Nation-State Cyberattacks Becoming a Routine Event

State-sponsored cyberattacks are the new normal in adversarial international activity, whether on large or small scales.

A few days before President Trump and Russian President Vladimir Putin met in Helsinki, hackers mostly from China launched a wave of brute-force attacks on Internet of Things (IoT) devices in Finland, according to F5 Networks. Earlier, a targeted cyberattack resembling a state-sponsored attack broke into Singapore’s SingHealth system, stealing health data on 1.5 million people, including the country’s prime minister, prompting Singapore to disconnect health care computers from the internet.

In the scheme of international events, those hacks might seem like small potatoes, but they reflect a trend toward increased online activity by state-sponsored groups. Russia, of course, has been the primary focus of U.S. attention because of its documented attempts to meddle in the 2016 presidential election. Reports in March also indicated that Russia was behind a massive campaign to infiltrate the U.S. power grid and other parts of the country’s critical infrastructure.

And infrastructure attacks involve more than just the United States. U.S. and U.K. officials issued their first-ever joint technical alert around the same time, warning that Russian actors were targeting devices worldwide, looking to gain footholds in networks and steal information that could lead potentially to destructive cyberattacks.

A Department of Homeland Security official recently told the Wall Street Journal that a Russian hacking unit had gained access to some utility control rooms during the operation and could have caused blackouts in some areas, confirming the conclusion of Symantec, which had been tracking the group it dubbed “Dragonfly” since at least 2015.

Meanwhile, a Microsoft security exec said earlier this month that the same Russian “Fancy Bear” group that had hacked the Democratic National Committee in 2016 has made three attempts so far to hack into 2018 midterm elections, the first revelation of attacks specifically aimed at this year’s campaigns.

And Deputy Attorney General Rod Rosenstein said Russia’s 2016 election meddling was “one tree in a growing forest” of online attacks, coming not just from Russia but other countries as well.

The ongoing rise in cyber activity has a few obvious origins: governments, military organizations, and society in general are increasingly reliant on internet-based technologies. The spread of that technology into billions of devices—from smartphones and fitness trackers to all kinds of IoT devices—leaves many of them unprotected, and cyberattacks are cheaper, easier, and harder to attribute than any kind of traditional military or espionage operation.

The keepers of the country’s cybersecurity, including the departments of Homeland Security and Defense, have stepped up defenses against the prospects of cyberwar in a variety of ways, from filling out the U.S. Cyber Command’s Cyber Mission Forces, to coordinating with industry and cybersecurity companies on prevention and mitigation tactics. The Department of Justice’s Cyber Digital Task Force, which was launched in February, recently released a report on six types of cyber threats facing the nation and what DoJ is doing about them. The U.S. Computer Emergency Readiness Team is running a webinar for detailing the technical approaches behind the Russian government’s cyber activity, share mitigation techniques, and identify available resources for protecting critical assets.

DoD officials and others also continue to debate potential responses to cyberattacks, including when they could cross the line into an act that warrants a full military response. Reactions to cyberattacks have mostly been passive, resulting in sanctions or other political measures. But the possibility of large-scale attacks, as well as the fact they could harm civilians when things like power grids and health systems are attacked, is upping the ante.

Recent