Attempting to embarrass nation-states in hopes they鈥檒l stop their cyberattacks on U.S. government and business systems is not working, according to U.S. and European national security officials and experts.
鈥淧ublicly calling out countries like Russia for supporting ransomware attacks is an important step, but naming and shaming only goes so far,鈥 said John Dermody, a former U.S. government national security lawyer.
Teaming up with international partners to humiliate them, 鈥渋s an important first step,鈥 said Dermody, who served at the Department of Defense, Department of Homeland Security and on the National Security Council, but the most important step 鈥 forcing them to stop 鈥 requires a lot more work.
Radek Sikorski, chairman of the European Union, USA Delegation in the European Parliament, said the relationship between Western nations 鈥 namely the U.S. and E.U, and China 鈥 is complex, and it requires multifaceted solutions.
鈥淲e should collaborate with China where possible, compete when needed and confront when necessary,鈥 said Sikorski.
On July 19, the Biden administration and dozens of U.S.-allied countries chose the confrontation option.
The White House released a statement saying, 鈥淭he United States is deeply concerned that the People Republic of China has fostered an intelligence enterprise that includes contract hackers who also conduct unsanctioned cyber operations worldwide, including for their own personal profit.鈥
Identifying China as the culprit, according to Dermody, now a lawyer with the global firm O鈥橫elveny, is the most significant part of the announcement, 鈥渂ecause it鈥檚 letting the Chinese government know that this type of activity 鈥 that sort of broader ecosystem support 鈥 is not going to be tolerated. It’s going to be considered just as significant as if the Chinese government was conducting those activities.鈥
Despite the U.S. announcement, vulnerabilities, breaches and cyberattacks, too numerous to count, have continued to hit U.S. targets.
A Russian cybercriminal network known as REvil is one of world鈥檚 biggest and most sophisticated. President Biden has spoken with Russian President Vladimir Putin about that and other similar actors, yet suspected Russian government-linked cyberattacks continue.
Underreporting and other issues make it difficult for U.S. government agencies to accurately determine how many cyberattacks have taken place this year, but a top U.S. cybersecurity official said the number is bigger than ever.
鈥淥ver probably the last eight months, we have seen cybersecurity incidents affecting organizations across this country, whether government agencies, critical infrastructure or small businesses, on an unprecedented scale and impact,” said Eric Goldstein, executive assistant director for cybersecurity at the cybersecurity and Infrastructure and Security Agency.
The attacks are not just the work of sophisticated networks hired and deployed by large countries like Russia and China: Iran and North Korea have augmented their activities.
Additionally, independent criminal organizations are taking aim at the U.S. and its allies with increasingly capable and refined ransomware and other malware tools.
鈥淲hether it is nation state-related intrusions, like the Solar Winds campaign or the recent spate of ransomware affecting critical infrastructure and other businesses across sectors, we are seeing significant cybersecurity risk, affecting our country; that necessitates that all organizations make investments. In improving their security and resilience,鈥 Goldstein said.
In order to make those improvements, it鈥檚 necessary to know what they鈥檙e up against, so in the case of China鈥檚 recent activities, the FBI, NSA and CISA released an linked to Chinese State-Sponsored Cyber Operations.
鈥淏y exposing the PRC鈥檚 malicious activity, we are continuing the administration鈥檚 efforts to inform and empower system owners and operators to act,” the White House said in its July 19 statement. “We call on private sector companies to follow the federal government鈥檚 lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents.鈥
Companies and organizations 草莓传媒 spoke to that have been targeted with cyberattacks say it鈥檚 also important to know why they were targeted. Goldstein suggested that it depends, in part, on the motive of the attacker.
鈥淎dversaries with various motivations, whether those motivations are espionage financial or other, have determined that exploiting vulnerabilities in information technology are a fairly cost-effective way for them to achieve their goals,鈥 said Goldstein.
He said the most effective way to stop it is, 鈥渇or us to change adversaries’ cost calculus. The more secure we can make the technologies that we are deploying, the more secure that we can make our networks across critical infrastructure.鈥
Dermody warns that recent attacks 鈥 including the costly assault on the Colonial Pipeline 鈥 have exposed just how vulnerable the nation is to ransomware. And while he urges companies to take advantage of newly-available federal resources to combat hackers, he stresses that companies cannot wait for the government to eradicate the problem.
“The Biden administration鈥檚 decision to call out China, is likely, only the beginning of a new approach to address the escalating number of cyberattacks on Americans and U.S. government agencies, companies and organizations,” a U.S. intelligence source told 草莓传媒.
The source said, however, 鈥渕any of the actions, aside from sanctions and indictments, will take place out of the public鈥檚 view.”
Four Chinese nationals with China鈥檚 Ministry of State Security were charged in the U.S. on July 19 with a global computer intrusion campaign. Aside from that, there has been no other public action taken against China.
