By Eric Vandenbroeck and co-workers

Russia’s interference in the 2016 presidential election marked the dawn of a new era in cyber warfare. The US Intelligence Community would not understand the full magnitude of Russia’s social media operation until much later. Cyberspace is unlike any other battleground. The military’s traditional air, land, and sea domains are all-natural, not manmade. Cyberspace, by contrast, is manmade and inherently insecure. 

As we mentioned recently, there has been no time during the past 35 years where all intelligence (meaning spy) agencies in every country of the world today are focused on one issue, and that is the potential war in Ukraine because it is crucial for three major countries and the is Russia China and the USA and each other country in the world has a connection with at least one of the latter countries and in some cases two or even all three countries. This includes that Russia leaked U.S.and NATO responses to Russia’s security demands to the Spanish newspaper El País, Reuters reports.

 

The Cyberspace battleground

The dawning of the above-cited behavior was only found out gradually. For example, in July 2019, the Stanley Center for Peace and Security, a nonprofit, began a series of international stakeholder workshops to examine ethical challenges in the open-source community and develop recommendations for addressing them.1 The bad news is that such initiatives cut in two directions, improving standards and tradecraft for well-meaning non-governmental actors as well as for potential adversaries.

Russia’s interference in the 2016 presidential election marked the dawn of a new era in cyber warfare. The US Intelligence Community would not understand the full magnitude of Russia’s social media operation until much later. Cyberspace is unlike any other battleground. The military’s traditional air, land, and sea domains are all-natural, not artificial. Cyberspace, by contrast, is artificial and inherently insecure. The Internet was never designed with security in mind. It was created in 1969 to link a handful of academic researchers who already knew and trusted each other. There are no mountains or oceans to protect people or their assets from others in cyberspace.

Countries with the most potent militaries are more secure in the physical world. Navies with better ships are more likely to rule the seas. Armies with bigger and better land forces will dominate ground warfare. Air forces with greater range, stealth, and maneuverability will gain air supremacy. In the cyber world, that’s not true. Power and vulnerability go hand in hand because the most powerful countries are often the most digitally connected.

In the USA of  2009, cyber threats still ranked so low on the priority list they were buried on page 38 of the forty-five-page threat assessment, just below drug trafficking in West Africa. Whereby suddenly in  2013, the director of national intelligence named cyber the number one threat to the United States, ranking it ahead of terrorism for the first time since 9/11.1 For the time being, the president and his national security team would determine significant consequences “on a case-by-case and fact-specific basis.” However, the 2015 cyber strategy noted that “significant consequences may include loss of life, significant property damage, serious adverse U.S. foreign policy consequences, or serious economic impact on the United States.”2

In other words, national security leaders might not be able to delineate the cyber threshold of war in advance, but they believed a threshold existed. It probably involved visible, near-term damage. And it would be clear when the line had been crossed. No one knows whether this strategy ever deterred anybody. But we know the idea of a cyber threshold of war quickly became irrelevant. Instead, cyber warfare looked a lot more like covert action, operating in the gray zone between war and peace without official government acknowledgment.

While physical warfare involved major mobilizations and strategic strikes - German troops marching into Poland, American atomic bombs dropping in Japan, Iraqi tanks rolling into Kuwait - cyber warfare was more of a bleed-every-minute insidious campaign in which attackers influenced outcomes one hack or Tweet at a time. In isolation, each might be too small for deterrence or retaliation. But cumulatively, the damage could be devastating.

The most severe threats from a national security perspective don’t come from Cheeto-eating teens. They come from well-trained operatives and proxies operating at the behest of countries. And analysts have shown that four nations are behind 77 percent of all suspected state-sponsored cyberattacks they are China, Russia, Iran, and North Korea.3

While running a wide range, the cyberattacks perpetrated by China, Russia, Iran, and North Korea come in five primary types: stealing, spying, disrupting, destroying, and deceiving. Some countries specialize in certain attack types more than others. Sometimes, countries use multiple classes simultaneously. But each seeks to achieve different effects.

In 2018 cyber theft cost an estimated $600 billion globally. That’s about as much as the global illicit drug trade.4 If cybercrime were a country, it would rank in the top twenty-five in terms of annual GDP.

China’s cybertheft is particularly consequential. It includes terabytes of data and schematics for the F-35 and F-22 stealth fighter jet programs, two of the most sophisticated aircraft in the U.S. arsenal. And in 2015, President Obama held a summit with Chinese leader Xi Jinping to try to rein it in.5 

In 2015, the top US cyber advisor to the secretary of defense testified that external actors were probing U.S. Defense Department networks for vulnerabilities “millions of times each day” and that more than 100 foreign intelligence agencies were “continually” trying to infiltrate defense networks.

