This Is How the US Responds to Cyber Hacking by Russia, China, and Other Countries

 

In the era of software and Artificial intelligence, it’s not that surprising that tech giants companies, backed by respective governments, start misusing its power and try cyber attacks on rival countries. Very recent example is Russia and the U.S.

According to a public report, Russian hackers with the Kremlin, inserted malicious code into software made by the U.S. tech firm SolarWinds. Corrupted updates were then downloaded by private companies and government agencies, giving Russian intelligence a backdoor into their networks.

There was another case when Chinese hackers breached the U.S. Office of Personnel Management in 2014, scooping up the sensitive personal data of Americans holding government security clearances. The consensus among experts was that the intrusion was extremely damaging, but not out of bounds.

Such “supply-chain” attacks are not unprecedented: In 2018, there were reports (denied by all parties) that Chinese hackers had used a hardware supply-chain attack to compromise a variety of sensitive networks.

There are three strategic implications:

1. U.S must not fall asleep on Russia, even though the Chinese threat attracts the majority of America’s geopolitical attention. Russia may be a declining, economically moribund power, but its high tolerance for risk, combined with Moscow’s talent for identifying and exploiting western vulnerabilities, means that Washington downplays the Russian challenge at its peril.

2. Effective cyber strategy must blend unilateral and multilateral measures. It seems likely that many other countries were victimized by the SolarWinds hack. The U.S. must therefore work more closely with other advanced democracies to strengthen shared warning networks, coordinate damage assessments, and impose sharp costs on malign actors. As Microsoft president Brad Smith argues, “In a world where authoritarian countries are launching cyberattacks against the world’s democracies, it is more important than ever for democratic governments to work together.”

3. Those responses cannot be solely defensive. SolarWinds highlights the basic offense-defense asymmetry in cyberspace: A clever attack will require remediation efforts costing orders of magnitude more than the attack itself. Moreover, the relatively open nature of the democratic internet, and the fact that responsibility for cybersecurity is diffused among so many public and private actors, creates vectors of vulnerability that will always tempt authoritarian regimes.


Way Forward:

U.S. Cyber Command has been pursuing a “defend forward” posture that emphasizes keeping adversaries off balance by penetrating and disrupting their networks. In the wake of this attack, the U.S. must find subtle ways of showing that it can achieve equivalent or greater breaches of Russian networks — those used by Putin’s security services and propaganda organs.

The U.S., preferably in concert with allies, impose targeted financial and diplomatic sanctions, to demonstrate that America retains the right to respond to major cyber breaches with whatever tools it deems appropriate. Such a response would raise tensions in the short term. Over time, however, it might promote a sort of mutual restraint when it comes to cyberattacks with the potential to seriously disrupt modern societies.

As during the Cold War, Moscow and Washington reached a tacit agreement not to shoot down each other’s spy satellites, once it was clear that each side was capable of doing that, and that neither side would benefit from unrestrained competition. Now, like in the past, achieving eventual de-escalation will first require making clear that escalation will not pay.

The so-called SolarWinds breach represents a step up in cyberespionage, exposing a new degree of democratic vulnerability and authoritarian ambition which should be countered anyhow. To achieve this, it is more important than ever for democratic governments to work together.

But, in today's international diaspora, every country frames their Foreign policy according to their own strategic interests and the authoritarian countries are launching cyberattacks against the world’s democracies like the U.S. The need of the hour is to give a strategic boost to organizations like “QUAD” and counter the authoritarian ambitions of China & Russia.

Written by - Atul Bihari Chakrawarti

Edited by - Prachi Raheja