RUSSIA
A Special Kind of War
Much ado has been made of the alleged Russian hacking of US government agencies – the perpetrators infiltrated the Departments of Commerce, Defense, Energy, Homeland Security, State and the Treasury, as well as major companies like Cisco and Intel and other organization that used SolarWinds, an American-made software for management and remote monitoring.
The fuss is justified.
The hackers, for example, ran their scheme for nine months. They gained access to emails circulated at the Los Alamos National Laboratory, which oversees nuclear weapons, CBS News reported. The hackers are still combing through public systems, exploiting backdoors and other secrets they’ve discovered or created in their victims’ technology.
Some cyber security experts believe it will be impossible to get rid of the tunnels and access points planted.
Karim Hijazi, who now serves as CEO of the security firm Prevailion, told Politico that the hackers will likely have “gone to ground” at this point. “And while they’re there, they’re almost impossible to detect,” he said. He added that some experts in the field believe a huge overhaul targeting the federal systems is the only way to boot the hackers out for good – essentially burning it all down and starting over. “But it’s unclear whether that’s even possible,” he said. “There is another school of thought that there is just no way to kick them out.”
The big questions now are, who did it and what comes next.
Russian leaders have denied their involvement but Secretary of State Mike Pompeo and Attorney General William Barr have blamed Kremlin operatives. President Donald Trump has played down the Russian role and hinted that China might, in fact, be to blame.
Whoever is responsible, the hacking was potentially the biggest counterintelligence failure in the history of the US, wrote NBC News.
The hacking was a wakeup call for American officials and others around the world who have arguably been asleep at the wheel as cybersecurity has become more important in world affairs. The US government has invested billions in a so-called “Einstein patrols” system that is supposed to stop malware and other attacks. That system arose after China’s hacking of the Office of Personnel Management in 2015, the American national security apparatus’s previous big embarrassment.
But the Einstein works best for known threats, “like a bouncer who keeps out everyone on their list but turns a blind eye to names they don’t recognize,” wrote Ars Technica.
American officials were also busy setting up firewalls to prevent Russian or other meddling in the 2020 election, the New York Times noted. Facing an invigorated defense, the cagey hackers apparently simply turned their attention to more vulnerable targets elsewhere.
Writing in Politico, former National Security Agency Counsel Glenn Gerstell said the crisis should prompt officials to redouble their efforts to improve cybersecurity. He called for more funding for reforms, more international cooperation between intelligence agencies and other measures.
President-elect Joe Biden faces a test of how he will respond to this attack when he assumes office, wrote Salon. Was the hacking an instance of espionage or an act of war? Either way, the issue will likely lead to chilly relations between the new president and his Russian counterpart, Vladimir Putin, National Public Radio added.
Regardless, the world has entered a new front in warfare.
The problem is, however, there are no rules yet. For example, analysts say one worry is how the Biden administration can deter Russia from trying again without escalating the response into a spiraling cyberwar. Second, it’s difficult to figure out what an appropriate response is when there has been no loss of life or concrete damage to the national infrastructure. Another issue is a lack of international law addressing the topic.
Analysts say that just like with nuclear and other weapons, it’s time for protocols on what is allowable and what is not.
“There really is no international agreement about what constitutes cyber warfare,” Dave Kennedy, a former NSA hacker who founded the cybersecurity company TrustedSec, told Politico. Legally, he added, “it’s the wild, wild west. … When it comes to going after foreign government agencies, there’s not much in terms of what we cannot do.”
No comments:
Post a Comment