Russia is aggressive on this front, too. In December 2020, the cybersecurity firm FireEye reported being penetrated by sophisticated hackers who got in by corrupting the software of a widely used network-monitoring vendor called SolarWinds.6 The SolarWinds breach turned out to be massive, unfolding like a scene from a horror movie: victims frantically barricaded the doors, only to discover the enemy had been hiding inside the house the whole time. For months, hackers had been roaming wild, undetected, inside the nation’s government networks (including nuclear labs and the Departments of Commerce, Defense, Homeland Security, Justice, State, and Treasury), as well as nearly all of the Fortune 500 companies and thousands of other organizations.7 Intelligence agency leaders publicly announced that Russia was “likely” behind SolarWinds. So far, the breach appears to have been an intelligence-gathering effort rather than a cyber attack meant to disrupt, corrupt, or destroy, though investigations are ongoing. What’s already clear, however, is that the damage is immense, and America’s cyberwarriors and spies never detected a thing until FireEye sounded the alarm.8

Russia was almost certainly behind the 2015 and 2016 cyberattacks shutting off Ukrainian power to millions of customers and the 2017 NotPetya cyberattack targeting Ukrainian banks, agencies, and companies that spread worldwide, causing more than $10 billion in damage.9

Now, Russian disinformation is designed to flood its zone, reaching millions within hours across every format (text, video, audio, photos) and information channel imaginable - social media, Internet websites, satellite television, and traditional radio and television, whereby volume is vital.

In 2019, for example, RT (formerly called Russia Today) had a $300 million annual budget, video programming that looked like legitimate news in multiple languages,, and more than three million YouTube subscribers.10 Russia was the first to embrace cyber weapons of mass deception, but it’s not alone anymore. China’s operations grew more sophisticated during the age of COVID.

Companies are now also providing spying-for-hire services that use false identities and wage information warfare, spreading messages with the intent of influencing what people believe, even if the information isn’t accurate.

As former senior Israeli intelligence official, Uzi Shaya put it, “Social media allows you to reach virtually anyone and to play with their minds.… You can do whatever you want. You can be whoever you want. It’s a place where wars are fought, elections are won, and promoted terror. There are no regulations. It’s a no-man’s land.”

What’s more, new technologies are making cyber deception tools more effective and accessible to everyone. Manipulated photographs and video are getting better and spreading rapidly.

For example some will remember the video of House Speaker Nancy Pelosi was distorted to make her sound drunk and posted on social media, where it was viewed two million times and made headline news.121 When Facebook refused to remove the fake Pelosi video, two British artists posted their doctored video of Facebook CEO Mark Zuckerberg claiming he wanted to “control billions of people’s stolen data, all their secrets” and thanking Spectre, the fictional evil organization from James Bond stories.11

These “cheap fakes” used rudimentary technology that was relatively easy to spot. Deception will get much worse, thanks to advances in artificial intelligence fueling the development of deepfake digital impersonation technology. Already, deepfake technology has created remarkably lifelike photographs of non-existent celebrities, audios so real they duped an employee into letting criminals steal hundreds of thousands of dollars, and videos of leaders saying things they never uttered.12

The impact of deep fakes could be profound, and policymakers know it.Deception has always been part of statecraft, espionage, and warfare, but not like this, where stolen audio of a conversation between two world leaders that never occurred. A troll farm uses text-generating algorithms to write false news stories at scale, flooding social media platforms and overwhelming journalists’ ability to verify and citizens’ ability to trust what they see.

Cyberspace is an ideal battleground for secret action. That’s what makes it so attractive in the first place.When cyberattacks take so long to uncover, uncertainty grows. Is the missile failing because of designed flaws or sabotage? Are our computers working correctly or have they been compromised? Cyber operations can generate tremendous doubt about the credibility of information and whether systems are functioning as intended.

For an adversary, generating this kind of uncertainty is one of the benefits of cyber warfare. For intelligence agencies, it’s a growing problem.Knowing whether citizens have been misled by foreign influence operations, whether weapons systems have been secretly sabotaged by malware, or whether a foreign intelligence service has spy networks, or whether information about an ally or adversary is credible - all of these questions are becoming more pervasive, immediate, and important for intelligence agencies to answer.

