. </p>
<p>U.S. government agencies offer <a href="https://www.fcc.gov/communications-business-opportunities/cybersecurity-small-businesses">best practices</a> for training staff, including the use of tabletop and simulated attack exercises. As Ukrainians have learned, tomorrow’s cyberattacks can only be countered by preparing today.</p>
<p>[<em>More than 150,000 readers get one of The Conversation’s informative newsletters.</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-150K">Join the list today</a>.]</p><img src="https://counter.theconversation.com/content/180085/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Robert Peacock receives funding from USAID to support overseas cybersecurity higher education.</span></em></p>Russian hackers have been attacking Ukraine for years, but with help from US government agencies, businesses and universities, Ukraine’s cyber defenses have grown stronger.Robert Peacock, Assistant Professor of Criminology and Criminal Justice, Florida International UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1786042022-04-04T12:31:57Z2022-04-04T12:31:57ZCyberattacks have yet to play a significant role in Russia’s battlefield operations in Ukraine – cyberwarfare experts explain the likely reasons<figure><img src="https://images.theconversation.com/files/455111/original/file-20220329-21-1m41k8.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C3766%2C2514&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">There is little evidence that Russia has coordinated cyber operations with conventional military operations in Ukraine.</span> <span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/UCRANIA-TENSIONESVISTAZO/6fcac2c9fc97432c9669ed9335602447/photo">Russian Defense Ministry Press Service via AP</a></span></figcaption></figure><p>Throughout the latter half of 2021, as it became clear that Russia was massing a large portion of its conventional combat power on the eastern borders of Ukraine, analysts offered contrasting predictions about the role cyberspace would play in an armed conflict. These predictions capture an ongoing debate about whether conflict in cyberspace is destined to <a href="https://www.chathamhouse.org/2021/12/putin-does-not-need-invade-ukraine-get-his-way">supplant conventional conflict</a> or exacerbate it.</p>
<p>As the war has evolved, it’s clear that analysts on both sides of the debate got it wrong. Cyber operations did not replace the military invasion, and as far as we can tell, the Russian government has <a href="https://www.nytimes.com/2022/03/11/opinion/russia-ukraine-cyberattacks.html">not yet used cyber operations</a> as an integral <a href="https://www.vox.com/2022/3/19/22986316/russia-ukraine-cyber-attacks-holding-back">part of its military campaign</a>. </p>
<p>We are political scientists who study the role of <a href="https://scholar.google.com/citations?user=2jdVG2wAAAAJ&hl=en">cybersecurity</a> and <a href="https://scholar.google.com/citations?user=8zd54PAAAAAJ&hl=en">information</a> in international conflict. <a href="https://www.dropbox.com/s/x4xxw0wgb1jgx7f/CCO_GK_112121.pdf?dl=0">Our research</a> shows that the reason pundits on both sides of the argument got it wrong is because they failed to consider that cyber and military operations serve different political objectives. </p>
<p>Cyber operations are most effective in pursuing informational goals, such as gathering intelligence, stealing technology or winning public opinion or diplomatic debates. In contrast, nations use military operations to occupy territory, capture resources, diminish an opponent’s military capability and terrorize a population. </p>
<h2>A tactical role for cyberattacks?</h2>
<p>It’s common in modern warfare for new technologies to substitute for traditional military tactics. For example, the U.S. has made extensive use of drones, including in conflicts in Yemen and Pakistan where crewed aircraft and ground forces would be difficult or impossible to use. Because drones allow the U.S. to fight on the cheap with much less risk, they substitute for other forms of warfare.</p>
<p>In theory, cyber operations could have played a similar tactical role in Russia’s invasion of Ukraine. But the Russian government has <a href="https://www.nytimes.com/2022/03/11/opinion/russia-ukraine-cyberattacks.html">yet to use cyber operations</a> in a manner that is clearly coordinated with military units and designed to smooth the advance of ground or air forces. When Russia invaded Ukraine, hackers <a href="https://www.wired.com/story/viasat-internet-hack-ukraine-russia/">disrupted access to satellite communications</a> for thousands of people, and it was apparently a <a href="https://twitter.com/Bing_Chris/status/1503749157995094016">concern for Ukrainian defense officials</a>. But overall, Ukraine has managed to <a href="https://www.washingtonpost.com/technology/2022/03/29/ukraine-internet-faq/">maintain internet access</a> and <a href="https://www.wsj.com/articles/in-ukraine-war-keeping-phones-online-becomes-key-defense-11648123200">cellphone service</a> for most of the country.</p>
<p>Russia has <a href="https://www.c4isrnet.com/cyber/2022/02/14/russia-and-china-devote-more-cyber-forces-to-offensive-operations-than-us-says-new-report/">sophisticated</a> cyber capabilities, and its hackers have <a href="https://www.wired.com/story/russian-hackers-attack-ukraine/">worked their way into Ukrainian networks</a> for many years. This raises the question of why Russia has not, for the most part, <a href="https://thehill.com/opinion/cybersecurity/597272-where-is-russias-cyber-blitzkrieg">used cyber operations to provide tactical support</a> for its military campaigns in Ukraine, at least until this point.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="destroyed armored vehicles fill a tree-lined street" src="https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=399&fit=crop&dpr=1 600w, https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=399&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=399&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=502&fit=crop&dpr=1 754w, https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=502&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/454453/original/file-20220325-19-c6h9xg.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=502&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Destroyed Russian armored vehicles attest to the Ukrainian military’s ability to match up with the Russian military on a tactical level.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/this-general-view-shows-destroyed-russian-armored-vehicles-news-photo/1238921487">Photo by Aris Messins/AFP via Getty Images</a></span>
</figcaption>
</figure>
<h2>Separate roles</h2>
<p>In recent studies, we examined whether cyber operations mostly serve as complements to, or substitutes for, conventional conflict. In <a href="https://www.dropbox.com/s/x4xxw0wgb1jgx7f/CCO_GK_112121.pdf?dl=0">one analysis</a>, we examined conventional <a href="https://www.isanet.org/Conferences/Toronto-2019">military campaigns around the world</a> over a 10-year period using the <a href="https://www.correlatesofwar.org/data-sets/MIDs">Militarized Interstate Disputes</a> dataset of all armed conflicts. We also focused on <a href="https://doi.org/10.1177/0022002717737138">the conflicts in Syria and eastern Ukraine</a>. Our results suggest that cyber operations are generally not being used as either.</p>
<p>Instead, nations tend to use these two types of operations independently from each other because each mode of conflict serves different objectives, and cyberwarfare is most effective for gathering intelligence, stealing technology or winning public opinion or diplomatic debates.</p>
<p>In contrast, nations use traditional forms of conflict to control tangible assets, such as capturing resources or occupying territory. The various goals offered by Russian President Vladimir Putin for invading Ukraine, such as <a href="https://abcnews.go.com/Business/wireStory/russia-worried-ukrainian-military-buildup-81487170">preventing Ukraine from joining NATO</a>, <a href="https://www.nbcnews.com/news/world/putin-claims-denazification-justify-russias-attack-ukraine-experts-say-rcna17537">replacing the government</a> or <a href="https://thebulletin.org/2022/03/ukraine-building-a-nuclear-bomb-dangerous-nonsense/">countering fictitious Ukrainian weapons of mass destruction</a>, require occupying territory.</p>
<p>There may be other reasons for the lack of overlap between cyber and conventional fronts in Ukraine. The Russian military could consider cyber operations ineffective for its purposes. The newness of cyber operations as a tool of war makes it <a href="https://doi.org/10.1177/0022002717737138">difficult to coordinate</a> with conventional military operations. Also, military targets might not be accessible to hackers because they might lack internet connectivity. </p>
<p>In any event, <a href="https://www.dropbox.com/s/x4xxw0wgb1jgx7f/CCO_GK_112121.pdf?dl=0">evidence</a> that the Russian government intends to use cyber operations to <a href="https://www.rand.org/blog/2021/12/expect-shock-and-awe-if-russia-invades-ukraine.html">complement</a> military operations is <a href="https://doi.org/10.1177%2F0022002717737138">thin</a>. Our findings suggest hacking groups in previous conflicts faced considerable difficulties in responding to battlefield events, much less shaping them.</p>
<h2>How Russia is using cyber operations</h2>
<p>The main target of Russia’s digital campaign in Ukraine is ordinary Ukrainians. To date, Russian cyber operations have sought to <a href="https://www.usatoday.com/story/opinion/columnist/2022/03/07/russia-disinformation-ukraine-cyber-warfare/9402421002/">sow panic and fear, destabilizing the country from within</a>, by <a href="https://www.wsj.com/articles/cyber-attacks-hacks-and-misinformation-the-many-fronts-of-russias-hybrid-war-in-ukraine-11645871401">demonstrating the country’s inability to defend its infrastructure</a>, for example, by defacing or disabling websites.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A smart phone screen showing text in Ukrainian, Russian and Polish" src="https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=405&fit=crop&dpr=1 600w, https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=405&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=405&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=509&fit=crop&dpr=1 754w, https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=509&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/454443/original/file-20220325-27-wxstxw.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=509&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">On Jan. 14, 2022, hackers that the Ukrainian government identified as Russian attacked Ukrainian government websites.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/in-this-photo-illustration-a-warning-message-in-ukrainian-news-photo/1237728779">Photo illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images</a></span>
</figcaption>
</figure>
<p>In addition, Russia has been using information campaigns to attempt to win the “hearts and minds” of Ukrainians. Prior to the start of the conflict, White House press secretary Jen Psaki warned of a <a href="https://www.whitehouse.gov/briefing-room/press-briefings/2022/01/14/press-briefing-by-press-secretary-jen-psaki-and-fema-administrator-deanne-criswell-january-14-2022/">2,000% increase from the daily average in November</a> in <a href="https://www.whitehouse.gov/briefing-room/press-briefings/2022/01/14/press-briefing-by-press-secretary-jen-psaki-and-fema-administrator-deanne-criswell-january-14-2022/">Russian-language social media content</a>. This suggests that the purpose of these information operations was to make the case for Russia’s intervention on <a href="https://www.whitehouse.gov/briefing-room/press-briefings/2022/01/14/press-briefing-by-press-secretary-jen-psaki-and-fema-administrator-deanne-criswell-january-14-2022/">humanitarian grounds</a> and to build support for intervention among the Ukrainian public. The Russian government’s <a href="https://www.reuters.com/world/europe/russia-introduce-jail-terms-spreading-fake-information-about-army-2022-03-04/">domestic actions</a> emphasize the value its leadership places on information operations.</p>
<h2>A supporting role</h2>
<p>Hackers’ actions tend to occur out of the public eye, rather than in the flamboyantly violent manner favored by Hollywood cyber villains, which means it’s difficult to know for sure what’s happening. Nevertheless, the lack of overlap between cyber and conventional military operations makes sense operationally and strategically. This is not to say that the informational focus of cyber operations has no effect on military operations. Good intelligence is <a href="https://doi.org/10.1080/02684527.2019.1611205">essential for success</a> in any military conflict. </p>
<p>We believe Russia is likely to continue conducting information campaigns to influence Ukrainians, its domestic public and international audiences. Russia is also likely to seek to further penetrate Ukrainian networks to access information that potentially assists its military operations. But because cyber operations have not been thoroughly integrated into its military campaigns so far, cyber operations are likely to continue playing a secondary role in the conflict.</p>
<p>[<em>Understand new developments in science, health and technology, each week.</em> <a href="https://memberservices.theconversation.com/newsletters/?nl=science&source=inline-science-understand">Subscribe to The Conversation’s science newsletter</a>.]</p><img src="https://counter.theconversation.com/content/178604/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Erik Gartzke receives funding from DoD Minerva, the Hewlett Foundation and the Charles Koch Foundation. </span></em></p><p class="fine-print"><em><span>Nadiya Kostyuk does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyberattacks can be devastating, just not on the battlefield, according to researchers who looked at 10 years of armed conflicts around the world.Nadiya Kostyuk, Assistant Professor of Public Policy, Georgia Institute of TechnologyErik Gartzke, Professor of Political Science, University of California, San DiegoLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1778992022-03-01T13:44:30Z2022-03-01T13:44:30ZIntelligence, information warfare, cyber warfare, electronic warfare – what they are and how Russia is using them in Ukraine<figure><img src="https://images.theconversation.com/files/449004/original/file-20220228-25-46ugq6.jpg?ixlib=rb-1.1.0&rect=3%2C0%2C1990%2C1448&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Russian forces have the capability to jam signals from satellites, affecting communications and navigation.</span> <span class="attribution"><a class="source" href="https://en.wikipedia.org/wiki/File:MAKS2015part6-51.jpg">Vitaly V. Kuzmin/Wikimedia</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc-sa/4.0/">CC BY-NC-SA</a></span></figcaption></figure><p>Russia has one of the most capable and <a href="https://www.c4isrnet.com/artificial-intelligence/2021/05/24/a-warning-to-dod-russia-advances-quicker-than-expected-on-ai-battlefield-tech/">technological militaries</a> on the planet. They have advanced intelligence, information warfare, cyber warfare and electronic warfare capabilities. </p>
<p>Russia has used these technologies in recent years in combat <a href="https://www.thedefensepost.com/2018/05/01/russia-syria-electronic-warfare/">in Syria</a> and <a href="https://www.uawire.org/russia-tests-orbital-jamming-system-in-donbas">the Donbas region</a> in eastern Ukraine, and is using them in its current invasion of Ukraine.</p>
<p>The terms “intelligence,” “information,” “cyber” and “electronic” denote distinct but overlapping fields. As a <a href="https://scholar.google.com/citations?user=nNlgxmMAAAAJ&hl=en">cybersecurity professor of practice</a>, I can explain what they are and how Russia is using them in Ukraine.</p>
<h2>Intelligence and counterintelligence in the information age</h2>
<p>The role of intelligence is to gain insight about the enemy’s activity. The role of counterintelligence is to blind the enemy or distort his view. Automation in intelligence surveillance and reconnaissance – key functions of intelligence in warfare – has become a <a href="https://autoisr.dsigroup.org/">common practice for modern militaries</a>. </p>
<p>Intelligence services collect vast amounts of data from <a href="https://theconversation.com/technology-is-revolutionizing-how-intelligence-is-gathered-and-analyzed-and-opening-a-window-onto-russian-military-activity-around-ukraine-176446">open-source intelligence</a> (OSINT) – information collected from news, social media and other publicly available sources – as well as secret sources, and <a href="https://www.afcea.org/content/battling-malign-influence-open">use artificial intelligence to analyze the information</a>.</p>
<p>Russia has reportedly progressed <a href="https://www.c4isrnet.com/artificial-intelligence/2021/05/24/a-warning-to-dod-russia-advances-quicker-than-expected-on-ai-battlefield-tech/">faster at integrating AI in intelligence systems than the U.S. expected</a> them to. It’s impossible to know what information Russia has collected, but its access to OSINT, spy satellites, operatives in Ukraine, powerful computers and experienced analysts makes it likely that Russia has extensive intelligence about Ukraine’s military and political situation.</p>
<h2>Information and disinformation</h2>
<p>Information warfare is the battle waged in the news media and on social media to bolster popular support; persuade and induce the sympathy of potential allies; and simultaneously spread confusion, uncertainty and distrust in the enemy’s population.</p>
<p>Russia has used and is likely to continue to use cyber operations to subvert the Ukrainian government. For example, in the weeks leading up to both the 2014 and 2022 invasions, Ukrainian soldiers were <a href="https://www.politico.com/news/magazine/2022/02/15/10-days-inside-putins-invisible-war-with-ukraine-00008529">targeted with disinformation</a> designed to sow confusion and disorder in the event of an attack. </p>
<p>Russian messaging about <a href="https://www.reuters.com/world/europe/russia-says-it-prevented-border-breach-ukraine-kyiv-calls-it-fake-news-2022-02-21/">“liberating” portions of Ukraine</a> is the disinformation most likely aimed at an international audience, and I expect attempts to legitimize Russia’s actions will continue. </p>
<p>There is an ongoing contest to control the narrative about what is happening in Ukraine. Russia is <a href="https://www.politico.com/news/2022/02/24/social-media-platforms-russia-ukraine-disinformation-00011559">running an active disinformation campaign</a> and I expect it is using AI to find and generate content at a rapid rate. </p>
<p>Some information circulating on social media, like this video <a href="https://gizmodo.com/10-photos-and-videos-from-russias-invasion-of-ukraine-t-1848586587">purporting to show Russian bombers over Ukraine</a>, has been <a href="https://www.wwltv.com/article/news/verify/world-verify/fact-checking-more-viral-videos-from-russia-air-invasion-of-ukraine/536-1c1239bc-a5f9-4d01-9973-f589ebaea63f">proven to be fake</a>. This underscores <a href="https://apnews.com/article/russia-ukraine-technology-europe-media-social-media-123c7975a879b89b85c06877f1f12908">how difficult it is to be certain of the truth</a> with a high volume of fast-changing information in an emotionally charged, high-stakes situation like warfare.</p>
<h2>Cyber warfare</h2>
<p>Cyber warfare entails infiltrating and disrupting the enemy’s computer systems. This includes generating denial of service attacks to block access to websites, breaking into computer systems to steal or destroy data, and taking control of computer systems to disrupt critical infrastructure like power grids.</p>
<p>U.S. and U.K. intelligence agencies reported on Feb. 23, 2022 that hackers based in Russia had <a href="https://www.theguardian.com/world/2022/feb/23/russia-hacking-malware-cyberattack-virus-ukraine">unleashed a powerful new type of malware</a> against targets in Ukraine. The attacks appear to have been <a href="https://www.bloomberg.com/news/articles/2022-02-26/hackers-destroyed-data-at-key-ukraine-agency-before-invasion">targeted at Ukrainian government and telecommunications facilities</a>, including the Ministry of Internal Affairs, and involve the theft and destruction of data.</p>
<p>Russia’s invasion of Ukraine was preceded by <a href="https://www.npr.org/2022/01/19/1074172805/more-than-70-ukrainian-government-websites-have-been-defaced-in-cyber-attacks">several weeks of cyberattacks</a>, including <a href="https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/">an attack that posted a fake ransomware note and then destroyed data</a>. These attacks were part of a multi-year <a href="https://theconversation.com/russia-has-been-at-war-with-ukraine-for-years-in-cyberspace-176221">campaign of cyber warfare against Ukraine</a>, which included attacks on <a href="https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/">portions of the country’s power grid</a>. </p>
<figure>
<iframe width="440" height="260" src="https://www.youtube.com/embed/Bc5mxd4O1SI?wmode=transparent&start=0" frameborder="0" allowfullscreen=""></iframe>
<figcaption><span class="caption">Chris Krebs, former director of the U.S. Cybersecurity and Infrastructure Security Agency, discusses Russian cyberattacks against Ukraine.</span></figcaption>
</figure>
<p>A rapid response team of cybersecurity experts in the European Union has <a href="https://www.bbc.com/news/technology-60484979">mobilized to assist Ukraine</a> in defending against cyberattacks by detecting when attacks are occurring. The Ukrainian government has also <a href="https://www.usnews.com/news/world/articles/2022-02-24/exclusive-ukraine-calls-on-hacker-underground-to-defend-against-russia">called on the Ukrainian hacker community</a> to help defend the country, by protecting computer systems that control critical infrastructure like the power grid.</p>
<h2>Electronic warfare</h2>
<p>Electronic warfare describes efforts to disrupt or misdirect the enemy’s electronic systems like radar and communications networks. It can include blocking radio signals, <a href="https://theconversation.com/experts-suggest-us-embassies-were-hit-with-high-power-microwaves-heres-how-the-weapons-work-151730">remotely destroying computer circuits</a> and <a href="https://www.thedrive.com/the-war-zone/13549/russia-may-be-testing-its-gps-spoofing-capabilities-around-the-black-sea">spoofing GPS signals</a> to disrupt navigation.</p>
<p>Russia has a long history of controlling the electromagnetic spectrum. Because of Russia’s <a href="https://defensionem.com/russian-electronic-warfare-systems/">advanced electronic warfare capabilities</a>, its force may be able to take down the internet and cell towers using a range of techniques. </p>
<p>Russia has used systems that <a href="https://www.uawire.org/russia-tests-orbital-jamming-system-in-donbas">interfere with the signal reception from satellites</a> in eastern Ukraine. These systems can be used to block communications and disrupt control of drones.</p>
<h2>Mastering new technologies</h2>
<p>The old game of spycraft has taken on new technologies, but I think it is useful to remember that the ability to win wars during revolutions in military affairs is generally determined by the <a href="https://doi.org/10.1017/CBO9780511817335">ability to integrate new technologies</a> into a country’s military and intelligence operations. </p>
<p>Though the Russian military has shown some interesting technological innovations in recent years, it’s not clear whether it has mastered this new way of conducting warfare.</p>
