Nation-state confrontations in cyberspace are increasing dramatically, and one of the most alarming examples in recent memory is the Russian government’s hack of a US presidential campaign.
While it’s true that foreign governments have hacked other US presidential campaigns before (John McCain and Barack Obama in 2008, Mitt Romney and Obama in 2012), the 2016 attack on the Democratic National Committee and Hillary Clinton presidential campaign is unique and disturbing because instead of focusing on traditional espionage, the hackers seem to be trying to influence and interfere with the actual election itself.
Russia’s cyber assault by “Cozy Bear” and “Fancy Bear” on the DNC and Clinton campaign is one of the most provocative acts we’ve seen against the US, from a cyber perspective. It comes very close to crossing a diplomatic “red line” - and in another year it may actually do so. Several years ago, the US military disclosed that there are certain types of cyber attacks it considers off-limits: these are primarily attacks on critical infrastructure, such as triggering a power outage. However, the Department of Homeland Security is now considering designating the US election system as “critical infrastructure” too - which could up the ante for any future attacks on political campaigns.
As the US draws red lines in cyberspace, it raises the risk of an eventual confrontation. After all, cyber operations are increasingly important for nation-state espionage, security and military planning.
Here are four things to keep in mind should the US and Russia engage in a full-scale cyber conflict.
How would a US/Russia cyber battle be most likely to start?
There are several potential flash points that could escalate a US/Russia cyber conflict.
For instance, were either side to carry out cyber attacks on the other that led to the disruption of critical infrastructure services (power, water supply, transportation, etc.), weakened the financial system (banks, stock exchange, central banks), interfered with military operations or were clearly aimed at fomenting domestic instability or inspiring regime change, this would most likely trigger some type of retaliatory response.
There’s also the possibility for an accidental trigger. After all, both the US and Russia are believed to be actively probing each other’s power grid networks. However, cyber-espionage intrusions into supervisory control and data acquisition (SCADA) systems can lead to unintended consequences. These are sensitive industrial systems connected to physical machinery. If mistakes are made in the network intrusions, it’s possible that physical systems could be damaged, leading to accidental service disruption.
Russia’s government also has murky ties to a number of cybercriminal groups. If one of these criminal groups were to go too far - say it was aggressively targeting US financials with advanced cyber-ransomware, putting the larger financial system at risk - we could find ourselves in a situation where the US government had to intervene, and might do so by attacking the criminal-controlled servers based in Russia, which could in turn spark a retaliatory response from the Russian government.
While no one expects a World War III battle in cyberspace, there is a stronger possibility than you might think for limited state-on-state confrontations.
Potential cyber hot spots:
Perhaps the greatest risk of a cyber conflict is in areas where the US and Russia are already enmeshed in geopolitical competition: Ukraine and other border states like Estonia and Georgia, Syria/Iraq, the Black Sea, etc.
In the case of former Soviet states, there is a good probability of future Russian cyber attacks on these governments and militaries. After all, Russia has already attacked all three of these countries: in December 2015 it disrupted power to 225,000 Ukrainians after hacking three electric providers; in 2007 it caused widespread Internet disruption in Estonia, including banks, government services and media broadcasters; and in 2008 Russia conducted a similar operation against Georgia. The US is now helping Estonia to boost its cybersecurity and cyber war readiness and in 2013 the two countries signed a special cyber partnership agreement to this end.
US drone and air support operations in support of rebel forces in Syria run afoul of Russia’s own geopolitical interests. It’s not unrealistic to think we could eventually see an electronic war (signal jamming, etc.) targeting US or ally operations in this combat zone if tensions were to escalate.
How far would both sides go in such a conflict?
A full-scale cyber “war,” in which it’s a true all-or-nothing, military-style campaign against electronic systems, is probably unlikely between the US and Russia directly. The risks are simply too great. However, that doesn’t mean that we won’t see smaller, more limited conflicts emerge periodically.
There are any number of possible scenarios for a smaller scale US/Russia cyber confrontation. The key, however, is that both sides would most likely try to limit their own attacks to a “tit-for-tat” strategy, so as to avoid escalating the conflict unnecessarily. In most cases, a limited conflict would be more about setting boundaries, saving face in public and showing off capabilities for the purpose of future deterrence.
So let’s take the example of a Russian organized crime group that goes too far with its ransomware attacks on the US financial sector. What would happen? If the US conducted a strategic takedown of Russian-based servers to disable the group and dispose of the immediate threat, the Russian government might respond by taking down one of our widely used web hosting providers. Or it might engage in wider spread denial-of-service attacks.
If things escalated, how bad could it get?
In a worse-case scenario where the US and Russia really went head-to-head in a full-scale cyber war, the possibilities are almost endless since both sides have advanced capabilities in this field.
The Russians have already demonstrated the ability to trigger power outages using malware. The US is also believed to have been behind “Stuxnet,” which physically destroyed centrifuges at Iranian nuclear facilities.
Disruptive cyber attacks from both countries could also be used against water treatment plants, dams, airports, railroads, shipping, satellites, you name it. The most recent computer glitch at Delta or the Chinese attack of Vietnamese airports are good examples of what ‘could’ happen - both led to flight cancellations and that sort of disruption could easily be amplified by hackers with much more devastating results. Hospitals could also be disrupted, either by cutting off the power to them or disabling their internal networks - or even just blocking access to critical data with ransomware. The banking system could likewise be disrupted in a number of ways, from extremely powerful denial-of-service attacks to infecting them with “wiper” malware aimed at deleting critical financial records. TV broadcasters could be taken down in various markets. This possibility was demonstrated in April 2015, when French TV network TV5 Monde lost signals to 11 of its stations following a cyber attack. That attack has since been linked to Russia.
While it’s unlikely a full-scale cyber war will ensue unless the US/Russia relationship deteriorates, the fact is that the US and Russia have been in a simmering cyber war for some time and if we don’t start taking the threat of cybersecurity more seriously, we run the risk of seeing more advanced and devastating attacks against our country.