Trending Now
We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Hackers, Russia, China: cyber battles & how we win
The next decade will be a turning point in the global cyber arms race. And the stakes are very high.
If measured as a country's GDP, cyber crime would now be the world's third-largest economy after the US and China. And it only takes a single password — as Americans learned after the 2021 Colonial Pipeline attack — for cyber crime to cripple a company or humiliate a nation.
On GZERO World, Ian Bremmer speaks to Jen Easterly, director of the US Cybersecurity and Infrastructure Security Agency, tasked with defending the country from all cyber threats — foreign and domestic.
America, she says, has finally gotten serious about protecting itself from cyberattacks. But the federal government still needs cooperation from the private sector, which operates 80% of the critical infrastructure that serves our daily basic needs.
Easterly also digs into how Russia is the urgent cyber threat, though China could do more damage in the long term -- and whether the US is prepared to defend itself from both adversaries.
- Will the US be able to withstand cyber attacks on critical ... ›
- Biggest cybersecurity threat to watch in 2022 - GZERO Media ›
- A (global) solution for cybercrime - GZERO Media ›
- Russian cyber attack could trigger NATO's Article 5, warns NATO ... ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
Brad Smith: Russia's war in Ukraine started on Feb 23 in cyberspace
Weeks before Russia invaded Ukraine, Microsoft was already helping the Ukrainians defend their cyberspace against Russian hackers, for instance by moving the government's physical servers into the cloud to avoid destruction by Russian missiles.
In the virtual world, like on the battlefield, "you've gotta disperse your defensive assets so they're not vulnerable to a single attack," Microsoft President Brad Smith says in a Global Stage livestream discussion at the World Economic Forum in Davos, "Crisis in a digital world," hosted by GZERO in partnership with Microsoft.
Then came defending Ukraine against Russian cyberattacks.
In cyberspace, Smith says the war really started on February 23, a day before Russia's land invasion, when Microsoft noticed some 300 coordinated attacks trying to take down Ukrainian government websites and banks via Microsoft's own data centers in Seattle.
Still, it worked. Why? Because "so far in this war, defense has proven to be stronger [than] offense, frankly, in almost every category, but especially when it comes to cyberspace."
Watch more of this Global Stage discussion: "Crisis in a digital world"
- What We're Watching: Cyberwarfare in Ukraine, Imran Khan in ... ›
- Why hasn't Ukraine suffered a debilitating Russian cyberattack ... ›
- Podcast: Cyber threats in Ukraine and beyond - GZERO Media ›
- How Russian cyberwarfare could impact Ukraine & NATO response ... ›
- A different Davos amid geopolitical conflicts and security issues - GZERO Media ›
- Microsoft president Brad Smith has a plan to meet the UN's goals - GZERO Media ›
- Russia freezing out Ukrainian civilians because it can't beat military, says Microsoft's Brad Smith - GZERO Media ›
- Tech innovation can outpace cyber threats, says Microsoft's Brad Smith - GZERO Media ›
Cyber warfare & disinformation play key role in Russia Ukraine conflict
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses the Ukraine conflict from the cybersecurity perspective:
These are dark and bitter times. We've just seen Russia starting a completely unjustifiable war with disproportionate force against Ukraine and these acts of aggression that we see, threats on the foundations of a rules based order and of our own freedoms in democracies worldwide. Yes, to all this aggression, there is also a cyber dimension.
Cyber warfare is clearly a major part of the Russia Ukraine conflict, but cyber weapons are notoriously hard to control.
What is the risk that hackers at war in Eastern Europe could wind up, intentionally or not, wreaking havoc in the West or beyond?
Now in terms of the deployment of tools to attack digital infrastructure and systems, going with what we have seen so far, attacks on Ukraine have already wreaked havoc on the West. Whether it was the NotPetya attack or attempts to manipulate the US presidential election, old KGB tactics are an integral tool in Putin's toolbox. So we shouldn't think of cyberwar as something separate or detached from the broader conflict confrontation, escalation and geopolitical agenda. And there is also this disinformation element woven through all aspects of the confrontation coming from Russia. Not to forget that in Europe today, as well as in the United States, Vladimir Putin has allies in political office. So sometimes I wonder with friends like these, who needs enemies?
