Has the US Just Had its Cyber Sputnik Moment?

As the launch of Russia's Sputnik satellite and the ensuring US-Russia space race resulting in US space superiority have shown, poking America in a serious way may well have its consequences.

America has seemingly been satisfied for all too long to continue on with business as usual in the face of a decade-long barrage of Russian and Chinese cyber attacks targeted at stealing top secret US military weapons and corporate financial, personal and intellectual property.  But as recent actions are starting to demonstrate, the US may have finally had its cyber defense offense ignited in a way that will lead to challenges to such actions.

The combination of Russian intervention in the 2016 presidential election and the recent Department of Homeland Security announcement that Russia had  successfully penetrated US power grids - potentially with the capability to plunge portions of the nation into darkness - has begun to awaken the sentiments which may well shape the future deployment of US cyber power.

Enraged US senators and the recent appointments of proactive Mike Pompeo as Defense Secretary and John Bolton as National Security Advisor may be clear signals of an "we've had enough" attitude toward cyber threats. 

Add to this that both Kirstjen Nielsen, the new Homeland Security Secretary and LGen Paul Nakasone, newly named head of the NSA and the US Cyber Command, are calling for offensive cyber actions aimed at derailing further transgressions against the US in cyberspace.

If America's reaction to Sputnik is any example, this response may not play out well for the Russians.

Is the US Losing the Cyber Wars?

We have just been through the most turbulent period in Internet history, and increasing threats lie ahead.

With the U.S. being the primary target it raises the question of what can be done to protect our financial institutions, power grids and military.


Clearly, we are seeing attacks on many fronts: cybercrime, cyber espionage, infrastructure intrusions, continued use of social media by terrorist organizations for recruitment, training and operations. even intrusion with our electoral processes.

America's institutions - public and private - have focused their attentions on attack detection, containment and recovery. Such defensive actions are essential but do little to deter future attacks.

Cyberattacks have progressed through four stages. The first, in the 1990's primarily involved hacking for sport or maliciousness and the conduct of illegal activities such as pornography, child trafficking and prostitution.  by the end of the 90s, online pornography was estimated to be topping $2 billion annually.

The next two phases witnessed the rise and continuing maturation of the criminal syndicates and activist groups such as Anonymous and Wikileaks. We also started to see nation states directing attacks at private corporations, such as North Korea's attack on Sony Pictures, its worldwide ransomware attack known as WannaCry affecting hundreds of thousands of computers in more then 150 countries, and Iran's DDOS attacks against NY banks.

The current phases involves nation state v. nation state, examples being Russia's interruption of Ukraine's power grid and interference with Brexit voting and elections in the US and other western democracies.

With the fourth phase attacks being instruments of exerting national power, different methods of response would be expected. Instead, the US continues to rely on sanctions, expelling of diplomats, and in the most recent case, indictments against Russian nationals accused of interference with the 2016 US national elections.

Clearly, continuing to respond to geopolitical attacks with methods used for criminals is unsuited and ineffective.

The time has come for the US to step beyond its defense orientation and out of synch responses and adopt a posture of 'active defenses' such as being used by the UK as a means to deter future attacks.

Without such a change in thinking, attacks on the US will continue their escalation in frequency and severity.

ATTORNEYS 1, U.S. CYBERSECURITY 0

As cybercrime and cyber breaches become a larger and larger concern, the Wall Street Journal on April 1 reported that the Securities and Exchange Commission is pressing companies "to be more forthcoming about attacks on their computer networks."  

With class-action suits and plaintiffs' attorneys jumping on such data breaches and seeking damages, companies are increasingly turning to law firms with specialized practices in security-incident defenses in order to use the client-attorney privilege to maintain their internal investigations private.

The article goes on to say that major law firms across the country have increased their recruiting of prosecutors with cybercrime experience.  The Journal states that the income potential of such cybersecurity practices offers major upside potential as attacks escalate.

Once again, as the need for companies to share information is greater than ever, the attorneys counsel the information should be kept private.  The attorneys win again.

ARE WE IN A CYBER WAR WITH CHINA?

Hardly a day goes by without media coverage or editorial reporting discussing China’s barrage of intrusions into U.S. private, public and government computer networks.  Some would argue that, because there is no damage of operations or loss of life that as a result of these intrusions we are merely on the receiving end of spying via the Internet which in itself is not an act of war.

Cyberwar as defined by Cyber Warfare Today, maintains that theft of military secrets and prying into U.S. military databases and communications systems is nothing short of “prepping the battlefield” for possible future action against the U.S. when and if necessary, and is thus an act of war.  This is nothing more than application of one of the tenants of Sun Zsu’s Chinese bible on warfare “The Art of War.”

The other type intrusions from Chinese sources – The New York Times, Bloomberg, Google, and many more – are looking for information or in some cases taking proprietary information, and are not acts of war.  Theft, but not acts of war. 

What should we do?  The answer is simple – not easy, mind you, but simple: apply the teenager stealing Mom’s prescriptions solution:  you make the drugs inaccessible and take appropriate disciplinary action.  The United States has jawboned China to death over these intrusions and theft of property but has neither (1) taken effective steps to reduce or remove accessibility of data or (2) taken remedial action against the Chinese.  In this case remedial action means dialing up our country’s cyber intrusions against China one notch, then two or three until we have the other side’s attention.  As far as accessibility, our lack of coherent defensive strategies has left our gates wide open.  But that is a topic for another posting.