Cyber Scene #69 - Looking Back, and Forward

Cyber Scene #69 -

Looking Back, and Forward

All three branches of the United States government deal with crises of the day, with a view to creating a better tomorrow or, a next five years, if budgets are involved. But history reminds us that if one does not look back and appraise the success or failure of earlier decisions, history repeats itself. Earlier Cyber Scenes have noted past decisions made into law by the denizens of the Capitol. Similarly, SCOTUS justices have, at least traditionally, cited past decisions, per stare decisis, as directives for present and future decisions.

This Cyber Scene will limit the "past" to a retrospective of cyber success or failure over the first half of 2022. The frame of course is limited--to Ukraine and legal action against or for cyberattacks, depending on where one sits or stands. This analysis will then add a future mosaic of cyber security issues across both US and international perspectives.

First let us revisit Ukraine and Russia from early 2022 to the present, as seen through the cyber eyes and articles of six experts (four of which are familiar to this readership) from four respected publications over six months. Three of the four publications were inspired by Microsoft's 21 June report tracking Russian cyberattacks on Ukraine and NATO allies.

"Old cyber hands" David Sanger and Julian Barnes filed a 22 June New York Times (NYT) surprising analysis of Microsoft's revelations: a new look at the first months of war resulted in more Russian cyberattacks than originally thought with a stunning failure rate of two-thirds. Sanger and Barnes cite this as a significant effort to understand "…the interaction of a brutal physical war with a parallel—and often coordinated—struggle in cyberspace." They acknowledge that this is the first "full-scale battle" pairing traditional cyber- and military attacks.

Sizing up the Russian side, National Cyber Director Chris Inglis believed as of April that Russia expected a quick victory in February but "were distracted" when this was unsuccessful. On the other side, Ukraine was ready thanks to cyber defense preparations including a significant early warning system with help from Microsoft and Google and moving most of its important systems to the cloud. Microsoft President Brad Smith, who was certainly in the position of knowing, said that Russia's major cyberattack on 23 February used FoxBlade malware to attempt to wipe out government software. Ukraine, however, despite the ferocity of the attacks, thwarted many of them and had significant enough redundancy to suffer little.

Moreover, according to David Ignatius's 21 June Washington Post op-ed "How Russia's vaunted cyber capabilities were frustrated in Ukraine" US tech companies and Western cyber agencies have "unheralded stories" of close partnerships--well, perhaps heralded now. Ignatius cites that between 23 February and 8 April, according to National Security Agency's (NSA) Cybersecurity Director Rob Joyce, 40 destructive attacks cast as "an enormous cyber offensive" on Ukraine, were attempted. Ignatius notes that the private-public damage from Snowden in 2013 seems to be healed because of Russia's attacks on the 2016 and 2020 US presidential elections and the invasion of Ukraine.

The timeline of this partnership was in the works before the invasion. Cyber Command chief General Paul Nakasone said that Ukraine's cybersecurity defense had support from the US in early 2021, with Microsoft and Google there even earlier. Microsoft's president adds that it has been connected not only to the US Government, but also to NATO and EU cyber officials. He added that Russia's attacks originated from its three intelligence services: the GRU, SVR, and FSB.

Google also protected Ukraine. Following Russia's 2014 DDOS (distributed denial-of-service) attacks and the seizure of Crimea as well as attacks on eastern Ukraine, Google initiated "Project Shield" for Ukraine which is now used by 200 sites in Ukraine and 2,300 others in 140 countries.

Fortunately, Project Shield was active when attacks were at Ukraine's cyber door. Wall Street Journal's (WSJ) Dustin Volz's report underscores on 22 June the uptick of cyberattacks against countries, including NATO members, supporting Ukraine. The targeting of governments was only part of the attacks, which also included NGOs (nongovernmental organizations), think tanks, and humanitarian groups supporting Ukrainian refugees in addition to info-tech and energy firms. Volz cites intrusion attempts since 24 February against 128 targets in 42 countries as the projected victims.

Of these attacks, 63% were against NATO—Poland being the #1 target. During the last two months activity increased against the Nordics (Denmark, Norway and non-NATO members Finland and Sweden who have since applied to NATO) as well as Turkey.