Second, in cyberspace, it’s hard to know when a weapon is a weapon: breaches used to inflict damage are often indistinguishable from intrusions to gather intelligence.From a technical perspective, the first 90 percent of any cyber operation looks the same, whether the intention is defending, attacking, or just surveilling someone else’s computer network. It’s the final 10 percent of any cyberweapon - the payload that gets unleashed - that determines what happens once an attacker gets inside.

When spying and warfare are hard to distinguish, understanding the bigger picture becomes even more critical. Policymakers need to know: Is the attacker inside a network to watch? Steal information? Disrupt operations? Delete files? Corrupt them? Is the intrusion laying the groundwork for a distant future action or something imminent? When attacks can look like intelligence operations and operations can look like attacks, the risks of miscalculation are high and intelligence about context and adversary intentions matters more.

Third, offensive cyber operations require ubiquitous, exquisite, real-time intelligence. That’s even harder than it sounds. The attack surface in cyberspace is huge, growing, and changing every millisecond. The scale and dynamism are hard to fathom. Over half the world is already connected to the Internet, using more than 20 billion smart devices - including baby monitors, fitness trackers, bird feeders, medical devices, home appliances, cars, and even children’s toys like Hello Barbie.13

Already by the end of 2013, hackers broke into more than 100,000 consumer gadgets, such as home-networking routers, televisions, and at least one refrigerator, sending more than 750,000 malicious emails worldwide. 14

In 2015 Chrysler had to recall more than a million Jeep Cherokees after two researchers demonstrated they could remotely cut off the engine and the brakes by wirelessly accessing the car’s entertainment system.15 

Technologists estimate that in every 2,500 lines of code, there’s roughly one coding weaknes - some kind of vulnerability that software engineers did not anticipate or catch when they were writing it. A typical Android phone runs on twelve million lines of code. That’s thousands of hidden weaknesses waiting to be exploited by malign actors.

Anything running on code and connected to the Internet is a potential cyberattack vector. This global battlespace changes every time anyone on earth downloads an app, installs a patch, inserts a thumb drive, connects to airport Wi-Fi, or plugs in an intelligent toaster. Targets and vulnerabilities are all constantly appearing and disappearing. Intelligence has to keep up with these changes, finding the correct vulnerabilities to exploit in the right targets at the right time or else offensive cyber operations won’t work. Moreover, intelligence about potential cyber targets has to be global to be helpful.

Military planners can draw up target lists that last for years because things like buildings and missile silos are hard to move in the physical world. Any bomb with a high enough yield will destroy a structure regardless of whether it’s made of wood or concrete, whether it gets remodeled or stays precisely the same. In cyberspace, that’s not true. Cyber intelligence has to be precise and up-to-the-minute to be helpful. Getting inside a target network often requires painstaking knowledge. Even slight modifications like installing a Microsoft update can make a target suddenly impenetrable and a “cyber bomb” against it useless.

In the physical world, there’s time to adjust. Even in crises, military mobilization takes time. Cyberspace doesn’t afford that kind of time. intelligence in cyberspace has to enable “he command to go from a standing start to a precise and responsive engagement in the shortest possible time. That kind of instant response requires groundwork years in advance. 

Fourth and finally, there’s the quantity versus variety problem of cyber weapons. In the physical world of warfare, quantities matter: two fighter jets are always better than one. But in cyberspace, more of the same weapon is just the same: two copies of the same piece of malware don’t get you anything more than one. In cyberspace, weapons variety wins the day - and that requires identifying different vulnerabilities and ways to exploit them. The intelligence demands are high.

The CIA also engaged in covert assassination plots of foreign leaders until they were discovered by Congress and banned by presidential executive order in 1976.

The Church Committee, unearthed evidence that the CIA’s assassination portfolio included plans to kill Congolese leader Patrice Lumumba with a unique poison that simulated a local disease.56 The agency’s chief scientist, Sidney Gottlieb, flew with the poison in his carry-on luggage and delivered it to Larry Devlin, the senior CIA officer in Leopoldville. Devlin was supposed to inject it into Lumumba’s food, drink, or toothpaste, but he couldn’t go through with it. He ended up burying the poison vials in the banks of the Congo River.16

One of the biggest misperceptions of covert action is that it involves a unique set of harmful activities that are so troubling they must be hidden from view. In reality, nearly all covert activities have overt counterparts; we just don’t think about them.17

If covert action looks so much like overt action, why do current leaders, including US presidents, ever use it? In the latter case, it’s not because American presidents are so much alike.

Presidents may be unique in many respects, but they are alike in one crucial way: they prefer action. They know that legacies are made by significant changes and new directions, not maintaining the status quo.