<p>[<em>Like what you’ve read? Want more?</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-likethis">Sign up for The Conversation’s daily newsletter</a>.]</p><img src="https://counter.theconversation.com/content/177899/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>I am a Reservist in the U.S. Army.</span></em></p>From jamming satellite signals to spreading disinformation, Russia’s military has sophisticated technologies it’s bringing to the battlefield in Ukraine.Justin Pelletier, Professor of Practice of Computing Security, Rochester Institute of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1779042022-02-25T22:02:29Z2022-02-25T22:02:29ZHow much damage could a Russian cyberattack do in the US?<figure><img src="https://images.theconversation.com/files/448609/original/file-20220225-21-18nrd3v.jpg?ixlib=rb-1.1.0&rect=0%2C17%2C5700%2C3771&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Hackers can get eyes inside systems that are supposed to be secure.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/photo/cyber-crime-eye-royalty-free-image/1296072836">Yuichiro Chino via Getty Images</a></span></figcaption></figure><p>U.S. intelligence analysts have determined that Moscow <a href="https://news.yahoo.com/exclusive-fbi-and-dhs-warn-us-officials-of-possible-russian-cyber-attacks-linked-to-invasion-of-ukraine-220516786.html">would consider</a> <a href="https://theconversation.com/russia-could-unleash-disruptive-cyberattacks-against-the-us-but-efforts-to-sow-confusion-and-division-are-more-likely-175471">a cyberattack</a> against the U.S. as the <a href="https://www.wsj.com/articles/biden-expected-to-detail-harsh-sanctions-on-russia-after-putin-attacks-ukraine-11645711417">Ukraine crisis grows</a>.</p>
<p>As a <a href="https://scholar.google.com/citations?user=kmwlBpoAAAAJ&hl=en&oi=ao">scholar</a> of <a href="http://press.georgetown.edu/book/georgetown/russian-cyber-operations">Russian cyber operations</a>, I know the Kremlin has the capacity to damage critical U.S. infrastructure systems. </p>
<p>Federal officials have been bracing for this. In January 2022 the U.S. Cybersecurity and Infrastructure Security Agency issued <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-011a">an alert</a> that outlined the Russian cyberattack threat, with technical details of sophisticated Russian-led hacking from recent years. That included a <a href="https://www.cisa.gov/uscert/ncas/alerts/TA18-074A">complicated digital break-in</a> that targeted the U.S. energy industry and gained access to the control rooms of U.S. electric utilities. According to Homeland Security officials, the hackers “<a href="https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110">could have thrown switches</a>” and knocked out power to the public – but did not.</p>
<p>In mid-February 2022, federal cybersecurity experts met with executives from <a href="https://www.cnn.com/2022/02/18/politics/treasury-banks-russia-cyber-meeting/index.html">big U.S. banks</a> to discuss defenses against Russian hacking attempts.</p>
<p>In Ukraine, the Russian offensive began Feb. 23, 2022, with cyberattacks aimed at overloading and shutting down <a href="https://www.cnn.com/europe/live-news/ukraine-russia-news-02-23-22/h_730dbe7cd814c53f0f2977af127f35c4">bank and government websites</a>. In addition there were reports of <a href="https://www.scmagazine.com/analysis/apt/ukraine-organizations-hit-by-new-wiper-malware">software capable of corrupting data</a> having been secretly installed on hundreds of computers owned by large Ukrainian organizations in the <a href="https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia">financial, defense and information technology services industries</a>. </p>
<p>That malicious software spilled outside Ukraine – it was found on computers in Lithuania and Latvia – which is reminiscent of the <a href="https://www.cbsnews.com/news/lessons-to-learn-from-devastating-notpetya-cyberattack-wired-investigation/">NotPetya</a> attack. In 2017, a piece of malware that initially seemed to be ransomware was unleashed on Ukraine and spread widely, causing <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">more than $10 billion in collateral damage</a> to major international companies. The NotPetya attack was ultimately attributed to a <a href="https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and">Russian military unit</a>.</p>
<p>U.S. officials have also highlighted that Russian cyberwarriors can <a href="https://www.cisa.gov/uscert/ncas/alerts/aa22-011a">gain access and remain undetected for long periods</a> in key systems in the U.S. </p>
<p>Russian <a href="https://home.treasury.gov/news/press-releases/jy0127">Foreign Intelligence Service</a> hackers did this in 2020 when they gained access to SolarWinds software, used by many companies and government agencies to <a href="https://www.rpc.senate.gov/policy-papers/the-solarwinds-cyberattack">manage their computer networks</a>. After initially breaking into the system, the Russians stayed undetected for seven months, even <a href="https://www.mandiant.com/resources/sunburst-additional-technical-details">disabling</a> antivirus software and using <a href="https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor">stolen login credentials</a> to appear like legitimate users. </p>
<p>This attack gave Russians access inside at least <a href="https://www.whitehouse.gov/briefing-room/press-briefings/2021/02/17/press-briefing-by-press-secretary-jen-psaki-and-deputy-national-security-advisor-for-cyber-and-emerging-technology-anne-neuberger-february-17-2021/">nine U.S. federal agencies</a> and around 100 private companies, many in information technology and cybersecurity. </p>
<p>It’s <a href="https://theconversation.com/how-the-biden-administration-is-making-gains-in-an-uphill-battle-against-russian-hackers-174199">impossible to be certain</a> there aren’t more Russian government hackers lurking undetected in critical companies and systems in the U.S. And wherever they are, they may have the ability to cause substantial damage.</p>
<p>[<em><a href="https://memberservices.theconversation.com/newsletters/?nl=politics&source=inline-politics-important">Get The Conversation’s most important politics headlines, in our Politics Weekly newsletter</a>.</em>]</p><img src="https://counter.theconversation.com/content/177904/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Scott Jasper does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Russian information warriors have the capacity to damage critical US infrastructure systems.Scott Jasper, Senior Lecturer in National Security Affairs, Naval Postgraduate SchoolLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1762212022-02-07T13:19:47Z2022-02-07T13:19:47ZRussia has been at war with Ukraine for years – in cyberspace<figure><img src="https://images.theconversation.com/files/444578/original/file-20220204-27-1lb4f9n.jpg?ixlib=rb-1.1.0&rect=0%2C7%2C2649%2C2256&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Russian President Vladimir Putin walks through a hall in the building housing Russia's GRU military intelligence service.</span> <span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/RussiaPoisonedSpyGRU/66d4b73d747e49d597e5a5c4aab14e2e/photo?Query=GRU%20Dmitry%20Astakhov&mediaType=photo&sortBy=arrivaldatetime:desc&dateRange=Anytime&totalCount=1&currentItemNo=0">Dmitry Astakhov, Sputnik, Government Pool Photo via AP</a></span></figcaption></figure><p>The build up of Russian forces along Belarus’ <a href="https://www.nytimes.com/2022/01/29/world/europe/russia-troops-belarus-border-ukraine.html">665-mile border</a> with Ukraine is a physical manifestation of Russia’s intense interest in the region. Russia <a href="https://carnegieeurope.eu/2017/03/15/revisiting-2014-annexation-of-crimea-pub-68423">annexed Crimea</a> in 2014, and now Russian President Valdimir Putin appears intent on pulling Ukraine under Russia’s influence and denying it a close relationship with the West. </p>
<p>But even as Russia engages in brinksmanship from snow-covered fields in Belarus to meeting rooms in Geneva, <a href="https://www.foreignaffairs.com/articles/russia-fsu/2022-01-28/how-russia-has-turned-ukraine-cyber-battlefield">Moscow is already at war</a> with Kyiv – cyberwar. Russia has been waging this fight since at least 2014. </p>
<p>In cyberspace, Russia has interfered in <a href="https://www.atlanticcouncil.org/in-depth-research-reports/report/foreign-interference-in-ukraine-s-election/">Ukrainian elections</a>, targeted its <a href="https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/">power grid</a>, <a href="https://www.pcmag.com/news/ukrainian-government-websites-defaced-amid-threat-of-russian-invasion">defaced</a> its government websites and spread <a href="https://www.state.gov/fact-vs-fiction-russian-disinformation-on-ukraine/">disinformation</a>. Strategically, Russian cyber operations are designed to undermine the Ukrainian government and private sector organizations. Tactically, the operations aim to influence, scare and subdue the population. They are also <a href="https://www.newyorker.com/news/dispatch/a-moment-of-excruciating-anticipation-in-kyiv">harbingers of invasion</a>.</p>
<p>As a <a href="https://scholar.google.com/citations?hl=en&user=mMlCZbgAAAAJ">cybersecurity and public policy researcher</a>, I believe that Russian cyber operations are likely to continue. These operations are likely to further <a href="https://www.thecipherbrief.com/column_article/a-new-path-to-cyber-conflict-with-russia">destabilize Ukraine’s political environment</a> – namely, its government, its institutions and the people and organizations that depend on them. </p>
<h2>National power in cyberspace</h2>
<p>To date, Russia has been aggressive in its attempts to undermine Ukrainian sovereignty. <a href="https://foreignpolicy.com/2019/08/02/russian-disinformation-distorted-reality-in-ukraine-americans-should-take-note-putin-mueller-elections-antisemitism/">Russian propaganda</a> has painted a war with Ukraine as one of liberation. Many <a href="https://foreignpolicy.com/2021/12/02/russia-ukraine-liberated/">false narratives</a> paint the Ukrainians as submissive and eager for reunification. Russia’s intent is to sow confusion, shape the public perception of the conflict and influence the <a href="https://www.worldatlas.com/articles/major-ethnic-groups-of-the-ukraine.html">ethnic Russian population</a> within Ukraine. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A smart phone screen showing text in Ukrainian, Russian and Polish" src="https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=405&fit=crop&dpr=1 600w, https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=405&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=405&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=509&fit=crop&dpr=1 754w, https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=509&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/444587/original/file-20220204-17-1ikrjgz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=509&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">On Jan. 14, 2022, hackers that the Ukrainian government identified as Russian took over Ukrainian government websites and posted threatening messages.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/in-this-photo-illustration-a-warning-message-in-ukrainian-news-photo/1237728779">Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images</a></span>
</figcaption>
</figure>
<p>Russia has artfully employed cyber operations to project national power, particularly through its GRU military intelligence service. The phrase “<a href="https://www.thelightningpress.com/the-instruments-of-national-power/">instruments of national power</a>” defines power as diplomatic, information, military and economic – all are mechanisms for influencing other countries or international organizations. Cyberspace is unique as a <a href="https://www.jcs.mil/Portals/36/Documents/Doctrine/pubs/jp3_0ch1.pdf?ver=2018-11-27-160457-910">domain of warfare</a> because cyber operations can be used in the service of all four instruments of national power. </p>
<p>Diplomatically, Russia has tried to shape international norms in cyberspace by influencing discussions on cyberspace norms and behaviors. In 2018, Russia introduced a <a href="https://undocs.org/A/C.1/73/L.27/Rev.1">resolution to the United Nations</a> creating a working group with like-minded states to revisit and reinterpret the U.N.’s rule for cyberspace, emphasizing that a state’s sovereignty should extend into cyberspace. Some analysts argue that Russia’s true goal is to <a href="https://ccdcoe.org/incyder-articles/a-surprising-turn-of-events-un-creates-two-working-groups-on-cyberspace/#footnote_5_3341">legitimize its surveillance-state internet tactics</a> in the guise of state sovereignty. </p>
<p>Economically, the Russian <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">“NotPetya”</a> attack crippled international ports, paralyzed corporations, disrupted supply chains and effectively stalled the global economy – all with a single piece of code.</p>
<p>In the information environment, Russia is especially adept at <a href="https://cissar.com/research-reports-the-military-and-diplomatic-significance-of-russian-cyber-attacks/">influencing and manipulating information</a> to suit its strategic interests. For example, Russian efforts against the U.K. have targeted its relationship with NATO by using bots to spread false stories about British troops in Estonia during a <a href="https://www.thetimes.co.uk/article/troops-face-new-enemy-kremlins-fake-news-q0dbnfq79">NATO military exercise</a> in 2017. </p>
<p>Notably, Russia has a pattern of pairing information with military operations as tools of national power. During previous military conflicts in <a href="https://www.ausa.org/articles/russia-gives-lessons-electronic-warfare">eastern Ukraine</a>, the Russian military employed cyber capabilities to jam Ukrainian satellite, cellular and radio communications. </p>
<p>Overall, <a href="https://www.researchgate.net/publication/313252767_Russian_Military_Thinking_-_A_New_Generation_of_Warfare">Russia sees warfare as a continuum</a> that is ongoing with varying intensity across multiple fronts. Simply put, for Russia, war never stops and cyberspace is a key domain of its persistent conflict with Ukraine and the West. </p>
<h2>Probing the US, hammering Ukraine</h2>
<p>Russia has aimed its cyber operations at other nations, including the U.S. and Western European countries. Russia has targeted <a href="https://www.cisa.gov/uscert/ncas/alerts/TA18-074A">U.S. critical infrastructure</a> and <a href="https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/">supply chains</a>, and conducted <a href="https://theconversation.com/how-the-russian-government-used-disinformation-and-cyber-warfare-in-2016-election-an-ethical-hacker-explains-99989">disinformation campaigns</a>. U.S. officials are still investigating the extent of the recent <a href="https://www.rpc.senate.gov/policy-papers/the-solarwinds-cyberattack">SolarWinds</a> cyberattack, for example, but they have determined that the attack compromised federal agencies, courts, numerous private companies and state and local governments. The Russian activities are aimed at undermining U.S. domestic and national security, democratic institutions and even <a href="https://www.nytimes.com/2021/08/05/us/politics/covid-vaccines-russian-disinformation.html">public health efforts</a>. </p>
<p>But Russia is more <a href="https://mwi.usma.edu/striking-the-right-balance-how-russian-information-operations-in-the-baltic-states-should-inform-us-strategy-in-great-power-competition/">destructive</a> in its own backyard. Attacks on <a href="https://stratcomcoe.org/cuploads/pfiles/cyber_attacks_estonia.pdf">Estonia</a> and <a href="https://osce.usmission.gov/u-s-condemnation-of-russian-cyber-attack-on-georgia/">Georgia</a> illustrate how Russia can disrupt government functions and sow confusion as it prepares for military operations. </p>
<p>Most recently, Microsoft detected <a href="https://www.bleepingcomputer.com/news/security/microsoft-fake-ransomware-targets-ukraine-in-data-wiping-attacks/">data wiping malware</a> in Ukrainian government computer systems. Ukraine publicly <a href="https://thedigital.gov.ua/news/rosiya-mae-namir-zniziti-doviru-do-vladi-feykami-pro-vrazlivist-kritichnoi-informatsiynoi-infrastrukturi-ta-zliv-danikh-ukraintsiv">named Moscow as the perpetrator</a> and attributed the software designed to destroy data to Russian hackers. The presence of the malware marks an escalation of Russia’s current behavior toward Ukraine in cyberspace. The malware, if triggered, <a href="https://www.siliconrepublic.com/enterprise/ukraine-cyberattack-microsoft-malware-russia">would have destroyed</a> Ukrainian government records, disrupted online services and prevented the government from communicating with its citizens.</p>
<p>The ongoing aggression against Ukraine follows <a href="https://www.npr.org/sections/alltechconsidered/2015/04/28/402678116/report-to-aid-combat-russia-wages-cyberwar-against-ukraine">Russia’s pattern</a> of waging cyberwar while publicly threatening and preparing for a military invasion. In many ways, for Ukrainians, the prospect of war and anticipating invasion have become <a href="https://www.newyorker.com/news/dispatch/a-moment-of-excruciating-anticipation-in-kyiv">normalized</a>.</p>
<h2>Deadly consequences</h2>
<p>Website defacement and data loss are not the only concerns for Ukraine as Russia continues to mass troops and equipment along its borders. In the winter of 2015-2016, Russia demonstrated its ability to <a href="https://theconversation.com/cyberattack-on-ukraine-grid-heres-how-it-worked-and-perhaps-why-it-was-done-52802">hack Ukraine’s power grid</a> in a first-of-its-kind attack that cut off power to thousands of Ukrainians. <a href="https://www.climatestotravel.com/climate/ukraine">Temperatures in Kyiv</a> in the winter hover around freezing during the day and become dangerously cold at night. Any loss of power could be deadly.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C2908%2C1958&q=45&auto=format&w=1000&fit=clip"><img alt="a view of earth from space at night with scattered clouds and city lights below them" src="https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C2908%2C1958&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=404&fit=crop&dpr=1 600w, https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=404&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=404&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=508&fit=crop&dpr=1 754w, https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=508&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/444435/original/file-20220203-27-17uf9j1.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=508&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Kyiv, Ukraine’s capital, is the bright spot at the top center of this photo taken from the International Space Station. Russia demonstrated its ability to knock out parts of Ukraine’s power grid in 2015.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/nasamarshall/6289116940">NASA</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc/4.0/">CC BY-NC</a></span>
</figcaption>
</figure>
<p>Similarly, cyberattacks could disrupt Ukraine’s economy and communications infrastructure. An attack on the financial sector could prevent Ukrainians from withdrawing money or accessing their bank accounts. An attack on the communications infrastructure could cripple the Ukrainian military and limit the country’s ability to defend itself. Civilians would also lose their means of communications and with it the ability to organize evacuations and coordinate resistance. </p>
<p>[<em>Over 140,000 readers rely on The Conversation’s newsletters to understand the world.</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-140ksignup">Sign up today</a>.]</p>
<p>Ultimately, Russia is likely to continue to use cyber-enabled sabotage against Ukraine. Russian cyber operations over the past eight years hold three lessons to support this. First, cyberattacks that have costly physical effects, like knocking out the power grid, are destabilizing and can be used to erode the will of the Ukrainian people and counter their lean toward economic, military and political alliances with Europe and NATO. Second, cyberattacks that have a physical effect put Russian cyber capabilities on display and demonstrate their superiority over Ukrainian defenses. And third, Russia has done it before.</p><img src="https://counter.theconversation.com/content/176221/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The author is an officer in the United States Army. The views expressed are those of the author and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.</span></em></p>Troop buildups and diplomatic negotiations highlight the threat of a major land war in Europe. In cyberspace, Russia has been attacking Ukrainian infrastructure and government operations for years.Maggie Smith, Assistant Professor of Public Policy, United States Military Academy West PointLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1754712022-01-26T19:55:02Z2022-01-26T19:55:02ZRussia could unleash disruptive cyberattacks against the US – but efforts to sow confusion and division are more likely<figure><img src="https://images.theconversation.com/files/442625/original/file-20220125-27-qyhl0p.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C6000%2C3997&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The Department of Justice indicted six officers of Russia's GRU military intelligence service in October 2020 on charges of hacking and deploying malware.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/poster-showing-six-wanted-russian-military-intelligence-news-photo/1229171656">Andrew Harnik - Pool/Getty Images</a></span></figcaption></figure><p>As tensions mount between Russia and the West over Ukraine, the threat of Russian cyberattacks against the U.S. increases. The Department of Homeland Security issued an <a href="https://www.cnn.com/2022/01/24/politics/russia-cyberattack-warning-homeland-security/index.html">intelligence bulletin</a> on Jan. 23, 2022, warning that Russia has the capability to carry out a range of attacks, from <a href="https://www.cisa.gov/uscert/ncas/tips/ST04-015">denial-of-service</a> attacks on websites to disrupting critical infrastructure like power grids.</p>
<p>“We assess that Russia would consider initiating a cyberattack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security,” the DHS <a href="https://abcnews.go.com/Politics/dhs-warns-russian-cyberattack-us-responds-ukraine-invasion/story?id=82441727">stated in the bulletin</a>, which it sent to law enforcement agencies, state and local governments, and critical infrastructure operators.</p>
<p>Cybersecurity experts are concerned that in the wake of recent cyberattacks by hackers affiliated with Russia, the Russian government has the capability to carry out disruptive and destructive attacks against targets in the U.S. The <a href="https://theconversation.com/the-sunburst-hack-was-massive-and-devastating-5-observations-from-a-cybersecurity-expert-152444">SolarWinds attack</a>, uncovered in December 2020, gave the perpetrators access to the computer systems of many U.S. government agencies and private businesses. The DHS and FBI accused Russian hackers in March 2018 of <a href="https://www.cisa.gov/uscert/ncas/alerts/TA18-074A">infiltrating U.S. energy and infrastructure networks</a>.</p>
<p>Russian cyberattacks could include continued attempts to diminish Americans’ confidence in <a href="https://www.nytimes.com/news-event/russian-election-hacking">elections</a>, undermine <a href="https://www.thecipherbrief.com/column_article/dont-underestimate-economic-side-russias-cyber-warfare">economic stability</a>, damage the <a href="https://www.vox.com/world/2018/3/28/17170612/russia-hacking-us-power-grid-nuclear-plants">energy grid</a>, and even disrupt <a href="https://www.cbsnews.com/news/cyberattacks-ransomware-hacking-hospitals-target-foreign-groups/">health care systems</a>. </p>
<p>While some components of these systems almost certainly remain vulnerable to Russian-aligned hackers, the Russian government is likely to think twice before unleashing highly disruptive attacks against the U.S., because the U.S. government could interpret such attacks, particularly those targeting critical infrastructure, as <a href="https://www.wsj.com/articles/SB10001424052702304563104576355623135782718">acts of war</a>. The DHS bulletin stated that Russia has a high threshold for initiating disruptive attacks. As a researcher who <a href="https://scholar.google.com/citations?user=nNlgxmMAAAAJ&hl=en">studies cyberwarfare</a>, I believe a more likely threat from Russian hackers is launching disinformation campaigns.</p>