The Baltics—little neighbors of Russia—were also attacked. Latvia, Estonia, and Lithuania should take some comfort in the expanded support of other NATO members including the US and remind their allies that it isn't paranoia if "they" (Russian attackers) are after you.

As if to serve as the preface to the above analyses, Foreign Affairs writers Erik Lin-Greenberg and Theo Milonopoulos wrote on 30 May of "Boots on the Ground, Eyes in the Sky" highlighting the role of commercial satellites in defending Ukraine during the invasion. They particularly follow up on a 2021 analysis of the status of commercial satellite imagery, where they marked the dramatic advancements of its role in national security. The relationship of commercial satellite imagery has changed in its connection to the public: information governments might have preferred to hide is now broadly available. The authors assess that "Commercial satellite imagery has helped galvanize public support for Ukraine…and countered Russian misinformation."

This, however, is a two-edged sword. The authors go on to discuss President Biden's release of intelligence about Russian deployments on Ukraine's borders, "…all but confirming that Moscow was planning an assault on its neighbor. This was an unusual move: governments are typically loathe to share sensitive intelligence about adversaries to better protect the sources and methods used to acquire information." The authors explain that by triangulating commercial imagery with social media posts, the public, amateur sleuths, and the U.S Intelligence Community could "roughly be on the same page." This also benefited European allies, delivering data to influence the advancement of unification of western nations in support to Ukraine. Moreover, this Foreign Affairs study goes on to note that the US National Geospatial Intelligence Agency (NGA) Director Vice Admiral Robert Sharp underscored the fact that "Publicly available imagery of Ukraine is now providing unprecedented public insight that until recently would've been only available through government agencies and officials. And it's helping a democratic country fight for its survival." The authors go on to project future expansion of commercial satellite imagery, adding that NATO as an institution may move to buy imagery directly from commercial firms, rather than relying on member states to do so. It appears that this is yet one more example of the impact of the Russian invasion of Ukraine on the unification of western nations.

This union, however, includes neither China nor Russia, as Alex Engler reminds us from Lawfare (and Brookings Institution and Georgetown University). He explains that The Declaration of the Future of the Internet, as presented on 28 April by President Biden's new global partnership in setting rules for technology use by nations, is clearly intended for wavering democracies. China and Russia merit exclusion. The partnership was signed by 61 nations including the nations referenced in this Cyber Scene's earlier discussions. Engler adds that, although the document is nonbinding for the nation's signatories, its priorities "…are admirable and reflect the diverse interests of the signatories." He notes that some executive rank officials see this as "…an alternative to the model of digital authoritarianism." Cyber Scene could devote an entire article to just this month's examples regarding China and Russia. However, Engler explains how the internet has created serious challenges for wavering democracies. He states: "At best, the expansion and modern shaping of the internet has emerged contemporaneously with this enormous challenge to the democratic world. More likely, it has contributed to it."

A thoughtful, in depth, suggestion of how to approach this challenge is offered by the Atlantic Council's Emma Schroeder, Stewart Scott and Trey Herr in "Victory reimagined: Toward a more cohesive US cyber strategy." The authors underscore the inherent divergent paths of protecting US infrastructure through US cyber superiority versus seeking "…an open cyber ecosystem." The executive summary maintains that lessons need to be learned by the policymakers and practitioners looking to implement the new National Cyber Strategy from the "costly lessons of a generation of counterinsurgency." Policy makers must work to not displace efforts to defeat cyberspace enemies, despite the merits of the Defense Forward being "compelling and necessary shift in thinking." The authors insist that the latter is not the only implementation tool available. They cite National Cyber Director Chris Inglis and his deputy for strategy and research, Harry Krejsa, and posing three additions:

1. enhancing security against a wider range of threats beyond top adversaries,
2. coordinate better with allies/partners re: protection and security, and
3. instead of only reducing harm, refocus on the resilience of the cyber ecosystem.

They go on to say that tension in several concepts need to be addressed regarding increased partnership with allies and partners, ensuring cyberspace consistency to achieve strategic cohesion across the board, and increasing the resilience of the cyber ecosystem. They close by saying that the US must ensure that it "…doesn't fall into a strategy of tactics, losing the war by winning the battles" as it has in counterinsurgencies, but rather, having addressed "…the dissonance between the stated policy goals of protection and domain security," proactively ensuring that offensive cyber operations protect US infrastructure and interest.