At the beginning of May, a group of hackers affiliated with Russia’s cybercrime syndicate DarkSide launched the largest cyberattack on oil infrastructure in US history. Their attack incapacitated 5,500 miles of the Colonial Pipeline, the conduit responsible for transporting 45 percent of the East Coast’s fuel supplies, and endangered over 100 gigabytes of crucial infrastructure data that the hackers ransomed for 4.4 million dollars. After an exhaustive investigation of the breach assisted by FireEye, one of the nation’s most reputable private cybersecurity agencies, the authorities failed to trace the criminals and resolved to yield to the criminal’s ransom request. Even now, experts are unsure of how the criminals obtained such sensitive data, and whether they can recover the exposed information.
Including, most prominently, Russia’s cybersecurity breach in the 2016 election, US corporations and government agencies have been the target of multiple acts of cyber terrorism and hacks from competing foreign powers and their suspected hired criminal groups. While cyberattacks have been steadily growing in frequency since the start of the 21st century, the past few months have been wrought with multiple major breaches, mainly by Russia, China, and their ancillary forces.
Over the past decade, Russia’s SVR has led a covert yet astonishingly potent global campaign of cyber espionage and ransomware targeted against the US and its allies’ infrastructure systems, major corporations, and government data. The United States has blamed Russia’s main intelligence agency for a range of cyber attacks, and most notably, interference in the 2016 election. However, knowing who is responsible for these attacks has not aided our ability to repel their intrusions in our security systems. Since January, Cyber Command and the NSA have been reeling from a colossal Russian hack, which they learned was launched over 9 months before their discovery. After exploiting breaches opened by inserting code into SolarWinds’ network software, Russian probes successfully gained access to nearly 250 protected networks, affecting government agencies, major corporations, and the electric grid and facilities responsible for developing and transporting nuclear weaponry. American officials are still oblivious to the intentions and effects of the intrusion: was it merely an attempt of simple espionage or the beginnings of a foundation for future manipulation of American systems?
While the United States has attempted to defend its assets from cyberthreats and intrusions through many traditional means of domestic security and foreign policy, none have proven to be effective.
President Biden confronted Putin in June for what he referred to as a “global effort by Russia’s military intelligence organization to spy on government organizations, defense contractors, universities and media companies,” as reported by the New York Times. Putin disagreed, declaring America to be “the world’s largest source of cyber attacks.” This was not the first time the two leaders have clashed over this issue, as just a few weeks before, Biden promised retaliation if Russian forces did not yield. Diplomatic talks have been largely ineffective, and Biden’s threats of increased pressure in the form of sanctions do not seem to phase the already barricaded Moscow.
General Nakasone, the head of the NSA and Cyber Command, proposed that the US pursue an aggressive preemptive defense strategy that would nullify threats through anticipation and experience. The country’s top cyberwarrior is acutely aware of the United States’ demonstrated vulnerability to cyberattacks, and he aims to change our reputation as the cyber punching bag of the west. His strategy helped mitigate Tehran’s ability to interfere with US affairs, especially during more intense political seasons, and his previous missions have identified several Russian online weaponry and strategies from the recent onslaught of attacks. While his tactics have undoubtedly brought about success in the past, Russian cyber sophistication and a lack of further data have overcome his aegis more than once.
On the other hand, private security companies such as FireEye can, at times, predict and defend against cyberattacks that the government may fail to deter. The private sector can allure more capable cyber professionals with higher salaries and more extensive benefits, and larger companies are rarely limited by a lack of funding or US borders. The United States has shown little aversion to receiving crisis assistance from nongovernmental organizations in the past and gives credence to cybersecurity agencies in the present. Since the major Russian breach in 2019, FireEye has both identified and replicated the tools and methods that their intelligence agencies employed in order to impersonate high ranking American personnel. The cyberdefense company hoped that, by proliferating the techniques behind the malicious software, the US could better heighten its defenses and protect its assets. Instead, while experts debated whether it would be better to build stronger firewalls or develop better tools for tracking hackers and their inevitable breaches, the US was left vulnerable to further attack.
As innovative and practical private corporations have been in the wake of cyberwarfare, they too are susceptible to massive cyber breaches. Russia pierced the country’s top cyberdefense firm’s bulwark and stole pertinent data belonging to the US and many of its allies. Despite FireEye’s expertise in the practice of data security, the defense agency was unable to ward off Russia’s offensive espionage campaign from their own advanced software and expansive global networks.
It is hard to blame the US or its partnering security allies for the severity and plenitude of breaches made by foreign powers. Our defensive strategies are intelligent and effective as demonstrated by their many previous successes in the cyber battlefield. FireEye’s technological capabilities are world class. Nakasone’s intel is wide-reaching and his strategy is ingenuitive. But if this is the case, why does it seem as if foreign threats can effortlessly thrash our security systems and infiltrate our vital data systems?
The issue is unity. The US government and FireEye are not the only groups that have been battered by the new generation of cyberwarfare: US companies and citizens are also the victims of devastating hacks and ransomware; yet, for the most part, they work separately when it comes to information-sharing and security development. The first and most obvious solution to this problem is to share intelligence cyber-risk management software and create a collaborative database of known malware and intrusive technologies. Consolidating data and strategy would not only help bolster our collective bulwark against cyberthreats, but also diversify the protective mechanisms each agent can employ to safeguard its software. While the private sector and the government have relied on each other in the past and attempted some of these measures in times of crisis, their efforts were not consistent, preventing both a tenable relationship and substantial development.
Some corporations have expressed apprehension about working with the government out of fear of increased public scrutiny and encumbering government regulations. Their concerns are not unfounded. During the tumultuous start of 2020 and the widespread concern over Russian espionage, the Trump administration voted to veto the military bill that would have reimposed the national cybersecurity director and enabled numerous federal agencies to actively pursue hackers from US databases. Congressional and executive conflict frequently stalemate federal legislature, and if compromise continues to fail, the two branches may inhibit national cybersecurity efforts. Despite this political and legal quandary, without proper cybersecurity, neither the public nor private sector will be able to guard their assets from the rising threat of breaches and ransomware that are intensifying in both scope and frequency. No relationship between the public and private sector is perfect, and each side must be willing to make sacrifices for the greater common good of both entities.
Deeper cooperation between the federal government and US businesses, however, is not a long term solution, but a necessary response to the escalating crisis before us. First, the United States must reduce the market’s deficit in cybersecurity professionals by aligning the needs of the market with national defense interests. Other countries have offered financial incentives and endorsed many universities’ cybersecurity programs to encourage students and graduates to pursue the art of digital defense. The range and effectiveness of our cybersecurity technology and enforcement is entirely contingent on the size and creativity of our workforce. Secondly, we must vigorously continue Nakasone’s aggressive cyberstrategy that successfully deterred cyber invasions in the past and collected vital security intel on foreign adversaries. Prior to the 2020 election, Cyber Command paralyzed Russian and Iranian ransomware and
stole blueprints of Iran’s nuclear strategy before they managed to carry it out. Nakasone’s bastion intercepted crippling foreign interference and preserved the election’s infrastructure, a victory that years of sanctions and diplomatic pressure have never been able to accomplish.
Warfare in the 21st century is evolving. As the world grows increasingly dependent on databases and security systems, cyberattacks and ransomware may hold greater potency than missiles and drone strikes. Russia, China, and other world powers have rapidly adapted to the new shift, and it is time that the United States also fortifies its digital walls and solidifies its presence in the virtual sphere. After all, military strength is no longer about the number of battleships in a country’s harbor, nor the destructive power of their nuclear arsenal: it’s about intelligence.