Cyberwarfare: Cybergang REvil’s recent attack on Kaseya is the latest high-profile hacking incident that has happened in recent months. Here’s what both sides are saying. To have stories like this and more delivered directly to your inbox, be sure to sign up for our newsletter.
Top Story: Cyberwarfare
Last Friday, while Americans were powering down their computers for the Fourth of July weekend, a group of suspected Russian hackers were logging on to theirs to orchestrate a ransomware attack that’s, so far, locked more than one million individual devices. The cyber-gang — known as REvil — had previously hacked JBS, one of the world’s largest meat suppliers. Their latest heist revolves around Kaseya, a Miami-based software firm that helps companies manage basic software updates. The Swedish grocery chain Coop, a Kaseya customer, is the largest known victim. Coop was forced to close most of its about 800 stores all day Saturday. In order to unlock the devices, the group initially demanded a single $70 million ransomware payment. This is the latest high-profile hacking incident that has happened in recent months along with the JBS attack mentioned above and the Colonial Pipeline hack in May. Hackers also gained access last week to a contractor for the Republican National Committee. Here’s what both sides are saying about the increasing frequency of cyberwarfare.
On The Right
Right-leaning commentators and representatives believe it’s past time for the Biden Administration to act. They are more hawkish than their left-leaning counterparts. They believe Biden drew a “red line” during last month’s summit with Putin and now needs to uphold his promise to enforce it.
“Putin Tests Biden’s Cyber Vow” The Editorial Board, Wall Street Journal: “Barack Obama’s misadventures in Syria showed that a President shouldn’t draw red lines he isn’t willing to enforce. President Biden hasn’t been afraid to talk tough and set expectations with Vladimir Putin, but will Mr. Biden enforce his own red lines? … Mr. Biden has said he gave Mr. Putin a list of 16 critical infrastructure areas that should be ‘off-limits’ from cyber attacks. … The President suggested over the weekend that the US would respond if it found the Kremlin at fault over the recent attacks. … If Russian hackers are independent of the government, Moscow should be willing to cooperate with Washington and bring them to justice. Note that these cyber-criminals in Russia never seem to attack targets in Russia. … If the US doesn’t respond, it will be open season on America’s digital infrastructure. Proportionate retaliation runs the risk of escalation. But after publicly drawing a red line, Mr. Biden has no choice lest he show Mr. Putin and other thugs around the world that the US President’s words are empty.”
“Russia’s cyberattacks on America expose Biden’s weakness” Rebekah Koffler, Fox News Opinion: “Another Russian cyber strike on the homeland has demonstrated the wishful thinking of the Biden Administration policy which aims to ‘reset’ Russian President Vladimir Putin’s brain into a ‘friendly’ one. … Biden’s silly gesture to hand to Putin a list of 16 ‘do not attack’ critical infrastructure targets during the summit in June failed to discourage Russia from continuing its cyber offensive. … By allowing another devastating cyberattack on the US, just some weeks after President Biden begged Putin to halt cyber strikes on America, Putin demonstrated his lack of respect for Biden. … Along with sheer disrespect, there’s something even more disturbing that probably drives Putin’s decision calculus to ratchet up his cyber offensive: Moscow views Biden as weak and unlikely to fight back. … Biden is not getting any younger, but he can wage a tougher policy against Putin. He has said that if he can attribute the latest cyberattack to Russia, he will respond forcefully. He should. But sadly, we may never see it.”
“Rep. John Katko calls REvil ransomware attack a ‘moment of reckoning’” By Emily Jacobs and Juliegrace Brufke, New York Post: “Rep. John Katko, top Republican on the House Homeland Security Committee, is calling the massive ransomware attack that affected hundreds of companies worldwide a ‘moment of reckoning’ in the US-Russia relationship. … ‘Only weeks after President Biden sat down with Putin and allegedly talked a tough game with Russia, hackers from Russia again attacked thousands of US companies, compromising our nation’s critical infrastructure,’ the top-ranking House Homeland Security Committee Republican said. … ‘We’re facing a moment of reckoning when it comes to deterrence,’ the New York lawmaker added. ‘Adversaries like Russia are creating safe havens for bad actors and we must project strength.’ … ‘Bad actors like these are emboldened when President Biden projects weakness on the world stage,’ Rep. Buddy Carter (R-Ga.) told the Daily Mail of the attacks. ‘We should take immediate action to hold Russia accountable and make it clear we will not tolerate acts of cyber terrorism.'”