- Constant Russian attacks on Ukraine in cyberspace - GZERO Media ›
- How Russian cyberwarfare could impact Ukraine & NATO response ... ›
- Russian cyber attack could trigger NATO's Article 5, warns NATO ... ›
- How Russian cyberwarfare could impact Ukraine & NATO response - GZERO Media ›
- Watching Russia: cyber threats & disinformation - GZERO Media ›
Join us live from the 2022 Munich Security Conference
Friday, February 18 at 11 am ET / 5 pm CET: Watch GZERO Media and Microsoft's live conversation from the 2022 Munich Security Conference.
As crises converge, our speakers will discuss emerging risks at the intersection of technology, policy and security: NATO's role and tools to defend democracy, the US role in global alliances, the rise of cyber threats and the need for cyber norms and stronger defenses.
Participants:
- David E. Sanger, White House and national security correspondent, The New York Times (moderator)
- Ian Bremmer, President and Founder, Eurasia Group and GZERO Media
- Benedikt Franke, Chief Executive Officer, Munich Security Conference
- Mircea Geoană, Deputy Secretary General, NATO
- Kersti Kaljulaid, former President of Estonia
- Anne-Marie Slaughter, CEO, New America
- Brad Smith, President and Vice Chair, Microsoft
Event link: gzeromedia.com/globalstage
This event is being held in collaboration with the Munich Security Conference.
Live from MSC 2022: Securing Cyberspace | Friday, February 18, 2022, 11 am ET / 5 pm CET
Sign up to get email alerts about this and other GZERO events.
Ireland's responses to ransomware attack; cryptocurrency scams
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What options does Ireland have responding to the ransomware attack on the country's healthcare system?
Well, authorities are making resources available to decrypt and restore, which is a good step. And they also insist on not paying ransom to the criminals. But after the immediate fallout, they should do a scan on weaknesses in legacy software systems used across the country to make clear who is expected to protect and where weaknesses might exist. Then imposing information sharing standards could help the needed facts to come together and to facilitate both resilience and damage control in the future. There's also an opportunity to cooperate on attribution and accountability with like-minded countries. This should really push to end the impunity with which these crimes are perpetrated.
How can consumers protect themselves from cryptocurrency scams?
Well here, my best advice is to use common sense. If a deal seems too good to be true, it probably is. And if there is no way to verify who runs a Bitcoin operation, then you have to ask yourself what an acceptable level of risk is in relation to your precious savings.
Will China become the world’s dominant military power?
America's chief adversary on the global stage is no longer Russia. It's China—a country that has experienced astronomical growth in the last few decades, with an economy that's expanded by $12 trillion dollars in the last fifteen years alone. Much of that economic growth is going straight into military spending, with a defense budget that's seen a nearly seven-fold increase over the past twenty years. And yet, its military spending still pales in comparison to that of the United States. But despite all the money that both nations have pumped into fancy new battleships and armored tanks, they also understand that a key paradigm shift in 21st century warfare is already well underway: The decisive battles of the future will largely be fought—and won or lost—in cyberspace. Ian Bremmer explains where the US stands in this competition.
Watch the GZERO World episode: What could spark a US-China war?
- Podcast: How a US-China war could happen: Warning from ret ... ›
- US election seen from China: Worries about a "hot war" - GZERO ... ›
- The limits of a China-Russia partnership - GZERO Media ›
- Will US/China tensions lead to military conflict? Analysis from Zanny ... ›
- US & China's changing status quo on Taiwan - GZERO Media ›
- US & China's changing status quo on Taiwan - GZERO Media ›
- US and China's changing status quo on Taiwan - GZERO Media ›
- Biden & Xi set to agree on regulating military use of AI - GZERO Media ›
- How the nuclear arms race went high tech - GZERO Media ›
Hackers shut down US pipeline
Ian Bremmer's Quick Take:
Hi, everybody. Ian Bremmer here. Happy Monday to you. A Quick Take. I wanted to talk about this unprecedented hack that has shut down a major pipeline in the United States. The Colonial Pipeline carries well over 2 million barrels a day. It's about half of the East Coast supply of gas and jet fuel. In other words, really not something you want to have suspended. And when I think about the impact of cyberattacks in the world, I mean, we've been warning that this is going to be a bigger challenge going forward, we're now really starting to see the implications of it.
