Could cyber attacks on Ukraine be war crimes? 1:10
(CNN) President Joe Biden issued an urgent and ominous warning to Americans and businesses on Monday, saying “evolving intelligence” suggests Russia may be planning cyberattacks against the United States.
On Tuesday, an FBI advisory was sent to US companies in the energy, defense and financial sectors, warning of possible preparatory work to hack IP addresses in Russia.
US Prepares for Possible Russian Cyber Attacks 1:01
This activity is “probably not about espionage, it’s very likely about disruptive or destructive (cyber) activity,” said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, during a call with industry executives and state and local government officials. According to three sources on the call, CNN’s Sean Lyngaas writes.
Lots of warnings about an imminent Russian cyber attack
The recommendation is part of a growing chorus of warnings that US infrastructure is at risk, Lyngass writes.
“For months, the US Department of Energy, Treasury, and Homeland Security, among others, have alerted major energy companies and banks to Russian hacking capabilities and urged companies to lower their thresholds for reporting suspicious activity.
Some companies are not prepared for this
The bottom line of Biden’s warning Monday and the FBI’s warning was that the infrastructure behind American society and the way of life is largely privately owned and needs to be further protected from hackers.
Tips for protecting your information from cyberattacks 7:34
Anyone who remembers ransomware attacks on major US food company JBS, US cities, an oil pipeline, and hospital systems over the past few years knows this to be true.
Biden has told Putin to stop
Biden has warned Russian President Vladimir Putin against using cyberattacks against the US. The President described the talks on Monday as an “altar call”.
“We’ve had a long conversation about what the consequence would be if you use it,” Biden told business leaders Monday.
Biden has more control over that consequence than over the willingness of American companies involved in American infrastructure. He appealed to his sense of “patriotic obligation” to balance his cyberdefense skills.
He specifically mentioned the energy and financial sectors.
What would a largescale cyber attack look like?
It’s happened before. Estonia fell victim to a largescale cyber attack in 2007, although there was insufficient evidence at the time to clearly attribute it to Russia.
CNN’s Ivana Kottasová wrote last June about the attack, which Estonia viewed as an act of cyberwarfare. It all started with Estonia’s decision to remove a Sovietera war memorial from central Tallinn.
Here are some key takeaways from his report:
The attack made Estonia realize that it had to start treating cyber threats the same way it treats physical attacks.
The country was already a leader in egovernment at the time, introducing services such as online elections and digital signatures. Although no data was stolen during the incident, websites of banks, media and some government services were targeted in distributed denialofservice attacks that lasted 22 days. Some services have been discontinued while others have been removed entirely.
NATO and the international community became aware of the attack on Estonia and experts subsequently developed a standard for evaluating cyber warfare.
When is a cyber attack an act of war?
I called Tess Bridgeman, associate editor of the Just Security website and former Obama White House attorney who is an expert on war power and international law.
“If a cyber attack causes significant death, destruction or injury, as we would see with a more traditional attack using kinetic means such as bullets or missiles, then I would call it ‘the use of force’ under international law,” he said.
A cyberattack on a dam or air traffic control towers could reach that level, but the government would go to great lengths to avoid responding to a cyberattack with a military attack, he said.
Attacks on the US to date have not yet reached the threshold to justify a military response.
While the government is looking for countermeasures, Bridgeman said there’s a good chance they won’t become public knowledge.
“It may appear that the United States is standing by, but I very much doubt that is the case,” he said, arguing that defensive measures may be more effective in deescalating the standoff. “He sets an example of what responsible government action looks like.”
Could weapons be used to respond to a cyber attack?
The threat of a military response always exists for the worst cyberattacks, should they take American lives.
“Our policy, our stated policy, is that if there’s an attack on us that’s big enough and hurts us, we’ll respond with conventional weapons,” said Richard Clarke, one of President George W. Bush’s top national security advisers. to CNN’s Michael Smerconish shortly after the war in Ukraine began.
“So we could easily find ourselves in a shooting war with Russia if they attempt devastating cyberattacks, and they would have to be devastating, like turning off the power grid,” Clarke said.
Most of these attacks are designed to be part of espionage campaigns or to be more annoying than deadly. Clarke argued that Russian attacks on US industry could be more devastating than attacks on the government itself. He said the government doesn’t really know what would happen if, for example, the cloud systems of Amazon, Google and Microsoft went offline.
“I can tell you if these clouds are going down, America is going down, our economy is going down, phones are going down, pretty soon we’re going to find ourselves in the dark ages where the internet is going down,” Clarke said.
What would happen if Russia attacked a US ally?
It is not clear whether Russia is deliberately provoking the US in such a devastating way, or how the US would react.
While its cyberattacks in Ukraine since the start of the war have been less severe than some expected, Russia has targeted internet infrastructure in parts of the country, according to a Lyngass report.
There were concerns that cyberattacks in Ukraine could spill over to neighboring NATO countries, prompting the organization to invoke Article 5 of its charter, the principle that an attack on one NATO member is an attack on all members.
Could a cyber attack trigger Article 5?
A cyber attack could well trigger Article 5. This was made clear by NATO Secretary General Jens Stoltenberg in February, immediately after the Russian invasion.
“An attack on one is considered an attack on all,” Stoltenberg said at a news conference when asked about a possible Russian cyberattack.
However, he added that NATO would be very careful when assessing an attack and would ensure that a cyberattack in Ukraine (e.g. power failure) accidentally spreading to Poland or Romania would not be interpreted as an attack on those countries will.
He also said that it was intentionally unclear what type of cyberattack would rise to the level of Article 5 invocation.
NATO, he said, “does not want to give a potential adversary the privilege of specifying exactly when we activate Article 5.”