Former US special counsel Robert Mueller’s claims of a coordinated attack by Russian operatives on the American political system were yet another reminder of the growing threat of cyberwarfare. But while Russian hackers are now popularly perceived as the gravest menace to the Western democracies, Moscow and Washington might have advanced the most in asserting the rules of engagement.
Although the number of cyberattacks has been increasing worldwide for years, it is alleged Russian meddling that has alarmed many Americans about the threat. It is still unclear to what extent the Kremlin’s efforts were capable of altering the outcome of the US elections in 2016, but the evidence of meddling itself was the biggest indicator of how digital technologies and social media can sway politics and businesses.
With the next US presidential election looming and US intelligence continuing to perceive Russia as a major threat, few could argue about the need to boost cybersecurity.
Previously, the Russian government has been accused by the Trump administration of targeting the US power grid, and last year the Department of Homeland Security blamed Russian hackers in infiltrating the critical control systems of major electrical systems. Little wonder that this year the White House allocated cybersecurity funding of US$15 billion, while the entire budget remains unknown because of “the sensitive nature of some activities.” A New York Times report claimed that Washington had escalated attacks on Russia’s electric power grid. The claims, however, were vehemently denied by President Donald Trump.
Despite the cyber buildup on both sides, Russia and the US might have actually passed the tipping point of the confrontation. Though alarming, this type of exchange might actually signal the emergence of a strategy of deterrence in cyberspace between the former Cold War adversaries that could outline the mutual rules of engagement. In effect, both nations might have agreed on abstaining from using cyberwarfare on the same scale as before, while acknowledging potentially devastating symmetric retribution.
Such a strategy, if actually implemented, would add checks and balances to the relations between Russia and the US, while also helping to avoid damaging infiltrations and even opening more room for cooperation in the medium term. But while Moscow and Washington might have learned the lessons the hard way, the overall situation in cyberspace deserves greater concern.
Last year, an estimated 2 million cyberattacks resulted in more than $45 billion in losses worldwide. More studies projected that annual global damage related to cybercrime would hit $6 trillion by 2021. Another report suggested that companies could incur $5.2 trillion in additional costs and revenue loss due to cyberattacks over the next five years. Online Trust Alliance (OTA) showcased that damage from ransomware rose 60%, business e-mail compromise attack losses doubled and crypto-jacking damages tripled. The FBI report on ransomware prevention also claimed that more than 4,000 ransomware attacks occur daily.
Starting from 2015, the United States was the country most affected by targeted cyberattacks, followed by the United Kingdom and Germany. While security of infrastructure and state institutions remain a top priority, most cyberattacks are deemed as tools applied by both states and corporations to spur economic advantage.
According to Thomson Reuters Labs, “state-sponsored cyberattacks are an emerging and significant risk to private enterprise that will increasingly challenge those sectors of the business world that provide convenient targets for settling geopolitical grievances.”
This year state-run Chinese media claimed that most cyberattacks against China are from the US. In contrast, a report produced by the Center for Strategic and International Studies (CSIS) claimed that China has been the largest source of attacks in cyberspace since 2006, followed by Russia.
Last December, the US, in coordination with other nations, accused Beijing of conducting a 12-year campaign of cyber-espionage targeting the trade secrets of companies across 12 countries. The tensions between the US and China have escalated even more after the trade conflicts and the White House’s shifting attitudes toward Beijing. In February, US businesses and government agencies reported that corporate giants such as Boeing, General Electric Aviation and T-Mobile were among the recent targets of Chinese industrial-espionage efforts.
Previously, a landmark deal between then-US president Barack Obama and Chinese President Xi Jinping on cyber-espionage acted as a form of deterrence, but now it does not seem to be in place any longer.
Although US-China cyberwarfare looks alarming, recent years were also marked by increased attacks by hackers linked to the regimes in North Korea and Iran.
US Justice Department officials have claimed that Pyongyang continues to back bank hacking to make up for the losses from sanctions, while some hackers targeted US government bodies. The United Nations also asserted that North Korean hackers acquired around $670 million in foreign currency and cryptocurrency from 2015 to 2018 and were continuing their activities despite a breakthrough in negotiations with the Trump administration.
As military tensions between Washington and Tehran rise to a breaking point, conflict seems to be already happening in cyberspace. Recent reports claim that Iran has increased its offensive against the US government and critical infrastructure. In return, the US Cyber Command appeared to conduct online attacks against an Iranian intelligence group. It is unlikely that the tensions and, hence, cyberattacks will cool down any time soon or some form of deterrence might emerge.
Although Russia and the US continue to treat each other as adversaries, the two nations might have actually advanced the most in asserting deterrence in cyberspace and possibly avoiding large-scale confrontation. In contrast, cyber games in the shadows amid geopolitical tensions with other adversaries could lead to more escalation. In a world without commonly accepted rules of engagement, cyberwarfare might easily spiral out of control, leading to multiple consequences.