<h2>Distract, distort and divide</h2>
<p>Americans can probably expect to see Russian-sponsored cyber activities working in tandem with propaganda campaigns. These activities are likely to be aimed at preventing a unified response to Russian aggression in Ukraine. </p>
<p>Russian military doctrine includes the well-evolved concept of <a href="https://www.ndc.nato.int/news/news.php?icode=995">information confrontation</a>, which uses cyber means to create doubt about what is true. Russia’s information warfare strategy seeks to manipulate information and relationships. </p>
<p>The <a href="https://apps.dtic.mil/sti/pdfs/AD1108494.pdf">specific maneuvers</a> aim to bolster narratives, people and groups that support Russian interests and undermine those that are counter to Russian interests. The maneuvers, which include dismissing and distorting information and undermining opinion leaders, are carried out in the press and on social media. </p>
<p>Russian intelligence operatives are skilled at using technology, including <a href="https://theconversation.com/how-fake-accounts-constantly-manipulate-what-you-see-on-social-media-and-what-you-can-do-about-it-139610">amplifying misinformation through fake accounts</a> on popular social media platforms. In effect, Russia uses social and other online media like a military-grade fog machine that confuses the U.S. population and encourages mistrust in the strength and validity of the U.S. government.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="a seven-story office building with gray walls and blue windows" src="https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/442652/original/file-20220125-23-ziie5q.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">This office building, dubbed the ‘troll factory,’ housed the Internet Research Agency, a Kremlin-backed disinformation organization.</span>
<span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/Election2018RussianMeddling/91870df003cc492494b575682ef911c0/photo">AP Photo/Dmitri Lovetsky</a></span>
</figcaption>
</figure>
<p>Repressive governments like those in <a href="https://www.hrw.org/news/2020/06/18/russia-growing-internet-isolation-control-censorship">Russia</a> and <a href="https://gking.harvard.edu/50C">China</a> have perfected the manipulation of online information as a way to control their own populations. Democracies are especially vulnerable to these techniques, given the open exchange of ideas and lack of centralized control over sources of information. </p>
<p>In addition, U.S. society is <a href="https://www.pewresearch.org/politics/2014/06/12/political-polarization-in-the-american-public/">polarized</a>, and that polarization is <a href="https://www.brown.edu/news/2020-01-21/polarization">occurring at an increasing rate</a>. A study by researchers at the University of Oxford examined Russia’s computational propaganda against the U.S. <a href="https://int.nyt.com/data/documenthelper/534-oxford-russia-internet-research-agency/c6588b4a7b940c551c38/optimized/full.pdf">between 2013 and 2018</a> and found that it was designed to boost U.S. political polarization.</p>
<h2>Plausible deniability</h2>
<p>Though the Russian government commonly operates through its intelligence services, including the technical experts in the <a href="https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and">GRU</a> military intelligence service and the spymasters in the <a href="https://crsreports.congress.gov/product/pdf/IF/IF11718">FSB</a> domestic intelligence service, it also uses <a href="https://www.defenseone.com/technology/2021/05/russias-latest-hack-shows-how-useful-criminal-groups-are-kremlin/174401/">criminal groups</a> to achieve its aims. </p>
<p>History shows that Russia is most likely to recruit proxies to carry out cyberattacks that <a href="https://www.armyupress.army.mil/Portals/7/military-review/Archives/English/MilitaryReview_20111231_art013.pdf">disrupt decision-making</a> so that the attacks don’t point directly back to the Kremlin. There is no foggier battlefield than cyberspace. That is one of the main benefits of cyberspace as an element of national power – a cyberattack almost always allows for plausible deniability. </p>
<p>On Jan. 14, 2022, Russia <a href="https://theconversation.com/how-the-biden-administration-is-making-gains-in-an-uphill-battle-against-russian-hackers-174199">arrested members of the Russian-based cyber gang REvil</a> who were responsible for the 2021 ransomware attacks against <a href="https://www.bbc.com/news/world-us-canada-57338896">meat supplier JBS Foods</a>, headquartered in Greeley, Colorado, and <a href="https://www.politico.com/news/2021/05/08/colonial-pipeline-cyber-attack-485984">the Colonial Pipeline</a>, headquartered in Alpharetta, Georgia. The unusual move caused cybersecurity analysts to wonder about Russia’s motive, including speculation about <a href="https://www.darkreading.com/threat-intelligence/russia-takes-down-revil-ransomware-operation-arrests-key-members">making it easier for the government to deny a connection</a> to the cyberattacks.</p>
<h2>US cyber defenses</h2>
<p>National cyber defense is <a href="https://theconversation.com/the-colonial-pipeline-ransomware-attack-and-the-solarwinds-hack-were-all-but-inevitable-why-national-cyber-defense-is-a-wicked-problem-160661">inherently challenging</a>, but the U.S. is far from defenseless. Several <a href="https://www.washingtonpost.com/politics/2021/06/28/cybersecurity-202-united-states-is-still-number-one-cyber-capabilities/">analysts</a> <a href="https://www.iiss.org/blogs/research-paper/2021/06/cyber-capabilities-national-power">have noted</a> that the U.S. is the most capable cyber power in the world. The U.S. also has <a href="https://www.forbes.com/sites/jodywestby/2020/12/20/russia-has-carried-out-20-years-of-cyber-attacks-that-call-for-international-response/?sh=526ef3a96605">20 years</a> of experience dealing with Russian cyber aggression.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="people in military uniforms sit at desks with multiple computer monitors" src="https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=399&fit=crop&dpr=1 600w, https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=399&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=399&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=501&fit=crop&dpr=1 754w, https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=501&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/442626/original/file-20220125-27-177bhii.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=501&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">U.S. Army intelligence personnel in the Cyber Operations Center at Fort Gordon in Georgia watch for network attacks.</span>
<span class="attribution"><a class="source" href="https://www.flickr.com/photos/ftmeade/45028818622/">U.S. Army photo by Michael L. Lewis</a></span>
</figcaption>
</figure>
<p>The Biden administration’s <a href="https://theconversation.com/how-the-biden-administration-is-making-gains-in-an-uphill-battle-against-russian-hackers-174199">tough stance on Russian hacking</a> has made some progress. And though disinformation is among the murkiest of cyber strategies, cybersecurity experts are <a href="https://theconversation.com/the-battle-against-disinformation-is-global-129212">making headway</a> on that front, too.</p>
<h2>Cause for concern but no reason to fear</h2>
<p>Cyber activity that creates room for Russia to present the seizure of Ukraine as a fait accompli is much more likely than a crippling cyberattack. Though Russia might temporarily deter a U.S. response to Russian moves in Ukraine by disrupting U.S. critical infrastructure, Americans are likely to present a unified and powerful response to such an overt attack. I believe Russia is more likely to prefer a path of insidious political polarization to weaken U.S. geopolitical influence.</p>
<p>Even if Russia were to launch extensive cyberattacks against the U.S., the average American is unlikely to be harmed. The disruption of natural gas and food supplies would clearly have a significant economic impact, but it is <a href="https://www.washingtonpost.com/politics/2021/10/01/ransomware-attack-might-have-caused-another-death/">extremely rare</a> for a cyberattack to lead to loss of life. </p>
<p>If you are worried about the situation in Ukraine and wondering what you can do to defend against Russian cyberattacks, I recommend tuning out divisive rhetoric and cultivating common ground with Americans whom you might not agree with. Though there are many issues U.S. society is working through, Americans can still try to find some general agreement in the principles of the American experiment.</p>
<p>[<em>Science, politics, religion or just plain interesting articles:</em> <a href="https://memberservices.theconversation.com/newsletters/?source=inline-checkoutweekly">Check out The Conversation’s weekly newsletters</a>.]</p><img src="https://counter.theconversation.com/content/175471/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>I am a reservist in the United States Army.</span></em></p>Russia probably has the means to attack US electrical grids and otherwise create havoc but probably won’t go that far. Instead, watch for disinformation aimed at undermining the US and NATO.Justin Pelletier, Professor of Practice of Computing Security, Rochester Institute of TechnologyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1631712021-06-25T01:16:52Z2021-06-25T01:16:52ZCyber Cold War? The US and Russia talk tough, but only diplomacy will ease the threat<figure><img src="https://images.theconversation.com/files/408079/original/file-20210624-19-32eiyz.jpg?ixlib=rb-1.1.0&rect=0%2C58%2C5562%2C3360&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Patrick Semansky/AP</span></span></figcaption></figure><p>Over the past few years, tensions have been rising between Russia and the United States — not in conventional military terms, but in cyberspace. The issue came to a head at this month’s summit in Geneva, when US President Joe Biden <a href="https://www.theguardian.com/us-news/2021/jun/16/biden-to-meet-putin-at-highly-anticipated-summit-in-geneva">threatened reprisals</a> over allegedly Russian-backed cyber-attacks on US targets. </p>
<p>This confrontation first rose to global attention in 2016, when the US Central Intelligence Agency (CIA) reported Russia had <a href="https://www.theguardian.com/us-news/2016/dec/10/cia-concludes-russia-interfered-to-help-trump-win-election-report">directly influenced the outcome of the presidential election</a>, favouring the Republican candidate Donald Trump by <a href="https://www.theguardian.com/us-news/2016/dec/14/dnc-hillary-clinton-emails-hacked-russia-aide-typo-investigation-finds">hacking and leaking 60,000 emails</a> from the private account of Democratic nominee Hillary Clinton’s campaign director. </p>
<p>Then, in 2020, a <a href="https://www.businessinsider.com.au/solarwinds-hack-explained-government-agencies-cyber-security-2020-12">major cyber attack on IT firm SolarWinds</a> compromised the security of a wide range of US government and industry entities, including the Pentagon and the Department of Homeland Security. </p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1340692227341881348"}"></div></p>
<p>Trump administration Secretary of State Mike Pompeo <a href="https://www.wsj.com/articles/pompeo-blames-russia-for-solarwinds-hack-11608391515">held Russia responsible</a> for the incident, although Trump himself went against the consensus, <a href="https://www.abc.net.au/news/2020-12-20/trump-downplays-impact-of-massive-hacking,-questions-russia-inv/13001536">seeking to downplay the attack and blame China instead</a>.</p>
<p>Microsoft president Brad Smith described it as the “<a href="https://www.reuters.com/article/us-cyber-solarwinds-microsoft-idUSKBN2AF03R">largest and most sophisticated attack the world has ever seen</a>”. Microsoft began investigating the attack after many of its customers were caught up in it, including <a href="https://www.npr.org/2021/04/16/985439655/a-worst-nightmare-cyberattack-the-untold-story-of-the-solarwinds-hack">major tech companies and federal agencies</a>.</p>
<p><a href="https://www.facebook.com/RusEmbUSA/posts/1488755328001519">Russia denied</a> any involvement in the SolarWinds incident, publicly rejecting what it described as “unfounded attempts of the US media to blame Russia for hacker attacks on US governmental bodies”.</p>
<p>The attack was ultimately attributed to a cyber-criminal group called <a href="https://msrc-blog.microsoft.com/2020/12/21/december-21st-2020-solorigate-resource-center/">Nobelium</a>, which has continued to be active and allegedly perpetrated a <a href="https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/">series of cyber-attacks earlier this year</a>, although there is no clear evidence it did so with Kremlin backing.</p>
<h2>Fuel pipelines and black angus steak</h2>
<p>More recently, the <a href="https://theconversation.com/the-colonial-pipeline-ransomware-attack-and-the-solarwinds-hack-were-all-but-inevitable-why-national-cyber-defense-is-a-wicked-problem-160661">US Colonial Pipeline ransomware attack</a>, which crippled the largest oil pipeline in the US, was attributed to a <a href="https://www.entrepreneur.com/article/371960">Russian cyber-mercenary gang codenamed DarkSide</a>. </p>
<p>That was followed last month by an attack on meat processor JBS, shutting down parts of its operations in the US, Canada and Australia, and severely disrupting global meat supplies. This time the FBI pointed the finger at <a href="https://www.bbc.com/news/world-us-canada-57338896">REvil, another profitable Russian-based cyber-criminal group</a>.</p>
<p>In both of these cases, the victims reportedly paid ransoms to resume their operations. While this is expensive and arguably encourages future attacks, disruptions in operations can be <a href="https://blog.emsisoft.com/en/38426/the-cost-of-ransomware-in-2021-a-country-by-country-analysis/">even more costly</a>.</p>
<p>The FBI <a href="https://www.bbc.com/news/business-57394041">claims to have recovered</a> more than US$2 million of the ransom paid by the Colonial Pipeline Company. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/the-colonial-pipeline-ransomware-attack-and-the-solarwinds-hack-were-all-but-inevitable-why-national-cyber-defense-is-a-wicked-problem-160661">The Colonial Pipeline ransomware attack and the SolarWinds hack were all but inevitable – why national cyber defense is a 'wicked' problem</a>
</strong>
</em>
</p>
<hr>
<p>A few weeks before the Colonial Pipeline attack, the Biden administration <a href="https://www.npr.org/2021/04/15/987585796/u-s-slaps-new-sanctions-on-russia-over-cyber-attack-election-meddling">imposed economic sanctions on Russia</a> over its cyber-meddling in US elections. But the US has now understandably made combating ransomware attacks its top priority.</p>
<p>The <a href="https://www.zdnet.com/article/microsoft-and-mcafee-headline-newly-formed-ransomware-task-force/">Ransomware Task Force</a>, convened in December 2020 by Microsoft and leading tech security firms, <a href="https://securityandtechnology.org/ransomwaretaskforce/report/">called for global cooperation</a> to tackle the ransomware threat and break its business model. </p>
<h2>Does the US engage in similar activities?</h2>
<p>The US is certainly known for its cyber-offensive capabilities. Perhaps the most widely reported engagement was the <a href="https://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html">2010 Stuxnet attack</a> on Iran’s nuclear program. </p>
<p>In 2015, the US Cyber Command and National Security Agency <a href="https://www.npr.org/2019/09/26/763545811/how-the-u-s-hacked-isis">successfully hacked key members of ISIS</a>, while the following year Wikileaks <a href="https://www.washingtonpost.com/national-security/elite-cia-unit-that-developed-hacking-tools-failed-to-secure-its-own-systems-allowing-massive-leak-an-internal-report-found/2020/06/15/502e3456-ae9d-11ea-8f56-63f38c990077_story.html">revealed</a> the CIA had developed a powerful suite of hacking tools.</p>
<p>The US has both the capability and the motivation to conduct extensive cyber-infiltration of its adversaries.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/cyber-attacks-can-shut-down-critical-infrastructure-its-time-to-make-cyber-security-compulsory-160991">Cyber attacks can shut down critical infrastructure. It's time to make cyber security compulsory</a>
</strong>
</em>
</p>
<hr>
<p>At this month’s US-Russia summit in Geneva, Biden talked about establishing cyber-norms and declaring <a href="https://geneva.usmission.gov/2021/06/17/remarks-by-president-biden-in-press-conference-geneva-switzerland/">certain critical infrastructure as off-limits</a>.</p>
<p>This list identified <a href="https://www.cisa.gov/critical-infrastructure-sectors">16 sectors</a> that should be excluded from offensive action, including government facilities, IT systems, energy infrastructure, and food and agriculture — all four of which have come under suspected Russian-backed attack in recent years. </p>
<p>Some cyber-security advocates have <a href="https://www.bloomberg.com/news/articles/2021-01-13/solarwinds-hack-followed-years-of-warnings-of-weak-cybersecurity">criticised US strategies in recent years as being too weak</a>. Biden’s comments at the Geneva summit seem to be an attempt to strike a firmer tone.</p>
<h2>So is this the start of a cyber-war?</h2>
<p>Cyberspace is considered the <a href="https://www.aspistrategist.org.au/why-the-fifth-domain-is-different/">fifth domain for warfare</a>, after land, sea, air and space. But the truth is that IT systems are now so ubiquitous that they are also <a href="https://www.ida.org/-/media/feature/publications/2/20/2011-cyberspace---the-fifth-operational-domain/2011-cyberspace---the-fifth-operational-domain.ashx">firmly embedded in the four other domains too</a>, meaning a successful cyber attack can weaken an enemy in many kinds of ways.</p>
<p>This in turn can make it hard to even define what counts as an <a href="https://www.bushcenter.org/catalyst/modern-military/sciarrone-cyber-warfware.html">offensive act of cyber-war</a>, let alone identify the aggressor. </p>
<p>Although the Kremlin continues to deny any association with cyber-criminal gangs such as DarkSide or REvil, Russia nevertheless stands accused of giving them <a href="https://www.9news.com.au/world/how-the-kremlin-provides-a-safe-harbor-for-ransomware/3ab840fc-2885-41e6-bbbe-ffc5c398dcf4">safe harbour</a>. </p>
<h2>How do we stop global cyber attacks?</h2>
<p>The recent <a href="https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf">Ransomware Task Force report</a> specifically attempted to address the issue of ransomware. But it also offers useful advice for countering state-backed cyber-crime. It recommends: </p>
<ul>
<li><p>coordinated, international diplomatic and law-enforcement efforts to confront cyber-threats</p></li>
<li><p>establishing relevant agencies to manage cyber incidents</p></li>
<li><p>internationally coordinated efforts to establish frameworks to help organisations that are subject to cyber-attacks.</p></li>
</ul>
<p>Successfully stamping out international cyber-attacks will be tremendously hard, and is ultimately only achievable with good diplomacy, trust, cooperation and communication. </p>
<p>While global superpowers continue to sponsor cyber-attacks on foreign shores while decrying attacks against their own assets, all we end up with is the virtual equivalent of <a href="https://www.secplicity.org/2019/11/12/mutually-assured-destruction-in-cyberspace/">mutually assured destruction</a>.</p><img src="https://counter.theconversation.com/content/163171/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>At this month’s summit, US President Joe Biden warned his counterpart Vladimir Putin of reprisals against ‘persistent malicious cyber-attacks’. But it will take more than posturing to end the stand-off.Ahmed Ibrahim, Lecturer (Computing and Security), Edith Cowan UniversityPaul Haskell-Dowland, Associate Dean (Computing and Security), Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1524402021-01-29T13:30:04Z2021-01-29T13:30:04ZEspionage attempts like the SolarWinds hack are inevitable, so it’s safer to focus on defense – not retaliation<figure><img src="https://images.theconversation.com/files/380939/original/file-20210127-13-1menla9.jpg?ixlib=rb-1.1.0&rect=0%2C26%2C5991%2C3961&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The U.S. Justice Department was among many federal agencies and private companies whose networks suffered intrusions from Russian hackers.</span> <span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/FederalAgenciesHackedSupplyChain/e4a937d917c44c3c8a779c55308cbe7b/photo">AP Photo/Jacquelyn Martin</a></span></figcaption></figure><p>In the wake of the major espionage operation in which people alleged to be Russian government agents <a href="https://www.theverge.com/2021/1/2/22210667/solarwinds-hack-worse-government-microsoft-cybersecurity">infiltrated the digital networks of the U.S. Defense, Treasury and Homeland Security departments</a> – as well as other government agencies and private companies – President Joe Biden is considering how to respond.</p>
<p>It’s not clear exactly what data the hackers actually stole in the time they had access, <a href="https://www.zdnet.com/article/solarwinds-the-more-we-learn-the-worse-it-looks/">roughly from March through December 2020</a>, but they exploited software made by the Texas-based firm SolarWinds to gain <a href="https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html">access to key research and security information</a>, including research for future nuclear weapons.</p>
<p>Since taking office, Biden has ordered a thorough <a href="https://www.cyberscoop.com/biden-solarwinds-russia-intelligence-assessment/">intelligence review</a> of Russian aggression around the world, which includes hacking, <a href="https://www.npr.org/2020/08/18/903616315/senate-releases-final-report-on-russias-interference-in-2016-election">election interference</a>, <a href="https://www.cnn.com/2020/12/21/europe/russia-navalny-poisoning-underpants-ward/index.html">poisoning political opponents</a> and <a href="https://www.nytimes.com/2020/06/26/us/politics/russia-afghanistan-bounties.html">posting bounties for killing U.S. soldiers</a>. And on Jan. 21, his first full day in office, Biden received a <a href="https://www.solarium.gov/public-communications/transition-book">report</a> from a congressional cybersecurity commission with 15 recommendations expected to prevent another major cyber breach. Those included boosting America’s cyber capabilities by increasing funding for U.S. Cyber Command and establishing a civilian reserve group that draws on cybersecurity talent in private industry and cybersecurity companies.</p>
<p>His administration faces pressure <a href="https://www.cnn.com/2021/01/23/politics/solarwinds-hack-biden-pressure/index.html">from members of Congress in both parties</a> and former government officials to respond forcefully to the SolarWinds breach.</p>
<p>He is <a href="https://www.reuters.com/article/usa-cyber-breach-biden/bidens-options-for-russian-hacking-punishment-sanctions-cyber-retaliation-idUSKBN28U0DV">reportedly considering</a> retaliatory cyberattacks against Russia and targeted financial sanctions against the individuals involved.</p>
<p>But the U.S. government may not be able to stop future intrusions into American computer systems. Scholarship describes how difficult it can be to effectively <a href="https://doi.org/10.1093/cybsec/tyv003">deter cyberattacks</a> or <a href="https://doi.org/10.1017/aju.2019.34">punish those responsible</a>. In fact, as a <a href="http://willakoto.com/">scholar of cyber conflict</a>, my research strongly indicates that retaliation – in whatever form it might take – will almost certainly invite counterhacks from Russia, <a href="https://doi.org/10.1177%2F0022343320964549">worsening tensions</a> between the countries and potentially escalating into the offline world.</p>
<h2>A sophisticated attack</h2>
