Is The Russian Cyber Attack An Act Of War?

In mid-December, the United States Cybersecurity and Infrastructure Security Agency (CISA) announced it suspects Russian hackers are behind a massive, newly-discovered cyberattack on government agencies and private U.S. businesses. Although the consequences of this are not as obvious as those of traditional military attacks, the long-term impacts could be considerably more devastating.

Senator Mitt Romney calls the hack the high-tech equivalent of “Russian bombers repeatedly flying undetected over the entire country.”  He argued over Sirius Radio that, while Russia was not dropping bombs, the hack showed “that [America’s] cyber warfare readiness is extraordinarily weak, that they think so little of our ability to fight back from a cyber standpoint that they do this with impunity.”

“It’s pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war,” Senator Chris Coons told MSNBC. “(T)his is as destructive and broad-scale an engagement with our military systems, our intelligence systems as has happened in my lifetime.”

Thomas Bossert, Trump’s former homeland security adviser, thinks similarly. “The magnitude of this ongoing attack is hard to overstate,” he wrote in the New York Times

Why is this attack so potentially dangerous?  The answer lies in the uncertainties that remain surrounding the hack. One of the agencies reporting a breach was the Department of Energy and its National Nuclear Security Administration, which is the United States’ federal agency responsible for managing, and ensuring the safety of, the nation’s nuclear arsenal. Although the groups said that the malware was isolated to business networks and didn’t affect national security functions, it is not at all hard to imagine what could happen if an adversarial government accessed and controlled another country’s nuclear assets. The targets of state-sponsored cyberattacks are often intellectual property, elections, control of power grids, and hydroelectric dams – all of which have potentially significant impacts on a nation’s infrastructure.

Brad Smith, Microsoft’s chief legal counsel, said the recent attack represented “a broad and successful espionage-based assault on both the confidential information of the U.S. government and the tech tools used by firms to protect them.”

The attack was not limited to the U.S. alone. According to Smith, Canada and Mexico in North America; Belgium, Spain, and the United Kingdom in Europe; and Israel and the United Arab Emirates in the Middle East were also compromised. “It’s certain that the number and location of victims will keep growing,” he warned.

The U.S. has yet to officially respond to the attack, although Donald Trump tweeted on December 19th that the “Fake News Media” is exaggerating the extent of the hack. Contrary to his own intelligence and national security experts, Trump has claimed China may be responsible, deflecting any acknowledgement of Russia’s involvement.

President-elect Joe Biden, on the other hand, said that the suspected Russian cyberattack “is a matter of great concern” and promised to impose “substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”