Cybersecurity Firms Take the Offensive While Avoiding 'All-Out War'

Cyberattacks on critical infrastructure like the Colonial Pipeline and the JBS meat company raise serious questions about how the U.S. government can respond to acts of cyberwarfare.

What constitutes an act of cyberwar as opposed to espionage remains ill-defined, and the issue is further complicated by the fact that several nations harbor and benefit from the actions of cybercriminals, even though they may not directly fund their activities.

Nonetheless, the U.S. government faces pressure from the private sector to act on these attacks, as companies who fall victim to attacks face tens of millions of dollars in subsequent damages.

Had the Colonial Pipeline or JBS plants been targets of a state-sponsored bombing, it's likely that the U.S. would have responded militarily. However, when it comes to launching an offensive cyber operation, the question of when and how to respond depends upon a nation's ability to avoid full responsibility, or to at least downplay the attack as an act of espionage.

Lior Div CEO Cybereason
"Today, using cyber capabilities, you can achieve very good results without killing anybody and without starting an all-out war," Lior Div, CEO of the cybersecurity firm Cybereason, told Newsweek. cybereason.com

Lior Div served as a Commander in the Israeli Defense Force's Unit 8200, which focuses on signal interception intelligence and code decryption. He was in charge of carrying out some of the team's largest cyber offensive campaigns, and received Israel's Medal of Valor for his work.

Since leaving the Defense Forces, Div has gone on to co-found and serve as CEO for the cybersecurity firm Cybereason, whose website headlines, "Don't Fear Ransomware End It."

Div sees cyber offense as a tool to avoid putting troops on the ground when dealing with situations that could lead to warfare.

"Today, using cyber capabilities, you can achieve very good results without killing anybody and without starting an all-out war," Div told Newsweek. "The dimension of cyber enables countries to operate and send a strong signal, but in a much more controlled way."

However, these signals are often shielded behind plausible deniability as nations look to avoid larger-scale warfare. A 2010 attack many attribute to Israel and the U.S. against Iran underscores this phenomenon.

US, Navy, Cyber, Command, watch, floor
Pictured in this photo is the watch floor of the U.S. Navy Fleet Cyber Command, the official cyberwarfare branch of the U.S. Armed Forces. Oliver Elijah Wood/Petty Officer 2nd Class William Sykes/U.S. 10th Fleet/U.S. Fleet Cyber Command

A malware attack, known as Stuxnet, played a central role in compromising Iran's nuclear capabilities during the Obama administration. The Stuxnet virus infiltrated Iranian operating systems and directed the plants centrifuge to spin in a way that caused them to explode.

Div told Newsweek that moment transformed cybersecurity into its present role as a key component of national security.

Over a decade later, offensive cyber operations continue to demand the level of deniability seen during Stuxnet. U.S. intelligence agencies attributed the data breach hack against SolarWinds to Russia, yet Moscow denied responsibility. India's government blamed China for a cyberattack on its power grid following a border dispute in the Galwan Valley, while Beijing denied involvement.

Live, cyber, attack, map, US, military, training
The 175th Cyberspace Operations Group of the Maryland Air National Guard monitors live cyber attacks on the operations floor of the 27th Cyberspace Squadron, known as the Hunter's Den, at Warfield Air National Guard Base, Middle River, Maryland, June 3, 2017. J.M. Eddins Jr./AIRMAN MAGAZINE/U.S. AIR FORCE

Although the sources and perpetrators of these attacks remain unclear, cyberattacks originating from these countries remain constant. Cyberattacks on public and private entities in the U.S. occur every 39 seconds. The Microsoft Digital Defense Report for 2020 found that most attacks by nation states come from China, Russia, North Korea, and Iran.

But lack of transparency is a major challenge when it comes to holding these nations accountable through international law.

"It's much, much harder to penetrate what's going on with an adversary's cyber capabilities," Matthew Waxman, an expert in international law and cybersecurity with the Council on Foreign Relation, told Newsweek. "Even if you are able to penetrate that secrecy, you're going to be reluctant as an intelligence agency to put forward publicly what you've found."

Many of the rules governing cyber operation internationally come through the interpretation of existing legal frameworks created before the the existence of the internet, such as the U.N. Charter. While in the past nations have been able to interpret new innovations through the context of these rules, the lack of visibility and accountability around cyberattacks compromise this practice.

Without a cyberwar to set precedent, Waxman said nations must blaze their own trails when navigating this new territory. When interpreting what constitutes an offensive attack, Waxman said the intent to cause damage serves as one signal on an operational level. Beyond that, the line between espionage and warfare becomes blurred.

Biden, Putin laughing at summit
It's the beginning of drawing the line in the sand," Lior Div, CEO of Cybereason, told Newsweek about the discussion between U.S. President Joe Biden and Russian President Vladimir Putin on cybercrime at the summit in Geneva, Switzerland on June 16, 2021. BRENDAN SMIALOWSKI/AFP via Getty Images)

While an act of cyber espionage may not lead to immediate destruction, Waxman said it may set the framework for future offensive operations. This very debate emerged during the SolarWinds attack, when the level of damage caused by the information breach sparked discussions about the definition of cyberwarfare versus cyber espionage, Waxman said.

While international law does not prohibit espionage, acts of aggression not conducted in the name of self-defense are penalized.

As the United States moves forward in navigating this issue, President Biden has provided greater clarity around what acts of aggression may be met with a cyberattack.

In his meeting with Russian President Vladimir Putin, Biden provided the Kremlin with 16 sectors, including health care and energy, deemed "off limits." Any attacks on these sectors will be met with America's "significant cyber capability."

Biden demanded Russia investigate any attacks carried out by criminal groups within its borders, with Putin agreeing that Moscow would "assume equal commitments" as the U.S. However, how the two nations will hold cybercriminals accountable remains unclear.

Yet the discussions do offer a way forward.

"It's the beginning of drawing the line in the sand," Div told Newsweek. "Governments are going to be very careful with what is and what is not allowed."