Despite Cyber Security Agreements, Threats Remain to U.S. and Allies

By Zachary Beus

In today’s international arena of cut-throat politics, diplomacy, and war, the internet is playing an important role in the way that the United States postures itself. Conscience of its impact, the US uses the internet to increase global economic output, build sustainable relationships with foreign governments, and solve some of the world’s most profound problems. However, the US is quick to point out that the internet is vulnerable and that state and non-state actors use it as a way to infiltrate and exploit both government secrets and personal private data. In this article, we’ll discuss current international cyber security agreements, recent cyber security threats against the US and its allies, and US’ rapidly developing strategy towards combatting these threats.

Over the past few years many countries and organizations have adopted agreements towards improving cyber security relations:

–    In 2012 at the United Nations (UN), governmental experts from the five permanent members of the UN Security Council and 10 leading cyber-powers from all regions of the world recognized that international law fully apply to state behavior in cyberspace [1].

–    In 2013 the US and Russia nearly completed a cyber agreement to reduce the risk of conflict in cyberspace through real-time communications about incidents of national security concern including counterterrorism and weapons of mass destruction [2].

–    In 2014 the North Atlantic Treaty Organization (NATO) adopted an action plan to establish cyber defense as part of the Alliance’s overall collective defense imperative, central to the founding premise upon which NATO was established. Also, like the UN, they formally acknowledged that international law applies in cyberspace, as well as intensified NATO’s cooperation with industry [3].

–    In 2015 the US and China signed a cyber agreement: to provide timely responses to requests for information and assistance concerning malicious cyber activities; to refrain from conducting or knowingly supporting cyber-enabled theft of intellectual property; to pursue efforts to further identify and promote appropriate norms of state behavior in cyberspace within the international community; and to establish a high-level joint dialogue mechanism on fighting cybercrime and related issues [4].

As evident of the above agreements, it appears as though the international community is tackling cyber security head-on. Yet, despite these agreements, cyber threats continue to hamper the US and its allies. For example, in 2013 China and Syria were implicated in cyber breaches targeting reporters at the New York Times and other US news organizations [5], in 2015 Russia was blamed for a first-of-its-kind cyber-attack on Ukraine’s power grid [6], and in 2016 Russian hackers laid claim to a series of cyber-attacks on the Democratic National Committee (DNC) [7].

In response, the US is slowly revealing to the public a cyber security strategy, as recently stated by Vice President Biden in response to Russia’s hack of the DNC “We’re sending a message. We have the capacity to do it… and it will be at the time of our choosing. And under the circumstances that have the greatest impact [8].” And within days of his statement, a man identified as a Russian hacker suspected of pursuing targets in the US was arrested in the Czech Republic [9]. Along with arrests, the US will likely pursue other security strategies to include a wide-range of clandestine cyber operations aimed at harassment, embarrassment, and censorship [10].

While public communication regarding US cyber security posture and strategy remains cloaked, it is clear that cyber warfare has established itself firmly within today’s definition of modern war. Further, with direct attacks on privately-held companies, such as the New York Times, and democratic institutions, like the DNC, that cooperation between government and industry is essential to a comprehensive cyber security posture. When companies which hold valuable information about US citizens, like Premera Blue Cross and JP Morgan, were hacked (and continue to be targeted), it can be as detrimental to when governmental organizations like the embarrassing OPM leak or hacking of the State Department and White House unclassified networks occur.

Companies like Praescient Analytics offer unique insight to support a strong cyber security posture. Serving both government clients and commercial organizations gives us intimate knowledge of the evolving postures of these entities towards IT and cyber security policies, and can help bridge sometimes archaic ideologies about how a software alone can protect a business (or a nation writ large). Confusing as cyber security may seem, there is no uncertainty that the US will have to develop a strong, unified cyber security approach that involves our nation’s great cyber talent working within government today, as well as influential industry leaders who are key to the economic welfare of our country. We, at Praescient, hope to continue to support tactically and strategically in facing what has proven to be a preferred means of warfare today through the electronic world we live in.

[1] Detlev Wolter “The UN Takes a Big Step Forward on Cybersecurity,” Arms Control Association, September 4, 2013, https://www.armscontrol.org/act/2013_09/The-UN-Takes-a-Big-Step-Forward-on-Cybersecurity

[2] Ellen Nakashima “U.S. and Russia sign pact to create communication link on cyber security,” The Washington Post, June 17, 2013, https://www.washingtonpost.com/world/national-security/us-and-russia-sign-pact-to-create-communication-link-on-cyber-security/2013/06/17/ca57ea04-d788-11e2-9df4-895344c13c30_story.html

[3] Public Diplomacy Division “NATO Cyber Defence,” The North Atlantic Treaty Organization, July 2016, http://www.nato.int/nato_static_fl2014/assets/pdf/pdf_2016_07/20160627_1607-factsheet-cyber-defence-eng.pdf

[4] John W. Rollins “U.S.–China Cyber Agreement,” CRS Insight, October 16, 2015, https://www.fas.org/sgp/crs/row/IN10376.pdf

[5] Reuters “Russia suspected in cyber attacks on US news outlets,” New York Post, August 23, 2016, http://nypost.com/2016/08/23/russia-suspected-in-cyber-attacks-on-us-news-outlets/

[6] Evan Perez “U.S. official blames Russia for power grid attack in Ukraine,” CNN Politics, February 11, 2016, http://www.cnn.com/2016/02/11/politics/ukraine-power-grid-attack-russia-us/

[7] David E. Sanger and Eric Schmitt “Spy Agency Consensus Grows That Russia Hacked D.N.C.,” The New York Times, July 26, 2016, http://www.nytimes.com/2016/07/27/us/politics/spy-agency-consensus-grows-that-russia-hacked-dnc.html

[8] David E. Sanger “Biden Hints at U.S. Response to Russia for Cyberattacks,” The New York Times, October 15, 2016, http://www.nytimes.com/2016/10/16/us/politics/biden-hints-at-us-response-to-cyberattacks-blamed-on-russia.html

[9] Rick Lyman and  Hana de Goeij “Russian Hacker, Wanted by F.B.I., Is Arrested in Prague, Czechs Say,” The New York Times, October 19, 2016, http://www.nytimes.com/2016/10/20/world/europe/prague-russian-hacker.html

[10] Kavita Iyer “U.S. government preparing for a major cyberattack against Russia,” Tech Worm, October 17, 2016, http://www.techworm.net/2016/10/u-s-government-preparing-major-cyberattack-russia.html