The US has been at the receiving end of many Cyber attacks from around the world over which it has little control. The report of the Special Counsel Robert Mueller proved the meddling of Russian hackers which had intercepted the email servers of Democratic National Committee in a bid to influence the 2016 Presidential elections. 13 Russians and 3 Russian firms were named in the indictments. US Intelligence agencies have issued a warning that Russians will again resort to hacking or other cyber attacks to disrupt or influence the November mid-term elections. Russia was also behind the infamous Notpetya malware attack which has been the most ferocious cyberattack in modern history. Notpetya had completely shut the government of Ukraine and later spread to major world businesses like FedEx and Maersk which caused huge losses.
It was not just Russian hackers who have done damage to US intellectual property. The Great Firewall of China in 2015 undertook a distributed denial of service attacks targeting US websites China found guilty of showing content which was unacceptable to the Chinese leadership. Even hackers from the rogue Korean state launched a serious attack on Sony Pictures in the US by deleting content from many computers, sending derogatory emails and threatened the company against the release of the movie, The Interview which was based on an attempt to kill the North Korean leader Kim Jong Un. Iranian hackers were not left behind and had attacked financial institutions in the US.
Cyber-Deterrence- the realm
Cyber-deterrence is always aimed at changing the rules of the game while the attacker has just finished checking his arsenal before the final launch. It is like taking them unawares and then make them dance to your tune and ultimately make them realise that the costs are far greater than the benefits if any. Trump administration has fastened its grip on cyber-deterrence which is quite reasonable but is equally misguided. The US Cyber Command has been raised in stature to a combatant command which is believed to exhibit much more agility, expertise and grit to deal with the unknown from anywhere. Cyber-deterrence had been a prime agenda for Obama Presidency as well which materialised in form of Department of Defence Cyber Strategy.
The US has always played on back-foot while dealing with cyber attacks even though with a robust deterrence. It has been a defensive approach which has gone redundant looking at the sophistication, resolve and range of attacks. The US needs to be on the prowl and take a forward approach and look for disruption of the expertise of the enemy at the roots. There is no defence in any cyberwar but only a good attack.
US cyber-deterrence is based on archaic rules of the game while the attackers play on the new-age themes. Either there is a cyber-war or it isn’t, but there is definitely not a Cyber cold war. The gameplan is defined by the attacker and US strategy is based on not to attack first. It is completely ignoring the fact that here unlike the Cold War it has more to lose in terms of increased connectivity and innovation without adequate systems to secure the same. Thus, it has to realise that it is possible to dismantle the hacking apparatus before it is used.
Deterrence is more of a mind game where one power plays with the mindset of another and influences it a way that the other is reluctant to attack for the costs may significantly outweigh the uses. Many hacker nations, people or groups are more refined and it is thus a wise strategy to work on the primary motives behind their moves and thus suitably issuing warning signals which will keep the attackers thinking despite being well or even better equipped. Thus, deterrence does not qualify as a national cyber combatant strategy as it works on defence mode and in lean times of no attacks, which could have failed due to technical snags etc. cannot be measured.
The global scenario calls for world powers to be able to render all attacks useless just when it happens and not go telling others that one should not attack. One has to completely disgrace the ability of the enemy to attack with a precision and scale which is almost alien to the latter.
Jamming the Attack
The US has to work in a more offensive mode when the subtle route expires especially in scenarios where national reputation or security is at stake. It may not always mean an attack on an adversary but may take forms of completely wiping off the whole range of computers, denying access to accounts and systems which are used by hacking networks etc. The idea is to make the attack an impossible task which has no fruits at the end. Thus, US should aim at rendering all the attacks void even if it did not mean much business to the hacker. The offensive approach should lie within the ambit of international deals and treaties. The US has to walk the fine line carefully and thus be proactive in an atmosphere where it is already facing many attacks. Sanctions or indictments of foreigners who are involved in the hacking attacks are useful steps as they send a clear message to the future hackers.
Thus, one has to tighten the belts to bolster the security of the systems in routine internet usage. One has to work on multiple fronts like blocking the hackers, protecting user data and also successfully maintaining the continuity of operations in case of a cyber attack. Thus, the nation and the affected entities should be able to bounce back to the original state both effectively and without delay.