Has the US Just Had its Cyber Sputnik Moment?

As the launch of Russia's Sputnik satellite and the ensuring US-Russia space race resulting in US space superiority have shown, poking America in a serious way may well have its consequences.

America has seemingly been satisfied for all too long to continue on with business as usual in the face of a decade-long barrage of Russian and Chinese cyber attacks targeted at stealing top secret US military weapons and corporate financial, personal and intellectual property.  But as recent actions are starting to demonstrate, the US may have finally had its cyber defense offense ignited in a way that will lead to challenges to such actions.

The combination of Russian intervention in the 2016 presidential election and the recent Department of Homeland Security announcement that Russia had  successfully penetrated US power grids - potentially with the capability to plunge portions of the nation into darkness - has begun to awaken the sentiments which may well shape the future deployment of US cyber power.

Enraged US senators and the recent appointments of proactive Mike Pompeo as Defense Secretary and John Bolton as National Security Advisor may be clear signals of an "we've had enough" attitude toward cyber threats. 

Add to this that both Kirstjen Nielsen, the new Homeland Security Secretary and LGen Paul Nakasone, newly named head of the NSA and the US Cyber Command, are calling for offensive cyber actions aimed at derailing further transgressions against the US in cyberspace.

If America's reaction to Sputnik is any example, this response may not play out well for the Russians.

Is the US Losing the Cyber Wars?

We have just been through the most turbulent period in Internet history, and increasing threats lie ahead.

With the U.S. being the primary target it raises the question of what can be done to protect our financial institutions, power grids and military.


Clearly, we are seeing attacks on many fronts: cybercrime, cyber espionage, infrastructure intrusions, continued use of social media by terrorist organizations for recruitment, training and operations. even intrusion with our electoral processes.

America's institutions - public and private - have focused their attentions on attack detection, containment and recovery. Such defensive actions are essential but do little to deter future attacks.

Cyberattacks have progressed through four stages. The first, in the 1990's primarily involved hacking for sport or maliciousness and the conduct of illegal activities such as pornography, child trafficking and prostitution.  by the end of the 90s, online pornography was estimated to be topping $2 billion annually.

The next two phases witnessed the rise and continuing maturation of the criminal syndicates and activist groups such as Anonymous and Wikileaks. We also started to see nation states directing attacks at private corporations, such as North Korea's attack on Sony Pictures, its worldwide ransomware attack known as WannaCry affecting hundreds of thousands of computers in more then 150 countries, and Iran's DDOS attacks against NY banks.

The current phases involves nation state v. nation state, examples being Russia's interruption of Ukraine's power grid and interference with Brexit voting and elections in the US and other western democracies.

With the fourth phase attacks being instruments of exerting national power, different methods of response would be expected. Instead, the US continues to rely on sanctions, expelling of diplomats, and in the most recent case, indictments against Russian nationals accused of interference with the 2016 US national elections.

Clearly, continuing to respond to geopolitical attacks with methods used for criminals is unsuited and ineffective.

The time has come for the US to step beyond its defense orientation and out of synch responses and adopt a posture of 'active defenses' such as being used by the UK as a means to deter future attacks.

Without such a change in thinking, attacks on the US will continue their escalation in frequency and severity.