The suspects: Russia, China, North Korea, Iran, and other non-state actors.
The victims: The US and Europe- the most influential swath of democratic nations and leaders of the free world.
Their goal: national chaos, political influence, national interest, monetary gain.
Their targets: political factions or leaders who oppose them and their political agendas. They tend to support nationalistic, right-wing leaders and movements who are willing to align with them politically: Trump, Brexit, etc.
Their channels: news outlets, social media, financial institutions, poorly secured devices.
Their tactics: state-sponsored hacking, APT, spear phishing, releasing emails, DDoS.
A New Era
As Russia is being accused of ongoing state-sponsored hacking in American and European national elections, people- and the media- are increasingly afraid that democracy is under attack. And rightly so; cyber action is proving to be significant and powerful in the world’s political sphere.
Espionage between nations has been pretty standard practice through the years in international relations, but cyber “espionage” pushes the boundaries. What is it about these recent election hacks, bank heists and other hacks that make these particular cyber attacks so much more concerning to us? Cyber espionage and cyber war have differences that are critical to recognize and those start with the motives. Espionage is intended to gather information. War is intended to push a nation’s influence, beliefs, power, etc on another; loss and damage is incurred through it.
So why are we surprised that we find ourselves engaged in this chaotic type of cyber combat when there are no clear rules around it or well-defined consequences to punish the culprits for their actions? The current environment and recent events have caused many to hold up the Cold War for comparison. When there are clear aggressive intentions but little “hot” combat, it’s difficult to determine where the line is in terms of war. In the cyber sphere, no one has defined an “act of war” yet, making it nearly impossible to know what’s allowed and what isn’t. What is espionage; what is war? Have these state-actors crossed the line already?
France just closed out their national elections this past weekend. The final match-up was Le Pen, the far-right nationalist candidate who was thought to be more likely to seek closer ties with Russia and Emmanuel Macron, an independent centrist who favors a strong EU and maintaining Russian sanctions. Leading up to the final vote, Macron’s campaign claimed that the Kremlin had been spreading fake news to disparage him personally and to drive down his numbers in the polls. 48 hours before the vote, his campaign was victim of a huge document dump (of emails and personal and business documents), thought to have been done with the intent of spreading disinformation and causing confusion.
Security firms have been linking the hack to Russian intelligence…Trend Micro (a Japanese cybersecurity firm) discovered fake domain names similar to those used by Macron’s campaign, that were probably being used to expose and compromise campaign workers’ email accounts. Trend Micro and Flashpoint (a US company) pointed the blame of the most recent attacks at the group known by a few different names: APT 28/Fancy Bear/Pawn Storm which has connections to the Russian military intelligence agency GRU.
In October of 2016, the US came out and announced, with certainty, that Russia had orchestrated the hacking of the Democratic National Committee and other facets of the Democratic Party during the country’s national election process. Thousands of stolen emails were publicly released, many revealing damaging information about the Democratic party’s presidential nominee, Hillary Clinton.
During the Brexit vote last year, a government website went down just 100 minutes before the June 7 deadline to register to vote in the EU referendum. Ministers had to extend the deadline after the website collapsed, and many think that Russia and/or China could have been involved.
Federal elections are September 24th of this year, and there is already speculation that Russia might be lurking close by to hack and influence another strong democratic country. Just like France, Germany is an influential leader of the EU and an important member of NATO, and should be aware that they may be the next target.
Can We De-Escalate?
These recent cyber attacks of espionage, spreading fake news, theft, and disinformation are the basic ingredients of a destructive war. It’s hard to definitively point to Russia or China or North Korea and actually bring accusations against them with real evidence, but we still need to know what to do about it. On some level, democracies face a disadvantage, because unlike in Russia or China, information is shared freely and there are few controls surrounding it. So how do we, as democratic nations, continue to uphold these freedoms, but crack down on cyber attacks?
No longer is cyber being used to merely conduct intelligence campaigns, but it has shifted to causing chaos, influencing public opinion, and spreading political influence. Not unlike the Cold War that stretched through the latter half of the 20th century, many people are worried that action and retribution could lead to escalation. Trump has been in office for just a few months, so it’s yet to be seen how his policy will affect the cyber landscape. Obama imposed sanctions on Russia after their election hacking, which at least signaled that he viewed it as an action that deserved some sort of retribution. However are imposing sanctions and expelling Russian diplomats really anything more than just a slap on the wrist?
Deliberate Action is Key
Proactive security solutions have to be a part of every campaign, every election, and every critical aspect of national resources and intel. Security can’t be an afterthought…
- Build up defenses to make it more difficult for hackers to exploit national systems for political influence or monetary gain.
- Many governments have started to make room in the budget specifically for cyber defense (ie: former-President Obama’s proposed $19 billion budget for cybersecurity). However, you can’t just throw money at a broken system. An offensive approach to security is the best defense against attack.
- Make plans to combat the talent and resource gap- develop people and resources for a strong cyber posture.
- Get creative- crowdsource when the opportunity allows. Use talent and resources that are offered in nontraditional forms.
- Develop international law concerning the cybersphere.
- This means we have to define crime and acts of war, calling it what it is.
- The UN, NATO, and other international organizations need to come together to make cyber policy a priority.
- There must be a system in place to hold countries accountable for their state-sponsored actions. There should be proper deterrence to warn hackers of the consequences before they embark on a cyber attack.
- Consider ”no hack” treaties or cyber alliances.
- Obama signed a “no-hack” pact in September 2015 with China. It could be an idea worth exploring to form cyber alliances with key nations.
- Individual countries need to look deeper into their legislation surrounding cyber.
- It’s likely there isn’t much there. Cyber activity will be more and more prominent as time goes by, as we become a more technologically advanced planet. Governments must adjust accordingly to deal with the relevant problems of the times.
- A clear cybersecurity strategy is key to identifying who is responsible and accountable for cybersecurity and to remove plausible deniability of vulnerabilities. The US, and others, need to take a good hard look at their distinctive agency’s digital defenses, define and adopt specific cyber standards, modernize IT systems within the government agencies