How Russia overtook China as our biggest cyber enemy
December 16, 2016
In June 2015, the U.S. government discovered something horrifying: The Office of Personnel Management had been hacked by China. The attackers had stolen the Social Security numbers, performance ratings and job assignments of millions of current and former federal employees.
It wasn’t the first time the Chinese had been tied to security breaches in the government. They had gained access to the computers of the Federal Deposit Insurance Corp.’s top officials as well as sensitive data in government employees’ security clearance files. The Chinese military was able to steal weapons designs, data on advanced technologies and insight into U.S. government policies. They had collected information about America’s electrical power grid, gas lines and waterworks.
Headlines about China’s attacks bordered on the hysterical. “Successful hacker attack could cripple U.S. infrastructure,” NBC blared. “China hacks the world,” the Christian Science Monitor declared. The National Interest called China’s data theft a “national security threat.”
Over the past year, though, China has largely faded from the conversation. It’s not because its hackers have gone away. The Chinese continue to extract secrets from the U.S. government. But their efforts are, and have always been, far less scary than Russia’s brazen new challenge in the information space. Unlike China, the Russians aren’t using their cyberspies to steal business insights or gather information that officials can use in private negotiations with the United States. They’re looking to disrupt elections in the United States and Europe, break NATO, and undermine democratic values — big strategic goals that President Vladimir Putin energetically pursues. Russia has become the biggest threat in cyberspace, and it will be very hard to defeat.
Both Russia and China have absconded with America’s secrets for decades. China’s efforts have been better known because Chinese hackers have gotten caught more. As the New York Times reported, they stole “designs for the F-35 fighter jet, corporate secrets for rolling steel, even the blueprints for gas pipelines that supply much of the United States.” In 2008, they accessed the campaign servers of Barack Obama and John McCain, stealing internal position papers and communications, the Times said. Those documents were never leaked.
Russian hackers have used more sophisticated techniques and, as a result, have operated mostly under the radar, navigating their way into the networks of major agencies, including the Defense and State departments. They have also gained access to U.S. Central Command, the White House, energy companies and critical infrastructure around the country.
Today, China’s cyberespionage efforts have become more refined. But they’re still focused on gathering information as quietly as possible. China isn’t looking to take down U.S. infrastructure, and its spies generally no longer steal secrets from foreign companies to help their own. President Xi Jinping has professionalized and centralized cyberspying, and China is careful to avoid anything that could look like an attack.
The Russians are not. The country’s aims are much more aggressive — and personal. Its leaders believe that the United States is trying to use the Internet (which the Kremlin calls a tool of the CIA) to remake the world in its own Western liberal image. Putin’s henchman Dmitry Medvedev, Russia’s prime minister, even claimed that Western social media is part of a plan for Arab Spring-style political unrest in his country, saying that “they have been preparing such a scenario for us, and now they will try even harder to implement it.”
As a result, Russian hackers aren’t just looking for information that could bolster their business efforts or improve their ability to negotiate with Washington. They’re aggressively working to destabilize and destroy democracy. The Democratic National Committee hack, which has been tied to Russia, was only one of several high-profile incidents. The Russians allegedly hacked the German Bundestag. They broke into a leading French TV network (pretending to be the Islamic State) and took it offline. A power plant in Ukraine was hacked as a warning to Kiev. Russian hackers have been accused of planting false news to undercut a partnership between Sweden and NATO. European intelligence services say the Russians are more active and more dangerous than at any other time since the Cold War.
This is what Russia calls a “new generation of warfare,” which uses hacking, leaks and nontraditional weapons such as RT, an English-language news site with a strident anti-American tone. Russia’s government has hired hundreds of trolls to plant pro-Russian messages in the comment sections of Western media outlets, uses “chatbots” to flood social media with hostile comments, and, of course, leaks purloined emails through various organizations, including WikiLeaks. China doesn’t do this.
Last week, Obama pledged to retaliate against Russian hackers, telling NPR “we need to take action. And we will.” But figuring out what comes next has been a struggle. We can’t unleash a major U.S. Cyber Command operation without risking war. Some proposals put forward by experts are silly, such as leaking Putin’s Botox injection schedule. Others are feckless, such trying to embarrass Putin by publicizing pictures of his girlfriends.
America needs a better strategy, one that’s more assertive and nimble. And it can’t be focused on Russia alone. Other opponents remain busy and dangerous. North Korea, Iran and China have all tested American cyberdefenses and found them wanting. A good cybersecurity strategy can’t play whack-a-mole. We need an approach that convinces opponents it’s dangerous to attack the United States, and if they do, there will be consequences. The response to North Korea’s Sony hack shows that opponents’ behavior can be changed: After the United States imposed retaliatory sanctions, the number of attacks decreased significantly. We can reshape cyber-risk if we take action. We must.te