July 21, 2021No Comments

How are the U.S. Administrations dealing with Cybersecurity

By: István Hagyó and Bianca Ferrazza 

Introduction

Witnessing government agencies, corporations and the military's recent shift of administration of activities to the internet, one cannot ignore the pressing concern of cybersecurity to world security. It is pertinent to discuss cybersecurity, as the contemporary world is increasingly immersed in the use of new IT technologies; humans seem to be living in cyberspace rather than in the physical one. Cybersecurity’s relevance to national security is obvious: in the era of digitalization, we are observing a lot of new threats coming from the internet and countries must act before having their weak spot detected. 

What is a cyber attack?

According to the Oxford Dictionary, a cyber attack is an act aimed at the damage or the destruction of a computer network or system. More precisely, a cyber attack consists of an attempt to perform any action that might hurt a database’s security. These actions may include disabling computers, stealing data or leakage of any sensible information. 

What happens when a country or company is the victim of this attack?

The cyber domain also refers to the term “cyberspace”. According to the definition of the U.S. Department of Defense, cyberspace is “A global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems and embedded processors and controllers”. 

Cybersecurity’s role in the contemporary world emerges as a consequence of the internet revolution of the past decades. It is considered a practice aimed at the protection of systems (alongside that of programs and networks) from the threats of digital attacks. 

Cybersecurity aims to foil attacks at gaining access, leak or destroy sensitive information and to interfere with the normal administration of companies, government agencies and other subjects. The implementation of cybersecurity has improved in recent years, due to the growing business of high tech companies, but so have hackers. In general, one can consider a successful cybersecurity approach one that presents several layers of protection against hackers. 

The Evolution of US Cyberpower

In analysing the approach of the Biden administration in regards to cybersecurity threats, it would be interesting to look back in time and to understand what the past US administrations have done.

In 2003, the Bush Administration commissioned a document, National Strategy for Security Cyberspace, which pinned down three tactical approaches aiming to prevent cyber attacks on the country’s most important infrastructures, reduce its fragility and, in case the attack actually happens, implement efficient strategies to minimize damage. The National Strategy issued by George W. Bush also posed itself as a target to invigorate companies’ care to their cyberspace, by routinely empowering their security systems. The Bush administration also presented a huge contribution by issuing the National Infrastructure Protection Plan in 2006, which identified 17 infrastructure sectors and advanced the idea that cybersecurity’s importance derives from the fact that it can be declined in any sector and therefore does not represent a separate topic. 

The Obama Administration took a radically different approach, organizing cybersecurity with a top-down strategy by assigning the command of cybersecurity policies to the White House rather than to the Department of Homeland Security (DHS). During his mandate, new legislations were passed, alongside the issuance of new policies. Chinese hackers were involved in cyber theft regarding intellectual property and trade strategies, occupying US intelligence in many inquiries. In 2015, Obama and Chinese President Xi Jinping signed an agreement aimed at the cessation of commercial hacking, which resulted in a drop in the number of instances of Chinese hacking into the American commercial cyberspace. Additionally, the state department worked with international institutions and with other countries in an attempt to apply international law to the new cyber threats. The Department of Home Security enhanced its “Einstein” cyber threat prevention system; the software now is used by more than 90% of federal agencies. 

The Trump Administration, experts say, seems to have taken the country a step back on cybersecurity management. The former President fired Christopher Krebs who was the director of the Cybersecurity and Infrastructure Security Agency (C.I.S.A.) since 2018 for not having supported Trump’s claims on the 2020 election fraud, a decision that was contested by most cybersecurity experts. Trump’s legacy on cybersecurity is made up of several different measurements. During his mandate he managed to confront China on cyber issues, to recognize the importance of the cyber domain in regards to the next decades in warfare. It also implemented a “Defending Forward Strategy”. This strategy enforces operations aimed at intercepting attacks before they reach the U.S. and has several implications in regards to some sectors of the economy considered vital to the country’s normal administration. The new strategy also claims to be “preparing for war”. It seems that the cyber operations will be joined with warfighters, to try and combine the two aspects of security. 