<p>The SolarWinds hack was more advanced than previous ones: The hackers actually <a href="https://www.cnn.com/2020/12/16/tech/solarwinds-orion-hack-explained/index.html">compromised software updates</a> that the network management company regularly provides to the businesses and government agencies that use its software. The hackers inserted malicious code into the official updates, which countless administrators trusted and installed on nearly 18,000 systems across the country.</p>
<p>Once installed, the malicious software connected to servers controlled by the hackers and gave them access to key data about government and corporate research and operations.</p>
<p>This isn’t the first major digital attack on the U.S. And its severity shows that past efforts to discourage cyberattacks have not been effective. </p>
<p>Under President Barack Obama, for instance, the U.S. leveled economic and diplomatic sanctions against the people and governments responsible for cyberespionage, including <a href="https://www.bankinfosecurity.com/us-imposes-sanctions-on-north-korea-a-7746">North Korea</a> <a href="https://www.nytimes.com/2016/12/29/us/politics/russia-election-hacking-sanctions.html">and Russia</a>. The Trump administration likewise imposed sanctions against <a href="https://www.rferl.org/a/u-s-places-sanctions-on-hacking-group-with-alleged-ties-to-iranian-intelligence/30844587.html">Iranian</a> and <a href="https://www.reuters.com/article/us-northkorea-usa-sanctions/u-s-imposes-sanctions-on-north-korean-hacking-groups-blamed-for-global-attacks-idUSKCN1VY1RB">North Korean</a> hackers for a range of cyberattacks targeting U.S. companies, universities and government agencies.</p>
<p>[<em>The Conversation’s Politics + Society editors pick need-to-know stories.</em> <a href="https://theconversation.com/us/newsletters/politics-weekly-74/?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=politics-need-to-know">Sign up for Politics Weekly</a>.]</p>
<p>Several scholars, including <a href="https://doi.org/10.1177%2F1065912919837608">my collaborators and me</a>, have shown that though economic sanctions do hurt their targets, they also hurt the country imposing the restrictions – in this case, the United States – which misses out on business opportunities in the targeted countries. Newer rounds of sanctions also bar U.S. companies from <a href="https://www.natlawreview.com/article/president-trump-imposes-sanctions-companies-doing-business-iran-s-construction">doing business with third-country firms</a> that operate in targeted countries.</p>
<p>Sanctions don’t actually deter future attacks.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A Justice Department briefing detailing Russian hacking" src="https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/380940/original/file-20210127-15-isilv9.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Federal officials have charged several Russian government agents with cybercrimes, including these six, who were added to the ‘wanted’ list in October 2020.</span>
<span class="attribution"><a class="source" href="https://newsroom.ap.org/detail/RussianHackersCharged/317447dbec46406190362fce3ae97862/photo">AP Photo/Andrew Harnik, pool</a></span>
</figcaption>
</figure>
<h2>Government actions haven’t been enough</h2>
<p>Beyond punishing hacker countries with sanctions, the U.S. has undertaken operations to directly attack the digital capabilities of those nations. For instance, <a href="https://www.cybercom.mil/">U.S. Cyber Command</a>, the arm of the military charged with defending the U.S. in cyberspace, cut off a <a href="https://www.nytimes.com/2019/02/26/us/politics/us-cyber-command-russia.html">key Russian agency’s internet access</a> during the 2018 congressional midterm election. The U.S. has also sent military cybersecurity experts overseas to <a href="https://www.nytimes.com/2020/11/02/us/politics/cyber-command-hackers-russia.html">learn more about Russian, Chinese and Iranian capabilities</a>. It’s also possible that Cyber Command has secretly undertaken other responses.</p>
<p>None of this has dissuaded hackers from repeatedly targeting American firms and government agencies. Indeed, <a href="https://www.tandfonline.com/doi/abs/10.1080/0735648X.2019.1692423">prior research</a> confirms that the threat of formal sanctions has very little effect on deterring cyberattacks in lab settings.</p>
<h2>If deterrence won’t work …</h2>
<p>Ignoring cyberattacks, of course, is not a solution either. But I believe the challenge is to determine how to make clear to the perpetrators that large-scale cyber intrusions will not be tolerated – and to do so without escalating the online conflict. I believe there is only one way to prepare – and it’s to accept that hackers will keep trying to attack.</p>
<p>There are some ways to adjust to this new reality, just as there are with other complex and intractable problems. For instance, governments seek to mitigate harm from climate change by limiting greenhouse gas emissions and discouraging new construction in flood zones. </p>
<p>The cybersecurity equivalent could be building and programming computer systems that can <a href="https://doi.org/10.1007/978-3-319-16486-1_31">withstand faults, failures and hacking</a> while still performing essential functions and protecting data security. The ultimate objective would be not to prevent systems from being breached, but to <a href="https://www.raconteur.net/sponsored/rise-of-cyber-resilience-and-how-to-achieve-it/">limit the damage and speed the recovery</a> when they are broken into. My research, and others’, indicates this could be an effective way to address the new reality of state-sponsored hacking while realizing there is no way to truly prevent future attacks.</p><img src="https://counter.theconversation.com/content/152440/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>William Akoto does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>A scholar of cyber conflict sets out why retaliation doesn’t prevent future attacks, and explains what might have a better chance.William Akoto, Assistant Professor of International Politics, Fordham UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1524442020-12-29T14:17:19Z2020-12-29T14:17:19ZThe Sunburst hack was massive and devastating – 5 observations from a cybersecurity expert<figure><img src="https://images.theconversation.com/files/376591/original/file-20201223-23-11m8mdo.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C5674%2C3772&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Federal government agencies, from the Treasury Department to the National Nuclear Security Administration, have been compromised by the attack.</span> <span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/the-morning-sun-rises-over-the-white-house-on-march-24-2019-news-photo/1137951124?adppopup=true">Tasos Katopodis/Getty Images</a></span></figcaption></figure><p>So much remains unknown about what is now being called the Sunburst hack, the cyberattack against U.S. government agencies and corporations. U.S. officials <a href="https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html">widely believe</a> that Russian state-sponsored hackers are responsible.</p>
<p>The attack gave the perpetrators access to numerous key American business and government organizations. The immediate effects will be difficult to judge, and a complete accounting of the damage is unlikely. However, the nature of the affected organizations alone makes it clear that this is perhaps the most consequential cyberattack against the U.S. to date.</p>
<p>An act of cyberwar is usually not like a bomb, which causes immediate, well-understood damage. Rather, it is more like a cancer – it’s slow to detect, difficult to eradicate, and it causes ongoing and significant damage over a long period of time. Here are five points that cybersecurity experts – the oncologists in the cancer analogy – can make with what’s known so far.</p>
<h2>1. The victims were tough nuts to crack</h2>
<p>From top-tier cybersecurity firm FireEye to the U.S. Treasury, Microsoft, Intel and many other organizations, the victims of the attack are for the most part firms with comprehensive cybersecurity practices. The list of <a href="https://www.businessinsider.com/list-of-companies-agencies-at-risk-after-solarwinds-hack-2020-12?op=1">organizations that use the compromised software</a> includes firms like MasterCard, Lockheed Martin and PricewaterhouseCoopers. SolarWinds estimates about <a href="https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/">18,000 firms</a> were affected.</p>
<p>As CEO of cybersecurity firm Cyber Reconnaissance Inc. and an <a href="https://scholar.google.com/citations?user=OUAMn6oAAAAJ&hl=en">associate professor of computer science</a> at Arizona State University, I have met security professionals from many of the targeted organizations. Many of the organizations have world-class cybersecurity teams. These are some of the hardest targets to hit in corporate America. The victims of Sunburst were specifically targeted, likely with a primary focus on intelligence gathering.</p>
<h2>2. This was almost certainly the work of a nation – not criminals</h2>
<p>Criminal hackers focus on near-term financial gain. They use techniques like ransomware to extort money from their victims, steal financial information, and harvest computing resources for activities like sending spam emails or mining for cryptocurrency. </p>
<p>Criminal hackers exploit well-known security vulnerabilities that, had the victims been more thorough in their security, could have been prevented. The hackers typically target organizations with weaker security, like health care systems, universities and municipal governments. University networks are notoriously decentralized, difficult to secure, and often underfund cybersecurity. Medical systems tend to use specialty medical devices that run older, vulnerable software that is difficult to upgrade. </p>
<p>Hackers associated with national governments, on the other hand, have entirely different motives. They look for long-term access to critical infrastructure, gather intelligence and develop the means to disable certain industries. They also steal intellectual property – especially intellectual property that is expensive to develop in fields like high technology, medicine, defense and agriculture.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="A smart phone displaying the FireEye logo" src="https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/376596/original/file-20201223-49872-i98bca.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">One of the targeted organizations, cybersecurity firm FireEye, would be a poor choice for cybercriminals but highly desirable for the Russian government or other adversaries of the U.S.</span>
<span class="attribution"><a class="source" href="https://www.gettyimages.com/detail/news-photo/in-this-photo-illustration-a-fireeye-cyber-security-company-news-photo/1230182459?adppopup=true">SOPA Images/LightRocket via Getty Images</a></span>
</figcaption>
</figure>
<p>The sheer amount of effort to infiltrate one of the Sunburst victim firms is also a telling sign that this was not a mere criminal hack. For example, a firm like FireEye is an inherently bad target for a criminal attacker. It has fewer than 4,000 employees yet has computer security on par with the world’s top defense and financial businesses. </p>
<h2>3. The attack exploited trusted third-party software</h2>
<p>The hackers gained access by slipping their malware into software updates of SolarWinds’ Orion software, which is widely used to manage large organizational networks. The Sunburst attack relied on a trusted relationship between the targeted organization and SolarWinds. When users of Orion updated their systems in the spring of 2020, they unwittingly invited a Trojan horse into their computer networks.</p>
<p>Aside from <a href="https://www.bloomberg.com/news/articles/2020-12-21/solarwinds-adviser-warned-of-lax-security-years-before-hack">a report about lax security</a> at SolarWinds, very little is known about how the hackers gained initial access to SolarWinds. However, the Russians have used the tactic of compromising a third-party software update process before, in 2017. This was during the infamous <a href="https://medium.com/@PauloShak/learning-from-notpetya-43f2fea8994c">NotPetya</a> attack, which was considered the most financially <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">damaging cyberattack in history</a>. </p>
<h2>4. The extent of the damage is unknown</h2>
<p>It will take time to uncover the extent of the damage. The investigation is complicated because the attackers gained access to most of the victims in the spring of 2020, which gave the hackers time to expand and hide their access and control of the victims’ systems. For example, <a href="https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/">some experts believe</a> that a vulnerability in VMWare, software that is widely used in corporate networks, was also used to gain access to the victims’ systems, <a href="https://www.sdxcentral.com/articles/news/vmware-denies-its-software-used-in-solarwinds-hack/2020/12/">though the company denies it</a>.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="the Microsoft logo on the side of a building" src="https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=338&fit=crop&dpr=1 600w, https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=338&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=338&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=424&fit=crop&dpr=1 754w, https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=424&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/376594/original/file-20201223-23-161id6c.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=424&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Some of the exposed organizations, like Microsoft, made limited use of the SolarWinds software, which appears to have contained the damage they suffered.</span>
<span class="attribution"><a class="source" href="https://images.app.goo.gl/at74GEFtP7Qac6ps7">Raimond Spekking</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span>
</figcaption>
</figure>
<p>I expect the damage to be spread unevenly among the victims. This will depend on various factors such as how extensively the organization used the SolarWinds software, how segmented its networks are, and the nature of their software maintenance cycle. For example, Microsoft <a href="https://www.bloomberg.com/news/articles/2020-12-18/microsoft-says-its-systems-were-exposed-in-solarwinds-hack">reportedly had limited deployments of Orion</a>, so the attack had limited impact on their systems. </p>
<p>In contrast, the bounty the hackers stole from FireEye included <a href="https://blog.cyr3con.ai/the-vulnerabilities-fireeye-hackers-will-start-to-use">penetration testing tools</a>, which were used to test the defenses of high-end FireEye clients. The theft of these tools was likely prized by hackers to both increase their capabilities in future attacks as well as gain insights into what FireEye clients are protecting against.</p>
<h2>5. The fallout could include real-world harm</h2>
<p>There is a very thin, often nonexistent line between gathering information and causing real-world harm. What may start as spying or espionage can easily escalate into warfare. </p>
<p>The presence of malware on a computer system that gives the attacker greater user privileges is dangerous. Hackers can use control of a computer system to destroy computer systems, as was the case in the <a href="https://phys.org/news/2012-10-iran-cyberattack-saudi-ex-official.html">Iranian cyberattacks against Saudi Aramco in 2012</a>, and harm physical infrastructure, as was the case <a href="https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/">Stuxnet attack against Iranian nuclear facilities in 2010</a>. </p>
<p>Further, real harm can be done to individuals with information alone. For example, the <a href="https://www.technologyreview.com/2020/02/10/349004/the-us-says-the-chinese-military-hacked-equifax-heres-how/">Chinese breach of Equifax</a> in 2017 has put detailed financial and personal information about millions of Americans in the hands of one of the U.S.’s greatest strategic competitors.</p>
<p>No one knows the full extent of the Sunburst attack, but the scope is large and the victims represent important pillars of the U.S. government, economy and critical infrastructure. Information stolen from those systems and malware the hackers have likely left on them can be used for follow-on attacks. I believe it is likely that the Sunburst attack will result in harm to Americans. </p>
<p>[<em>Get the best of The Conversation, every weekend.</em> <a href="https://theconversation.com/us/newsletters/weekly-highlights-61?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=weeklybest">Sign up for our weekly newsletter</a>.]</p><img src="https://counter.theconversation.com/content/152444/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Paulo Shakarian works for/consults to/owns shares in Cyber Reconnaissance, Inc. (CYR3CON).</span></em></p>Cyberwarfare is more like cancer than bombs and bullets. Cybersecurity experts are just beginning to make their diagnosis of the Sunburst hack.Paulo Shakarian, Associate Professor of Computer Science, Arizona State UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1411192020-06-19T05:21:38Z2020-06-19T05:21:38ZAustralia is under sustained cyber attack, warns the government. What’s going on, and what should businesses do?<p>Prime Minister Scott Morrison had some alarming news for Australians this morning: we are under cyber attack. He informed the nation the attacks “hadn’t just started”, and that Australian businesses and governments are being widely targeted. </p>
<p>It is unclear why the government chose today to make the announcement, or indeed what exactly is going on. </p>
<p>The attack is described as “state-sponsored”, which means a foreign government is believed to be behind it. When asked who that might be, Morrison said there is a high threshold for drawing that kind of conclusion, but added:</p>
<blockquote>
<p>…there are not a large number of state-based actors that can engage in this type of activity.</p>
</blockquote>
<p>This has been interpreted as a coded reference to China, which the Australian government <a href="https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470">reportedly suspects</a> of being behind the attacks.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/why-international-law-is-failing-to-keep-pace-with-technology-in-preventing-cyber-attacks-111998">Why international law is failing to keep pace with technology in preventing cyber attacks</a>
</strong>
</em>
</p>
<hr>
<h2>What do we know about the attack so far?</h2>
<p>An <a href="https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks">advisory note</a> posted on the government’s Australian Cyber Security Centre website describes the attack as a “cyber campaign targeting Australian networks”. </p>
<p>The advisory says the attackers are primarily using “remote code execution vulnerability” to target Australian networks and systems. <a href="https://www.sciencedirect.com/topics/computer-science/remote-code-execution">Remote code execution</a> is a common type of cyber attack in which an attacker attempts to insert their own software codes into a vulnerable system such as a server or database. </p>
<p>The attackers would not only try to steal information but also attempt to run malicious codes that could damage or disable the systems under attack. </p>
<p>Detecting this is hard, and would require advanced defensive measures such as <a href="https://cybersguards.com/web-application-penetration-testing-checklist-updated-2019/">penetration testing</a>, in which trained security professionals known as “ethical hackers” try to hack into a system in an attempt to find potential vulnerabilities. </p>
<h2>What systems have been affected?</h2>
<p>The advisory linked the attack to three specific vulnerabilities in particular systems, detailed in the table below. Any business that uses any of these systems is vulnerable to attack. It is too early to tell whether other systems are also vulnerable; other vulnerabilities may emerge as investigations continue.</p>
<h1> </h1>
<table>
<tbody>
<tr>
<td>
<p><strong>Affected system</strong></p>
</td>
<td>
<p><strong>Description</strong></p>
</td>
<td>
<p><strong>Action required</strong></p>
</td>
</tr>
<tr>
<td>
<p>Microsoft Internet Information Services (IIS)</p>
</td>
<td>
<p>This is a general-purpose webserver from Microsoft that runs on Windows systems. The most common use of an IIS is to host web-based applications and simple static websites.</p>
</td>
<td rowspan="3">
<p>For all three systems:</p>
<ul>
<li>Ensure you are running the latest version of the software</li>
<li>Install the latest patches and updates</li>
<li>Change all passwords, log off from all devices</li>
<li>Set up multifactor authentication, more details can be found <a href="https://www.cyber.gov.au/publications/implementing-multi-factor-authentication">here</a></li>
<li>Scan and remove any malicious codes which you don’t recognise</li>
</ul>
<p> </p>
<p> </p>
<p> </p>
</td>
</tr>
<tr>
<td>
<p>SharePoint</p>
</td>
<td>
<p>A SharePoint Server is used by organisations to manage Office 365 Enterprise accounts within their own organisation.</p>
</td>
</tr>
<tr>
<td>
<p>Citrix</p>
</td>
<td>
<p>The affected Citrix products are mainly Citrix gateways and servers. These are used to support web, cloud and mobile application services. </p>
</td>
</tr>
</tbody>
</table>
<h2>How can businesses protect themselves?</h2>
<p>Even though the specific threats are not fully known to the public, there is a range of measures businesses can take in the meantime. These include:</p>
<p><strong>Use available government resources</strong></p>
<p>The federal government has provided extensive cyber safety guidelines for Australian businesses, featuring advice on <a href="https://www.business.gov.au/Risk-management/Cyber-security">cyber security</a> and <a href="https://www.business.gov.au/risk-management/cyber-security/cyber-security-and-your-business">data protection</a>, and information on the <a href="https://www.business.gov.au/risk-management/cyber-security/cyber-threats">various types of cyber threat</a>. </p>
<p>More comprehensive cyber security guidelines can be found at the <a href="https://www.cyber.gov.au/ism">ACSC website</a>, including detailed advice on secure management of databases, email systems and physical computer assets, among others.</p>
<p><strong>Watch out for spam</strong></p>
<p><a href="https://theconversation.com/everyone-falls-for-fake-emails-lessons-from-cybersecurity-summer-school-81389">Phishing</a> is not just limited to email. These scams can be executed via text messages, social media such as Facebook, and VOIP messaging services such as WhatsApp. </p>
<p>As a general guide: </p>
<ul>
<li><p>do not open messages or attachments from unknown senders</p></li>
<li><p>remember that genuine organisations such as banks, government departments and online retailers never ask for personal information via email, and you should always check with them directly (such as by calling them) if in doubt.</p></li>
</ul>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/everyone-falls-for-fake-emails-lessons-from-cybersecurity-summer-school-81389">Everyone falls for fake emails: lessons from cybersecurity summer school</a>
</strong>
</em>
</p>
<hr>
<p><strong>Beware DDoS attacks</strong></p>
<p>A <a href="https://www.us-cert.gov/ncas/tips/ST04-015">“distributed denial of service” (DDoS) attack</a> is the most common type of cyber attack. It works by flooding your website with traffic, preventing genuine customers from reaching your website. Think of it like a traffic jam clogging up a highway and preventing cars from reaching their destinations. </p>
<p>Luckily, there are ways to reduce the impact of DDoS attacks, such as by using intrusion detection and prevention systems. If you are concerned about DoS attacks speak with your internet provider about developing a DDoS response plan. </p>
<p><strong>Have a backup plan</strong></p>
<p>A “continuity plan” ensures important assets such as personnel records, customer databases and network configurations are protected and can be restored quickly in the event of a cyberattack. </p>
