President Joe Biden inherited a cybersecurity Cold War, and if the U.S. is to remain the leading superpower, he must immediately refresh our nation’s cybersecurity strategy. Following ongoing hearings on the SolarWinds breach, and news that China, in addition to Russia, also gained access to networks via the SolarWinds Orion vulnerability, it’s clear that cybersecurity needs to be the top priority for national security.
The Cold War conflict didn’t fizzle out—it simply rebooted in cyberspace. President Biden must act swiftly to revolutionize our national cybersecurity, not just through offensive tactics, but rather the preventative ‘containment strategies’ of the first Cold War.
With heightened tensions around national cyber security, espionage, and disinformation, we are returning to deadlock with the foreign adversaries like Russia and China that seek to undermine U.S stability. The U.S. needs to re-invest in defensive tactics that can protect against any attacker – backed by the private sector’s expertise and tech. The cybersecurity superpowers of tomorrow are not the attackers, but the ones with the best defenses, and this is where the U.S. must make the most significant strides to keep us afloat.
New weapons will be made of code, not just uranium
Today, there are multiple national players in the New Cold War, but attribution remains notoriously difficult. While the Five Eyes have been confident enough about a number of nation states’ involvement in malicious cyber activity to point the finger, discovering who is behind an attack is often impossible without other data sources, which may be classified at the highest levels. Cyber-attackers deliberately hide the tracks of their attacks, or plant false flags that lead investigators up false avenues of inquiry.
Unlike conventional warfare, wherein decades have passed without the introduction of a game-changing weapon, cyber warfare is characterized by constant innovation, with novel strains of malware and new tactics used on a daily basis. As soon as security tools are updated, attackers uncover a fresh weakness to exploit with their latest cyber tools, making digital systems perpetually vulnerable. The private sector and governing bodies must work together to play catch up and prepare for this new reality.
There are positive signs on the horizon: in addition to ordering an investigation into foreign interference in the election, Biden has pledged $10B in new IT and cyber funding for federal agencies to support overdue upgrades and hire more IT and security experts. This funding is a celebrated starting point and will continue the federal government’s cyber relationship with the private sector. But for the U.S. to remain a superpower, Biden must strategically revitalize our nation’s technology defenses through strategic investments in artificial intelligence and quantum computing to keep pace in this new era of warfare.
The best offense is a good defense
As we move into a future where geopolitical conflicts are played out in the digital realm, the race is now on to build cyber defenses.
While nuclear warheads were the visible symbols of the Cold War, it was waged in practice with less conspicuous instruments: intelligence, surveillance and spooks. The objective of this game was straightforward—to undermine the enemy without getting exposed. The tactics, techniques and procedures employed, on the other hand, were anything but conventional. As the Soviets monitored foreign nationals for the subtlest signs of spycraft, CIA operatives used hollowed-out dead rats for their — rather literal — ‘dead drops.’ Even disinformation thrived in the pre-internet world in the form of pamphlet drops, camouflage and conceal ops, and the weaponization of traditional analog media.
Today, between ‘low and slow’ attacks that steal data very slowly and persist unnoticed, and supply chain attacks, digital assaults are hard to catch and even harder to attribute. The New Cold War is characterized by covert digital missions that can bring down a power grid or water treatment system, undermine public trust and sway opinions and ideologies.
The Cold War, which was as much a pragmatic power struggle as it was an ideological feud, rages on in cyberspace. Election meddling, disinformation campaigns and military espionage persist, even as their techniques have evolved dramatically. Cyber-attacks have turned up the heat considerably, by blurring the line between state-sponsored aggression and private criminality. Under this new administration, the U.S. has not only an opportunity but an obligation to reinvent its cyber strategy. This is a war we cannot afford to lose.
Justin Fier is director for cyber intelligence and analytics at Darktrace.