by Prasad Nallapati
Cyber warfare, which has so far been a hush-hush affair, is now public with nation states fully integrating it into their strategic military operations and openly declaring their intent to use it to degrade defenses of adversaries and influence the latter’s actions. There is increased fusion of offensive and defensive operations under one authority for maximum impact.
The battle lines are drawn in the same old cold-war-pattern with the United States and its allies on one side and a number of nations like Russia, China, Iran, North Korea, etc. arraigned against them. The US had long enjoyed unchallenged tech lead to compromise any networks but not anymore. Several other smaller players, like the UAE, Saudi Arabia, Israel, Pakistan, Venezuela, etc, too are catching up. Pakistan has engaged an American cyber-security firm to support its military operations abroad and protect its critical infrastructure.
The Gulf Conflict
The ongoing conflict in the Gulf is the turning point for a more open cyber warfare as neither the US nor Iran afford a full-scale war but want the world to know the pain that they inflicted on the adversary.
The US has gone to town with its massive cyber onslaught degrading command and control networks of Iran’s missile and rocket launch defenses and the regime’s security organization, IRGC, in response to Tehran’s shooting down of an American reconnaissance drone. Some reports suggest that the Russian supplied S-300 missile defense systems too were affected though it could not be verified.
Iran too has deployed sophisticated cyber-attacks on the networks of critical infrastructure of the US and its allies. `Spearfishing’ attacks launched by its hackers targeted energy and financial companies to access their networks. According to a report of Eurasia Review, the massive explosion and fire at a refinery complex in South Philadelphia on June 21 this year was an example in which Iran has used “destructive-wiper” cyber-attacks. Some researchers claim that Iran is taking pages out of Russian play book to launch influence operations ahead of the US elections next year. The cybersecurity firm, Recorded Future, claims to have observed registration of more than 1200 command and control domains linked to Iran in the last two months.
Iranian hackers last week broke into the systems of Bahrain’s National Security Agency, the Ministry of Interior and the first deputy prime minister’s office. They shut down last month several systems of the country’s Electricity and Water Authority which was believed by authorities as test run for more sophisticated attacks on American networks. Aluminum Bahrain was also one of the victims. Iranian hackers had earlier launched a destructive attack, using a variant of the Shamoon malware, on the Italian petrochemical firm Saichem immobilizing 300 to 400 computer systems.
Iranian conflict, however, fades in the face of more formidable challenges from Russia and China. In his recent Congressional testimony on Russian political interference leading to the Presidential election in 2016, former special Counsel Robert Mueller III stated, “It wasn’t a single attempt. They’re doing it as we sit here, and they expect to do it in the next campaign.”
FBI Director Christopher Wray, testifying before Senate Judicial Committee on July 23, warned that Russia remains “absolutely intent” on meddling in next year’s elections. He also named China as the greatest national security threat facing the country today.
The Trump administration has adopted an aggressive approach to integrate offensive cyber operations into its statecraft to meet these challenges from increased number of adversaries. A new cyber command was created last year and was given equal status with the nine other combat commands. The chain of command for cyber operations is now decentralized. The Congress passed a military-authorization bill last year allowing some cyber operations to be authorized by the Secretary of Defense. President Trump has further eased these limits. A new Cyber Security Directorate is being created this year in the National Security Agency to fuse its offensive and defensive operations in conjunction with the Cyber Command.
Cyber confrontation between the US and Russia is increasingly turning to critical civilian infrastructure, particularly power grids. According to New York Times, the two sides have been targeting each other’s infrastructure since at least 2012, but the aggression and scope of current operations are unprecedented. The Times reported US Cyber Command’s shift to a more offensive and aggressive approach in targeting Russia’s electric power grid. The Wired magazine published an article detailing growing cyber reconnaissance on US grids by sophisticated malware emanating from a Russian research institution.
The Reuters news agency reported on June 27 that hackers believed to be working for Western intelligence agencies “broke into Russian internet search company Yandex from October to November 2018, deploying a malware variant called Regin that is known to be used by the `Five-Eyes’ intelligence-sharing alliance of the US, Britain, Australia, New Zealand and Canada.” Yandex is Russia’s largest tech company with its foothold spread over the country’s critical infrastructure. The hacking appears to be aimed at gathering intelligence on user authentication on Yandex for later move to break into accounts.
The immediate concern of the US authorities is to ward off a repeat of Russian political interference as the election season is fast catching up for next year’s Presidential poll. Moscow has never stopped its operations to test American networks for appropriate later use. St. Petersburg-based Russian company, Special Technology Centre (STC), developed a new and sophisticated set of custom Android surveillance tool, Monokle. Cybersecurity firm, Lookout, which discovered Monokle claims that these tools are part of a targeted set of campaigns. STC is believed to have provided material support to the Russian technical intelligence organization, GRU, in its manipulation of 2016 elections.
Russia is also said to have trained its guns last month on US billionaire financier George Soros, which some American experts believe an opening salvo of a 2020 election interference campaign. According to Washington Post, some of the stolen files were reportedly altered to create the appearance that Soros was secretly financing Russian opposition candidates. It is hard to get the facts right from this episode as the NGOs’ sponsored by Soros had the history of financing projects targeting Russian political leadership.
China’s cyber threat is perhaps more expansive in line with its `great-power’ ambitions for global influence. Cyber-warfare has long been integrated into its military doctrine with extensive R&D support although its operations are kept unobtrusive to derive maximum benefit. Director Wray told the Congress that the FBI is conducting more than 1,000 investigations into intellectual property theft and economic espionage nationwide, “almost all leading back to China.” The Chinese have also broken last year into the personnel system of the US Army, according to Lt. Gen. Paul Ostrowski. Defense contractors have always been the main attraction for Chinese state hackers to compromise innovation and intellectual property rights.
Hackers belonging to China have recently managed to compromise the systems of ten cellular carriers across the globe to steal metadata of users. Cybereason, an Israeli-American security firm, discovered last year that the attackers have gained control of and stolen massive data. The carriers affected are located in Middle East, Asia, Africa, and Europe.
The ban of China’s tech companies like Huawei and ZTE to supply their products and services in the US and many other countries is based on credible suspicions of these companies serving the Chinese government and corporate interests.
Closer home, Pakistan has always trained its cyber guns against India through loosely held hacker groups. It is now trying to upgrade its capabilities by engaging an American company, Imeg Cyber Command. This looks to be part of an effort to integrate cyber-warfare into its military architecture to support military operations. According to its website, the Imeg cyber command is providing services in three main focus areas: Defending the country’s Critical Infrastructure, providing support to military and government for execution of their missions around the world and strengthening the nation’s ability to withstand and respond to cyber-attacks. The company is also providing its services to Saudi Arabia and the UK.
India has so far been unable to indigenize cyber products and services despite its leadership in software exports. It has always been in a dilemma in acquiring foreign technologies as both the Western and Chinese companies are known to be giving access to their security agencies, compromising the networks of recipient nations. As the world is preparing to launch the 5G technologies, India is on notice by both the US and China to use their respective products. The time has come for India to fast indigenize cyber technologies, like it did in space research, to keep ahead of the pack.
(Prasad Nallapati is President of Hyderabad-based Centre for Asia-Africa Policy Research and former Additional Secretary to Govt of India)