"If we end in a war, a true shooting war with major powers, it will be as a result of a cyber breach that has great consequence,"he stated to his intelligence brain trust in July.
Tensions are rising over Ukraine, with Western officials warning of the possibility that Russia could launch damaging cyberattacks on Ukraine's NATO allies. Although no one suggests that this could lead to a war between nuclear-armed adversaries, the risk for escalation is real.
Uncertainty about the digital boundary is what can pose a danger. Cyberattacks that target critical infrastructure using ransomware have been increasing over the years, and are often not punished. It is not clear how serious a malicious cyber attack by a state actor would need to be in order to qualify as an act of war.
Max Smeets (director of the European Cyber Conflict Research Initiative) said that "the rules are fuzzy." "It is not clear what is permitted and what isn’t."
If Russia sends troops to Ukraine, the United States and NATO members threaten crippling sanctions. It is not clear if such sanctions would also have secondary effects on Europe if Russia caused serious damage to the critical infrastructure of Ukraine -- electricity, telecommunications and railways -- or if cyberattacks were used in place of an invasion.
If the West responded harshly to Russian aggression in cyberspace, Moscow could strike back against NATO countries with an intensity and scale never seen before. An attack on U.S. targets in cyberspace would almost certainly trigger a strong response. What about smaller cyberattacks? Oder if Vladimir Putin, the Russian President, restricted them to NATO members in Europe?
An attack on any one of the organization's 30 members is considered to be an attack on everyone, according to Article 5 of the treaty. It is not clear what it would take for full-scale cyber retaliation. How severe an attack must be to provoke retaliation by NATO's most powerful cyber military forces, led primarily by the U.S.A. and Britain.
Cyberspace is extremely chaotic. No arms control treaties exist to put guard rails on state-backed hacking, which is often shielded by plausible deniability as it's often difficult to quickly attribute cyberattacks and intelligence-gathering intrusions. This technology is inexpensive and criminals can act in proxy, further complicating the issue of attribution. Hacktivists and freelancers add to the problem.
The major powers and other countries agreed to 11 voluntary norms for international cyber behavior at United Nations. They are often ignored. They were created by Russia to disrupt Ukraine's electricity grid that winter, and to launch its hack-and leak operation to interfere with the 2016 U.S. presidential elections.
Hacking is now a key component of conflict between great power. Cyberspace was officially designated a "domain of conflict" by NATO in 2016.
Putin's attempt to return Ukraine into Moscow's orbit is the clearest example of cyberspace militarization.
Serhii demediuk, the No. Serhii Demediuk, the No. 2 official on Ukraine’s National Security and Defense Council, said that the noisy cyberattack last month was part of a larger Russian operation to destabilize Ukraine's situation. This operation was aimed at "exploding our Euroatlantic integration and seizing control."
Servers at the State Emergency Service as well as the Motor Transport Insurance Bureau were damaged by a ransomware-encoded "wiper". Although the damage was minimal, a message was posted on multiple government websites warning people to be afraid and expecting the worst.
These attacks will continue, as Putin attempts to "degrade and "delegitimize trust in Ukrainian institutions," CrowdStrike stated in a blogon Russian Military Cyber Wreckage in the former Soviet Republic: NotPetya followed the 2015 and 2016 winter attacks on the power grid, causing more than $10 billion of damage worldwide.
Michele Markoff is the U.S. State Department's assistant coordinator for cyber issues. believes that "muscular diplomacy” is the only way to end such "immoral and unethical" behavior.
But how do you quantify them? Cyberweapons are not as easily quantifiable, verified, or limited in treaties, unlike nuclear weapons. Even with Russia and China holding veto power at its Security Council, violators are unlikely to be held responsible in the United Nations.
Duncan Hollis, a Temple Law Professor and former State Department legal advisor, said that "we've wallowed in a quagmire since years now on making transgressors accountability."
Members approved in May an updated to the 2015 U.N. norme. further defines what should be out of bounds. This includes hospitals, energy and sanitation as well as education and financial services. This has not deterred Russian-speaking ransomware criminals , who are at best tolerated by Russia. The U.S. indictments against Russian and Chinese state hackers, and the blacklisting tech companies accused of aiding themhelped little.
A new policy adopted by NATO last year following U.S lobbying, An accumulation of lower-level cyberattacks - far below, for example, blacking out U.S East Coast - could be enough to trigger Article 5 NATO is not clear on the tipping point.
NATO's doctrinal shift came after two seismic cyberespionage shocks: the 2020 SolarWinds supply-chain hack by Russia, which severely rattled Washington, and the March 2021 Microsoft Exchange hack that was attributed to Chinese security. These hacks set off a free-for-all criminal hacking.
Inflicting a deep national security wound was a cluster of data thefts in the mid-2010s that were attributed to China. It involved the U.S. Office of Personnel Management (United Airlines, Marriott hotels, and Anthem, the U.S. health insurance company). U.S. officials worry for over a decade about their rivals, Russia in particular -- quietly "prepositioning" enough malwarein U.S. vital infrastructure including the energy sector to cause significant chaos in an armistice conflict.
U.S. Cyber Command responded by creating a strategy for 2018 that it calls "persistent Engagement" to counter rivals who "operate continually below the threshold of arm conflict to weaken institutions, and gain strategic advantages."
Cybercom commander Gen. Paul Nakasone wrote.
This has often meant that you can penetrate not only adversaries' networks, but also those of your allies -- sometimes without their permission, according to Smeets (the European cyber conflict analyst).
Also, disinformation campaigns have muddled the definitions of "cyber threats." They no longer include malware like NotPetya and the Stuxnet virus which destroyed Iranian nuclear centrifuges. This operation was widely blamed on the U.S.A. and Israel and was discovered in 2010.
Cybercom temporarily shut down a major Russian disinformation machine during the 2018 U.S. Midterm Elections.
Major powers often have an equivalent to a U.S. Cyber Command, which is used for defense and offense.
Terrorists, criminals acting as state proxies and disgruntled freelancers are also active. Cyber Partisans in Belarus
Hollis compares today's messy cyber moment with the early 19th century, when U.S. and European naval forces were so small that they often relied on privateers -- now we know them as pirates--for high-seas dirty jobs.
According to Demediuk, a Ukrainian security official, the U.S. and other NATO members are helping Ukraine set up a separate cyber-military unit. He said that NATO has been coordinating its cyber activities with Ukraine since Russia took Crimea in 2014.
Ukraine revealed a eight-year-old espionage operation in Crimea by agents from Russia's FSB. It involved more than 5000 attempted hacks. The primary goal was to control critical infrastructure such as power plants and heating systems, Ukraine’s state news agency stated.
Microsoft stated that the ongoing operation, codenamed Armageddon by Russian cyber operators, continues to attempt to penetrate Ukraine's judiciary, military and law enforcement. Microsoft didn't detect any damage, but this doesn't necessarily mean that Russian cyber operators aren't operating undetected.
This is where hackers hide until it's time to strike.