Cyberwar: How Nations Attack Without Bullets or Bombs
(Bloomberg) -- Russia, Iran, China and the U.S. are among the world’s leading practitioners of cyberwarfare -- state-on-state hacking to gain strategic or military advantage by disrupting or destroying data or physical infrastructure. Unlike combat with bullets and bombs, cyberwarfare is waged almost entirely with stealth and subterfuge, so it’s hard to know when and where it’s occurring, or whether full-scale cyberwar is on the horizon.
1. What are the hallmarks of cyberwarfare?
A cyberattack that disables essential services, such as telecommunications or electricity, might raise suspicions that a state or its proxies was behind it. So might the sheer scale of an attack, even if the direct target is private industry. Even disinformation campaigns, such as Russia’s targeting the 2016 U.S. president election, can be thought of as a softer but still damaging type of cyberwarfare. One incident that’s become public and is generally agreed to be an act of cyberwarfare was the so-called Stuxnet attack, which was discovered in 2010 and involved computer code that destroyed as many as 1,000 nuclear centrifuges in Iran. The New York Times reported that this was a joint operation between the U.S. and Israel code-named Olympic Games.
2. What forms can it take?
Infecting a computer system with viruses or worms, holding it hostage with ransomware, disabling it with a flood of messages (a denial of service attack) or stealing data could be considered acts of cyberwarfare, depending on the context and the impact.
3. What recent events could have been cyberwarfare?
Russian state-sponsored hackers are suspected of being behind the alteration of software belonging to Texas-based SolarWinds Corp., which was disclosed in December 2020. The hackers used the SolarWinds breach and other methods to infiltrate at least nine agencies of the U.S. federal government and about 100 companies. The U.S., the U.K. and other allies formally blamed China for the hacking of Microsoft Corp.’s Exchange email servers, an attack that exploded over the course of two weeks in late February and early March. The attack exposed tens of thousands of victim email systems, including those of health-care facilities, manufacturers, energy companies and state and local governments.
4. How about the recent ransomware attacks on the U.S.?
Probably not. Criminal syndicates are behind most ransomware attacks, and theft of money is the goal. But the attacks on Colonial Pipeline Co., operator of the biggest U.S. gasoline pipeline, and JBS SA, the world’s largest meat producer, in the first half of 2021 both were traced to groups based in Russia, which has been accused of offering safe haven to criminal hackers as long as they steer clear of targets based in Russia or its allies. And the U.S. has accused China’s Ministry of State Security of using criminal contract hackers to conduct cyber operations globally, including ransomware attacks for its own profit. The Russian and Chinese governments have both denied those allegations.
5. Why all the worry?
Nobody has ever witnessed a true cyberwar, with escalating attacks and counterattacks in the digital realm perhaps accompanied by military combat in the real world. (A 2019 Israeli airstrike on a building in the Gaza Strip may have been the first real-world response to a cyberattack; Israel said Hamas, the Islamist Palestinian group that controls the territory, was using the building as a base for the cyber operation.) Warring nations could shut down each other’s power grids (as Russia did to Ukraine in 2015 and 2016), wipe out data centers, scramble bank records to cause financial panic, interfere with the safe operations of dams and nuclear plants and blind radar and targeting systems of fighter jets. Had the Stuxnet attack failed, the U.S. was ready with a broad cyber battle plan against Iran that would have taken out its power grids, the New York Times reported.
6. Aren’t attacks on civilians supposed to be off-limits?
Real-world military confrontations are guided by rules of war that date back centuries and are meant to reduce civilian suffering. The Tallin Manual, published in 2013 by a think tank affiliated with the North Atlantic Treaty Organization, was an attempt to apply those rules to cyberwarfare -- defining which targets are off-limits (schools and hospitals, for example) and under what circumstances a country can respond to a hack attack with military force. But the manual carries no official weight.
7. Who are the players?
The Council on Foreign Relations says 34 nations are suspected of sponsoring cyberattacks since 2005, with China, Russia, Iran, and North Korea behind more than three-quarters of them. The U.S. is by far the biggest target of significant cyberattacks -- including those on government agencies, defense contractors or high-tech companies -- followed by the U.K. and India, according to a review of data kept by the Center for Strategic & International Studies.
8. Are actual soldiers involved?
Sometimes. Nations including the U.S. have cyberwarfare units to conduct intelligence-gathering operations and support military missions. A Russian hacking group suspected in the 2020 hack of U.S. government systems, known as Cozy Bear or APT29, is “almost certainly part of the Russian intelligence services,” according to a joint advisory by U.S., British and Canadian security agencies. North Korea’s hacker army, which specializes in cybercrimes that earn money for the ruling regime, is believed to have begun as part of the military.
9. What kind of defenses are possible?
Early in his term, U.S. President Joe Biden moved to shore up the security of the U.S. power grid, providing incentives for electric companies to overhaul their protections against cyberattacks. The broader White House plan included securing the highly specialized computers also used by municipal water utilities, gas pipeline operators and others. In 2018, under President Donald Trump, the U.S. eased rules on “offensive cyber operations” aimed at “defending the integrity of our electoral process.” The effort reportedly included sending direct messages to individual Russians behind disinformation operations letting them know that they had been identified.
The Reference Shelf
©2021 Bloomberg L.P.