According to the new U.S. Worldwide Threat Assessment, a 42-page report prepared by top security and intelligence agencies in the United States, both Russia and China are capable of launching cyber attacks against critical infrastructure targets in the U.S. Moreover, say top U.S. intelligence officials, both Russia and China appear to be aligning their operations in cyberspace, primarily as a way to challenge U.S. geostrategic dominance in regions such as the Middle East and Southeast Asia.
Threats to critical infrastructure from Russia and China
In January 2019 testimony in front of the Senate Select Committee on Intelligence, key U.S. intelligence officials – including CIA Director Gina Haspel, Director of National Intelligence Dan Coats, and FBI Director Christopher Wray – outlined the various types of cyber threats that China and Russia pose to the United States, both at home and abroad. They highlighted three key areas where the two strategic rivals pose the biggest threats to national security: cyber attacks against critical infrastructure, online influence and misinformation campaigns on social media designed to destabilize American democratic institutions, and direct interference in U.S. elections (including the upcoming 2020 presidential election).
In the assessment of these intelligence officials, China posed the biggest threat to U.S. interests, primarily due to its advanced cyber-espionage capabilities. This is best highlighted by the current scandal surrounding Chinese IT firm Huawei, which the U.S. Department of Justice alleges engaged in spying operations on U.S. companies. Russia came in as the second biggest threat in the worldwide threat assessment, primarily due to its capabilities to disrupt elections and spread misinformation and propaganda online. The intelligence officials also cited two other nations – North Korea and Iran – as being capable of carrying out advanced cyber attacks against U.S. interests. For example, if the U.S. decides to tighten global sanctions on North Korea, that action might trigger cyber attacks against the U.S. financial system by North Korean hackers.
The real takeaway finding of the report was that both Russia and China are capable of disrupting critical national infrastructure in the United States, potentially bringing down the electric grid and crippling power companies for anywhere from “days to weeks.” This is not mere speculation, either. According to the CIA, Russia deployed similar types of cyber attacks against critical infrastructure in Ukraine in 2015 and 2016. Of particular risk, say U.S. intelligence officials, is the ability of Russia and China to target natural gas pipelines in the United States.
Alignment between Russia and China
The U.S. intelligence agencies also took a broad, sweeping view of the way that Russia and China are coordinating their actions in cyberspace, all in an attempt to weaken U.S. influence abroad. Both nations are bolstering their cyber attack capabilities, while at the same time, probing the United States for cyber weaknesses. While the U.S. might still have military and technological superiority, the ability to damage critical infrastructure (such as power grids and banking networks) could level the playing field for Russia and China.
Given Russia’s alleged interference in the 2016 presidential election, and China’s alleged cyber-espionage activities, it’s easy to see why U.S. Director of National Intelligence Dan Coats was so emphatic in testimony to the Senate Select Committee on Intelligence that the U.S. needs to be doing more to protect its critical infrastructure. Moreover, the 2020 presidential election looms large on the horizon, and that could lead to strategic competitors Russia and China ramping up their online influence operations.
Emerging threats from Russia and China
The 42-page worldwide threat assessment from the U.S. intelligence community also examined future risks in the cyber realm. The intelligence report specifically highlighted three major technologies – artificial intelligence, biotech and 5G networks – that could be used by Russia and China as part of their military and cyber attack capabilities.
China, for example, is already engaged in an “AI arms race” with the United States, and top officials in the United States have already warned of a potential future war carried out (or perhaps triggered by) by autonomous fighting machines powered only by AI. Imagine, for example, military drones flying overhead, piloted by AI-powered computers. These drones, theoretically, could be used by Russia and China to carry out attacks against elements of critical infrastructure anywhere in the world.
The overall message is that, as digital devices become more tightly ingrained in our daily lives, the opportunities for foreign rivals to disrupt the U.S. using cyber attacks will only increase. The growth of the Internet of Things, for example, means that energy companies and power plants are now hooked up to the Internet, and that provides foreign actors a chance to probe for weaknesses in critical infrastructure. Theoretically, the ability to take down the U.S. power grid for weeks at a time would pose a greater threat to America than the ability to launch intercontinental ballistic missiles from places like Russia and China.
Potential response to cyber threats
Two U.S. Senators – Sen. Mark Warner of Virginia and Sen. Marco Rubio of Florida – have proposed that the United States government take steps to shore up its cyber defenses and take stronger actions against cyber rivals (including both Russia and China) that are found to be destabilizing the United States or searching for ways to disrupt critical infrastructure. One plan, for example, calls for the creation of the Office of Critical Technologies & Security, which would be a type of super-agency responsible for making sure that foreign companies and foreign governments do not get their hands on proprietary technologies and cyber capabilities.
In many ways, the 2019 Worldwide Threat Assessment should be a wakeup call to U.S. government officials and top leaders in the private sector. Technology – in the form of sophisticated banking systems, national communication networks, and elements of critical infrastructure hooked up to the Internet – is not only a strength, but also a potential weakness. Without the right cyber defense capabilities in place, these sources of military, technological and economic superiority can quickly transform into sources of military, technological and economic weakness.