<p>Suggested plans are available via the <a href="https://www.business.gov.au/New-to-business-essentials/When-things-dont-go-to-plan">federal</a> and <a href="https://www.business.qld.gov.au/running-business/protecting-business/risk-management/continuity-planning/plan">Queensland</a> governments.</p>
<p>Businesses should also follow sensible IT security procedures, which include the following:</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=401&fit=crop&dpr=1 600w, https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=401&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=401&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=504&fit=crop&dpr=1 754w, https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=504&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/342905/original/file-20200619-70404-hbg1uv.png?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=504&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">What businesses should be doing to minimise their cyber security risks.</span>
<span class="attribution"><span class="source">Mahmoud Elkhodr</span>, <span class="license">Author provided</span></span>
</figcaption>
</figure>
<p>Regardless of the details, the latest announcement is a reminder that we should not lower our guard against cyber attacks. The latest round of cyber attacks are likely the result of previous “reconnaissance attacks”, which revealed existing vulnerabilities in Australian networks.</p>
<p>Taking the steps outlined above could help prevent hackers mounting similar attacks in the future.</p><img src="https://counter.theconversation.com/content/141119/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Mahmoud Elkhodr does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Australia is coming under sustained cyber attack by a ‘state-based’ actor, says Prime Minister Scott Morrison, as hackers try to exploit vulnerabilities in business and government software systems.Mahmoud Elkhodr, Lecturer in Information and Communication Technologies, CQUniversity AustraliaLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1336102020-05-12T12:35:22Z2020-05-12T12:35:22ZGovernment cybersecurity commission calls for international cooperation, resilience and retaliation<figure><img src="https://images.theconversation.com/files/333751/original/file-20200508-49579-1pe7uye.jpg?ixlib=rb-1.1.0&rect=0%2C0%2C7065%2C4875&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Real-time cyberattacks on a display at the 175th Cyberspace Operations Group of the Maryland Air National Guard.</span> <span class="attribution"><a class="source" href="https://flickr.com/photos/airmanmagazine/40080902694/">U.S. Air Force photo by J.M. Eddins Jr.</a>, <a class="license" href="http://creativecommons.org/licenses/by-nc/4.0/">CC BY-NC</a></span></figcaption></figure><p>The global commons are under assault in cyberspace. Ransomware attacks, including North Korea’s <a href="https://www.csoonline.com/article/3227906/what-is-wannacry-ransomware-how-does-it-infect-and-who-was-responsible.html">WannaCry</a> and Russia’s <a href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">NotPetya</a>, have disrupted vital medical services and global transportation systems, costing billions of dollars. <a href="https://www.newyorker.com/tech/annals-of-technology/should-the-us-expect-an-iranian-cyberattack">Iran</a> and <a href="https://www.oxfordscholarship.com/view/10.1093/oso/9780190618094.001.0001/oso-9780190618094">China</a> have engaged in similar actions.</p>
<p>These cyberattacks are carried out by states and nonstate actors that seek to undermine global connectivity for their own interests. But like a pandemic, these attacks affect all of society. The world needs a new approach to combating how nations use cyberspace to advance their interests at the expense of people around the world. </p>
<p>The U.S. <a href="https://www.solarium.gov/">Cyberspace Solarium Commission</a> was formed by Congress in 2018 to develop a strategic approach to defending the United States in cyberspace. It provided a road map for establishing cooperation and accountability in cyberspace. The commission consisted of four federal legislators, the deputies of the Department of Homeland Security, Department of Defense, office of the Director of National Intelligence and Department of Justice, and six private-sector experts. One of us, <a href="https://scholar.google.com/citations?user=7sjhifoAAAAJ&hl=en">Benjamin Jensen</a>, served as the commission’s senior research director.</p>
<p>The commissioners and staff conducted more than 400 interviews with cybersecurity professionals, researchers and officials in the private sector, academia and foreign governments. The commission’s <a href="https://www.solarium.gov/report">final report</a>, released in March, lays out a comprehensive plan of action based on a new strategy: layered cyber deterrence. </p>
<h2>Layered cyber deterrence</h2>
<p>The proposed strategy breaks new ground in two ways. First, it asserts that contrary to <a href="https://www.fifthdomain.com/dod/2019/04/30/is-there-such-a-concept-as-cyber-deterrence/">conventional wisdom</a>, it is possible to deter cyberattacks. Second, the strategy calls for coordinating activities in three layers to secure cyberspace. This won’t eliminate all bad behavior in cyberspace any more than traditional law enforcement has completely banished crime in the physical world. But it will improve how the U.S. government and the private sector respond to cyberthreats. </p>
<p>The first layer calls for the U.S. government to shape behavior in cyberspace through diplomacy and establishing new norms. Too many states quietly condone hacking to steal, spy and threaten their rivals. These attacks rely on illicit marketplaces for malware. The key is promoting responsible behavior in cyberspace and assigning specific expectations for the roles and responsibilities of governments and the private sector.</p>
<p>The second layer calls for the U.S. government to make cyberattacks less effective by promoting national resilience. This approach requires securing critical networks in collaboration with the private sector. It also requires being able to conclusively identify the perpetrators of malicious actions in cyberspace. And it requires increasing the security of the cyber ecosystem. Actions in this layer include working to create more transparency in cyber insurance markets and ensuring economic continuity in the event of a catastrophic cyber incident. </p>
<p>The third layer calls for the U.S. government to impose proportional costs to malicious actions in cyberspace. This requires the U.S., in collaboration with allies, to maintain the capability and credibility needed to retaliate against nations and organizations that target the U.S. in and through cyberspace. The means to retaliate include legal, financial, diplomatic and cyber powers that, applied in combination, assure compelling and unavoidable consequences for transgressors. </p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=422&fit=crop&dpr=1 600w, https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=422&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=422&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=530&fit=crop&dpr=1 754w, https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=530&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/333752/original/file-20200508-49550-305kzd.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=530&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Personnel at Fort George G. Meade, headquarters of the United States Cyber Command.</span>
<span class="attribution"><a class="source" href="https://flickr.com/photos/ftmeade/28008201637/">Fort George G. Meade Public Affairs Office/flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<h2>Early action with diverse responses</h2>
<p>The U.S. Department of Defense “defend forward” policy, laid out in its <a href="https://media.defense.gov/2018/Sep/18/2002041658/-1/-1/1/CYBER_STRATEGY_SUMMARY_FINAL.PDF">2018 strategy</a>, calls for detecting and responding to threats as early as possible. Early action increases effectiveness and minimizes disruption. The commission report calls for this emphasis on early detection and action to be extended to the use of all government powers. It also calls for collaborating with an international coalition that lends strength and legitimacy when responding to cyber attacks. </p>
<p>The three components of this proposed strategy are defined as layers because they need to be applied in combination rather than as separate remedies. In this manner the strategy brings together a diverse array of private and public capabilities, resources and authorities. </p>
<p>The commission’s report includes 80 recommendations for implementing the strategy. For the recommendations that require changes in law, the commission drafted legislative language to assist Congress. The recommendations set the stage for a series of public hearings and outreach to the public. Implementing the strategy will involve changes in procedure, authority, law and ultimately in the behavior of cyberspace stakeholders. </p>
<p>While the commission has transitioned its role to one of advocacy for the report’s recommendations, the work of transforming perceived costs and benefits in cyberspace lies ahead. It will require the work of governments, the private sector and citizens. If the strategy is implemented successfully, nations that contemplate aggression in cyberspace will get the message: if you want to beat one of us, you’ll have to deal with all of us.</p>
<p>[<em>You need to understand the coronavirus pandemic, and we can help.</em> <a href="https://theconversation.com/us/newsletters?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=upper-coronavirus-help">Read The Conversation’s newsletter</a>.]</p><img src="https://counter.theconversation.com/content/133610/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Benjamin Jensen holds a dual appointment as a Professor at the Marine Corps University and as a Scholar-in-Residence at American University. He is a senior fellow at the Atlantic Council and serves as an officer in the U.S. Army Reserves. He served as the Senior Research Director for the U.S. Cyberspace Solarium Commission. The views expressed are his own.</span></em></p><p class="fine-print"><em><span>Chris Inglis does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>In the murky world of cyber espionage and cyber warfare, effective deterrence has long been considered out of reach. A government report argues it’s time to change that.Benjamin Jensen, Professor of Strategic Studies, Marine Corps University; Scholar-in-Residence, American University, American University School of International ServiceChris Inglis, Distinguished Visiting Professor in Cyber Security Studies, United States Naval AcademyLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1328822020-03-05T19:06:43Z2020-03-05T19:06:43ZRansomware attack on sheep farmers shows there’s no room for woolly thinking in cyber security<figure><img src="https://images.theconversation.com/files/318813/original/file-20200305-127897-lg84rw.jpg?ixlib=rb-1.1.0&rect=0%2C2%2C1000%2C473&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">Shire of Katanning</span></span></figcaption></figure><p>While many Australians were preoccupied with <a href="https://theconversation.com/why-are-people-stockpiling-toilet-paper-we-asked-four-experts-132975">panic-buying toilet paper</a>, sales of another commodity encountered a very different sort of crisis. </p>
<p>Wool sales were severely disrupted last week by a <a href="https://www.abc.net.au/news/rural/2020-02-27/ransomware-cyber-attack-cripples-australian-wool-sales/12007912">ransomware attack</a> on IT company <a href="http://www.talman.com.au/">Talman Software</a>, which processes more than 75% of sales in Australia and New Zealand. </p>
<p>A <a href="https://theconversation.com/what-is-ransomware-and-how-to-protect-your-precious-files-from-it-54048">ransomware attack</a> is a form of cyber-extortion, involving software that encrypts all of the files on a system. In this case, cyber-criminals then demanded A$8 million to unlock the files. Talman has refused to pay and has instead built a replacement version of the software.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/ransomware-attacks-on-cities-are-rising-authorities-must-stop-paying-out-122347">Ransomware attacks on cities are rising – authorities must stop paying out</a>
</strong>
</em>
</p>
<hr>
<p>Wool sales were halted for several days and <a href="https://www.farmonline.com.au/story/6658928/at-last-wool-auctions-set-to-resume-after-cyber-hacking/">hastily rescheduled</a>, with an estimated <a href="https://www.farmweekly.com.au/story/6651450/growers-feel-pain-after-wool-sales-abandoned/?cs=4770">70,000 bales</a> held in limbo. The industry’s turnover in a typical week is <a href="https://www.abc.net.au/news/rural/2020-02-27/ransomware-cyber-attack-cripples-australian-wool-sales/12007912">up to A$80 million</a>, but prices may now drop as the postponed sales cause a glut in the market.</p>
<p>A ransomware attack on such an important sector of Australia’s economy shows how vital it is for authorities to defend markets against cyber threats. It is a matter of when, not if, these attacks will happen. There is a ransomware attack on a business every 14 seconds, according to <a href="https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/">research by Cybersecurity Ventures</a>, and by 2021 it will be every 11 seconds.</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/whats-critical-about-critical-infrastructure-73849">What's critical about critical infrastructure?</a>
</strong>
</em>
</p>
<hr>
<h2>Diverse defences</h2>
<p>How do we improve our resilience? One way is to avoid being <a href="https://www.cigionline.org/articles/danger-critical-infrastructure-interdependency">too dependent</a> on particular technologies. The wool industry <a href="https://www.wool.com/about-awi/how-we-consult/wool-systems-selling-review/">already knew</a> Talman Software’s dominant role represented a significant vulnerability. </p>
<p>Having a wider choice of software providers, not to mention an offline alternative, would have reduced or avoided the disruption.</p>
<p><a href="https://theconversation.com/is-australias-electricity-grid-vulnerable-to-the-kind-of-cyber-attacks-taking-place-between-russia-and-the-us-119157">Previous ransomware attacks</a> on vital infrastructure, including last month’s attack against <a href="https://www.afr.com/technology/the-toll-hack-is-a-warning-to-every-australian-business-20200217-p541ha?btis">Toll Group</a>, have shown the need for companies to keep their operations and IT systems <a href="https://www.genians.com/learn-more/insights/the-age-old-separation-of-it-and-ot-has-begun-to-erode-with-the-emergence-of-iot/">separate</a>. </p>
<p>We can define “operations” as the software and hardware that allow a company to keep its assets and processes working. IT systems, meanwhile, are the software and hardware that handles the company’s information and data. </p>
<p>Separating the two would make it harder for hackers to disrupt a company’s operations by invading its IT system. However, this would make it impossible to use IT systems to control operations remotely, which would bring its own pros and cons. Imagine a nuclear power plant – do you fit it with a remote shutdown option that could be crucial in an emergency but might also become a tempting target for hackers?</p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/is-australias-electricity-grid-vulnerable-to-the-kind-of-cyber-attacks-taking-place-between-russia-and-the-us-119157">Is Australia's electricity grid vulnerable to the kind of cyber attacks taking place between Russia and the US?</a>
</strong>
</em>
</p>
<hr>
<h2>Governments need to help</h2>
<p>This issue is bigger than simply a threat to companies’ profits. Although the latest attack targeted a commercial company, it damaged the economic welfare of farmers in two countries. </p>
<p>Fending off future attacks shouldn’t be a job just for companies seeking to safeguard their own profits – governments need to help too. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/hackers-are-now-targeting-councils-and-governments-threatening-to-leak-citizen-data-126190">Hackers are now targeting councils and governments, threatening to leak citizen data</a>
</strong>
</em>
</p>
<hr>
<p>Governments should have a cyber-resilience unit that supports businesses in such emergencies. They should also provide support funds for victims, and national compulsory cyber insurance to guarantee the least disruption possible.</p>
<p>Governments need to defend public and economic infrastructure such as transport networks, power grids and important commercial markets.</p><img src="https://counter.theconversation.com/content/132882/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Roberto Musotto is affiliated with the Cyber Security Research Cooperative Centre (CSCRC), whose activities are partially funded by the Australian Government’s Cooperative Research Centres Programme.</span></em></p><p class="fine-print"><em><span>Mostafa Naser does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The wool industry was paralysed for several days after hackers held to ransom the IT system that governs almost all wool sales in Australia and New Zealand. More attacks are a case of if, not when.Roberto Musotto, Cyber Security Cooperative Research Centre Postdoctoral Fellow, Edith Cowan UniversityMostafa Naser, Lecturer, Edith Cowan UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1294872020-01-13T11:48:09Z2020-01-13T11:48:09ZCyberspace is the next front in Iran-US conflict – and private companies may bear the brunt<figure><img src="https://images.theconversation.com/files/309559/original/file-20200112-103959-1w0dwab.jpg?ixlib=rb-1.1.0&rect=415%2C67%2C2080%2C1519&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">In the wake of U.S. killings, Iran's supreme leader vowed 'harsh revenge' – which could come in the form of cyber attacks.</span> <span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/Iran-Soleimani/e2f14b805bf6438c969cc4aa8f374368/2/0">Office of the Iranian Supreme Leader via AP</a></span></figcaption></figure><p>Iran and other nations have waged a stealth cyberwar against the United States for at least the past decade, largely targeting not the government itself but, rather, critical infrastructure companies. This threat to the private sector will get much worse before it gets better and businesses need to be prepared to deal with it.</p>
<p>As in the days of <a href="https://www.crn.com/news/security/expert-rogue-states-haven-t-been-this-aggressive-since-pirates-roamed-the-seas">pirates and privateers</a>, much of our nation’s critical infrastucture is controlled by private companies and enemy nations and their proxies are targeting them aggressively.</p>
<p>The U.S.-Iran cyberconflict has simmered for years, but the current crisis boiled over with <a href="https://www.state.gov/on-attacks-by-irans-proxies-in-iraq/">Iranian attacks on U.S. interests in Iraq</a> that led to the Jan. 3 U.S. drone strike that <a href="https://www.latimes.com/world-nation/story/2020-01-06/muhandis-was-tehrans-man-in-iraq-his-killing-by-the-u-s-may-have-more-blowback-than-suleimanis">killed a senior Iranian general and terrorist leader</a>. Iran’s supreme leader threatened “<a href="https://www.cnbc.com/2020/01/07/how-iran-could-retaliate-against-the-us-after-solemani-killing.html">harsh revenge</a>,” but said Iran would <a href="https://www.globalsecurity.org/wmd/library/news/iran/2020/iran-200105-presstv08.htm">limit those efforts to military targets</a>.</p>
<p>But even before Iranian missiles struck U.S. military bases in Iraq on Jan. 7, <a href="https://www.dailymail.co.uk/news/article-7852819/Iranian-hackers-breach-government-website-retaliation-airstrike.html">pro-Iranian hackers reportedly attacked</a> at least one U.S. government-related website, along with a number of private company sites. Of greater concern, a new report details significant recent efforts by <a href="https://www.wired.com/story/iran-apt33-us-electric-grid/">Iran to compromise the U.S. electric</a>, oil and gas utilities.</p>
<p>Iran, which has reportedly attacked <a href="https://www.reuters.com/article/us-saudi-aramco-attacks-un-exclusive/exclusive-u-n-investigators-find-yemens-houthis-did-not-carry-out-saudi-oil-attack-idUSKBN1Z72VX">Saudi Arabian energy production</a>, is also capable, according to U.S. officials, of conducting “<a href="https://www.nbcnews.com/news/us-news/iran-has-laid-groundwork-extensive-cyberattacks-u-s-say-officials-n893081">attacks against thousands of electric grids</a>, water plants, and health and technology companies” in the U.S. and Western Europe. Disrupting those systems could cause significant damage to homes and businesses and, in the worst case, injuries and death.</p>
<p>Much of our targeted critical infrastructure is under the control of private companies. Without government protection – and in the absence of any agreed-upon rules of cyber warfare – businesses are at high risk, and strict American criminal laws prohibit many forms of cyber self-defense by private companies. But there are straightforward measures companies can take both to protect themselves and to enhance our collective national cybersecurity. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=430&fit=crop&dpr=1 600w, https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=430&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=430&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=540&fit=crop&dpr=1 754w, https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=540&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/309561/original/file-20200112-103987-fi5bdr.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=540&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Hackers with ties to the Iranian government attacked the Bowman Avenue Dam near New York City in 2016.</span>
<span class="attribution"><a class="source" href="http://www.apimages.com/metadata/Index/Dam-Cyberattack/e4b86953ce4e4047ae689f288e1d0ced/1/0">AP Photo/Seth Wenig</a></span>
</figcaption>
</figure>
<h2>What will Iran do?</h2>
<p>Though it’s impossible to predict with certainty the behavior of the Iranian regime and their many proxies, their cyberattacks likely will continue to go well beyond governmental systems, which are <a href="https://www.cybercom.mil/default.aspx">reasonably well defended</a>. Iran and its supporters likely will focus on easier targets operated by private companies.</p>
<p>A recent U.S. Department of Homeland Security alert highlights <a href="https://www.us-cert.gov/ncas/alerts/aa20-006a">Iran’s capabity and willingness</a> to engage in <a href="https://www.nbcnews.com/news/us-news/iran-has-laid-groundwork-extensive-cyberattacks-u-s-say-officials-n893081">multiple types of destructive cyberattacks</a> over the last decade. According to indictments filed by the U.S. Department of Justice, as cited in the DHS alert:</p>
<ul>
<li><p>Beginning as far back as 2011, Iran has conducted numerous Distributed Denial of Service (DDoS) attacks, sending <a href="https://www.justice.gov/opa/file/834996/download">massive amounts of internet traffic to knock websites offline</a>. Iran’s DDoS attacks have targeted, among others, financial institutions, for whom the resulting downtime reportedly cost millions of dollars.</p></li>
<li><p>In 2013, one or more Iranians working for the country’s Revolutionary Guard <a href="https://www.reuters.com/article/us-usa-iran-cyber-idUSKCN0WQ1JF">illegally accessed the control system of a New York dam</a>, although no direct damage apparently was done. </p></li>
<li><p>In 2014, Iran <a href="https://money.cnn.com/2015/02/27/technology/security/iran-hack-casino/index.html">conducted an attack on the Sands Las Vegas Corporation</a>, stealing customer credit card, Social Security and driver’s license numbers and wiping all data from Sands’ computer systems.</p></li>
