No, the United States is not Losing the “Cyber War”
The United States is frequently attacked by various state and non-state actors, not physically, but in cyberspace. Nations accused of attacking the United States include Russia, China, North Korea, and Iran. Targets include the Democratic National Convention, Federal Employee databases and major corporations like Yahoo that recently had one billion email accounts hacked. According to US News, “America is losing.”
The Wall Street Journal says “We’re Losing the Cyber War” too. Even security expert and business mogul John McAfee released a video entitled “This is why the US is losing the ‘cyber war’ to China and Russia” through Business Insider. They are wrong, whether through ignorance or deception. The United States is not losing the “Cyber War,” and to understand why, first one must understand what exactly hacking is.
Understanding Hacking and Cyber Attacks
Hacking is “modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator’s original objective.” Anyone who does this is a “hacker.” Hacking is not complicated, especially for those skilled in technology. It is certainly not black magic as portrayed in the media.
Take the seventeen year old from Sri Lanka who hacked “into President Maithripala Sirisena’s official website and post(ed) a message calling for the postponement of A-level examinations.” Police later “traced” and arrested the teen in his home.
While it was not publicly released how the teen gained access to the website we can assume that the method was fairly simple. He is a seventeen year old from Sri Lanka, who likely did not have access to advanced technology, and while successful in breaching the website he was not very effective because the police were able to find and arrest him. If the hack had truly been successful the hacker never would have been found.
Another example is a sixteen year old Brit who attacked ‘Iraq’s ministry of foreign of affairs, the department of agriculture in Thailand and China’s security ministry.” The teen was able to “cripple computer systems” with “Distributed Denial of Service (DDoS) attacks” from “a laptop computer in his bedroom.” He was also arrested and convicted. And while a DDoS attack may sound complex it’s not. DDoS attacks quite simply overwhelm the target by flooding it with too much data for it to function in a similar way that your home internet gets slow when too many people use it. Software like “LOIC (Low Orbit Ion Cannon),” which was popularized by the hacking group “Anonymous,” is “one of the most powerful DOS (Denial of Service) attacking tools freely available” and is downloadable on the Google Store.
Now take the attacks on the Democratic National Convention that wreaked havoc on Hillary Clinton’s campaign. Russian hackers did not use sorcery to break into the Clinton Campaign, they did not even do anything complicated. Russian hackers simply tricked Clinton staffers into giving up passwords with fake emails in so called “Phishing” attacks. These are the kinds of emails that millions of Americans receive everyday and filter through. “Phishing” is the cyber warfare equivalent of the “Nigerian Prince” who wants your bank account number to send you money. The attack on the Clinton campaign did not even require software beyond a fake email and significant human error to enter the website and begin downloading emails. The Russians exploited the weakest link in the system, the human link.
In fact it is very rarely the computer software that compromises a system. According to a 2014 study by IBM “95 percent of all security incidents involve human error” and a separate 2013 report by Verizon found that even “95 percent of advanced and targeted attacks involved spear-phishing scams.” These “advanced” attacks are not actually technologically complex or advanced. They could be executed by nearly anyone in the world with a laptop. It is also worth noting that most cyber attacks are crimes motivated by greed, and are not cyber warfare or political espionage. However the Russian attack on the Clinton Campaign is representative of the level of sophistication of cyber attacks on the United States.
The New Manhattan Project
The general public knows very little about US Cyber Warfare Capabilities. Reporters and others who claim that the United States is not doing anything or is “behind the curve” are either ignorant or purposefully dishonest. The American government is not advertising our cyber capabilities. They are purposefully being as discreet as possible, even to Congress. But what little we do know about what the United States has done is very impressive. Much of this comes from the leaks of Edward Snowden. The Washington Post reported that in 2011 the US “carried out 231 offensive cyber operations.”
Snowden alleges the United States targeted Chinese Universities and cellular companies in order to embed computers and other hardware to create “backdoor access” that could be activated at a later time. Snowden’s information is similar to accusations by the Russian security firm Kapersky Lab that the United States is in fact the highly secretive “Equation group.” An unknown group of hackers that have existed since the 90s but were only discovered by Kaperksky in 2015. Kapersky calls them “the most advanced threat actor we have seen.”
While not well reported, the US is also currently conducting a cyber offensive against the Islamic State alongside more conventional attacks. The only reason that we know is because the Deputy Defense Secretary Robert Work announced the US was dropping “cyber bombs” on ISIL. Aside from theories on what these “cyber bombs” are by experts, we do not know anymore than that. This is the first time the US Government has even admitted to directly using cyber attacks against an opponent.
The most famous example of US cyber power is “Operation Olympic Games” and the better known virus it generated called “Stuxnet” which was reportedly designed and delivered by US and Israeli intelligence agencies into Iran to disrupt the nuclear program. The virus was physically introduced to the Iranian Enrichment Facility at Natanz. It is unknown how. Stuxnet quickly spread through the system infecting computers that controlled the centrifuges responsible for enriching uranium. The virus was then activated and destroyed over a thousand centrifuges by affecting their spin cycles and causing some to explode. This delayed the Iranian progress by two years.
Since then the United States has rapidly expanded United States Cyber Command (USCYBERCOM) and the US Army has created a separate branch for Cyber Warfare. It is fairly easy to infer from this information alone that the United States has dramatically increased its cyber capabilities since 2011.
Another indicator of US capability is the cyber attack that was planned on Iran in case the Nuclear Deal talks failed as a last resort before armed conflict. The attacks known as “Operation Nitro Zeus” would have crippled Iranian “air defenses, communications systems and crucial parts of its power grid.” This offensive would have had the same physical impact as a kinetic strike on these structures but without the risk of putting American personnel in harm’s way. This strike would have been one of the largest and most devastating in the history of cyber attacks ever conducted.
Having Faith
Logic can be a counter intuitive thing. The quote by Carl Sagan “The absence of evidence is not the evidence of absence.” To put it plainly just because we do not know something exists, does not mean it does not exist. The United States has the most powerful military in history of the world. No country ever has possessed the capability to project force like America can. This strength and ability is not accidental, nor is it circumstantial. The United States excels at every aspect of warfare.
While the American military is not without its flaws, the flaws and shortcomings of America’s nearest rivals indicate to us that US forces are nearly unbeatable in combat. In every war the United States has waged it has won using deception and secrecy, from the Manhattan Project to the B-2 Stealth Bomber to America’s present day cyber warfare capabilities the general public, and indeed America’s enemies, do not know what we can do until we do it. And this is the way it should be. Americans we must have faith in our government and trust in the idea that they are excellent at what they do, and one step ahead of our enemies. History tells us this is true.
In 1961 John F Kennedy said in a speech to the CIA at the beginning of the Cold War “Your successes are unheralded — your failures trumpeted.” This is the nature of the intelligence world; your work will only be known if you fail. This rational and logic extends itself to the field of cyber warfare. To the common observer it may appear that United States is losing the cyberwar against China and Russia the opposite is likely true. A logical person should conclude from the evidence, or lack thereof, that America is winning the “Cyber War.” What we do know for sure though is that every time the American public reads about a “successful” data breach it is an operational level failure on the part of the aggressor. A robbery is only successful if you don’t get caught, and most successful when no knows something has been taken.
