The SolarWinds and Microsoft hacks offer low-cost, high-yield attacks that harm the U.S. government and economy without bombs or troops. Cyberspace allows China, Russia, Iran, and North Korea to attack without any serious repercussions for themselves.
The Biden administration must carry out massive cyberwarfare campaigns to make this so-called Gray Zone warfare hurt. But to be effective, they must abandon the Obama administration’s policy of announcing its actions against foes ahead of time.
Approximately 30,000 organizations across the United States, including small businesses, think tanks, defense contractors and local and governmental entities found themselves targeted by the most recent attack by a Chinese state espionage unit called Hafnium last month. These hackers exploited flaws in Microsoft’s Exchange to install backdoors that let them access their victims’ servers. This allowed them to access email accounts and to install further malware.
This followed on the heels of Russia’s SolarWinds hack last year. Texas-based SolarWinds told the SEC that 18,000 customers installed updates that left them vulnerable. Many of its clients are Fortune 500 companies and multiple federal agencies, including the Pentagon, Treasury, National Nuclear Security Administration (The agency responsible for the U.S. nuclear arms stockpile), Energy and State. Private companies including Microsoft, Deloitte, Cisco, and Intel fell victim. And the hack was so stealthy that victims didn’t find out until months later.
Reports link Russia’s foreign intelligence service, the SVR, to the SolarWinds hack.
Hackers linked with Russian military intelligence, the GRU, “Fancy Bear” hacking team notably targeted international anti-doping agencies with disinformation campaigns aimed at undermining confidence.
“As part of its influence and disinformation efforts, the Fancy Bears’ Hack Team engaged in a concerted effort to draw media attention to the leaks through a proactive outreach campaign. The conspirators exchanged e-mails and private messages with approximately 186 reporters in an apparent attempt to amplify the exposure and effect of their message,” a Justice Department press release said.
Similarly, the “Cozy Bear” hacking team associated with either the Russian Federal Security Bureau (FSB) or its foreign intelligence service, the SVR, was believed to have been behind the hack of the Democratic National Committee (DNC) and John Podesta.
Lesser powers like North Korea and Iran, can compete against the U.S. and its allies at near-peer levels in cyberspace.
North Korean hackers targeted Sony in 2014, which leaked embarrassing information about Sony Pictures employees to reporters and threatened acts of terror against movie theaters that showed the move, The Interview. Wikileaks released all of the hacked emails. Hackers linked with the North Korean regime also were responsible for the 2017 WannaCry ransomware attack that impacted the U.K.’s National Health Service (NHS) and 230,000 computers globally.
Iranian hackers linked with the Iranian Revolutionary Guard Corps (IRGC), classified by the State Department as a terrorist organization, carried out attacks aimed at stealing “critical information related to U.S. aerospace and satellite technology and resources” against U.S. satellite companies, according to the Justice Department. These hacks took place over a several-year period starting at least in 2015.
Gray-zone harassments like these hacks that go unanswered invite further attacks.
Our enemies rely on social control to keep their populations in check. Hacking activities must aim to loosen those controls. Cyberattacks from the U.S. and its allies must be intended to sow the most social confusion and disorder as possible in the targeted societies. If faced with destructive, incessant cyberattacks that lead to widespread unrest in their home countries, our enemies may think twice about using Gray Zone warfare against America.
U.S. Cyber Command together with the National Security Agency (NSA) must spearhead the efforts against these competitors. China’s Great Firewall should be a prime target to show the Chinese people the truth about their regime. Knocking it down also could be used to flood China with disinformation to prove to the regime that the U.S. can act with impunity.
Hacks could do anything from shutting off power in parts of China to circulating fake stories about Xi Jinping or working to spread infighting in the Chinese Politburo using false stories. Spreading true stories about the Uighur genocide and corruption to undermine confidence in the regime after knocking down the Great Firewall.
Similarly, target social media platforms like VK.com to spread information to Russians that is embarrassing to Putin. Hackers could gain access to electronic billboards across Russia to further spread information harmful to the regime.
Iranian opposition was able to mobilize when it had Internet access. U.S. Cyber Command and the NSA should work to make it impossible for the regime to jam dissident communications. Iran has shown that it can decrypt apps like Telegram, so the U.S. and its allies should provide alternate apps and Internet portals to assist the opposition.
These nations have already raised the stakes—their attacks have destabilized societies. Developing a coherent cyberwarfare strategy against these competitors is essential to deter further attacks.
John Rossomando is a Senior Analyst for Defense Policy and served as Senior Analyst for Counterterrorism at The Investigative Project on Terrorism for eight years. His work has been featured in numerous publications such as The American Thinker, Daily Wire, Red Alert Politics, CNSNews.com, The Daily Caller, Human Events, Newsmax, The American Spectator, TownHall.com and Crisis Magazine. He also served as senior managing editor of The Bulletin, a 100,000-circulation daily newspaper in Philadelphia and received the Pennsylvania Associated Press Managing Editors first-place award in 2008 for his reporting.