Newly-elected President Joe Biden has come up with a new executive order regarding the matter of cybersecurity, making it a priority to improve the Government’s strategy tied to the new threads proposed by the “cyber switch”.  In order to better sum up the new policies regarding the cybersecurity approach, the White House has released a fact sheet focused on the highlighting of some key aims of the executive order, some of these being the improvement of software supply chain security, the establishment of a cybersecurity safety review board and the removal of barriers to threat information sharing between borders.

U.S. Administrations vs Major adversaries

The American approach toward potential Russian cyber threats became a major debate after the accusation of Russian meddling in the 2016 American General Elections. The GRU (Russian military intelligence agency) carried out several attacks on Ukraine including two power grids and the 2017 NotPetya virus causing $10 billion worth of damage. The Baltic states are the most vulnerable and affected, while direct cyber-attacks against US international companies, governments and critical services are also very common. In 2020 alone, almost 300 million ransomware attacks were launched causing a $1 billion loss. Such an occasion was the ransomware attacks on Colonial Pipeline resulting in gas outrage of the East Coast for days.

The different interpretation of the nature of cyber conflict by both states makes the situation more complicated. The Russian government and embassy strictly denied the existence of such operations. However, several attempts were initiated by the Russian part to form a common group to counter cyber-attacks. The American part each time rejected the offer, especially during the Trump Administration, due to mistrust and fear from domestic scepticism in case of an agreement by President Trump. The Biden Administration realized, both the necessity and the lack of progress in the case. A significant result and probably the only one during the recent Biden-Putin summit in Geneva, Switzerland, was to form a bilateral committee on cybersecurity issues and potential cyber-attacks. The American part highlighted 16 entities, infrastructures that are off-limits from attacks.

China is also raising concerns in Washington. The United States’ cyberspace relations with China are different as compared to Russia. China has greater economic potential, therefore, more resources to fund its cyberspace strategy. When considered from a global perspective, it reaches any industry and all the sectors involving any entity. Like in other arenas, China is pursuing to take the frontrunner role in cyberspace as well. The characteristics of Chinese cyber-attacks are heavily intelligence oriented and spying for the ultimate western technology. A great suspicion is toward Chinese advanced telecommunication equipment like the Huawei 5G. In order to avoid the escalation of such allegations, the two states in 2015 signed the U.S. - China Security Agreement. However, it focuses only on economically motivated cyber-attacks. It is widened by the escalated trade war between the two countries resulting in no breakthrough during the Trump administration and the recent Sino-American summit in March 2021. 

Conclusion

Given the increasing importance and danger of cyberspace, only in 2020 alone, almost 30.000 companies, corporations, institutions and banks were targeted and a total of 300 million cyber-attacks were launched causing over $1 billion loss. The concept of cyberspace and its potential threats became a national security topic during the presidency of George W. Bush. The Obama Administration was the first to institutionalize it, while President Trump was the first who publicly accused China of cyberspace warfare. Now, it is President Biden’s turn to take an approach and engage major powers to internationally institutionalize cyberspace to prevent uncontrolled cyber-attacks. There is a need for barriers and deterrence for those who conduct uncontrolled cyber-attacks. Although this was initiated with Russia during the Biden-Putin summit, only time will tell the extent to which it is successfully implemented. 

June 21, 2021No Comments

How the Biden-Putin Summit will change the Russian American Relations

By: István Hagyó 

Picture via GettyImages

The long-awaited Biden-Putin Summit took place on the 16th of June in Geneva. The fact that the two sides managed to set up a summit in such a short period of time, taking into consideration previous events that seriously deteriorated their bilateral relations, represents a significant success and shows the willingness and commitment on their part to restabilize the relationship. The Russian military build-up near the Ukrainian border, President Biden calling President Putin a “killer” or the American accusation of Russian interference in 2020 US elections, raised questions on the future of the bilateral relations between the two states. The article analyses whether the summit can lead to a long-term rhetoric change in American-Russian relations.

