The U.S. is Confronted by a Dangerous Cyber Map
In spite of the current rhetoric and political acrimony, the United States still remains a “beacon of hope” in the world. Its values and ideals continue to attract the best and the brightest from around the world. It is a country that gives refuge to those who are fleeing religious and political persecution. This is precisely why authoritarian governments are envious of it. By its very existence and because of its open, tolerant, and liberal democratic nature, the United States is perceived as an existential threat to countries like China, Russia, North Korea, and Iran.
As the 2022 National Security Strategy puts it, China is our only pacing challenge in the world. China has undertaken a serious campaign of modernizing its armed forces to challenge the United States and its allies. Beijing’s ultimate objective appears to include the rearrangement of the world order in Beijing’s favor. Russia—our acute threat—is currently waging a vicious war of aggression against Ukraine. North Korea and Iran remain our persistent threats. Both Pyongyang and Tehran are not only improving their missile and nuclear programs, but they are also doing all they can in the cyber domain to target America’s critical infrastructure and businesses.
These countries employ all kinds of instruments, including their growing cyber capabilities, to expand their intelligence collection activities against the United States and its partners. On February 2, senior U.S. officials revealed the presence of a Chinese surveillance balloon that was collecting intelligence over the continental United States. Brig. Gen. Patrick Ryder, a Pentagon spokesperson, told the media that NORAD was monitoring the balloon’s flight path to prevent the collection of sensitive information. Of note was Ryder’s statement to the effect that similar activity had been observed previously and had been going on for several years. The balloon was initially observed over Montana which hosts a number of U.S. nuclear missile silos.
Chinese surveillance balloons over U.S. airspace demonstrate that our enemies are prepared to take determined and deliberate steps to challenge America’s leadership around the world. Understanding the threats our adversaries pose is critical, but we must go beyond that and take serious steps to lessen the risks that face our country. This means that we must reduce our reliance on technologies that come from China and Russia as they almost certainly create opportunities for Beijing and Moscow to exploit our vulnerabilities.
Numerous Chinese government agencies are actively involved in malicious cyber activities against the United States to advance Beijing’s national interests. The United States Cyber and Infrastructure Security Agency (CISA) has stated that Beijing continues to “target a variety of industries…including healthcare, financial services, defense industrial base, energy, government facilities, chemical, critical manufacturing, [and] communications,” among a suite of other sectors. According to a report by the Office of the Director of National Intelligence, “China presents a prolific and effective cyber-espionage threat, possesses substantial cyberattack capabilities, and presents a growing influence threat.” The report goes on to state that Beijing’s cyberespionage activities have compromised telecommunications and set the conditions for further cyber intrusions.
Russia’s intelligence agencies, including the FSB, SVR, and the GRU, also continue to engage in cyberattacks against the United States. According to the CISA, Russia engages in cyberattacks to “enable broad-scope espionage, suppress certain social and political activity, steal intellectual property, and harm regional and international adversaries.” Russian cyber actors have also targeted underwater cables and industrial control systems in the United States. The ODNI threat report from 2021 states that Russia “considers cyberattacks as an acceptable option to deter adversaries, control escalation, and prosecute conflicts.”
North Korea’s cyber operations, which most likely fall within the purview of the Reconnaissance General Bureau (RGB), are run by Bureau 121. There are believed to be between 3,000-6,000 cyber warriors who are engaged in cyber activities. Because the Internet penetration rate remains extremely low in North Korea, most of the hackers receive training in China and Russia. To maintain plausible deniability, North Korean cyber actors live overseas, and the country’s motivations for engaging in cyberattacks include retaliation, coercion, espionage, and financial gain.
Iran is another adversary that continues to improve and evolve its cyber capabilities. Tehran engages in cyber activities for the purposes of revenge, espionage, and sabotage. The Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS) are among two of the government organs that serve as the country’s cyber threat actors. Beyond interfering in U.S. presidential and mid-term elections, Iran has regularly attacked its regional and international adversaries. Israel, Saudi Arabia, Australia, and Albania, as well as numerous American companies, such as Microsoft and Google, have all come under Iranian cyberattacks in recent months and years. Tehran possesses the capability to enable denial-of-service attacks against critical infrastructure, and private corporations across the U.S., Europe, and the Middle East.
Cyber threats will continue to present significant challenges to the United States, particularly in the absence of a consistent and uniform approach. The federal government has adopted a series of policies to address our reliance on untrustworthy foreign technologies. For example, Title 2 of the SECURE Technology Act of 2018, Section 889 of the 2019 National Defense Authorization Act, the Information and Communications Technology and Services (ICTS) rule of 2019, and the Secure and Trusted Communications Network Act of 2019 have been put in place to analyze supply chain threats and address the use of equipment and technologies from China and other countries that are untrustworthy.
However, according to a report by Georgetown’s Center for Security and Emerging Technology, only Florida, Georgia, Louisiana, Texas, and Vermont have instituted measures that reduce the procurement of foreign technologies on “national security grounds.” Unless there is a more uniform approach to mitigate threats posed by our adversaries, the United States will continue to remain vulnerable and be seen as an easy target by our adversaries.