Cyberattacks affecting critical infrastructure are on the rise. In early May, a ransomware attack on the Colonial Pipeline billing system led the company to shut the entire fuel pipeline down. As a result, gas prices rose, fuel shortages ensued, and panic hit the East Coast. Colonial Pipeline paid the ransom with the equivalent of $4.4 million in Bitcoin to get the decryption key, according to PBS.
The Darkside ransomware was responsible for the compromise of the Colonial Pipeline networks, according to the FBI. DarkSide is also the name of the Russian Ransomware group responsible for the attack, according to The Wall Street Journal.
Later that month, a ransomware attack on JBS USA Holdings, Inc., a meat processing company, led to a rise in beef prices. JBS paid the ransom in bitcoin worth $11 million to get its decryption key, according to the New York Post. According to the U.S. Centers for Disease Control and Prevention (CDC), meat processors fall under the Food and Agriculture Sector umbrella, and so are critical infrastructure. The Russian hacker collective REvil Group was behind this attack, according to CNBC.
In an interview following the Colonial Pipeline attack, U.S. President Joe Biden confirmed that he would not rule out any cyberattacks targeting the criminal group behind it, according to CNN.
Yet according to experts, these attacks should not be considered "cyber-warfare" because they don't meet the criteria. Cyber-warfare indicates activities comparable to warfighting, such as the conventional use of military strike capabilities, according to Christopher Whyte, assistant professor in the homeland security and emergency preparedness program of Virginia Commonwealth University. "The Colonial Pipeline attack, for instance, was likely not cyber-warfare," says Whyte.
According to John Arquilla, distinguished professor of defense analysis at the U.S. Naval Postgraduate School, cyber-warfare describes the use of sophisticated cyber-intrusion techniques in tandem with wartime attacks. For example, the Russian-Georgian War of 2008 included the first examples of cyber-warfare; according to Arquilla, Russia used cyberattacks to knock out Georgian communications to the U.S. when it invaded Georgia.
According to The New York Times, cyberattacks on Georgia overwhelmed its Internet infrastructure and blocked its Websites, so the country could not publish details of the Russian bombings or appeal to the world for help. An article by the Atlantic Council, a nonpartisan organization of U.S. leadership and allies, affirms that the St. Petersburg-based Russian Business Network criminal gang controlled computers involved in the cyberattacks on Georgia.
Cyber-warfare is unlikely to play out in the U.S. any time soon. "We're not likely to see a major escalation of infrastructure attacks by other countries absent a time of open warfare on a larger scale," says Arquilla. "You wouldn't want to turn the lights out on the East Coast during peacetime, because then you're just telling the Americans how to fix their system and make it less vulnerable to attack," said Arquilla.
Arquilla explains that, rather than cyber-warfare, "We'll probably see more of these easy, exploitative, well-tooled attacks, such as in the ransomware cases. They're certainly going to stay with us until we get smart about defending our cyberspace."
As far as the possibility of President Biden hacking back, he certainly could, given sufficient provocation, but there are considerations to take into account. According to Arquilla, retaliation depends on the level of damage done and the ability to identify who engaged in the attack.
President Biden believes the Russian government was not involved in the attack on the Colonial Pipeline, according to CNN. However, he does think the Russian government bears some responsibility for stopping such attacks that come from inside its borders.
In May, the FBI seized much of the bitcoin that the DarkSide Ransomware group got from the Colonial Pipeline attack, according to The Wall Street Journal. DarkSide appears to be shutting down as a result, according to Krebs On Security, a cybersecurity news blog, so there is no need for a targeted cyberattack on that hacker group.
Mark Herschberg, a fractional CTO and cybersecurity consultant, sees an impending 'cold cyberwar' with continuing cyberattacks. "Russia will probe our vulnerabilities in case they need to take down our infrastructure (power grid, water supply, food supply chain, hospitals, etc.) in a full-scale war," says Herschberg. However, he said, that doesn't mean that it's advantageous for Russia to go to cyberwar with the U.S.
"Russia relies on energy exports (oil and gas). If the U.S. and E.U. add sanctions, it can hurt their economy and cause domestic unrest. Russia is using a long-term strategy. Its annexation of Crimea is akin to Hitler's use of annexation in the late 1930s as a means to test the waters rather than engage in direct warfare," Herschberg explains.
Arquilla agrees, stating that "an attack on the U.S. would, by treaty, bring the rest of NATO into it. Russia has no interest in escalating to open warfare with NATO. Its economy is already in poor shape, and would only worsen if Russia engaged in a war against the broad Western alliance."
David Geer is a journalist who focuses on issues related to cybersecurity. He writes from Cleveland, OH, USA.
No entries found