<li><p>Between 2013 and 2017, hackers working on behalf of Iran’s Revolutionary Guard conducted a “massive” cyber theft operation targeting academic and intellectual property data, along with email information, from hundreds of universities, more than 45 companies, at least two federal agencies, at least two state governments and the United Nations.</p></li>
</ul>
<p>It is possible that new efforts along these lines could be planned and timed to <a href="https://www.engadget.com/2019/10/04/iran-cyberattacks-targeted-us-presidential-campaign/">affect upcoming American elections</a>. In addition, other countries could launch attacks and <a href="https://securityaffairs.co/wordpress/92770/apt/turla-false-flag-iran.html">try to blame them on Iran, or vice versa</a>.</p>
<h2>No clear cyber rules of engagement</h2>
<p>For conventional and even nuclear warfare, nations have, over the centuries, agreed to rules of armed conflict. They’ve developed ways to signal their intentions to escalate or deescalate a conflict. The U.S. and Iran have, for now, deescalated their public military conflict, thanks to Iran warning of its missile attack and not killing or injuring anyone and the U.S. not taking any further military action.</p>
<p>But cyberspace remains the wild west, with few, if any, <a href="https://theconversation.com/in-a-world-of-cyber-threats-the-push-for-cyber-peace-is-growing-119419">agreed-on rules of engagement</a> or <a href="https://www.americansecurityproject.org/attacking-the-grid-the-danger-of-us-russia-cyber-escalation/">well-understood signaling mechanisms</a>. This makes any ongoing cyberconflict between Iran and its enemies all the more dangerous, with critical infrastructure companies at risk of being caught in the crossfire.</p>
<p>Without government assistance, those companies are largely on their own in defending against Iranian or other foreign government attacks. Strict criminal laws <a href="https://www.lawfareblog.com/legislative-hackback-notes-active-cyber-defense-certainty-act-discussion-draft">severely restrict companies’ defensive options</a>, prohibiting, for example, technologies to trace and destroy stolen data. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=337&fit=crop&dpr=1 600w, https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=337&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=337&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=423&fit=crop&dpr=1 754w, https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=423&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/309495/original/file-20200110-97158-qftkhw.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=423&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Front lines in an Iran-U.S. cyberwar are spread out all over the country.</span>
<span class="attribution"><a class="source" href="https://unsplash.com/photos/M5tzZtFCOfs">Taylor Vick/Unsplash</a>, <a class="license" href="http://creativecommons.org/licenses/by/4.0/">CC BY</a></span>
</figcaption>
</figure>
<h2>Collective cyberdefense</h2>
<p>All of that said, there are steps companies can take to <a href="https://theconversation.com/5-ways-to-protect-yourself-from-cybercrime-120062">protect themselves</a>, not only from Iranian or other governmental attacks but against hacking by data thieves, ransomware gangs, corporate rivals, disgruntled employees or anyone else. </p>
<p>Vigilance and communication is key. Companies, particularly in critical infrastructure sectors such as energy, financial, telecommunications and health care, should stay in closer-than-usual touch with appropriate governmental bodies, including the Department of Homeland Security, the FBI and the appropriate cyber <a href="https://www.nationalisacs.org/member-isacs">Information Sharing & Analysis Centers</a>. ISACs can help companies quickly get threat intelligence from the government and report attacks that may have implications beyond a single company.</p>
<p>Businesses also should carefully check their systems for malware previously inserted maliciously to enable future attacks. They should, of course, scan their systems on an ongoing basis for viruses and other malicious code that could let hackers have unauthorized access to systems or data. <a href="https://www.us-cert.gov/ncas/alerts/aa20-006a">Companies should also</a> <a href="https://theconversation.com/how-secure-is-your-data-when-its-stored-in-the-cloud-90000">securely back up their data</a>, closely monitor data traffic on their networks, require workers to use <a href="https://theconversation.com/the-age-of-hacking-brings-a-return-to-the-physical-key-73094">multi-factor authentication</a> when logging into IT resources, and provide cybersecuritiy training and awareness to employees. </p>
<p>Protecting our national and economic security from attack is in the hands of private citizens and companies in a way that hasn’t been true perhaps since <a href="https://www.britannica.com/event/Dunkirk-evacuation">British boat owners rescued their nation’s army from annihilation</a> at Dunkirk in 1940. By taking reasonable cybersecurity measures, companies, and all of us individually, can not only help protect ourselves and our nation but, perhaps, even help to prevent a war. </p>
<p>[ <em>Like what you’ve read? Want more?</em> <a href="https://theconversation.com/us/newsletters?utm_source=TCUS&utm_medium=inline-link&utm_campaign=newsletter-text&utm_content=likethis">Sign up for The Conversation’s daily newsletter</a>. ]</p><img src="https://counter.theconversation.com/content/129487/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Bryan Cunningham does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Less overt than conventional military actions, cyber attacks can have dangerous consequences – especially when they target critical infrastructure systems controlled by the private sector.Bryan Cunningham, Executive Director of the Cyber Security Policy & Research Institute, University of California, IrvineLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1255782019-10-25T09:53:33Z2019-10-25T09:53:33ZWe aren’t in a cyber war – despite what Britain’s top general thinks<figure><img src="https://images.theconversation.com/files/298543/original/file-20191024-170493-kgf22x.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">Cyber attacks aren't warfare.</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/government-surveillance-agency-military-joint-operation-669170761">Gorodenkoff/Shutterstock</a></span></figcaption></figure><p>The UK is “<a href="https://www.telegraph.co.uk/news/2019/09/29/britain-war-every-day-due-constant-cyber-attacks-chief-defence/?WT.mc_id=tmg_share_tw">at war every day</a>”, the country’s chief of the defence staff, General Sir Nick Carter, recently declared. The reason for Carter’s rather bleak assessment is the proliferation of cyber attacks against Britain’s information networks, and other aggressive but non-violent actions (such as disinformation campaigns) from rival states. He further claimed that the distinction between war and peace has broken down, as competitors increasingly ignore established norms of acceptable behaviour.</p>
<p>Although Carter is right that cyber attacks are a threat to national security, to describe them as war is problematic. War is a distinct activity, with a particular nature. But most cyber attacks are a kind of non-military activity that fall under the broad banner of “<a href="https://foreignpolicy.com/2009/04/08/what-is-grand-strategy-and-why-do-we-need-it/">grand strategy</a>”. </p>
<p>To be sure, Carter is right that warfare is always evolving in line with technology. But our common definitions of the nature of war still largely exclude cyber attacks. War is best defined by scholar of international relations <a href="https://link.springer.com/book/10.1007/978-1-349-24028-9">Hedley Bull</a>, as “organised violence carried on by political units against one another”.</p>
<p>And as 19th-century Prussian general <a href="http://clausewitz.com/">Carl von Clausewitz</a> wrote, war “is a clash … resolved by bloodshed – that is the only way it differs from other conflicts”. States engage in various forms of competition, even conflict. But without violence, they do not constitute war.</p>
<p>By violence, we mean acts of force that result in physical harm to someone or physical damage to something. In contrast to violent acts, most cyber attacks merely manipulate, steal or destroy digital information, causing, at most, economic costs and inconvenience.</p>
<p>That being said, it is theoretically possible for cyber attacks to result in casualties. An attack on air traffic control could produce many casualties. Alternatively, shutting down a power grid (as with <a href="https://www.wired.com/2016/01/everything-we-know-about-ukraines-power-plant-hack/">BlackEnergy, an attack on the Ukrainian grid in 2015</a>) could indirectly result in the deaths of vulnerable citizens. But to date there have been no recorded deaths resulting from cyber attacks.</p>
<p>There is one notable case that gives pause for thought, the <a href="https://spectrum.ieee.org/telecom/security/the-real-story-of-stuxnet">Stuxnet attack on the Iranian nuclear programme</a> (2009-2010). This involved a computer virus that destroyed centrifuges at the uranium enrichment facility in Natanz, Iran. Although there were no fatalities, this incident demonstrates that physical destruction can result from cyber attacks.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=412&fit=crop&dpr=1 600w, https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=412&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=412&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=518&fit=crop&dpr=1 754w, https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=518&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/298546/original/file-20191024-170467-1adav4.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=518&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">Cyber-attacks are inconvenient but haven’t killed anyone.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/man-looking-astonished-network-data-center-95440231?src=5w3GYE4n5T3t0mcZS9DlTQ-1-10">Arjuna Kodisinghe</a></span>
</figcaption>
</figure>
<p>We also need to consider the notion of “<a href="http://www.ethikundmilitaer.de/en/full-issues/20142-cyberwar/taddeo-what-ethics-has-to-do-with-the-regulation-of-cyberwarfare/">cyberharm</a>”. In recent years, some legal experts <a href="https://theconversation.com/cyber-attacks-are-rewriting-the-rules-of-modern-warfare-and-we-arent-prepared-for-the-consequences-117043">have proposed</a> that attacks against information networks should be regulated under the international <a href="https://www.icrc.org/en/document/what-are-rules-of-war-Geneva-Conventions">laws of war</a>. Key to this argument is the idea that information networks are so essential to modern life, that to be without them causes harm – cyberharm. Should this principle be made part of the law, it would bring information networks into line with other essentials for life, such as water supplies, which are already protected by international humanitarian law.</p>
<p>And yet, despite Stuxnet and the rise of cyberharm, war still seems an inappropriate term to describe the vast majority of cyber attacks. Indeed, rather than identifying a new and ambiguous relationship between war and peace, Carter appears to be discussing different methods of grand strategy. Grand strategy has traditionally been based on four main tools available to states: diplomacy, intelligence, military and economic. Cyber power creates a fifth tool. Only the military operates in the realm of war, although the other tools can be used in support.</p>
<p>From a grand strategy perspective, many of the nefarious activities (including electoral interference) that use cyber means are best categorised as “covert operations”. These actions, which have a long history in international politics, are typically conducted by intelligence agencies. Indeed, cyber power has traditionally been under the control of intelligence agencies. In Britain, the National Cyber Security Centre (NCSC) exists within intelligence agency <a href="https://www.gchq.gov.uk/">GCHQ</a>, while in the US, <a href="https://warontherocks.com/2019/04/cyber-command-the-nsa-and-operating-in-cyberspace-time-to-end-the-dual-hat/">Cyber Command</a> is still closely associated with <a href="https://www.nsa.gov/">the National Security Agency</a>.</p>
<h2>Escalation danger</h2>
<p>Why does this all matter? What could be the consequences of expanding our understanding of war? First, there is the danger of escalation to physical forms of attack. If we define cyber attacks as acts of war, then we may feel justified to respond with physical violence. In this way, the threshold for resorting to violence is lowered. For example, in the <a href="https://media.defense.gov/2018/Feb/02/2001872886/-1/-1/1/2018-NUCLEAR-POSTURE-REVIEW-FINAL-REPORT.PDF">2018 Nuclear Posture Review</a>, the Trump administration has threatened nuclear response to non-nuclear strategic attack against critical US infrastructure. </p>
<p>What’s more, war has consequences. In war, governments may feel justified in restricting certain freedoms, diverting resources and expecting certain sacrifices from the population (both in and out of uniform). There is also the danger of “alert fatigue”. If a society is constantly in a state of war, then people’s senses may become dulled to genuine existential threats when they appear. Cyber attacks are a threat, but not an existential threat to the continued existence of the nation. </p>
<p>Treating cyber attacks as a form of warfare means seeing too much novelty in the new cyber domain. Certainly, the technology and techniques of statecraft are changing, but states have always conducted different competitive activities across the entire range of grand strategy. </p>
<p>Cyber attacks can be used in support of military operations. The <a href="https://www.theguardian.com/world/2018/mar/21/israel-admits-it-carried-out-2007-airstrike-on-syrian-nuclear-reactor">2007 Israeli air attack</a> on the Syrian nuclear facility at al-Kibar is <a href="https://www.researchgate.net/publication/296808631_Cyber-combat's_first_shot">suspected to have included</a> cyber attacks on Syria’s radar system. But cyber attacks are more commonly used in non-violent covert operations, including espionage, sabotage, propaganda, etc. Certainly, cyber attack is a security threat that must be addressed. But, in the absence of violence, it does not constitute an act of war. And so <a href="https://www.foreignaffairs.com/articles/2013-10-15/cyberwar-and-peace">cyberwar</a> is a term we should reject.</p><img src="https://counter.theconversation.com/content/125578/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>David J. Lonsdale was part of a research team that received funding from the ESRC for the project 'Ethics and Rights in Cyber Security'. </span></em></p>Treating non-violent cyber attacks as warfare could lead to unnecessary escalation.David J. Lonsdale, Senior Lecturer in War Studies, University of HullLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1167702019-05-10T11:53:24Z2019-05-10T11:53:24ZWhy Huawei security concerns cannot be removed from US-China relations<figure><img src="https://images.theconversation.com/files/273645/original/file-20190509-183080-14q9co.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><span class="source">astudio / Shutterstock.com</span></span></figcaption></figure><p>Huawei’s role in building new 5G networks has become one of the most controversial topics in current international relations. The US is exercising <a href="https://www.bbc.com/news/uk-politics-48198932">direct diplomatic pressure</a> to stop states from using the Chinese telecoms giant. The US government regards Huawei as a clear and present danger to national security and argues that any ally opting for Huawei will compromise vital intelligence sharing among these countries in the future. </p>
<p>So far Australia, New Zealand, Vietnam and Japan have <a href="https://www.theguardian.com/technology/2019/apr/19/where-huawei-is-banned">heeded the US call to ban Huawei</a>. The UK, however, is still considering using Huawei to build non-core elements of its new internet infrastructure. Differences over the matter within the UK government recently led to the <a href="https://theconversation.com/the-secrets-in-how-technology-is-making-public-interest-disclosures-even-harder-116586">sacking of defence secretary, Gavin Williamson</a>.</p>
<p>When assessing the risks of having Huawei involved in building 5G infrastructure, it’s important to consider not just the security risk from Huawei, but also the wider context of international relations. It’s important to first recognise that China is a major cyber-power. </p>
<p>The Chinese government has been using cyber-operations since at least 2006 <a href="https://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html">for strategic and military gains</a>. Tracing the origins of hacks is difficult but China is accused of a number of hacks on government departments <a href="https://www.csis.org/programs/cybersecurity-and-governance/technology-policy-program/other-projects-cybersecurity">in the US and around the world</a>.</p>
<p>Military operations aside, <a href="https://smallwarsjournal.com/jrnl/art/swj-primer-chinese-cyber-espionage-and-information-warfare">US politicians say</a> Chinese cyber-enabled espionage directed at the US economy has resulted in an estimated loss of US$300 billion a year in intellectual property theft. </p>
<h2>Risky business</h2>
<p>Additional risks come from China’s increasing <a href="https://www.ispionline.it/en/pubblicazione/russian-chinese-security-cooperation-and-military-military-relations-21828">military cooperation with Russia</a>, NATO’s main rival. And also that China seems keen to supplement its <a href="https://theconversation.com/chinas-new-silk-road-is-all-part-of-its-grand-strategy-for-global-influence-70862">Belt and Road Initiative</a> of global trade dominance with dominance in cyberspace. Huawei offers highly competitive pricing that could drive out rivals and this potential monopoly could be costly in the long run <a href="https://www.csis.org/analysis/5g-ban-or-not-ban-its-not-black-or-white">for countries that rely too heavily on it</a>.</p>
<p>It is in the context of China’s growing cyber-power that Huawei is seen as a risky business partner when it comes to developing critical infrastructure, such as a new 5G network. Huawei <a href="https://www.ft.com/content/aba92826-18db-11e9-9e64-d150b3105d21">may insist</a> that it is an independent company that does not have ties to the Chinese government, but this is not how it looks to Western powers. According to the CIA, Huawei has received funding from both the Chinese army <a href="https://www.thetimes.co.uk/edition/news/cia-warning-over-huawei-rz6xc8kzk">and Chinese state intelligence</a>. Plus, it does not help that Huawei’s founder, Ren Zhengfei was once an engineer in the Chinese army and that the company’s ownership lies with a “trade union committee” <a href="https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3372669">that is appointed by the state</a>.</p>
<p>Then there’s <a href="https://qz.com/1016531/what-you-need-to-know-about-chinas-intelligence-law-that-takes-effect-today/">China’s National Intelligence Law of 2017</a>, which requires Chinese companies “to provide necessary support, assistance and cooperation” with national intelligence work, if called upon. So Huawei’s assurances that it will not hand over customer data to the government are difficult to trust. All the more so given China’s <a href="https://ccdcoe.org/uploads/2019/03/CCDCOE-Huawei-2018-03-28-FINAL.pdf">track record</a> of using private actors for the purposes of spying.</p>
<h2>Backdoors and vulnerabilities</h2>
<p>If a country’s 5G network is compromised, this could open it up to a number of risks. First, there’s simply access to information that is transmitted across the network. More worryingly, the “internet of things” <a href="https://theconversation.com/5g-what-will-it-offer-and-why-does-it-matter-109010">will be built on 5G</a>. Everyday devices will all be connected – from driverless cars to smart fridges, speakers and traffic signals. </p>
<p>This opens the possibility for a determined actor (whether state or non-state) to control these important processes. A cyber-attack via 5G infrastructure could lead to significant damage to property and even loss of life, and would amount to an armed attack <a href="https://2009-2017.state.gov/s/l/releases/remarks/197924.htm">under international law</a>.</p>
<figure class="align-center ">
<img alt="" src="https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=380&fit=crop&dpr=1 600w, https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=380&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=380&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=478&fit=crop&dpr=1 754w, https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=478&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/273796/original/file-20190510-183080-12lytsj.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=478&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">The internet of things opens up a number of cyber-risks.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/shard-city-london-view-night-business-733225039?src=EBdQFUlEmmTk1OcF1KMUAg-1-15">Shutterstock</a></span>
</figcaption>
</figure>
<p>The UK’s National Cyber Security Centre (NCSC) has a dedicated Huawei Cyber Security Evaluation Centre. Its <a href="https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/790270/HCSEC_OversightBoardReport-2019.pdf">2019 report</a> found no evidence of Chinese state interference or the deliberate introduction of “backdoors” that could be used to siphon off information. But it does criticise Huawei’s technology for being generally vulnerable to attack. The potential risks, however, apply to any equipment vendor that the UK may choose to use instead of Huawei. </p>
<p>In light of the current US government’s tough stance on China, in terms of trade and security, it is fair to ask if the present US warnings have more to do with denying market access to a strong competitor than security concerns? If so, the UK may have to decide whether it values its relations with the US or China more. As well as the security risks that Huawei may pose, the UK must consider the importance of <a href="https://www.theguardian.com/technology/2019/apr/19/where-huawei-is-banned">maintaining its information sharing arrangement</a> with the US and the other “Five Eyes” countries, Australia, New Zealand and Canada.</p>
<p>The trust issue will always remain with Huawei because of its proximity to the Chinese government. But, after the <a href="https://www.bbc.co.uk/news/business-47274643">UK’s top spies said</a> Huawei could be “managed” in terms of potential security risks, the main risk at the moment seems to be diplomatic. Namely, repercussions with Washington and the potential backlash regarding a post-Brexit trade deal and suspension of intelligence sharing. With China potentially becoming a global adversary to <a href="https://foreignpolicy.com/2019/01/22/europes-future-is-as-chinas-enemy/">the West as a whole (not just the US</a>), the UK should bear in mind which side it is choosing when deciding who builds its 5G infrastructure.</p><img src="https://counter.theconversation.com/content/116770/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>The authors do not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and have disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Countries may be forced to choose whether they side with the US or China when it comes to Huawei.Sascha-Dominik (Dov) Bachmann, Associate Professor in International Law (BU) and (extraordinary) Reader in War Studies (SEDU), Bournemouth UniversityAnthony Paphiti, Visiting Research Fellow in Conflict, Rule of Law and Society, Bournemouth UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1131002019-03-12T10:44:58Z2019-03-12T10:44:58ZUS military steps up cyberwarfare effort<figure><img src="https://images.theconversation.com/files/262765/original/file-20190307-82688-1qw70v9.jpg?ixlib=rb-1.1.0&rect=327%2C216%2C2883%2C1916&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The U.S. military is shifting the focus of its cyberwarfare forces.</span> <span class="attribution"><a class="source" href="https://www.afcyber.af.mil/About-Us/Fact-Sheets/Display/Article/1186677/cyber-command-and-control-mission-system/">U.S. Air Force</a></span></figcaption></figure><p>The U.S. military has the capability, the willingness and, perhaps for the first time, the official permission to preemptively engage in active cyberwarfare against foreign targets. The first known action happened as the 2018 midterm elections approached: <a href="https://www.cybercom.mil/">U.S. Cyber Command</a>, the part of the military that oversees cyber operations, <a href="https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html">waged a covert campaign</a> to deter <a href="https://theconversation.com/tracing-the-sources-of-todays-russian-cyberthreat-81593">Russian interference</a> in the democratic process.</p>