The relations with each other represents a core role in their global strategy. Therefore, many topics were discussed. From Afghanistan, Iraq, to climate change, Arctics, Ukraine and Alexei Navalny, the growing Russian cybersecurity threat and lastly, the question of nuclear arms control; many of them sensitive and problematic. During the meeting, both leaders were focusing primarily on topics directly affecting their bilateral relations. Progress was seen in three main topics: cybersecurity, nuclear arms control and human rights. These topics require continuous dialogue and are long-term plans, where both sides are interested in solving. 

What was discussed during the Biden-Putin Summit:

Return the Ambassadors: Both sides agreed to return their ambassadors, which serves as a positive indicator for a chance of future talks between the two states. 

Cybersecurity Task Force: President Biden informed his counterpart regarding his concerns about Russian cyberattacks. The recent attack by Russian hackers, the ransomware strike on an American oil pipeline company obstructed the gasoline supply in the country. President Putin denied all the allegations stating that “most of the cyberattacks in the world are carried out from the cyber realm of the United States”. However, facts show that the most damaging attacks are coming from state-backed Russian hackers. Therefore, Biden drew a redline and informed about 16 types of infrastructure that must be free of cyberattacks. As a result, a common cybersecurity task force will be set up to avoid such escalations and initiate dialogue. The potential of it is unclear, however, the willingness to cooperate at least on a working level represents progress.

Strategic Stability Dialogue on nuclear arms control: Issuing a joint statement on nuclear arms control stating that, “today, we reaffirm the principle that a nuclear war cannot be won and must never be fought.”  In addition, an integrated bilateral Strategic Stability Dialogue will be initiated for future nuclear arms control measures.

Human Rights: Biden highlighted the importance of this subject for the American people and for the United States, saying that “it is in our country’s DNA”. It became a sensitive topic, due to the recent imprisonment of the Russian opposition leader, Alexei Navalny, currently in jail. According to President Putin, Alexei didn’t respect the law while returning from Germany being on treatment and consciously knowing that he will face imprisonment. However, President Biden clearly stated that in case of Navalny’s death in prison, there will be “devastating consequences” for Russia. 

Ukraine: Less progress on Ukraine as President Putin dismissed both the possibility that Ukraine will join NATO which he considers unacceptable. Regarding the Russian aggression in East Ukraine, he stated that it is not the business of the United States. 

Analyzing the reactions from the summit between the two leaders, we feel prudence from both, which highlights the importance of the summit itself as a result. Putin said about Biden, “he's a balanced and professional man, and it's clear that he's very experienced," also that, “it seems to me that we did speak the same language", while Bidencommented, "the bottom line is, I told President Putin that we need to have some basic rules of the road that we can all abide by." 

Overall, the summit did not result in a breakthrough and both leaders initially had low expectations, however, sending back their ambassadors and initiating cooperation in new areas like cybersecurity show low but clear progress in the Russian American relations toward stability. Even with fruitless talks on Russian involvement in the cyberattacks on the United States and refusal of explanation about the imprisoned opposition leader Alexei Navalny, any progress is seen as a success, due to how low the relations were. Each side informed the other what are the red lines. The summit clearly represented how strategically crucial are these bilateral relations. Both sides affirmed that they don’t want another Cold War, but the reality is that the world has changed. Biden must calculate with a global China and at some point, there will be an interest to cooperate with Russia, regardless of the several obstacles presently obstructing a more cordial relationship. However, Russia can possibly use this card and profit from the tense Sino-American relation. 

To sum it up, it is more than likely that the summit itself will not radically change the rhetoric of the Russian American relation, but can be a cornerstone to initiate that change.