US - Russia: Cyber War Imagined
Tensions have been escalating to new heights between the US and Russia over Ukraine. In all fairness, Russia is protecting its own backyard, while the US intentions are paper thin claims of protecting democracy via NATO overreach. The consequences of an escalating conflict with a major power such as Russia is the risk of war. This conflict will not remain local to Ukraine, this will be on a global scale hitting the American Homeland, primarily via cyber attack.
History: How does this conflict impact America?
It’s worth noting two major cyber attacks in 2021 that impacted everyday Americans. The pipeline attack that shut down oil and gas (Colonial Pipeline). Followed by a meat supply chain hack that had similar consequences (JBS Foods). (This is a few among numerous that occurred without even mentioning SolarWinds attack) Americans acutely felt the consequences and these attacks became part of everyday life. Now imagine this on a grand scale impacting every critical infrastructure that has an opening, hospitals, energy systems, ports, water systems, grocery stores, etc, if a system is connected to the internet, it can be impacted (Note this is a CIA, FBI, NSA saying - “if its connected to the internet, it can be hacked”). This has already happened elsewhere.
Russia has showcased their capabilities in this realm using Ukraine as a proving ground. This campaign is known as Black Energy, which crippled Kiev power supplies by destroying hardware leaving 200,000 residents without power. Simultaneously flooding phone lines with junk calls to instill further confusion around the response. All this was done via cyber activity to create chaos. This can be described as a cyber skirmish, testing the waters on capabilities and how a target will respond. Imagine a cyber war, where attacks like this are sought out repeatedly, seeking any small opening.
Asymmetry: Cyber Defenses
In terms of cyber war, the odds are always stacked against the defenders by exponential magnitudes. To put it plainly, an attacking force can launch an attack by 5 personnel with laptops, typically with Kali Linux, maybe Operational technology hardware for testing, and finances for a sketchy VPS service, let’s say this is $500,000. Now for an effective defense here is a short list of requirements, Firewalls, Email filtering, Antivirus, Compliance tools, Patching systems, EDR/SOAR tools, Network devices, Cloud security tools, personnel to manage and train to include architects, analysts, and engineers, consultants to verify and enhance. These are the defending costs, which don’t account for how well these tools are actually implemented, magnitude of millions pending company size. All it takes is one phishing email, dirty USB, misconfigured web portal, unpatched system, 0-day, you name it, if there is an opening, an attack can happen.
In this case, the best defense is offense, a cyber actor may be deterred under the threat their enemy may have significantly stronger offensive capabilities. This war goes both ways.
Attribution: Who done it?
After every crime, the attacker is not known immediately, an investigation will occur. Same goes for cyber where it can be exceedingly difficult to find the culprit. The attacker can cover their tracks by deleting files or systems. They can divert attention by adding a large chunk of junk data. Even more devious, they can frame another APT (Advanced persistent Threat). For instance, China can launch a cyber attack under the guise of North Korea.
In my mind, this is the most concerning, unfortunately, the US has a few other adversaries than Russia, China, Iran, North Korea, among others. They will not sit on their hands as a conflict is unfolding. Matter of fact, this could be an opportune moment for them to strike.
The Result
What happens if this were to occur? Would it be successful? Only time will tell as there are few people who know the full extent of cyber weapons between Washington and Moscow. It could be chaos more paradigm shifting than COVID. Supply chains absolutely disrupted.