<p>It started with texts in October 2018. Russian hackers operating in the <a href="https://slate.com/technology/2018/02/what-we-know-about-the-internet-research-agency-and-how-it-meddled-in-the-2016-election.html">Internet Research Agency</a> – the infamous “<a href="https://www.nytimes.com/2018/02/18/world/europe/russia-troll-factory.html">troll factory</a>” linked to <a href="https://wtop.com/j-j-green-national/2018/09/tale-of-a-troll-inside-the-internet-research-agency-in-russia/">Russian intelligence, Russian private military contractors and Putin-friendly oligarchs</a> – received warnings via <a href="https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html">pop-ups, texts and emails</a> not to interfere with U.S. interests. Then, during the day of the election, the servers that connected the troll factory to the outside world went down.</p>
<p>As scholars who <a href="https://scholar.google.com/citations?hl=en&user=7sjhifoAAAAJ">study technology</a> and <a href="https://scholar.google.com/citations?hl=en&user=S_Ua4fUAAAAJ">international relations</a>, we see that this incident reflects the new strategy for U.S. Cyber Command, called “<a href="https://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-92/jfq-92.pdf">persistent engagement</a>.” It <a href="https://www.lawfareblog.com/persistent-engagement-and-tacit-bargaining-path-toward-constructing-norms-cyberspace">shifts Cyber Command’s priority</a> from reacting to electronic intrusions into military networks to engaging in <a href="https://www.cybercom.mil/Portals/56/Documents/USCYBERCOM%20Vision%20April%202018.pdf?ver=2018-06-14-152556-010">active operations</a> that are less intense than armed conflict but still seek to stop enemies from achieving their objectives. In late 2018, the U.S. goal was to take away Russia’s ability to manipulate the midterm election, even if just briefly. </p>
<h2>Coercion is difficult</h2>
<p>Cyber Command’s operation against the troll factory was part of a sophisticated campaign that targeted individuals – Internet Research Agency workers – and systems – the organization’s internet connection. </p>
<p>In military terms, that effort generated “friction,” or difficulty for opposing forces to perform even mundane tasks. Russian hackers and trolls may wonder how a foreign government got their information, or was able to take their workplace offline. They might be worried about personal vulnerabilities, weaknesses in their own systems or even what else Cyber Command might do if they don’t stop trolling.</p>
<p>Our research has found that covert activities that are not as clear as armed conflict <a href="https://global.oup.com/academic/product/cyber-strategy-9780190618094?cc=us&lang=en&">don’t always change a target’s behavior</a>. Successful coercion efforts tend to require clear signals of both capability and resolve – assurance that the defender both can respond effectively and will do so, in order to prevent the attacker from taking a desired action.</p>
<p>Digital operations are often the opposite – concealing that anything has happened, as well as who might have done it. </p>
<p>Even when a defender shows an adversary what it is capable of, there are few guarantees that deterrence will work. It is tough to force a determined aggressor to back down. Most scholarly studies of coercion – whether in the form of <a href="https://global.oup.com/academic/product/cyber-strategy-9780190618094?cc=us&lang=en&">cyber action</a>, <a href="https://www.jstor.org/stable/2539368">economic sanctions</a> or <a href="http://www.cornellpress.cornell.edu/book/?GCOI=80140100444280">limited air strikes</a> – show how hard it is to change an adversary’s behavior.</p>
<p>As we have found, all of these signals, digital and otherwise, are <a href="https://global.oup.com/academic/product/cyber-strategy-9780190618094?cc=us&lang=en&">most effective</a> when used by more technologically sophisticated countries, like the U.S., who can combine them with other instruments of national power such as economic sanctions and diplomacy. Actions in the shadows can produce friction, but on their own are unlikely to change an opponent’s behavior.</p>
<p>Through <a href="https://www.wired.com/story/how-instagram-became-russian-iras-social-network/">targeted social media posts</a>, Russians have amplified political fault lines in the United States. Social media makes it easy for misinformation to spread, even long after false stories are planted. There will always be “<a href="https://www.washingtonpost.com/opinions/putins-useful-idiots/2018/02/20/c525a192-1677-11e8-b681-2d4d462a1921_story.html">useful idiots</a>” who will circulate disinformation and misinformation.</p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=400&fit=crop&dpr=1 600w, https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=400&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=400&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/262767/original/file-20190307-82669-anbioz.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">What cyber service members get up to could have complicated repercussions.</span>
<span class="attribution"><a class="source" href="https://www.cybercom.mil/Media/Images/igphoto/2001826737/">Chief Petty Officer Dennis Herring/U.S. Cyber Command</a></span>
</figcaption>
</figure>
<h2>Entering risky territory</h2>
<p>It’s not clear that U.S. military hacking of Russian internet connections will put a damper on Putin’s <a href="https://theconversation.com/russian-influence-operations-extend-into-egypt-111167">global</a> <a href="https://theconversation.com/putins-cyber-play-what-are-all-these-russian-hackers-up-to-65777">information warfare</a> campaign. </p>
<p>It’s also not yet clear whether there will be – or even has already been – any sort of retaliation. There may be a point at which the conflict escalates, threatening the <a href="https://theconversation.com/as-russians-hack-the-us-grid-a-look-at-whats-needed-to-protect-it-100489">electricity grid</a>, <a href="https://theconversation.com/why-the-russians-might-hack-the-boy-scouts-next-102229">civic groups</a>, <a href="https://theconversation.com/russians-hack-home-internet-connections-heres-how-to-protect-yourself-95907">private homes</a> or <a href="https://theconversation.com/if-the-12-indicted-russians-never-face-trial-in-the-us-can-anything-be-gained-99997">voting systems</a>.</p>
<p>It’s valuable for the U.S. to introduce friction against enemies who seek to harm the American way of life. But it’s equally important to consider the potential for escalation to more widely harmful forms of conflict. This type of cyberoffensive may succeed at pushing back Russian disinformation. Or it may just be the government’s attempt to do something – anything – to convince the public it’s engaging the threat. Quick wins, like shutting down a troll factory for a few days, could produce much bigger longer-term consequences in a connected world.</p><img src="https://counter.theconversation.com/content/113100/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Benjamin Jensen receives funding from the Carnegie Corporation, Office of Naval Research and Koch Foundation. He is affiliated with the Atlantic Council and is an officer in the U.S. Army Reserve. The views expressed are his own. None of these affiliations were used to sponsor the research linked to this article. </span></em></p><p class="fine-print"><em><span>Brandon Valeriano receives funding from Carnegie Corporation. He is affiliated with the Atlantic Council. The views expressed are his own. None of these affiliations were used to sponsor the research linked to this article.</span></em></p>A new strategy for U.S. Cyber Command seeks to block enemies from achieving their objectives – but may not be successful, and could have unforeseen consequences.Benjamin Jensen, Associate Professor of International Relations, Marine Corps University; Scholar-in-Residence, American University School of International ServiceBrandon Valeriano, Professor of Armed Politics, Marine Corps UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1112832019-02-15T13:19:41Z2019-02-15T13:19:41ZCyber spies for hire: efforts to control cyber weapons ignore the agents who use them<figure><img src="https://images.theconversation.com/files/258509/original/file-20190212-174867-8p1w0x.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/download/success?u=http%3A%2F%2Fdownload.shutterstock.com%2Fgatekeeper%2FW3siZSI6MTU1MDAwODUyNSwiYyI6Il9waG90b19zZXNzaW9uX2lkIiwiZGMiOiJpZGxfMTI0MzM2MzU0NiIsImsiOiJwaG90by8xMjQzMzYzNTQ2L21lZGl1bS5qcGciLCJtIjoxLCJkIjoic2h1dHRlcnN0b2NrLW1lZGlhIn0sIkE1Q3V3WS9wMVBBOWtyVHV4RlFNaDdlYzhMNCJd%2Fshutterstock_1243363546.jpg&pi=33421636&m=1243363546&src=_nSShWvAJgVFTwoiCRVeOw-1-0">Maksim Shmeljov/Shutterstock</a></span></figcaption></figure><p>Reports of malicious and targeted cyber attacks are becoming increasingly common around the world. In early February, for example, Australia’s security agencies revealed there <a href="https://www.theguardian.com/australia-news/2019/feb/08/asio-australian-security-services-hack-data-breach-investigate-attempted-cyber-attack-parliament">were investigating an attempted hack</a> on the country’s parliament, and hadn’t ruled out another country being behind it. </p>
<p>As more complex and potentially damaging attacks into critical national infrastructure systems are <a href="https://www.independent.co.uk/life-style/gadgets-and-tech/news/russian-hacking-attacks-us-power-grid-sewage-explosions-a8462691.html">discovered</a>, calls are growing louder for international rules to govern this emerging battlefront. </p>
<p>Efforts towards cyber-arms control have predominantly centred around a model where the “arms” relates to weaponised code – specific hacking tools or the software vulnerabilities that enable them. Attempts have been made to curtail the proliferation and spread of what are called “zero-day exploits” – the flaws in a program’s code that allow malicious attackers to interfere with the systems that run them. </p>
<p>A recent Reuters <a href="https://www.reuters.com/investigates/special-report/usa-spying-raven/">expose</a> of the operations of a clandestine wing of the United Arab Emirates’ (UAE) National Electronic Security Authority (NESA) exposed another component of offensive cyber-attacks – expertise. This issue sparked further international attention when the FBI announced charges in mid February against Monica Witt, a former US Air Force analyst, accused of <a href="https://www.theguardian.com/world/2019/feb/13/monica-witt-air-force-charged-spying-iran">espionage</a> and defecting to Iran.</p>
<h2>Cyber mercenaries</h2>
<p>The Reuters investigation detailed how some former employees of the US National Security Agency (NSA), operatives with expertise in digital penetration techniques, online intelligence gathering and offensive cyber-operations, were contracted via a Maryland-based firm to work for the UAE. </p>
<p>The investigation makes specific mention of one of the tools – Karma – that these contractors employed on behalf of the UAE against specific targets. This hacking tool allowed its operators to gain uninvited and remote access to a target’s Apple phone through an unspecified flaw which is now believed to have been fixed by Apple. Reuters reported that the targets of these attacks ranged from human rights activists, to American journalists.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"1090703800782835713"}"></div></p>
<p>The article raised questions about whether these contractors might have provided their NESA employees with advanced cyber-capabilities developed by their former employer, the NSA. But the subtext of the Reuters investigation is that the expertise of these former intelligence officers is just as attractive to their new employers as any tools they might bring with them. </p>
<p>In a separate article, specifically <a href="https://www.reuters.com/investigates/special-report/usa-spying-karma/">examining Karma</a>, Reuters alleges that it was purchased by the Emirati government from a vendor outside of the country. In effect, the UAE had hired a team of out-of-work specialist engineers who couldn’t bring the tools they had used in the US with them, so it then bought them the tools they needed to get the job done. This suggests that there are two components required to kit out any state or group with advanced cyber-capability: the tools and the expertise. </p>
<h2>Tools and expertise</h2>
<p>Global efforts are underway to govern the tools used in cyber attacks, such as the <a href="https://cyberstability.org/news/global-commission-introduces-six-critical-norms-towards-cyber-stability/">Global Commission on the Stability of Cyberspace</a>, which introduced a series of international norms about the use of cyberspace to promote the stability of the internet and good practice of everyone involved. Other efforts have been on the the legislative level, such as specific additions to the <a href="https://www.wassenaar.org/">Wassenaar Arrangement</a>, an export control arrangement that seeks to curtail the spread of civilian technologies that can be put to militarised use. But the expertise of cyber operatives has so far seen limited attention. </p>
<p>In the scenario described by Reuters, NESA and its Project Raven could not have operated without either the tools or the expertise. The tool itself – Karma – and the expertise and experience required to use it and train others to do so, both require significant investment. </p>
<p>The dangers of state investment in the collecting of software flaws and the creation of powerful tools which then exploit these previously unknown weaknesses was painfully demonstrated through the <a href="https://www.wired.com/story/eternalblue-leaked-nsa-spy-tool-hacked-world/">leaking</a> of the vulnerability stockpiled by the NSA, EternalBlue. This was the backbone of the WannaCry attack which made international headlines in 2018 through its impact on the British NHS and other international business and government services. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/heres-how-the-ransomware-attack-was-stopped-and-why-it-could-soon-start-again-77745">Here's how the ransomware attack was stopped – and why it could soon start again</a>
</strong>
</em>
</p>
<hr>
<p>But concerns should be growing about the capability that states invest in the skill sets of the people who discover and then weaponise flaws in the software which power our increasingly interconnected and internet-dependent lives. Governments across the world are <a href="https://www.gov.uk/government/news/new-strategy-sets-ambitions-for-a-cyber-security-workforce-fit-for-the-future">gearing up</a> for what they see as the next domain of warfare by trying to recruit existing <a href="https://www.theguardian.com/media/2011/dec/01/gchq-computer-hackers-ad">talent</a> to government projects or through training the next generation of cyber-security experts who they hope will give them an advantage. </p>
<p>There’s a risk that in global efforts which focus on states’ use of cyber tools and exploitation of vulnerabilities in programming code, there is a legislative and governance gap developing. This could see states invest in training the cyber spies, saboteurs or soldiers of the future only to find those critical skills and the capability they provide being snapped up by the highest bidder.</p><img src="https://counter.theconversation.com/content/111283/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Alexi Drew does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>Cyber attacks need two components – the tools to exploit vulnerabilities and the people with the expertise to deploy them.Alexi Drew, Research Associate, King's College LondonLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/1005032018-07-26T19:14:39Z2018-07-26T19:14:39ZWith hacking of US utilities, Russia could move from cyberespionage toward cyberwar<figure><img src="https://images.theconversation.com/files/229465/original/file-20180726-106505-1lqgnxm.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">What constitutes cyberwar?</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/toy-soldiers-protect-computer-hacker-attacks-1101350894">manusapon kasosod/Shutterstock.com</a></span></figcaption></figure><p>Even before the revelation on July 23 that <a href="https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110">Russian government hackers had penetrated the computer systems of U.S. electric utilities</a> and could have caused blackouts, government agencies and electricity industry leaders were working to protect U.S. customers and society as a whole. These developments, alarming as they might seem, are not new. But they highlight an important distinction of conflict in cyberspace: between probing and attacking. </p>
<p>Various adversaries – including Russia, but also <a href="https://cchs.gwu.edu/sites/g/files/zaxdzs2371/f/Cilluffo%20Testimony%20for%20HHSC%203-22-2017.pdf">China, North Korea and Iran</a> – have been testing and mapping U.S. industrial systems for years. Yet to date there has been no public acknowledgment of physical damage from a foreign cyberattack on U.S. soil on the scale of <a href="https://www.wired.com/story/russian-hackers-attack-ukraine/">Russia shutting off electricity in the Ukrainian capital</a> or Iran attacking a Saudi Arabian government-owned oil company, <a href="https://foreignpolicy.com/2017/12/21/cyber-attack-targets-safety-system-at-saudi-aramco/">destroying tens of thousands of computers</a> and <a href="https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html">allegedly attempting to cause an explosion</a>.</p>
<p>The U.S. and its allies have substantial capabilities, too, some of which have reportedly been directed against foreign powers. <a href="https://www.csoonline.com/article/3218104/malware/what-is-stuxnet-who-created-it-and-how-does-it-work.html">Stuxnet</a>, for instance, was a cyberattack often <a href="https://arstechnica.com/tech-policy/2012/06/confirmed-us-israel-created-stuxnet-lost-control-of-it/">attributed to the U.S. and Israel</a> that disrupted Iran’s nuclear weapons development efforts.</p>
<p>The distinction between exploiting weaknesses to gather information – also known as “<a href="https://www.rand.org/content/dam/rand/pubs/monograph_reports/2007/MR1287.pdf">intelligence preparation of the battlefield</a>” – and using those vulnerabilities to actually do damage is impossibly thin and depends on the intent of the people doing it. Intentions are notoriously difficult to figure out. In global cyberspace they may change depending on world events and international relations. The dangers – to the people of the U.S. and other countries both allied and opposed – underscore the importance of international agreement on what constitutes an act of war in cyberspace and the need for clear rules of engagement.</p>
<h2>Advanced adversaries</h2>
<p>In July the Center for Cyber and Homeland Security at George Washington University, where we serve, hosted a <a href="https://cchs.gwu.edu/protecting-energy-infrastructure-forum">forum on protecting energy infrastructure</a>. At that event, a Duke Energy Corporation executive reported that in 2017, the company experienced <a href="https://www.bna.com/duke-energy-hit-n73014477416/">over 650 million attempts</a> to intrude into their system. That number is startling, though hard to contextualize. More generally, however, some efforts directed against the U.S. are extremely sophisticated. </p>
<p>Federal officials have said that starting in 2016, continuing in 2017 and <a href="https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110">likely still ongoing</a>, Russian government attacks took advantage of trusting relationships between key vendors of services related to equipment and operations for utility companies. Compromising the vendors’ computers was the first step toward breaching the security of <a href="https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110">systems not directly connected to the internet</a>.</p>
<p>It’s not just electric utilities – crucial though they are to <a href="https://theconversation.com/space-weather-threatens-high-tech-life-92711">almost every aspect of modern society</a>. The Russian intrusion targeted computerized industrial control systems that are at the beating hearts of every part of critical public and private infrastructure, including water, energy, telecommunications and <a href="https://www.bbc.com/news/technology-30575104">manufacturing</a>. In the U.S., <a href="https://www.dhs.gov/critical-infrastructure-sector-partnerships">more than 85 percent of those critical potential targets</a> are owned and operated by private companies. Once considered safely on home soil far from conflict, these firms are now at the center of the international cyberspace battleground.</p>
<h2>Setting up defenses</h2>
<p>The energy industry has invested heavily in protecting itself, and is leveraging a sector-wide collaboration called the <a href="https://www.eisac.com/">Electricity Information Sharing and Analysis Center</a> to communicate between companies about warnings and threats to grid operations. But the task is too great – and the consequences to public health and safety too severe – for private companies to handle the burden on their own. As a result, the U.S. Department of Homeland Security has been investigating breaches like the Russian intrusions, and briefing industry leaders about what it finds. </p>
<figure class="align-center zoomable">
<a href="https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=1000&fit=clip"><img alt="" src="https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&fit=clip" srcset="https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=355&fit=crop&dpr=1 600w, https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=355&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=355&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=446&fit=crop&dpr=1 754w, https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=446&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/229488/original/file-20180726-106517-q5ilet.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=446&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px"></a>
<figcaption>
<span class="caption">Homeland Security Secretary Kirstjen Nielsen speaks to government, corporate and academic experts on critical infrastructure.</span>
<span class="attribution"><a class="source" href="https://preview.dhs.gov/blog/2018/03/02/secretary-nielsen-addresses-2018-critical-infrastructure-summit">U.S. Department of Homeland Security</a></span>
</figcaption>
</figure>
<p>For instance, the Wall Street Journal reported that DHS cybersecurity experts are “<a href="https://www.wsj.com/articles/russian-hackers-reach-u-s-utility-control-rooms-homeland-security-officials-say-1532388110">looking for evidence that the Russians are automating their attacks</a>, which … could presage a large increase in hacking efforts.” That possibility, taken together with the energy-sector focus of the utility-hacking effort and the perpetrators’ interest in industrial control systems, could be a signal that Russia may be considering shifting from exploring U.S. utility systems to actually attacking them.</p>
