Cyberwar: How Nations Attack Without Bullets or Bombs
1. What are the hallmarks of cyberwarfare?
A cyberattack that disables essential services, such as telecommunications or electricity, might raise suspicions that a state or its proxies was behind it. So might the sheer scale of an attack, even if the direct target is private industry. Even disinformation campaigns, such as Russia’s targeting the 2016 U.S. president election, can be thought of as a softer but still damaging type of cyberwarfare. One incident that’s become public and is generally agreed to be an act of cyberwarfare was the so-called Stuxnet attack, which was discovered in 2010 and involved computer code that destroyed as many as 1,000 nuclear centrifuges in Iran. The New York Times reported that this was a joint operation between the U.S. and Israel code-named Olympic Games.
2. What forms can it take?
Infecting a computer system with viruses or worms, holding it hostage with ransomware, disabling it with a flood of messages (a denial of service attack) or stealing data could be considered acts of cyberwarfare, depending on the context and the impact.
3. Were the recent ransomware attacks on the U.S. cyberwarfare?
Probably not. Ransomware attacks on Colonial Pipeline Co., operator of the biggest U.S. gasoline pipeline, and JBS SA, the world’s largest meat producer, had real if short-lived effects for many Americans. Both were attributed to hacking groups tied to Russia, which has been accused of offering safe haven to criminal hackers as long as they steer clear of targets based in Russia or its allies. But that’s not the same as a state-sponsored attack, and anyway, the Russian government denied any connection. Russian state-sponsored hackers are also suspected of being behind the 2020 hacking campaign that infiltrated at least nine agencies of the U.S. federal government by altering software belonging to Texas-based SolarWinds Corp. Another powerful cyberspace adversary of the U.S., China, is suspected of being behind the massive breach of Microsoft email servers that left thousands of U.S. organizations, businesses and local governments exposed to hackers.
Nobody has ever witnessed a true cyberwar, with escalating attacks and counterattacks in the digital realm perhaps accompanied by military combat in the real world. (A 2019 Israeli airstrike on a building in the Gaza Strip may have been the first real-world response to a cyberattack; Israel said Hamas, the Islamist Palestinian group that controls the territory, was using the building as a base for the cyber operation.) Warring nations could shut down each other’s power grids (as Russia did to Ukraine in 2015 and 2016), wipe out data centers, scramble bank records to cause financial panic, interfere with the safe operations of dams and nuclear plants and blind radar and targeting systems of fighter jets. Had the Stuxnet attack failed, the U.S. was ready with a broad cyber battle plan against Iran that would have taken out its power grids, the New York Times reported.
5. Aren’t attacks on civilians supposed to be off-limits?
Real-world military confrontations are guided by rules of war that date back centuries and are meant to reduce civilian suffering. The Tallin Manual, published in 2013 by a think tank affiliated with the North Atlantic Treaty Organization, was an attempt to apply those rules to cyberwarfare -- defining which targets are off-limits (schools and hospitals, for example) and under what circumstances a country can respond to a hack attack with military force. But the manual carries no official weight.
The Council on Foreign Relations says 34 nations are suspected of sponsoring cyberattacks since 2005, with China, Russia, Iran, and North Korea behind more than three-quarters of them. The U.S. is by far the biggest target of significant cyberattacks -- including those on government agencies, defense contractors or high-tech companies -- followed by the U.K. and India, according to a review of data kept by the Center for Strategic & International Studies.
7. Are actual soldiers involved?
Sometimes. Nations including the U.S. have cyberwarfare units to conduct intelligence-gathering operations and support military missions. A Russian hacking group suspected in the 2020 hack of U.S. government systems, known as Cozy Bear or APT29, is “almost certainly part of the Russian intelligence services,” according to a joint advisory by U.S., British and Canadian security agencies. North Korea’s hacker army, which specializes in cybercrimes that earn money for the ruling regime, is believed to have begun as part of the military.
8. What kind of defenses are possible?
Early in his term, U.S. President Joe Biden moved to shore up the security of the U.S. power grid, providing incentives for electric companies to overhaul their protections against cyberattacks. The broader White House plan included securing the highly specialized computers also used by municipal water utilities, gas pipeline operators and others. In 2018, under President Donald Trump, the U.S. eased rules on “offensive cyber operations” aimed at “defending the integrity of our electoral process.” The effort reportedly included sending direct messages to individual Russians behind disinformation operations letting them know that they had been identified.