The prospect of an all-out cyber war involving the United States, Russia, China and a host of other nations including Iran, North Korea and Saudi Arabia sounds like something out of a Hollywood blockbuster movie. Yet, based on the growing sophistication and aggressiveness of state-sponsored cyber attacks around the world, a cyber war involving attacks on the critical infrastructure of nations can no longer be ruled out. Of even more concern is that China, Iran and Russia may be presenting a united front in the cyber domain as part of a very visible response to what they perceive as aggressive unilateralism from the United States.
Signs that Russia, China and Iran might be preparing for a cyber war
Russia, China and Iran each have their own separate reasons for uniting against the United States. As a result, they are taking steps to unite in order to resist the hegemony of the United States. Not only is the United States the world’s foremost military and economic power, but also it is now the world’s leading cyber power. And the National Security Agency (NSA) of the U.S. has been carefully articulating a more robust and more offensive-minded cyber doctrine that would enable it to act much more aggressively than in the past by using cyber weapons.
To combat this hegemony, Russia has been advancing the notion of “national sovereignty” when it comes to the Internet. The Kremlin is particularly disturbed that the United States appears ready and willing to impose its will on how the Russian Internet develops – especially when it comes to issues such as freedom of speech for government opponents. Russia has even gone so far as to threaten that it would disconnect from the global Internet and form its own national Internet. At the same time, Russia and the United States have been raising the stakes on their offensive cyber war capabilities. According to reports that have appeared, for example, both Russia and the United States have been carrying out very aggressive probes of each other’s power grids, and may even have “implanted” malicious code and other malware that can be activated in the event of an all-out cyber war.
China, too, has been regarding U.S. unilateralism in the cyber realm with a wary eye. Much like Russia, China has embraced the concept of “national sovereignty” when it comes to the Internet. This policy, of course, enables China to carry out censorship initiatives, block certain websites or apps, and crack down on anti-government speech across social media. At the same time, China is looking for a way to make an end run around the “pre-judgments” of the U.S. when it comes to the way its IT companies are perceived. Right now, the U.S. has imposed its version of unilateral sanctions against Chinese tech giants Huawei and ZTE, and China is looking for some way to hit back in the cyber realm.
And don’t forget about Iran, either. Now that economic sanctions have transformed into military action – including the shoot-down of a U.S. Navy drone – Iran is looking for ways to act behind the scenes in order to inflict damage on the United States, both in the Middle East and on U.S. soil. The state-sponsored hacking group APT33 is leading the charge here, with calculated spearphishing attacks carried out against U.S. economic targets. And Iran’s Revolutionary Guard Corps has also been dialing up the rhetoric about its ability to hit back in the cyber realm with Iranian cyber weapons. For its part, the U.S. under President Donald Trump has shifted its strategic posture from military action to cyber war. Instead of retaliating with aerial bombing raids, for example, the U.S. is retaliating with the equivalent of cyber war carpet bombs.
Cyber war diplomacy
In the first seven months of 2019, the three nations of Russia, China and Iran have gone beyond just supporting each other with rhetoric and state propaganda to outlining actionable cyber warfare approaches. Key figures from all of these nations are now meeting one-on-one with each other, in order to hammer out a potential cyber war strategy. For example, a delegation from the Cyberspace Administration of China (CAC) recently met in Moscow with Russia’s state IT watchdog agency, Roskomnadzor. The Chinese IT delegation will be meeting with at least two huge Russian tech companies – Yandex (Russia’s version of Google) and Kaspersky Labs – that are in the crosshairs of U.S. cyber authorities.
At one level, these meetings might just be another way to present a united front when it comes to restricting or limiting certain freedoms on the Internet. Both Russia and China appear to be on the same page about the need to limit radical, anti-state commentary from appearing on the Web. But there could be a more sinister explanation for why top representatives from these nations are now meeting face-to-face: they are preparing for a cyber war.
When it comes to cyber war diplomacy, what has changed is the way people think about offensive cyber capabilities. As one national security official in the United States has noted, the question is no longer: “Should we do this?” The question is now: “Can we do this?” Under the Trump administration, the U.S. Cyber Command has been allowed to flex its muscles. A brand-new 2018 National Cyber Strategy clearly spells out that the U.S. is no longer unwilling to use cyber offensive weapons. Moreover, the U.S. White House is much more willing to carry out preemptive cyber strikes if doing so would help to minimize collateral damage to the nation’s critical infrastructure.
A new paradigm for cyber war
The concern, of course, is that history might be repeating itself in a completely unexpected way. In the mid-20th century, the whole concept of Mutually Assured Destruction (MAD) became the dominant paradigm for how the world’s two superpowers – the United States and the Soviet Union – avoided a cataclysmic world war. By threatening to obliterate each other many times over with powerful nukes, they prevented low-level conflicts around the world from ever going too far. Nobody wanted to be brought to the brink of total destruction.
That same thinking is now starting to appear in white papers and other documents pertaining to advanced cyber war doctrine. Stratfor, for example, has described a “hair-trigger” world in which the most powerful cyber nations could unleash war on each other with lightning speed and with no advance warning. A massive attack on one nation’s power grid might lead to a tit-for-tat attack on the electrical grid of the other. And, to avoid this scenario of having to hit back hard after already being hit, a nation like the United States might decide to develop a “first strike” capability. This would be tantamount to being able to let fly hundreds of intercontinental nuclear weapons, all at the same time, in order to destroy a nation before it ever has a chance to respond. As a result, the next generation might grow up under the constant risk of a cyber attack taking down the national energy grid, in the same way that generations before lived with the constant risk of nuclear war.