On The Left
Left-leaning commentators partially agree with the sentiment above. However, they’re quicker to note that the Biden administration is in a tricky spot. Action is necessary, but it needs to be calibrated in a way that doesn’t risk escalation. Bottom line: it’s not a simple fix.
“We just had another ransomware attack. It’s time Biden gave Putin an ultimatum.” Dmitri Alperovitch and Matthew Rojansky, Washington Post: “Before such devastating ransomware attacks become a routine occurrence, President Biden must deliver a quiet but forceful demand: Russian President Vladimir Putin must put an immediate stop to this activity or Washington will tighten the squeeze of sanctions on the Russian economy. … Because smaller and medium-size businesses and organizations have been targeted, it represents a chance for Biden to make good on his promise of ‘a foreign policy for the middle class’ and his pledge that ‘economic security is national security.’ It is also an important test for his evolving approach of tough engagement with Russia. … Stopping ransomware attacks is an urgent problem with consequences for all Americans, not just big companies and tech interests. Biden was right to raise the issue with Putin in Geneva. Now, he has an opportunity to set the future tone by delivering a quiet but clear ultimatum and, if necessary, follow through on it. If this opportunity to draw a bright line is missed, these attacks risk becoming Russia’s asymmetric weapon of choice against the United States.”
“Can Biden do anything to stop ransomware attacks?” Jen Kirby, Vox: Kirby “spoke to Christopher Painter, a former federal prosecutor of cybercrimes and a former top US cybersecurity diplomat.” Here’s what he said: “I think we’ve kind of reached a tipping point. I think the tipping point happened when we had the Colonial Pipeline attack, once it started focusing on things everyday people understand. It was critical infrastructure that could have resulted in death and injury. That, I think, changed the game and got people’s attention. … I think the White House is really focused on this. You had those commitments made in those forums like the G7 and NATO, which talked about national plans going forward. I think the US and other countries are now thinking of this as a national security issue. But we’re not set up to respond fully yet. That started the wheels; they’re moving relatively quickly to get there. It’s still going to take time. This is not something we’re going to be able to solve overnight. It’s going to take some sustained work and pressure.”
“Attempted Hack of R.N.C. and Russian Ransomware Attack Test Biden” Nicole Perlroth and David E. Sanger, New York Times: The recent incidents “are testing the red lines set by President Biden during his high-stakes summit with President Vladimir V. Putin of Russia last month. … The twin attacks are a test for Mr. Biden just three weeks after he, in his first meeting as president with Mr. Putin, demanded that the Russian leader rein in ransomware activities against the United States. … The issue has become so urgent that it has begun shifting the negotiations between Washington and Moscow, raising the control of digital weapons to a level of urgency previously seen largely in nuclear arms control negotiations. … James A. Lewis, a cybersecurity expert, [said] ‘low-end penalties’ like sanctions had been exhausted. … But harsher measures have usually led to debates about whether the United States was risking escalation. Participants in those discussions have said they usually result in decisions to err on the side of caution, because so much of American infrastructure is poorly defended and vulnerable to counterstrikes.”
Flag This: Cyberwarfare
According to a global security study published last month by Unisys, “More than two in three Americans are not concerned about internet security despite a massive spike in cyber activity targeting people working remotely due to the coronavirus,” Frank Konkel reports for Nextgov. “Overall, 70% of Americans said they were not concerned about their data security or being scammed while working from home, even as the Federal Trade Commission reported 52,000 new online fraud cases and the FBI disclosed a 400% increase in online crimes reported to its Internet Crime Complaint Center.”
Although right-leaning finger-pointing at President Biden is more sharply worded, this is an issue that both sides view through the same lens. More specifically, there’s a general sense that “enough is enough” and it’s time for the Biden Administration to act. The term “red line” was mentioned by both the right and left, with the right advocating for a quicker response while the left notes it’s not as easy as it looks. This is probably where the middle ground is, meaning the Biden administration needs to find a way to show hackers and Vladimir Putin there will be repercussions without escalating a tit-for-tat scenario. In this way, it reminds us of President Trump’s trade war with China, although in this case Putin has built in plausible deniability because these attacks are executed by “unknown” third-parties.
Flag Poll: Cyberwarfare
How do you think President Biden should respond to the recent spate of cyberattacks? Comment below to share your thoughts.