NEWYou can now listen to Fox News articles!
“I think that the concern is that they may have capabilities that we don’t know about,” Matt Stamford, Cybersecurity Expert and Founder of OccamSec, said. “And until such point, as they need to use them, we may never know.”
Much of the conversation regarding Russia’s invasion of Ukraine has understandably focused on the physical siege and assault on Kyiv, Mariupol and other cities, but the cyberwar started before any Russian troops stepped foot in Ukraine.
The country suffered a number of hacks in the days leading up to Russia’s invasion, with cybersecurity firm ESET finding a “data wiping program” that hit hundreds of machines just a week ahead of the invasion. Since the invasion started, hacking collective Anonymous declared war on Russia, and Ukraine has continued to suffer cyberattacks from Russian agents.
But the full scope of Russia’s capabilities remains a mystery since their targets are not operating on the same technological level.
“The thing is that if I don’t need to use my latest and greatest attack, why should I?” Stamford explained. “There’s no need for me to do something brand new when I can just do something old that works great.”
The concern lies in the nature of cyberwarfare itself: Unlike conventional weapons which can be damaged and destroyed after their use, a cyberweapon – such as data wiping programs or viruses – can be replicated and repurposed and spread.
“If you look back to stuff like the WannaCry and NotPetya events … bad guys took them, tweaked them and throw them right back at you, so we get into this dangerous situation where if Russia did decide to use something that we hadn’t seen before, somebody else would undoubtedly get hold of it, do some research, break apart, figure out what they could do with it,” Stamford said.
The issue grows more complicated due to the fact that Moscow appears to operate with a model that allows free reign for individual operators to attack foreign targets without explicit direction or acknowledgment from the government.
The U.S. has faced a few different hacking crises that officials tied back to Russian actors, such as the SolarWinds hack – tied to hackers acting at the direction of Russia’s SVR intelligence service – and the Colonial Pipeline hack – believed to be the act of a lone Russian hacker that local police arrested. Putin also recently signed an initiative to bolster Russia’s cyber defenses, which former defense official James Anderson said could be a move to further entangle state and business enterprises in the country.
“The public effort to ban Russia from using cyber security tools from “unfriendly countries” appears, at least in part, to be a face-saving measure, since many major Western technology firms have already withdrawn from the Russian market in response to Moscow’s brutish invasion of Ukraine,” Anderson explained. “In addition to helping Russia to better protect itself from hackers, the cyber security decree probably reflects Putin’s desire to further extend his authoritarian tentacles, since state corporations and other strategically important enterprises will be required to provide the state’s security services with “unhindered access to information resources.”
But the U.S. should remain confident in its ability to defend against attacks from foreign actors, especially with the implementation of quantum computing, according to Martin Moore, a retired Special Forces Sergeant Major and Owner of ZeroOneAngus LLC.
“I think quantum computing and having that post-quantum encryption is better than relying on a firewall to protect us – that is a higher priority,” Moore said. “A firewall can only protect traffic and data leaks. We need protection and systems that don’t have back and side doors build in.”
Quantum computing simply allows for an increase in the already incredible number of calculations a machine could make, going through “a million keys” in moments.
The U.S. may not provide a national firewall in the way that Russia and China have aimed to do, but companies and government agencies can start to wrap quantum encryption around what is already “robust” encryption that is widely used. The Department of Homeland Security leads the national effort to improve cybersecurity through the Cybersecurity and Infrastructure Security Agency (CISA).
Moore attributes the success of American companies to their approach, which assumes that companies and users operate in a “zero trust environment.”
“We know everything is vulnerable and it’s always going to be vulnerable and we have to stay ahead of that, and it’s tough to stay ahead of that when there’s so many variables at play,” Moore said. “So I think developing a system that cannot be penetrated is going to be almost impossible.”
“We have to put more effort into understanding the threat and the potential threat and doing something about it, because we think that even though we think we’re secure, we’re not,” he added. “You can never know, and we should treat everything as if it is a ‘Zero Trust’ environment.”