In this case, it's a dual attack. It was an attack both against data in the firm that has been stolen that the organization, the criminal syndicate that has perpetrated the attack has said that they will make it public and delete all of the data from the system of the pipeline company if the ransom is not paid by the deadline that they have provided. And then of course, they also physically shut down the pipeline as well. It's an enormous problem. It's probably unprecedented in the scale of impact in the United States, though, we're seeing more of this kind of thing around the world.
So, let's take a step back. What does it mean? How much should we be worried and what can we do when we think about cyber? Well, when I think about the world of cyber over the course of the past 10 years, there are some aspects of it, the great power competition that has worried me less, because even though it's all about offense, the United States, the Chinese, the Russians by far the most capable in terms of offensive cyber capabilities than in other countries, like Israel and Iran with less but significant capabilities. But those governments, large governments do understand that if they are to engage in the kind of escalatory attacks, that could cause real damage to the country that they're going after, then the gloves come off and suddenly this can turn into a real national security danger. It could create a kinetic war that spirals out of control. And so, they don't do it. And so there has been a level of cyber deterrence between major countries all around the world.
You've seen these unprecedented attacks in the last months, for example, the SolarWinds attack that we believe came from Russia and other massive attacks coming from China. But in each of these cases, no critical infrastructure was destroyed or even damaged to the best of our knowledge. No, instead it was espionage. It was surveillance. It was monitoring. By the way, the Americans do the same thing to all of those countries, whether they have offensive cyber capabilities themselves or not. So that's a bit like the nuclear balance. It's all offense. It's not defense, but there are constraints on what countries do, because if you set off one nuke, other nuclear countries are quite likely to retaliate in kind. So it does create a level of stability, even though it is a more dangerous destructive environment in the world. You'd rather not have them than have them. Okay, that's the good side.
The bad side is that you sometimes have governments that engage in acts on cyber that go bigger and larger than had initially been presumed. So for example, when the Russians engaged in the NotPetya attack against Ukraine, which was a piece of malware that was reverse engineered out of the US, out of the National Security Agency developed in the US a few years before, it did hit Ukraine, it absolutely caused major economic damage and political stability damage to the country, but it also escaped. And so in relatively short order, you had Western corporations with operations primarily all over the world, very little in Ukraine. In some cases, just a couple of computers in Ukraine causing billions of dollars of damage because the malware spread. And the Russian government, I find it highly unlikely that they intended for that attack to spread. And the question was, did they either not know or not care? I suspect it's more the former than the latter, because if it got really big, this could have caused an enormous blow back for Russia. But that means that intrinsically when you're engaging in cyberattacks with new forms of weapons that have the ability to spread autonomously, there's greater danger around the nature of attack. That's one point.
Secondly, it's a lot harder to contain cyber offensive capabilities to a small number of countries. Obvious example, I mentioned among countries that have strong cyber capabilities, Iran. Now, we're working in the United States, the Biden Administration is working very hard right now to try to get the United States back into the JCPOA, the Iranian nuclear deal the Trump Administration unilaterally withdrew from. And if that happens, we will continue to successfully prevent the Iranian government from developing nuclear weapons capability with verifiable inspections on the ground. That's important, it's significant, but there has been no ability to limit the nature and development of Iran's offensive cyber capabilities, which they use against Israel, against Saudi Arabia, against the United States. And there's very little capacity to deter a government that is much more unstable itself, that has willingness. And it's the reason we don't want Iran to have nukes is because we think that that potentially could lead to much more conflict in the region. That's unacceptably dangerous to let's say Israel or to the Saudis, other American allies on the ground, but they have those cyber capabilities. And that's clearly a danger. I mean the Operation Shamoon, which the Iranians did, which looks like it was a reverse engineer of the Stuxnet attack that the Americans, the Israelis engaged in against Iranian centrifuges, basically was within a couple of hours of taking all of Saudi Aramco's energy production offline, and that could have precipitated a war.
