As Cyber Warfare Turns 10, The West Risks Falling Behind
Image by Getty Images
When Estonia became the first nation on the receiving end of an overwhelming cyber attack 10 years ago last week, government and other critical websites and systems such as banking collapsed in one of the most internet-connected countries of the time. Widely blamed on Russia, the assault prompted Western nations – including the United States – to plow billions into improving their own cyber defenses.
If something similar happened today, it could be even more disruptive and dangerous – and also more complex. Western states, militaries and companies have made strides in building the technical ability to guard against cyber attacks. But as often with new technologies, developing the doctrine and expertise to know how to use them inevitably lags behind.
That points to a broader problem. A decade after the Estonia attack, the West’s potential enemies still have a better sense of what they want to achieve in cyberspace than the United States or its allies.
For the West, “cyber” remains a tightly defined concept, a matter of protecting nationally vital systems, keeping secrets or finding them out from potential enemies. For countries like Russia and China, however, it has become something much broader.
In the 2016 U.S. presidential election, Russia is believed to have used a combination of hacking and the dissemination of real and false news to striking effect; the same has been true in political campaigns across Europe. Many Western experts believe stealing defense and other U.S. commercial secrets has been at the heart of China’s military and economic modernization.
When it comes to technical capability, specialists at the National Security Agency and Britain’s GCHQ are as good as anyone in the world, at least as sophisticated as any hackers Moscow, Beijing, Pyongyang or Tehran might field. The same is increasingly true of military personnel in the growing number of units such as the U.S. military’s Cyber Command and designated units within the U.S. Army, Air Force and Marines.
Smaller nations are also forging ahead, particularly those in Eastern and Northern Europe that must contend with Russia. Estonia in particular has toughened its defenses, and is now seen as one of the world’s hardest countries to attack.
Both Russia and China doubtless also have talented government and military hackers. But Moscow in particular is seen as going much further, sometimes delegating attacks to criminals and others outside government. That strategy, Western experts say, allows such individuals and groups to operate with immunity providing they do not attack targets within their own nations – for example, through credit card theft – and are willing to help the state out with deniable attacks on foreign enemies when asked.
Potential targets often struggle to formulate a response to cyber attacks because identifying the source of the attacks is so difficult. U.S. authorities are engaged in a global crackdown on Russian hackers in particular, but that alone may not be enough to deter others. Preventing attacks in cyberspace is now considered almost as important as deterring physical attacks – and it’s an area where the thinking is just beginning.
There have been some diplomatic victories. After the United States complained loudly and publicly about Chinese information theft, the practice appeared to fall off sharply, according to internet security firms.
These problems aren’t new, although they are getting more complex. The 2007 Estonia incident was part of a wider campaign sparked by Estonia’s decision to move a Russian war memorial from the center of its capital. Moscow, which controlled Estonia when it was part of the USSR before independence in 1991, reacted angrily – and Estonian officials also accused it of provoking riots amongst ethnic Russians within Estonia at the same time.
Moscow denied government involvement in both the riots and cyber attacks, suggesting the latter were carried out by “patriotic” Russian hackers.
Russia’s 2014 annexation of Crimea and the war in eastern Ukraine that followed have also involved cyber attacks and other electronic warfare, rendering U.S.-manufactured drones supplied to the Ukrainian military almost useless. Russia has integrated cyber capabilities into its broader hybrid and conventional warfare playbook in ways the West has yet to match, although U.S. and other militaries are working hard to do so.
Western states have taken their own steps. The United States and Israel are believed to have used the Stuxnet computer worm to reprogram Iran’s nuclear centrifuges so that they tore themselves apart.
That action, however, opened the door to new, potentially lethal forms of warfare.
Computer security experts report a rising number of attacks against industrial control systems, the sophisticated computer programs that operate power stations, water and fuel supplies and other similar infrastructure.
Attacks causing physical damage of any kind have been rare, but at least one has been reported – a 2014 incident at a German industrial smelter. At the end of 2015, suspected Russian hackers shut down part of Ukraine’s power grid, although the government swiftly restored electricity. A similar attack at the end of last year was suspected to have been behind widespread power outages in Kiev.
In theory, such techniques could be used to blow up fuel stations, crash airliners and a host of other lethal actions.
Clarifying the internationally understood rules around such attacks has long been a priority for the United States and other major states. Since at least 2011, the United States has maintained that it would retaliate for any cyber attack that caused physical damage or death in the same way it would a physical assault, potentially considering it an act of war.
Partly as a result, the West’s foes have turned to softer targets. Iran is believed to have responded to U.S. sanctions and interference in its nuclear programs by attacking the U.S. banking system, at one point causing considerable if temporary disruption to a number of major institutions. Tehran was also blamed for an attack on the Saudi oil firm Aramco that reportedly led to hundreds of computers having to be thrown away.
U.S. officials believe North Korea’s response to an unflattering portrayal in a 2014 American comedy film was to hack media giant Sony, causing considerable embarrassment to its senior management. Pyongyang denied the charges, and some computer security experts suggest other explanations for the release of information, including internal rivalries at Sony.
Because his presidential campaign benefited from alleged Russian hacking of the Democratic National Committee, Donald Trump and his administration are in an awkward place when it comes to formulating new approaches to such uncertain situations. But they don’t have much choice. As it approaches its teenage years, cyber warfare will only get more troublesome.
Peter Apps is Reuters global affairs columnist. He is founder and executive director of the Project for Study of the 21st Century; PS21, a non-national, non-partisan, non-ideological think tank in London, New York and Washington.
I hope you appreciated this article. Before you go, I’d like to ask you to please support the Forward’s award-winning journalism this Passover.
In this age of misinformation, our work is needed like never before. We report on the news that matters most to American Jews, driven by truth, not ideology.
At a time when newsrooms are closing or cutting back, the Forward has removed its paywall. That means for the first time in our 126-year history, Forward journalism is free to everyone, everywhere. With an ongoing war, rising antisemitism, and a flood of disinformation that may affect the upcoming election, we believe that free and open access to Jewish journalism is imperative.
Readers like you make it all possible. Right now, we’re in the middle of our Passover Pledge Drive and we need 500 people to step up and make a gift to sustain our trustworthy, independent journalism.
Make a gift of any size and become a Forward member today. You’ll support our mission to tell the American Jewish story fully and fairly.
— Rachel Fishman Feddersen, Publisher and CEO
Join our mission to tell the Jewish story fully and fairly.
Our Goal: 500 gifts during our Passover Pledge Drive!