Nor are presidents comfortable sitting idly by while adversaries invade neighbors, harm Americans, and destabilize the world. The Senator who led the congressional committee investigating CIA abuses in the 1970s, wrote that “once the capability for covert activity is established, the pressures brought to bear on the President to use it are immense.”18

U.S. officials claimed the Russian government was planning to publish a video of a staged “attack” by Ukrainian forces. The officials said their announcement was an attempt to preemptively halt a misinformation campaign that could serve as a pretext for Russian forces to invade. Such propaganda campaigns have been used in wars throughout history - but today’s social media landscape allows misinformation to spread further and have greater impact. 

Another reason for the enduring allure of covert action is that the plausible deniability of U.S. involvement in a clandestine action can limit retaliation and escalation. Whereby covertness is sometimes no more than a fig leaf does not necessarily alter the fact that it is a valuable fig leaf.The beneficial fig leaf played a role in the 2011 bin Laden operation, too. Robert Gates, who was serving as secretary of defense at the time, wrote that regardless of whether the raid succeeded or failed, sending an American military team into sovereign Pakistani territory without Pakistani knowledge or permission could jeopardize an already fragile relationship and thus the fate of the war in Afghanistan. But if the CIA was in charge, it could. Conducting the raid as a CIA covert operation offered “at least a fig leaf - granted, a tiny leaf - of deniability,” Robert Gates wrote. If the military did it, they could have been at war with Pakistan.19

Covert action also poses the risk of unintended consequences down the line. In 1953, the CIA helped the Shah overthrow Prime Minister Mohammad Mossadegh in Iran. Installing a pro-American regime in an oil-rich nation located in a strategic stretch of the Middle East during the throes of the Cold War appeared to be a success. But the picture looked a lot different two decades later. Ultimately the Shah’s rule gave rise to religious extremism, a revolutionary overthrow, the American hostage crisis, severed ties, regional instability, and today’s rising nuclear dangers.

Likewise, U.S. Cold War support for the Afghan Mujahidin succeeded in expelling the Soviets. Still, the rebels’ foreign benefactors eventually morphed into al Qaeda, made Afghanistan a terrorism stronghold, launched the deadliest terrorist attack on American soil in history, and drew the United States and allies into the war.Covert action is highly charged and morally complex. Thoughtful people come at the issues from different vantage points.

George Kennan, an American diplomat and historian, believed that even though the Soviets took the gloves off and engaged in covert action during the Cold War, the United States shouldn’t, except in extreme and rare circumstances.For others, covert action is morally problematic because it lacks democratic accountability. These concerns are especially acute when covert action involves violence.

Oversight had certainly improved since the Wild West days of the 1950s, when plausible deniability meant not telling the president things he might not want to know and when congressional committees preferred not to ask too many questions. But classification still makes oversight difficult. For example, legislators can object, but they have to do it in secret. Covert action requires secrecy for success - the more, the better. Yet democratic accountability requires openness - the more, the better.

Covert action isn’t some unique bag of dirty tricks in an otherwise pristine world. Foreign policy is a meddling business. All nations do it, and all leaders know it. Presidents George W. Bush and Barack Obama felt the same way about al Qaeda after 9/11. Both presidents devoted considerable attention and resources to hunting bin Laden. The terrorist leader wasn’t playing by any gentleman’s rules; the only way to stop him was to capture or kill him.

To spy or not to spy has always been a question. Spies naturally prefer surveilling to attacking. Their job is acquiring information that yields an advantage. Whether it comes from a human or inside a computer network, access to valuable information is hard-won and fiercely guarded. Spies will always elect to keep listening rather than lose a collection stream when in doubt.

Intelligence-military frictions are especially salient in cyberspace today because intelligence is integral to effective offensive cyber operations. Cyberspace also raises new questions about who counts as a decision maker - and how the Intelligence Community should interact with them. Before the 2016 election, the first organization to notice suspicious Russian activity on Facebook was Facebook.

Susan Gordon spent forty years inside the Intelligence Community, including serving as the number two intelligence official from 2017 to 2019. “Our business isn’t secrecy,” she noted in a 2020 interview. “Our business is national security. And if the people who are affecting national security are either the populace - they’re being influenced - or the private sector, they’re making decisions that affect security.” The Intelligence Community needs to inform a much broader set of decision-makers.20

It’s hard to overstate just how alien the worlds of Washington and Silicon Valley are to each other. At the exact moment when great-power conflict is making a comeback and harnessing technology is the key to success, Silicon Valley and Washington are still working on working together. Cyber threats are vastly different from traditional national security threats, with profound implications for intelligence. And that’s not all. Increasingly, key cyber decision-makers sit in board rooms and living rooms,In this emerging world, intelligence has never been more critical, or more challenging.

