Last year was a cyber catastrophe for the US, with hacks against massive critical infrastructure, government agencies and the commercial sector at levels and with a frequency never seen before.
But the Biden administration has started 2022 with a range of actions constituting a serious counterpunch.
What do some cyber experts think of the latest moves, and whether they will be sufficient going forward to deter cyber aggressors? The answer also has implications for Israel, since the US often sets the tone for cyber deterrence against cyber aggressors.
Karim Hijazi, former US intelligence community contractor whose cyber intelligence company monitors rogue nation-state hacking activity, said that a major executive memorandum issued last week by US President Joe Biden on the defense and intelligence community did “a good job of raising the priority level of cybersecurity in the US, and today’s memorandum is another important step in the right direction.
What’s actually contained in this directive... is rather obvious in terms of cybersecurity, as measures such as cloud security, multi-factor authentication, encryption, etc. are the basic building blocks of any decent cybersecurity program and should already be in place.”
Hijazi warned that “what is more complicated is auditing and securing the software supply chain. That will be a considerable undertaking and may take years to complete.”
He also complimented Biden for recently getting new National Cyber Director Chris Inglis’s office operational.
“The US absolutely needs a cybersecurity director of some kind, someone who can advise the president and coordinate on these efforts, so that we can move ahead on more rigorous cybersecurity across all government agencies and national interests,” Hijazi said. “However, on a related note, one problem we often run into when pushing for stronger cybersecurity and better accountability is that private interests view this as an added cost and regulation, and they push back.”
While acknowledging that there is room to debate the merits of government-led versus industry-led cybersecurity reform, “the bottom line is that something has to be done to improve the current situation – and time is not on our side. There are numerous foreign powers that are actively penetrating America’s most important companies and critical infrastructure. My company can see this in our own data, which we collect from malware C2 servers. There is no question that America is under attack, and it’s vital that we improve our defenses to prevent many of these threats.”
Russia surprised the world this month when it arrested the major ransomware outfit REvil that had been operating from its territory and causing cyber chaos worldwide.
Did this signal progress for US cyber policy?
“I can’t state definitively what Russia’s motivations were,” said Hijazi. “However, as someone who has spent a long time studying Russia’s cyber tactics and the campaigns of its many criminal groups, I will say that I would be very surprised if the Kremlin was doing this for some altruistic purpose. What is more likely is that Russia is using this as a bargaining chip of some kind. They help us with our ransomware problem, and they get something in return. With this arrest, Russia has demonstrated that it has the ability to shut down these dangerous ransomware groups, but only if it has an interest in doing so”
ALONG THE same lines, Hijazi said he was positive that the US has started to counter-hack ransomware groups and is treating them as a strategic threat and not as small-time criminals. Nevertheless, the US should still “take a more aggressive stance in cyberspace, particularly when it comes to criminal actors, but also with nation-state forces as well.”
While some US strategists oppose counter-hacking because it could “lead to a dangerous escalation, I disagree with this view because by not responding to these attacks we are simply emboldening our attackers. For America’s adversaries, cyber is now the ideal battleground for asymmetric warfare because they know the cost to them will be relatively low. We have to create strong deterrence against these attacks.”
He said that the US has mostly relied on diplomacy, targeted sanctions and criminal prosecutions to respond to state-affiliated hacks, but this has proven to be ineffective at dissuading these attacks.
Hijazi criticized the US for restricting “its own actions because of our current laws and concerns over possible collateral damage,” whereas he said if the gloves came off, America could achieve stronger results as it did against the DarkSide group.
David Kennedy, former hacker for the NSA and the US Marine Corps and CEO of TrustedSec, agreed with some of Hijazi’s assessments of the US making progress as compared with the disastrous recent past, but also emphasized some other messages.
“China, Russia, and the United States lead the efforts in adversarial capabilities, however, the sophistication levels often afforded to nation-states has changed to organized crime and ransomware groups,” said Kennedy. “With large-scale breaches and the impact to critical infrastructure that we saw last year with [the mega cyberattacks of] Colonial, Solarwinds, JBS, Kronos, Hafnium, and others, cybersecurity from a federal government perspective is getting the much-needed attention it has deserved for a long time.”
Kennedy said that the CISA (Cybersecurity and Infrastructure Security Agency) “has been emboldened to help defend our critical infrastructure, and policy-wise, the United States is being extremely aggressive putting pressure on countries that harbor ransomware groups. The latest raids on the ransomware group REvil [by Russia at the US behest] was truly unprecedented. We have largely never had success getting Russia to act and to thwart these bad actors within their own country. The reasons and motives on why Russia acted at the behest of the United States are still unknown. Was this a concession for potential lesser action on Ukraine? Or is it the administration’s policy on cyber?”
As to the severity of the ransomware threat, Kennedy said that “what’s clear is that ransomware is a global threat to all countries. What you are seeing from policy from this administration is focusing on a defensive strategy around cyber to protect critical infrastructure and sensitive systems while also attempting to sway governments to crack down.”
Sounding a skeptical note on whether the US would succeed in getting foreign rival governments to rein in ransomware outfits on their territory, Kennedy said that “it’s clear that cyber is in the face of the federal government, and continued action and focus is sorely needed to reduce” the negative impact of potential future hacks.
All of this also comes back to Israel, since if the US is more aggressive about counter-hacking and staring down foreign countries that cause it cyber harm, this could give the Jewish state a freer hand to do the same.
In contrast, the more rogue cyber actors feel they can get away with asymmetric cyberwarfare against more vulnerable open democratic countries like the US, the more they may feel the same way about Israel.