Cyberespionage & cyberwarWith hacking of U.S. utilities, Russia could move from cyberespionage toward cyberwar
Even before the revelation on 23 July that Russian government hackers had penetrated the computer systems of U.S. electric utilities and could have caused blackouts, government agencies and electricity industry leaders were working to protect U.S. customers and society as a whole. These developments highlight an important distinction of conflict in cyberspace: between probing and attacking. The distinction between exploiting weaknesses to gather information – also known as “intelligence preparation of the battlefield” – and using those vulnerabilities to actually do damage is impossibly thin and depends on the intent of the people doing it. Intentions are notoriously difficult to figure out. In global cyberspace they may change depending on world events and international relations. The dangers – to the people of the United States and other countries both allied and opposed – underscore the importance of international agreement on what constitutes an act of war in cyberspace and the need for clear rules of engagement.
Even before the revelation on 23 July that Russian government hackers had penetrated the computer systems of U.S. electric utilities and could have caused blackouts, government agencies and electricity industry leaders were working to protect U.S. customers and society as a whole. These developments, alarming as they might seem, are not new. But they highlight an important distinction of conflict in cyberspace: between probing and attacking.
Various adversaries – including Russia, but also China, North Korea and Iran – have been testing and mapping U.S. industrial systems for years. Yet to date there has been no public acknowledgment of physical damage from a foreign cyberattack on U.S. soil on the scale of Russia shutting off electricity in the Ukrainian capital or Iran attacking a Saudi Arabian government-owned oil company, destroying tens of thousands of computers and allegedly attempting to cause an explosion.
The United States and its allies have substantial capabilities, too, some of which have reportedly been directed against foreign powers. Stuxnet, for instance, was a cyberattack often attributed to the United States and Israel that disrupted Iran’s nuclear weapons development efforts.
The distinction between exploiting weaknesses to gather information – also known as “intelligence preparation of the battlefield” – and using those vulnerabilities to actually do damage is impossibly thin and depends on the intent of the people doing it. Intentions are notoriously difficult to figure out. In global cyberspace they may change depending on world events and international relations. The dangers – to the people of the United States and other countries both allied and opposed – underscore the importance of international agreement on what constitutes an act of war in cyberspace and the need for clear rules of engagement.