The intelligence reports alleging a Russian cyber-attack on the Democratic National Committee have captured the public imagination like no other hack. The suggestion that the Kremlin’s cyber know-how succeeded in manipulating public debate, influencing results at the ballot box, is a throwback to the height of Cold War espionage.
Given the obvious diplomatic and political dimension, it is no wonder President Obama pledged a response to the meddling, which he announced Thursday and also why he announced a “full review” of what transpired. However, the possibility of such a breach should not be surprising.
State-sanctioned cyber combat has long since replaced tanks and airplanes at the cutting edge of warfare.
China’s cyber snooping on American companies, to secure a market edge was almost an open secret. So much so, that the U.S. and China reached a formal agreement last year to refrain from cyber-theft. Meanwhile, the North Korean regime brought the entertainment giant Sony to its knees two years ago, in order to make a political point over an upcoming movie.
The high-profile Sony hack exposed the vulnerability of even the world’s biggest brands. A glance at recent headlines indicates that lessons have not been learned.
Earlier this month, Yahoo admitted that data belonging to a staggering one billion users had been compromised. A week earlier, German steel giant ThyssenKrupp, responsible for sensitive industrial projects across the world, revealed an infiltration and trade secrets stolen. During the same period, one of the UK’s largest cell phone companies reported a hack placing the personal information of six million customers at risk. The financial and reputational cost for these companies can be crippling. The price for governments is also significant. As Bill Evanina, the head of the National Counterintelligence and Security Center recently said, “Economic security is national security.”
Governments should also note that the potential for widespread public chaos is huge. Last December, around 230,000 people in the Ivano-Frankivsk region of Western Ukraine were plunged into darkness. Hackers had taken control of the local power supply and quite literally switched the lights off. Ukrainian officials pointed the finger firmly at Russia. The United States is far from immune from these apocalyptic scenarios. Earlier this year, the Justice Department accused hackers linked to the Iranian government of attempting to grind to a halt dozens of financial institutions and a dam north of New York.
By its very nature, cyber warfare is constantly evolving. Increasingly sophisticated modes of attack pose an ever more potent threat.
We have come a long way since Gary McKinnon hacked his way into nearly 100 Pentagon and NASA computers in 2001, apparently seeking information about UFOs. Cyber warfare long ago ceased to be the domain of talented cranks working out of a basement. The dark web is today patrolled by sophisticated networks which transcend borders, sponsored or protected by state governments. While the likes of Gary McKinnon may be brought to justice, today’s cyber warriors are practically immune from legal recourse.
If governments wish to protect their vital interests, they will need an entirely different approach. Obama’s review is a sensible first step. It is set to examine cyber interference in elections dating back to 2008. Hopefully this will clarify what progress has been made since then and set out current capabilities. This assessment is a critical starting point, but must not be allowed to end there. A diagnosis is pointless without a cure. It merely allows the illness to persist, inevitably causing further damage.
Too often though, governments have viewed the expensive purchase of the latest technological tools as the remedy to cyber-attack. In fact, it is nothing more than a band-aid, allowing the sickness of cyber warfare, with all its viruses and bugs, to continue to flourish. Instead, an all-encompassing, holistic cyber strategy is needed - A comprehensive plan which addresses the trends of tomorrow, rather than fire-fighting today’s immediate threats. On this basis, governments can invest the right resources and apply the right technological solutions to provide long-term security, integrating them effectively into the everyday workings of government and key institutions.
Cyber enemies are undoubtedly enthusiastically advancing their arsenal. Obama’s review cannot be left to gather dust as a toothless document on the shelves of power. Much will depend on the approach of the incoming administration. However, failure to use it as a springboard towards a forward-thinking cyber defense strategy will have serious and costly consequences.
Brig. Gen. (ret.) Eli Ben Meir is the Chief Strategy Officer and co-founder of CyGov, a leading cyber security advisory. He is formerly the second in command of Israel’s military intelligence.