In June 2021, the 25-member United Nations (UN) “Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security” (GGE) produced a report, building on its previous meetings to get the international community on the same page with respect to cyber attacks. Typically, final reports are only produced when the members have reached consensus. Notably, where previous GGEs succeeded, the 2016-2017 GGE did not produce such a report, with disagreements over key issues such as self-defense and the right to take countermeasures in response to cyber attacks. The latest report is noteworthy, particularly coming on the heels of some of the most prominent cyber attacks suspected of being executed by the very governments represented in the GGE, as well as the Open-Ended Working Group that addresses the same issues but is open to all UN members.
Recently, the International Institute for Strategic Studies (IISS) published a report that assessed nation state cyber capabilities and national power. The qualitative assessment covered and codified seven categories that contributed to building a nation state’s cyber program: strategy and doctrine; governance, command and control; core cyber intelligence capability; cyber empowerment and dependence; cyber security; global leadership in cyber affairs; and offensive cyber capability. The culmination of two-year’s worth of research, IISS conducted this broader study in order to provide a more comprehensive view and ultimately ranking what it considered the top 15 countries into three tiers based on its findings.
In his first meeting with Russian President Vladimir Putin, U.S. President Joe Biden claimed to have presented his counterpart with a list of 16 red-line targets, ostensibly the critical infrastructure sectors that are listed on the Department of Homeland Security’s webpage. Such sectors are considered vital to the United States, and any potential incapacitation or destruction of them can gravely impact the “security, national economic security, and national public health or safety.”
Beijing has been engaged in a battle for public opinion for several years, aggressively promoting a positive vision of China to counter criticisms for its involvement in human rights violations, intellectual property theft, currency manipulation, its engagement with Taiwan and the South China Sea disputes, and its suspected involvement in the COVID-19 outbreak. In 2017, senior Party leaders acknowledged that “the main battlefield for public opinion” occurs on the extensive borderless Internet where people receive their news, express their thoughts, and promote and argue their political and ideological viewpoints. Beijing understands how the Internet is essential in disseminating China-friendly narratives, while at the same time deflecting criticisms and reassigning blame. In essence, it is how Beijing seeks to preserve its image while tarnishing those of others.
In mid-May 2021, Russia’s Federal Security Service (FSB)’s National Coordination Center for Computer Incidentspublished a joint report with Rostelecom-Solar, the cybersecurity arm of Russian telecom company Rostelecom, about a 2020 cyber espionage campaign that targeted Russian government agencies. The publicly-available portion of the report disclosed stealthy cyber operations that targeted key individuals associated with “the federal executive branch (FOI) of the Russian Federation.” Although details of the operation have been kept close hold, the report did cite that the main intent of the campaign was to completely compromise IT infrastructure for the purposes of stealing sensitive information to include “documentation from closed segments and email correspondence.”
A recent report has revealed that an Iranian threat actor group dubbed “Agrius” has been operating in Israel since 2020. The group has been linked to cyber espionage activity and has quickly evolved into conducting destructive wiper malware attacks against Israeli targets. What’ more, these attacks have been posing as ransomware attacks in order to mask their true intent. This is not the group’s first foray into executing destructive attacks.
The ransomware attack against Colonial Pipeline revealed how disruptive this malware can be when it impacts civilian critical infrastructure. The successful shutdown of 5,500 miles of pipeline created concern among gas-strapped populations and a government wondering if this attack was the work of cyber criminals or a foreign adversary looking for retribution.
Several governments including the United States recognize the criticality of protecting critical infrastructure as a national security priority. But there is little headway in determining what, if any, operations against critical infrastructure are acceptable. Without such consensus, nation states are left to their own devices, opting to use sanctions or retaliatory cyber strikes to register their complaints. These are poor options, as lack of setting such redlines and having governments sign on to them risks a cyber incident being misinterpreted and misunderstood, and thereby, increasing the chance for state-on-state escalation via disproportionate retaliation.
In early April 2021, the U.S. District Court for the Southern District of Texas granted the Department of Justice the authority to disrupt the exploitation of Microsoft Exchange server vulnerabilities. This authority empowered the Federal Bureau of Investigation (FBI) to “hack” into private sector computers without having to notify those organizations. The intent was to protect infected systems by identifying malicious code designed to take control of the victimized computers.
Beijing appears to be engaging in political warfare where it is attempting to fester animosity between foreign governments that show favor to Taiwan, a threat to the long-standing policy of “One Country, Two Systems” with regard to the island. In a recent instance, a fake announcement appeared to be from Taiwan’s Presidential Office on Facebook that asserted that the Taiwanese government intended to accept contaminated wastewater from a Japanese nuclear power plant. A second incident occurred in December 2020 when Taiwanese authorities investigated two Taiwanese with ties to Chinese mainland spreading a similar fake Presidential Office announcement that alleged U.S. and Taiwanese in involvement in protests in Thailand.