The Next Frontier in Warfare is the Internet
Cyberattacks pose the greatest threat to the national security of the US and the West
The next war will certainly not be waged on the battlefield, in the ocean, or even in the sky—the next war is being waged in cyberspace.
In early 2020, hackers based out of Russia were able to gain access to the information databases of private companies like the elite cybersecurity firm FireEye as well as US government entities like the Department of Homeland Security and the Treasury Department through one of the most subtle and stealthy hacks ever. They did this by compromising the security of SolarWinds, a US information technology firm.
The malicious code was implanted via a routine update that was sent out to all 33,000 SolarWinds customers. The customers downloaded the update, and the hackers gained access to the system.
Once the hackers were in, they were able to burrow deeper and deeper into the systems of the SolarWinds customers—which included parts of the Pentagon, the State Department, the Department of Energy, and the National Nuclear Security Administration; as well as private companies like Microsoft, Cisco, and Intel. Their goal: to spy and steal information.
Federal investigators blamed the cyber attack on the SVR, Russia’s Foreign Intelligence Service.
The SolarWinds hack represents one of the two main types of cybersecurity threats facing the United States. This article will examine those two types of attacks, the threat they pose, and what can be done about them.
The two types of cybersecurity threats
Many different cybersecurity threats face the US and the West, but the two main types have clearly been exemplified over the past year.
The SolarWinds hack represents what, historically, has been the predominant type of cyber attack: a hack for the purpose of stealing information. The information may be used for spying or sold on the black market—but at the center of the hack is the extraction of information.
There are many examples of these kinds of cyberattacks. In 2006, a hacker based out of China was able to steal information from at least seventy public and private entities across fourteen countries in what became known as Operation Shady RAT. Those victimized included the United Nations, the International Olympic Committee, and multiple defense contractors.
In 2011, a hacker gained access to the Play Station Network system and stole the personal information of over 70 million users. As a result, Sony was forced to shut down the network for almost three weeks, resulting in $171 million in lost revenue.
Over the past few months, the second kind of cyber attack has played out before our eyes, resulting in rising prices at the gas station and the grocery store. Put simply, it’s cyber-hijacking.
On May 7, the Colonial Pipeline oil network was forced to shut down after a group of hackers who call themselves DarkSide encrypted Colonial Pipeline’s computers and servers. The hackers demanded a ransom of $4.4 million paid in bitcoin to decrypt the network, which CEO Joseph Blount paid.
But the damage had been done. From the beginning of the hack to when the network was reinstated, hundreds of gas stations across the East Coast were forced to shut down, flights were changed, and a state of emergency was declared by the Federal Motor Carrier Safety Administration.
The perpetrators of the attack, a group called DarkSide based out of Eastern Europe, claim to be “apolitical” and just wanting to “make money.”
A similar attack happened to the world’s largest meat-processing company, JBS. The hack caused JBS to shut down multiple plants around the world, resulting in sharp price increases. Fortunately, JBS was back online quickly and prices leveled out. It is currently unknown if JBS paid a ransom, though most believe that is the case.
The group behind the JBS attack was REvil, a criminal ransomware group based out of Russia.
These types of hacks are based on extortion. Break into a network, encrypt their data, and demand a ransom to bring the network back online. These attacks can have devastating effects on the economy as extortion relies on the shutting down of entire companies or industries. So the question has to be asked: pay the ransom or risk losing millions of dollars in revenue.
What should be done?
The uptick in major cyberattacks has worried the White House. “Right now, they are hair on fire,” a former government official said of the Biden Administration.
The Administration is now moving to designate cyberattacks as national security threats, giving intelligence agencies the power to spy on international criminal gangs and potentially using offensive cyber operations against these gangs, especially those based in Russia.
In addition to this, the Biden Administration needs to assist private companies in building more secure networks and incentivizing them not to pay ransoms. This could be done through tax breaks or subsidiaries. Another option would be to make it illegal to pay ransom to international hackers.
The situation becomes more complicated because many of these criminal gangs act as proxies for the governments that harbor them. Beijing and Moscow are the biggest culprits when it comes to looking the other way or even encouraging groups of hackers who continually launch attacks on the US and the West. The problem is that because many of these gangs operate independently from their host governments, the US is apprehensive about using the military to combat the threat.
The United States needs to realize that these hackers are not just gangs looking to make some bitcoin. They are pawns being wielded by our enemies on the modern-day battlefield. The US also needs to prepare for the day when the goal is not money but pure destruction and disruption of the US economy.
What if DarkSide and REvil had simply destroyed the systems of Colonial Pipeline and JBS, respectively. Within weeks, it’s possible the entire East Coast would be out of gas. In addition, JBS controls a quarter of the world’s meat processing; their network going down would result in billions of dollars lost and food shortages around the globe.
For years, people have talked about the threat an EMP bomb poses to the United States. These hackers have the ability to detonate a precision EMP with a few keystrokes, effectively taking down entire industries.
The Biden Administration needs to go after these criminal groups—and the nations that harbor and protect them—with the full force of the US government. An unequivocal message needs to be sent that we will not tolerate these attacks, we will not pay ransoms, and if Beijing and Moscow continue to let these groups target US companies, we will go directly for the top.
One of the critical components of the Bush Doctrine stated that no distinction will be made between “the terrorists who committed these attacks and those who harbor them.” Thus, just as the Taliban was held responsible for the acts of al-Qaeda, so should Moscow and Beijing be held responsible for the actions of the hacker groups that operate within their borders and with their consent.
Cyber is the next frontier of warfare, and we cannot fall behind.
For $5/month or $50/year you will gain access to premium analyses, interviews, and breaking news updates. Support smart and simple analysis of foreign policy and world affairs.