 

1. “Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community,” Senate Committee on Armed Services, 113th Cong., 1st sess., April 18, 2013, https://www.dni.gov/files/documents/Intelligence%20Reports.

2. Department of Defense, Cyber Strategy, 5.

3. Cyberspace Solarium Commission, “Final Report,” March 2020, https://drive.google.com/file/d/1ryMCIL_dZ30QyjFqFkkf10MxIXJGT4yv/view.

4. CSIS/McAfee, “Economic Impact of Cybercrime.

5. White House, Office of the Press Secretary, “Fact Sheet: President Xi Jinping’s State Visit to the United States,” September 25, 2015, https://obamawhitehouse.archives.gov/the-press-office/2015/09/25/fact-sheet-president-xi-jinpings-state-visit-united-states.

6.  David E. Sanger and Nicole Perlroth, “FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State,” New York Times, December 8, 2020, https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html (accessed January 12, 2021); William Turton and Kartikay Mehrotra, “FireEye discovered SolarWinds breach while probing own hack,” Bloomberg, December 14, 2020, https://www.bloomberg.com/news/articles/2020-12-15/fireeye-stumbled-across-solarwinds-breach-while-probing-own-hack.

7. Dustin Volz and Robert McMillan, “SolarWinds Hack Breached Justice Department System,” Wall Street Journal, January 6, 2021, https://www.wsj.com/articles/solarwinds-hack-breached-justice-department-systems-11609958761 (accessed January 12, 2021); Amy Zegart, “Everybody spies in cyberspace. The U.S. must plan accordingly,” Atlantic, December 30, 2020, https://www.theatlantic.com/ideas/archive/2020/12/everybody-spies-cyberspace-us-must-plan-accordingly/617522/. 

8. “Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA),” January 5, 2021, https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure.

9. Cerulus, “How Ukraine became a test bed for cyberweaponry;” Andy Greenberg, “The untold story of NotPetya, the most devastating cyberattack in history,” Wired, August 22, 2018, https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/.

10. Christopher Paul and Miriam Matthews, “The Russian ‘Firehose of Falsehood’ Propaganda Model,” RAND Perspective, 2016, https://www.rand.org/pubs/perspectives/PE198.html, 2.

11. Cade Metz, “A Fake Zuckerberg Video Challenges Facebook’s Rules,” New York Times, June 11, 2019, https://www.nytimes.com/2019/06/11/technology/fake-zuckerberg-video-facebook.html.

12. Drew Harwell, “Top AI Researchers Race to Detect ‘Deepfake’ Videos: ‘We Are Outgunned,’ ” Washington Post, June 12, 2019, https://www.washingtonpost.com/technology/2019/06/12/top-ai-researchers-race-detect-deepfake-videos-we-are-outgunned/.

13.“The IoT Rundown for 2020: Stats, Risks, and Solutions,” Security Today, January 13, 2020, https://securitytoday.com/Articles/2020/01/13/The-IoT-Rundown-for-2020.aspx?Page=2.

14. January 16, 2014, https://www.proofpoint.com/us/threat-insight/post/Your-Fridge-is-Full-of-SPAM.

15. “Hackers remotely kill a Jeep on the highway—with me in it,” Wired, July 21, 2015, http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.

16. Tim Weiner, Legacy of Ashes: The History of the CIA (New York: Anchor Books, 2008), 162–63; Church Committee, “Alleged Assassination Plots Involving Foreign Leaders,” 13–67; “The C.I.A and Lumumba,” New York Times, August 2, 1981, https://www.nytimes.com/1981/08/02/magazine/the-cia-and-lumumba.html.

17. “The logic of covert action,” National Interest, March 1, 1998, https://nationalinterest.org/article/the-logic-of-covert-action-333.

18.Church Committee, “Final Report, Foreign and Military Intelligence,” Book 1, 564, https://www.intelligence.senate.gov/sites/default/files/94755_I.pdf.

19. Robert M. Gates, Duty: Memoirs of a Secretary at War (New York: Knopf, 2014), 540-42.

20. “Former Top DNI Official Sue Gordon Discusses Circumstances of Her Departure from ODNI-Transcript,” interview by Michael Morell, Intelligence Matters, CBS, February 14, 2020, https://www.cbsnews.com/news/former-top-dni-official-sue-gordon-discusses-circumstances-of-her-departure-from-odni-transcript/.

 

 

For updates click hompage here