The Washington PostDemocracy Dies in Darkness

The U.S. Opens a Risky New Front in Cyberdefense

WASHINGTON, DC - JUNE 09: Attorney General Merrick Garland testifies during a Senate Appropriations Subcommittee hearing June 9, 2021 on Capitol Hill in Washington, D.C. The committee heard testimony about the proposed DOJ 2022 budget and the need to increase funding for cybersecurity. (Photo by Susan Walsh-Pool/Getty Images)
WASHINGTON, DC - JUNE 09: Attorney General Merrick Garland testifies during a Senate Appropriations Subcommittee hearing June 9, 2021 on Capitol Hill in Washington, D.C. The committee heard testimony about the proposed DOJ 2022 budget and the need to increase funding for cybersecurity. (Photo by Susan Walsh-Pool/Getty Images) (Photographer: Pool/Getty Images North America)
Placeholder while article actions load

A U.S. operation to secretly remove malware from networks at home and overseas highlights the new front Washington is opening in its approach to global cyberdefense. It’s a much-needed strategy, but one that ought to be handle delicately if the U.S. is to maintain the cooperation necessary to keep pulling off such sneaky maneuvers.

The U.S. and its allies found malicious code developed and planted by Russia’s military intelligence agency, the GRU, in thousands of devices worldwide, Attorney General Merrick Garland revealed Wednesday. The U.S. and other nations have been on the alert for the possibility that Russia would conduct cyberattacks on businesses or critical infrastructure to retaliate against sanctions over the war in Ukraine. 

But the mission disclosed this week went further than identifying where malware had turned up. According to the New York Times, secret court orders allowed the U.S. to remove the malicious software from Russian control by taking steps that included entering corporate networks without the companies’ knowledge.

It’s a big shift from the time when Western governments mainly portrayed themselves as victims of hacking, incapable or unwilling to counter cyberthreats by intruding into foreign systems. The new proactive approach, including publicizing what authorities are doing to try to preempt attacks, reflects the realities of modern cyberwarfare.

What’s remarkable about this operation is the decision to surreptitiously enter companies’ computer networks. It’s one thing to have the police show up to your house when you aren’t at home to investigate and detain an intruder. It’s another thing entirely to cart away the intruder and never tell you about it. While U.S. allies might not mind, corporations both foreign and domestic could be forgiven for being alarmed at the prospect of U.S. authorities secretly rummaging around in their computers hunting for malware, even if it’s for a good cause.

The U.S. is able to get away with such maneuvers because its cybercapabilities are so robust, and its relationship with partners so close, that it has built up trust and respect. The strongest of these links is the Five Eyes alliance — Australia, Canada, New Zealand, the U.K. and the U.S. — in which intelligence is collated and shared.

Given the admission that it worked with allies, it’s unlikely that the U.S. intruded into overseas networks without those partners being aware. Still, foreign governments might have been unable to stop them, even if they wanted to. One reason is the importance of speed and secrecy in such operations. Once malware is found and a decision made to remove it, a team will want to work quickly and meticulously so as not to alert the adversary or spark them into activating the software’s nasty payload.

“No government would offer carte blanche, in-advance approval, but I could imagine the conversation would be such that they communicate and act if they spot malware in a partners’ network,” said Greg Austin, senior fellow in cyber, space and future conflict at the International Institute for Strategic Studies in Singapore.

That kind of collaborative approach is important not only to carry out the operation, but to keep partners amenable to further cooperation. Governments don’t like allowing outsiders, including friends, to encroach on their territorial sovereignty even in cyberspace.

Washington’s eavesdropping programs have come under scrutiny in the past, with its ECHELON signal interception system — whose existence was first revealed by a National Security Agency whistleblower in 1972 — being investigated by the European Parliament 20 years ago. Although European governments were powerless to halt such overarching surveillance, suspicion grew and detractors  — including Russia and China — were given further ammunition to call out the U.S. as an untrustworthy hypocrite.

With the U.S. once again demonstrating its extraordinary ability and willingness to exercise power beyond its own borders, there is greater risk that it will go too far and alienate the like-minded nations it relies on to combat incursions from malevolent actors. 

Russia’s war on Ukraine has become another opportunity for the U.S. to show its incredible cyberstrength. But with such power comes great responsibility, and even its friends will be watching.

More From Writers at Bloomberg Opinion:

• Australia Sends a $7.5 Billion Cyber Signal to China: Tim Culpan

• Insurers Must Brace for Catastrophic Cyber-Risk: Olson & Culpan

• Ukraine Crisis Gave the EU Mojo. Will It Last?: Lionel Laurent

This column does not necessarily reflect the opinion of the editorial board or Bloomberg LP and its owners.

Tim Culpan is a technology columnist for Bloomberg Opinion. Based in Taipei, he writes about Asian and global businesses and trends. He previously covered the beat at Bloomberg News.

More stories like this are available on bloomberg.com/opinion

©2022 Bloomberg L.P.

Loading...