<p>An upcoming meeting may deepen federal-corporate collaboration: On July 31, the Department of Homeland Security is hosting a <a href="https://www.dhs.gov/news/2018/07/18/department-homeland-security-host-national-cybersecurity-summit">National Cybersecurity Summit</a> to bring together government, industry and academic experts in protecting the country’s most important infrastructure. It will take all their efforts to keep up with the threats, particularly as the underlying techniques and technologies continue to evolve. The “internet of things,” for instance, <a href="https://theconversation.com/using-blockchain-to-secure-the-internet-of-things-90002">connects physical devices in ways that merge the virtual world with the real one</a> – making people only as safe as the weakest link in the network or supply chain.</p>
<p>The federal hint about identifying automated attacks offers a glimpse into the not-too-distant future. In 2017, Russian President Putin declared that “<a href="https://www.cnn.com/2017/09/01/world/putin-artificial-intelligence-will-rule-world/index.html">Whoever becomes the leader in [artificial intelligence] will become the ruler of the world</a>.” In May 2018, Chinese President Xi Jinping told the Chinese Academies of Sciences and Engineering of his plan to make China “<a href="http://www.xinhuanet.com/english/2018-05/29/c_137213175.htm">a world leader in science and technology</a>,” which includes “integration of the internet, big data, and artificial intelligence with the real economy.”</p>
<p>Those statements, and the inexorable march of research and development, mean that <a href="https://theconversation.com/teaching-machines-to-teach-themselves-88374">machine learning</a> – and ultimately <a href="https://theconversation.com/how-quantum-mechanics-can-change-computing-80995">quantum computing</a> too – will play an increasing role in cyberespionage and cyberwarfare, as well as cybersecurity. The line between probing and attacking – and between defensive readiness and offensive preparation – may get even thinner.</p><img src="https://counter.theconversation.com/content/100503/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Frank J. Cilluffo is affiliated with the Center for the Study of the Presidency & Congress, the National Consortium for Advanced Policing, BlackHorse Solutions, and Nisos. </span></em></p><p class="fine-print"><em><span>Sharon L. Cardash does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The difference between probing and mapping and actually attacking depends on the intent of the people doing it, which is hard to figure out and may change. The dangers, however, remain worrying.Frank J. Cilluffo, Director, Center for Cyber and Homeland Security, George Washington UniversitySharon L. Cardash, Associate Director, Center for Cyber and Homeland Security, George Washington UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/940232018-03-27T08:15:32Z2018-03-27T08:15:32ZIs counter-attack justified against a state-sponsored cyber attack? It’s a legal grey area<figure><img src="https://images.theconversation.com/files/212136/original/file-20180327-188616-1ccmbhv.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">The US has charged and sanctioned nine Iranians and an Iranian company for cyber attacks.</span> <span class="attribution"><a class="source" href="https://www.flickr.com/photos/parmida/5812643468/in/photolist-2bNKpX-9RDjoQ-wD8QxF-vGg7TF-GeuWJ7-GgPeQn-AmgqE7-AHKwKr-AHKwSF-AGCDYb-BvA4fC-AmgopW-AeMEwY-b3K5Zk-91uLdY-6z94vc-kTVkQS-kTVkbf-kTVkd9-kTVf3u-kTTHyg-kTTHWa-5G9SRp-4P8ZBH-FXxDQ5-AZfbMe-AGBGJ3-A3mATr-B1e7wc-AZeoFM-AY4jSN-AoAjLV-Amh88F-B7E1rP-ARyFbY-B1dpmg-5r41oW-4P8Zyt">Parmida Rahimi/Flickr</a>, <a class="license" href="http://creativecommons.org/licenses/by-sa/4.0/">CC BY-SA</a></span></figcaption></figure><p>On March 23, the US Department of Justice commenced perhaps the <a href="https://www.c-span.org/video/?443007-1/iranians-indicted-multiple-university-hacking-charges">largest prosecution</a> of a state-sponsored cyber attack. It <a href="https://www.justice.gov/opa/pr/nine-iranians-charged-conducting-massive-cyber-theft-campaign-behalf-islamic-revolutionary">indicted nine Iranians</a> for carrying out:</p>
<blockquote>
<p>a coordinated campaign of cyber intrusions into computer systems belonging to 144 US universities, 176 universities across 21 foreign countries, 47 domestic and foreign private sector companies … [and] the United Nations…</p>
</blockquote>
<p>At least 31.5 terabytes of data was allegedly stolen and <a href="https://assets.documentcloud.org/documents/4419747/Read-the-Justice-Dept-indictment-against-Iranian.pdf">Australian universities were targeted</a>, although specific institutions are not named. </p>
<p>History suggests that this response is unlikely to deter future attacks, and that counter-attacks are a more effective strategy. But would it be justified? Current international law focuses on armed attack, not cyber attack as a justification for state action taken in self-defence. </p>
<p>As cyber attacks become more common, international law needs to clear up this grey area.</p>
<h2>How they did it and what was taken</h2>
<p>The <a href="https://assets.documentcloud.org/documents/4419747/Read-the-Justice-Dept-indictment-against-Iranian.pdf">indictment alleges</a> that defendants Gholamreza Rafatnejad and Ehsan Mohammadi are founders of <a href="http://mabna-ins.com/">Mabna Institute</a> – an organisation established for the purpose of scientific espionage. Mabna is alleged to have contracted with Iranian governmental agencies (including the Islamic Revolutionary guard) to conduct hacking on their behalf. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/following-the-developing-iranian-cyberthreat-85162">Following the developing Iranian cyberthreat</a>
</strong>
</em>
</p>
<hr>
<p>The defendants allegedly engaged in a conspiracy <a href="https://assets.documentcloud.org/documents/4419747/Read-the-Justice-Dept-indictment-against-Iranian.pdf">to compromise computer accounts</a> of thousands of professors to steal research data and intellectual property, costing the US approximately US$3.4 billion. They allegedly conducted surveillance and sent professors targeted “<a href="https://www.scamwatch.gov.au/types-of-scams/attempts-to-gain-your-personal-information/phishing/whaling-spear-phishing">spearphishing</a>” emails to lure them into providing access to their computer systems.</p>
<p>Valuable data was transferred from the compromised IT systems to the hackers, according the the indictment. Over 100,000 professors were apparently targeted and approximately 8,000 email accounts compromised. </p>
<p>Private companies were also targeted – none Australian – via “password spraying”, said the US Department of Justice. This is a technique whereby the attacker identifies the email accounts of a target via public search and gains access to the account using common or default passwords.</p>
<h2>Prosecution is an insufficient response</h2>
<p>The defendants are charged with committing <a href="https://www.law.cornell.edu/uscode/text/18/1030">fraud and related activity in connection with computers</a>, conspiracy, <a href="https://www.law.cornell.edu/uscode/text/18/1343">wire fraud</a>, <a href="https://www.law.cornell.edu/uscode/text/18/1030">unauthorised access of a computer</a>, and <a href="https://www.law.cornell.edu/uscode/text/18/1028A">identity theft</a>. Each charge carries a prison sentence ranging from two years to 20 years.</p>
<p>The prosecution is a necessary, but insufficient response to these cyber attacks. </p>
<p>The defendants are based in Iran and are unlikely to be brought to justice. Previously, US prosecutors have <a href="https://www.justice.gov/opa/pr/seven-iranians-working-islamic-revolutionary-guard-corps-affiliated-entities-charged">charged Iranian hackers</a> with attacks against financial institutions and a dam in New York to no avail. </p>
<p>And hacking has escalated – <a href="https://www.reuters.com/article/us-usa-russia-sanctions-energygrid/in-a-first-u-s-blames-russia-for-cyber-attacks-on-energy-grid-idUSKCN1GR2G3">the US accused Russia of compromising the US electricity grid</a> and attacks against other countries are <a href="https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html">also alleged</a>.</p>
<h2>Counter-attack a better deterrent</h2>
<p>Rogue states such as Iran, Russia, and North Korea are only likely to be deterred against conducting cyber attacks if their targets have robust self-defense and counter-attack capabilities. However, the legal status of cyber attacks and the appropriate responses are not clear in international law.</p>
<p>Under the <a href="http://www.un.org/en/charter-united-nations/">UN Charter</a>, states have an <a href="http://www.un.org/en/sections/un-charter/chapter-i/index.html">obligation</a> to refrain “from the threat or use of force against the territorial integrity or political independence of any state”. Crucially, states possess an “inherent <a href="http://www.un.org/en/sections/un-charter/chapter-vii/index.html">right</a> of individual or collective self-defence if an armed attack occurs”. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/cybersecurity-of-the-power-grid-a-growing-challenge-73102">Cybersecurity of the power grid: A growing challenge</a>
</strong>
</em>
</p>
<hr>
<p>The key questions then are whether a cyber attack amounts to a “use of force”, whether hacking attributable to a state amounts to an “armed attack”, and if a cyber attack violates “territorial integrity”. Traditionally, international law has answered these questions with reference to acts of physical violence – conventional military strikes. </p>
<p>It’s likely that a large scale cyber attack against a state that has physical consequences within its territory may be characterised as a “use of force”, and may violate “territorial integrity” under the charter. For instance, attacks that turn self-driving cars into weapons, knock out nuclear stations or paralyse the power grid might reach this threshold.</p>
<p>But what if the attack is designed to sow confusion or generate internal discord, such as in the case of Russian hacking of the US election? Or attacks directed beyond a particular country? This is a harder question and not settled currently. Similarly, it’s not certain that even large scale hacking would rise to the level of an “armed attack”.</p>
<h2>Precedent in international law</h2>
<p>In 1984, <a href="http://www.icj-cij.org/files/case-related/70/6505.pdf">Nicaragua</a> brought <a href="http://www.icj-cij.org/files/case-related/70/9615.pdf">proceedings against the US</a> in response to American support for the <a href="https://www.history.com/this-day-in-history/reagan-gives-cia-authority-to-establish-the-contras">Contras</a> (rebels fighting the government). In that case, the International Court of Justice <a href="http://www.icj-cij.org/en">(ICJ)</a> opined that armed attack might also include:</p>
<blockquote>
<p>the sending by a State of armed bands on to the territory of another State, if such an operation, because of its scale and effects, would have been classified as an armed attack had it been carried out by regular armed forces. </p>
</blockquote>
<p>Crucially, the ICJ underlined the principle of non-intervention: </p>
<blockquote>
<p>Intervention is wrongful … [using] methods of coercion, particularly force, either in the direct form of military action or in the indirect form of support for subversive activities in another State. </p>
</blockquote>
<p>Based on the Nicaragua case, if a cyber attack has sufficient “scale and effects” it may amount to an armed attack. More importantly, if the attacks are attributable to a state (in this case the Islamic Revolutionary Guard) – or are within its overall or effective control or direction – it would appear that the armed attack would give rise to the right to self-defence. </p>
<hr>
<p>
<em>
<strong>
Read more:
<a href="https://theconversation.com/cyber-peacekeeping-is-integral-in-an-era-of-cyberwar-heres-why-90646">Cyber peacekeeping is integral in an era of cyberwar – here's why</a>
</strong>
</em>
</p>
<hr>
<p>However, this may be difficult to establish in practice – there may not be sufficient evidence connecting the hacker to the state to show control, and hence attribution. </p>
<p>So, what are the permissible self-defence responses under international law? Could the US launch military strikes against Iran or Russia for these incidents if they are found to be behind these attacks? The legality of such strikes is not clear even though the US might claim such status. </p>
<p>The international community should set bright line rules on this matter before an expansive reading of self-defence triggers war. The NATO Cooperative Cyber Defence Centre of Excellence’s <a href="https://ccdcoe.org/sites/default/files/documents/CCDCOE_Tallinn_Manual_Onepager_web.pdf">Tallinn Manual 2.0</a> is a start, but a binding instrument is needed. John Bolton’s appointment as US President Donald Trump’s National Security Advisor makes this an urgent priority because a military strike in response to the next major cyber attack is a <a href="https://theconversation.com/in-john-bolton-donald-trump-has-an-adviser-whos-radical-even-by-neocon-standards-93883">realistic prospect</a>.</p><img src="https://counter.theconversation.com/content/94023/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Sandeep Gopalan does not work for, consult, own shares in or receive funding from any company or organisation that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.</span></em></p>The international community should set bright line rules on appropriate responses to cyber attacks before an expansive reading of the “self-defense” clause triggers war.Sandeep Gopalan, Pro Vice-Chancellor (Academic Innovation) & Professor of Law, Deakin UniversityLicensed as Creative Commons – attribution, no derivatives.tag:theconversation.com,2011:article/906462018-01-29T12:55:18Z2018-01-29T12:55:18ZCyber peacekeeping is integral in an era of cyberwar – here’s why<figure><img src="https://images.theconversation.com/files/203430/original/file-20180125-102754-13r62um.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=496&fit=clip" /><figcaption><span class="caption">
</span> <span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/military-operation-action-soldiers-using-grade-761940757?src=jy6Qq4Fh3uPQ0cey2CDh2w-1-70">Shutterstock</a></span></figcaption></figure><p>Cyber warfare is upon us, from interference in <a href="https://edition.cnn.com/2016/12/26/us/2016-presidential-campaign-hacking-fast-facts/index.html">elections</a> to a <a href="https://www.nytimes.com/2017/11/12/us/nsa-shadow-brokers.html">leak of cyber weapons</a> from a national stockpile. And, as with most evolutions in warfare, the world is largely unprepared. Cyber peacekeeping presents significant challenges, which we explore in our <a href="https://arxiv.org/abs/1710.09616">research</a>.</p>
<p>Any theatre of war now includes cyberspace. It has been used in targeted attacks to disable an adversary’s capabilities, such as <a href="https://theconversation.com/stuxnet-is-scary-but-human-safety-should-come-first-18576">Stuxnet</a>, where Iran’s ability to enrich weapon-grade Uranium was disrupted. It can also be exploited in traditional warfare through electronic interference with intelligence and communication systems.</p>
<p>With little to guide nations and scant experience to build upon, many states are having to learn the hard way. In the context of warfare, it takes a long time to understand the impact of new technologies. One only need look at the example of landmines to see why. Once considered a legitimate weapon to stifle enemy movement, most countries now agree that landmines are indiscriminate and disproportionate weapons that cause civilian suffering long after a conflict has ended. </p>
<p>It’s possible that cyber warfare holds unknown consequences that future world leaders will agree to ban for similar, gut-wrenching reasons in the aftermath. </p>
<p>There are, however, efforts to fill the gaps in knowledge. Researchers, such as my colleague <a href="https://www.semanticscholar.org/paper/Cyber-warfare-Issues-and-challenges-Robinson-Jones/0490743c0605849e9a9e4882ccf482de372a5e12">Michael Robinson</a>, have attempted to characterise cyber warfare to understand how it can be effectively and ethically conducted. These include efforts to create cyber warfare laws to the control and restriction of cyber weapons.</p>
<p>These efforts are beginning to bear fruit, with the <a href="http://assets.cambridge.org/97811070/24434/frontmatter/9781107024434_frontmatter.pdf">Tallinn Manual</a> – first published in 2013 – offering a comprehensive analysis of how existing international law applies to cyberspace.</p>
<h2>Stop the fight</h2>
<p>But while a large proportion of research focuses on how to conduct cyber warfare, there is very little research on restoring peace in the aftermath of an online conflict between nation states.</p>
<p>Just as we cannot expect a nation to spring back to peace and prosperity following years of boots-on-the-ground war, countries affected by prolonged periods of cyber warfare also need assistance to recover.</p>
<p>A nation’s reliance on critical infrastructure brings the need to understand the damage cyber warfare can inflict on a society into sharp focus. Computer systems running essential services at <a href="https://theconversation.com/heres-how-the-ransomware-attack-was-stopped-and-why-it-could-soon-start-again-77745">hospitals</a>, <a href="https://theconversation.com/unheeded-cybersecurity-threat-leaves-nuclear-power-stations-open-to-attack-49258">nuclear power plants</a> and <a href="https://www.theregister.co.uk/2016/03/24/water_utility_hacked">water treatment plants</a> may be infected with advanced malware, which resists removal and prolongs civilian suffering – much like landmines persist long after a conflict ends. The physical effects of cyber weapons make <a href="https://arxiv.org/abs/1710.09616">cyber peacekeeping</a> a key enabler to help bring about lasting peace.</p>
<p>After a conventional conflict, interventions to restore peace and security are performed on the international stage. The United Nations (UN), with its white vehicles and blue helmets, is the most widely recognised peacekeeping organisation. It has a long history of maintaining peace around the world and has evolved to match the shifting nature of warfare from inter-state to intra-state conflict over the years. </p>
<p>UN peacekeepers were initially ill-equipped to deal with such a change, which led to high profile failures such as <a href="https://www.globalpolicy.org/component/content/article/201-rwanda/39240.html">Rwanda</a> and <a href="http://www.dodccrp.org/files/Allard_Somalia.pdf">Somalia</a>.</p>
<p>With the rise of cyber warfare, peacekeepers will increasingly have to operate in this domain. But are the UN and similar organisations prepared for this expected onslaught or will they suffer a repeat of past failures, having been caught out by changes in the nature of conflict? Protracted UN cyber warfare talks fell apart last year because a consensus couldn’t be reached amid suspicions that <a href="https://www.theguardian.com/world/2017/aug/23/un-cyberwarfare-negotiations-collapsed-in-june-it-emerges">reportedly</a> mirrored the Cold War era. Nonetheless, questions must be asked of the <a href="https://unite.un.org/digitalbluehelmets/">UN’s peacekeeping</a> strategy on its readiness to tackle cyber threats.</p>
<p><div data-react-class="Tweet" data-react-props="{"tweetId":"955772756917936128"}"></div></p>
<h2>Peace is the word</h2>
<p>Can <a href="https://www.stimson.org/content/brahimi-report-and-future-un-peace-operations">existing peacekeeping activities</a> simply be adapted for the internet, or should a completely new framework be drawn up to adequately address how to maintain or restore order online? What kind of technical obstacles will cyber peacekeepers encounter? Could they achieve something that contributes towards restoring or maintaining peace?</p>
<p>Disarmament illustrates these operational problems well: the destruction or confiscation of physical armoury means that assets cannot be easily replaced by a warring faction should peace efforts stall or falter. Cyber weapons are predominantly software applications that can be replicated, archived, encrypted and passed on with almost no cost or significant logistic efforts, <a href="http://www.defenseone.com/technology/2015/07/someone-just-leaked-price-list-cyberwar/117043">research shows</a>.</p>
<p>The effectiveness of cyber weapons diminishes once the vulnerabilities they have exploited become known, so one approach would be to publish detected cyber weapons to render them obsolete. Responsible disclosure would allow vendors to come up with fixes and give potential victims a chance to apply the patches – which can be a lengthy process.</p>
<p>Doing so “destroys” all cyber weapons of this kind – regardless of whether they belong to any of the warring factions. This approach has a nasty side-effect: it inadvertently leads to a <a href="https://www.scmagazineuk.com/irresponsible-disclosure-google-reveals-bug-prior-to-microsoft-patch/article/638990/">proliferation of cyber weapons</a>, because it’s easier for other nations or criminals to acquire the technology before adequate protections can be put in place on a global scale. It also throws up political challenges.</p>
<h2>Conventionality belongs to yesterday</h2>
<p>It’s no secret that the UN struggles to <a href="http://www.un.org/en/ga/contributions/Statement%20October%202017.pdf">find money for peacekeeping contributions</a>. The US, the largest contributor to the UN budget by far, has – under president Trump – disagreed with how the organisation is governed, and confirmed it will <a href="http://thehill.com/policy/defense/360505-top-pentagon-official-us-to-cut-contributions-to-un-peacekeeping-missions">reduce payments to the peacekeeping budget</a>. </p>
<p>If securing troops under difficult budget restrictions is already difficult, then securing highly-skilled cyber personnel in a competitive global market will be even more challenging.</p>
<figure class="align-left ">
<img alt="" src="https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=237&fit=clip" srcset="https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=600&h=401&fit=crop&dpr=1 600w, https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=600&h=401&fit=crop&dpr=2 1200w, https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=600&h=401&fit=crop&dpr=3 1800w, https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=45&auto=format&w=754&h=503&fit=crop&dpr=1 754w, https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=30&auto=format&w=754&h=503&fit=crop&dpr=2 1508w, https://images.theconversation.com/files/203431/original/file-20180125-102750-ghjeyi.jpg?ixlib=rb-1.1.0&q=15&auto=format&w=754&h=503&fit=crop&dpr=3 2262w" sizes="(min-width: 1466px) 754px, (max-width: 599px) 100vw, (min-width: 600px) 600px, 237px">
<figcaption>
<span class="caption">United Nations peacekeepers wear distinctive blue helmets and drive white vehicles in regions ravaged by war.</span>
<span class="attribution"><a class="source" href="https://www.shutterstock.com/image-photo/mukjar-southern-sudan-june-3-2012-219691393?src=6fAcRuugXK2Bd7f5u8GRxw-1-98">Shutterstock</a></span>
</figcaption>
</figure>
<p>And there’s an additional complication: those countries conducting cyber warfare are the advanced nations, many of which already contribute the lion’s share of UN funding and possess the <a href="https://www.wired.com/2015/09/cyberwar-global-guide-nation-state-digital-attacks/">greatest cyber expertise</a>. Would they be willing to contribute their knowledge, wealth and people to aid their adversaries?</p>
<p>Conflict affects every nation, so it’s in everyone’s interests to have an internationally available capability to restore peace and security in the aftermath of cyber warfare.</p><img src="https://counter.theconversation.com/content/90646/count.gif" alt="The Conversation" width="1" height="1" />
<p class="fine-print"><em><span>Helge Janicke receives funding from Airbus Group, RCUK, EU, British Telecom, National Grid. </span></em></p>Countries affected by prolonged periods of cyber warfare need peacekeeping assistance to recover.Helge Janicke, Professor of Computer Science, Head of School Computer Science and Informatics, De Montfort UniversityLicensed as Creative Commons – attribution, no derivatives.