Gray Zone – U.S. Must Retaliate Against Russia’s Massive Cyber Attack – but Hit China Too

AirmanMagazine via Flickr

OPINION – The blowback from what appears to be a massive, and possibly ongoing, hack of the U.S. government by Russia’s Foreign Intelligence Service (SVR), continues to grow. The cyber-attack against American government agencies and private companies could be the largest single electronic spying operation in history against the United States.

The attack may have penetrated the Department of Homeland Security (DHS), State and Commerce Departments, the National Nuclear Security Administration (NNSA), and maybe the Pentagon itself. Not to mention one of America’s top cybersecurity firms, FireEye  as I wrote earlier and even Microsoft.

This is as close to an act of war in the cyber world as one can get, barring a direct cyber-attack on U.S. military or civilian infrastructure.

The Office of the Director of National Intelligence (DNI), led by DNI John Ratcliffe, issued a statement on Wednesday describing the incident as “significant.” U.S. Secretary of State Mike Pompeo on Friday described the hack as “a very significant effort” and said the U.S. could “say pretty clearly that it was the Russians engaged in this activity.”

The time for business as usual is over. The U.S. must retaliate. And do so forcefully.

But it must first confirm it was Russia, and only Russia, that was behind the attack. Security experts have said the hacker group Cozy Bear, managed by the Russian SVR, appears responsible for this attack. And this seems very likely.

However, it cannot be discounted that China piggy backed or was also somehow involved. President Trump has downplayed the attack and made some allegations that China may be behind the attack.

While it is doubtful China led this attack, China is extremely active and aggressive in hacking U.S. targets and conducting massive espionage against the United States.

Recall China has conducted extremely damaging espionage hacks against the U.S. before. Most notably the Office of Personnel Management (OPM) hack between 2013 and 2015 compromised an unknown number of highly sensitive security background investigation reports for U.S. government employees and intelligence officers.

Until now, this China hack, which was far worse than most people know, was one of the most damaging to date.

But this attack may surpass that Chinese attack in scale and scope. Attribution for this attack is key. Was it Russia alone, or did China play a part as well?

Whatever the case may be, the U.S. must retaliate vigorously.

Apparent incoming White House chief of staff Ron Klain said, according to The Hill, that the response from the new administration to an attack of this magnitude would run beyond sanctions and include steps “to degrade the capacity of foreign actors to repeat this sort of attack.” This is encouraging.

But the U.S. response must not be limited to Russia.

As Douglas Schoen, author of: “The End of Democracy? Russia and China on the Rise and America in Retreat” writes:

With an advanced ability to manipulate data, penetrate security networks, and even to infiltrate our election systems, Russia and China are the major cyberwarfare players. The worldwide threat assessment from the United States intelligence community maintains that these two countries “pose the greatest espionage and cyberattack threat” to our American national security.

Regardless of what state is responsible for this attack, BOTH Russia and China are engaged in an undeclared ‘Gray Zone’ cyber war with America. Any U.S. retaliation must include China, if not for this hack, for the many conducted previously.

It is time for the U.S to take the gloves off. BOTH Russia and China need to pay a price for their actions.


Paul Crespo

Paul Crespo is the Managing Editor of American Defense News. A defense and national security expert, he served as a Marine Corps officer and as a military attaché with the Defense Intelligence Agency (DIA) at US embassies worldwide. Paul holds degrees from Georgetown, London, and Cambridge Universities. He is also CEO of SPECTRE Global Risk, a security advisory firm, and President of the Center for American Defense Studies, a national security think tank.

Subscribe
Notify of
guest
4 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Shasha
Shasha
3 months ago

They can hide who they are and address. It maybe China pretending to be Russia?

Joey Baloney
Joey Baloney
3 months ago

They need to stop using the password “P@ssword” on government computers.

bob d
bob d
3 months ago

Slo Joe will get right on this…………………….lol

John Esin
2 months ago

Russia response does not have to be measured & proportionate. I will (personally) propose “Preemptory Descalatory Deterrence” if the US has the cyber capabilities to engage it’s other principle adversary, Beijing.

What do I mean by this?

Hit Russia hard enough (it’s evidently too disproportionate to factor as a retaliatory response) it is compelled into descalation at best & deterrence & worse.

Your thoughts Mr. Crespo!

***The website is undergoing major changes but it’s accessible so you’re welcome to visit. I’m on Linkedin as John Esin where several of my legitimate posts have been censored also.


People, Places & Things