So you're much closer to trip wires to red lines, even among governments, because of that when you talk about cyber. And then you have what we just saw, what we're experiencing now with the shutdown of the colonial pipeline, and this is a criminal syndicate. Non-state actors, whether they be gangs or the aforementioned 300-pound guy on a bed in New Jersey, or whether it's a terrorist organization, the ability of institutions and people that are much less easily determinable either because of the ideology or because you don't know who they are engaging in strikes that are really dangerous, that is becoming unprecedented in today's environment. And that's what we just saw. The cybercriminal gang called DarkSide is ostensively behind the attack on the Colonial Pipeline.
And this is a cybercriminal gang, right? It is a group of individuals. It is not known who they are. They have anonymity, they're quite sophisticated. And they engage in these strikes against multinational corporations, some small, some big, to enrich themselves essentially. And this organization, DarkSide, has said that they won't attack hospitals, for example. That's their form of ethics. Other such organizations have no such compunction. You've seen a number of hospitals shut down. For example, one of the things I was worried about is what would have happened if there had been a massive cyberattack by a criminal gang against American hospitals at the time when they were getting overwhelmed by the pandemic. This is an absolute, real danger and something that the technology exists to do. And the people that could engage in those attacks have that technology in their hands, right now. And so the only thing stopping them is the sense of ethics that these criminals actually have. That's a serious problem.
Now in the case of DarkSide, and a lot of these criminals are operating in areas where Western rule of law cannot reach them, the presumption with DarkSide is they are in the former Soviet space. And the reason I presume that is because those that are studying DarkSide's attack so far have seen no attacks against Russian and former Soviet countries. Companies that obviously would be just as exposed, in many cases more so than those outside of the former Soviet union. No attacks against Russia, Ukraine, against Kazakhstan, countries like that. So you would expect that the people that are engaged in DarkSide are either from one or many of the former Soviet states. A lot harder to hit them directly when rule of law doesn't reach that far and when the governments themselves are showing absolutely no interest.
In fact, in the case of Russia, many of the cyberattacks the Russian government engages in are essentially outsourced to these criminal gangs that make money both in terms of the national security efforts that they make at behest of the Russian government, but also then sideline, moonlight, have their side gig engaging in criminal activities, outside the former Soviet space.
The likelihood that this significantly worsens US and Western relations with Russia leads to more sanctions. If so, because the Russian government and others are refusing to take action. That's also a real problem. And one that isn't likely to get resolved anytime soon. So serious challenges as a consequence of this. It showed up very high on our top risks for 2021. This is part of the reason for it. And I suspect we're going to spend a lot more time on it going forward.
So, not the cheeriest topic for a Monday kicking off your week, but hopefully something we get resolved at least in this attacks case, in relatively short order. Be safe, everybody. Avoid fewer people and I'll talk to you soon.
- Why the US was unprepared for the 2020 cyber breach - GZERO ... ›
- Impact of Microsoft hack deepens; why cyber attacks target ... ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- DarkSide hack reveals risk of ransomware cyberattacks - GZERO Media ›
- Will there be a decisive US response to Russian cyber attacks? - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- How Russian cyberwarfare could impact Ukraine & NATO response - GZERO Media ›
- How Russian cyberwarfare could impact Ukraine & NATO response - GZERO Media ›
- Biden likely to push Putin on cybersecurity in Geneva meeting - GZERO Media ›
Watch our live program: Securing Cyberspace
Cyber is a tool, and sometimes a weapon. Whether espionage for commercial gain or indiscriminate attacks on critical infrastructure, actions taken in cyber space affect you directly, potentially upending even the most mundane realities of everyday life.
Watch GZERO Media and Microsoft's live conversation on cyber challenges facing governments, companies, and citizens in a Munich Security Conference "Road to Munich" event recorded on May 18.
Event link: gzeromedia.com/globalstage
Our guests will discuss privacy, truth, security, and the urgency of improving cyber security and establishing cyber norms globally. Joining the discussion:
- Ian Bremmer, President, Eurasia Group & GZERO Media
- Brad Smith, President, Microsoft
- Wolfgang Ischinger, Chairman, Munich Security Conference
- Jane Harman, President Emerita, Wilson Center
- Juliette Kayyem, Harvard Kennedy School Professor (moderator)
This event is being held in collaboration with the Munich Security Conference as part of their "Road to Munich" series.
Beyond SolarWinds: Securing Cyberspace: Tuesday, May 18, 2021, 1pm EDT / 10am PDT
Sign up to get email alerts about this and other GZERO events.