A generation ago, “cyberspace” was just a term from science fiction, used to describe the nascent network of computers linking a few university labs. Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. The cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals.
Ever since the 2016 election in the United States, the mention of Russia and cybersecurity in the news has been inescapable. In the following testimony, PW Singer acknowledges the fact that the attacks by the Russian government are only one aspect of a larger threat landscape. He explains that these threats are not only dangerous because of their past impact, but also because of how they will serve as a guidepost to others in the future, stressing that as the internet and technology continue to change, the United States needs to build a new set of approaches to protect ourselves better.
Hackers working on behalf of the Russian government have attacked a wide variety of American citizens and institutions. They include political targets of both parties, like the Democratic National Committee, and also the Republican National Committee, as well as prominent Democrat and Republican leaders, civil society groups like various American universities and academic research programs. These attacks started years back, but have continued after the 2016 election. They have hit clearly government sites, like the Pentagon’s email system, as well as clearly private networks, like US banks.
In addition to attacking this range of public and private American targets, over an extended period of time, this Russian campaign has also been reported as targeting a wide variety of American allies. These include government, military, and civilian targets in the United Kingdom, Czech, and Norway, as well as now trying to influence upcoming elections in Germany, France, and Netherlands. Overall, reports are that Russian cyber attacks on NATO targets are up 60%, against EU institutions up 20%, in the last year.
This is not the kind of “cyber war” often envisioned, with power grids going down in fiery “cyber Pearl Harbors.” Instead, it is a competition more akin to the Cold War’s pre-digital battles that crossed influence and subversion operations with espionage. Just as then, there is a new need for new approaches to deterrence that must reflect a dual goal to defend the nation, as well as keep an ongoing conflict from escalating into physical damage and destruction.
“Nor is cybersecurity a concern for only one political party. It is an issue for Everyone.”
While Vladimir Putin has denied the existence of this campaign, its activities have been identified by groups that include all the different agencies in the US intelligence community, the FBI, as well as multiple allied intelligence agencies, who have seen the very same Russian efforts hit their nations and various international organizations (most notably the World Anti-Doping Agency). This campaign has also been established by the marketplace; five different well-regarded cybersecurity firms (Crowdstrike, Mandiant, Fidelis, ThreatConnect, and Secureworks) have identified it. This diversity of firms is notable, as such businesses are competitors and incentivized instead to debunk each other’s work. Indeed, even the most prominent individuals, who first denied the existence of the hacks and then the role of the Russian government in them, now acknowledge this campaign; this now includes even the US president (“As far as hacking, I think it was Russia.” President Trump stated at his January press conference).
It is time to move past the debate that consumed us for the last year. The issue at hand is not whether Russia conducted a series of cyberattacks on the United States and its allies. We know it did. Nor is cybersecurity a concern for only one political party. It is an issue for Everyone. The real question now is whether the United States will ever respond?
This excerpt of Singer’s testimony was originally published as “Cyber-Deterrence And The Goal of Resilience: 30 New Actions That Congress Can Take To Improve U.S. Cybersecurity” at the hearing on “Cyber Warfare in the 21st Century: Threats, Challenges, and Opportunities” before the House Armed Services Committee.
Featured image credit: “Hacked, Cyber Crime” by HypnoArt. CC0 Public Domain via Pixabay.