Why Vladimir Putin Wants A Deal to Prevent 'Cyber Pearl Harbor' From Pulling Joe Biden Into War

Russian President Vladimir Putin is seeking an agreement from his U.S. counterpart Joe Biden in order to rein in global cyberwarfare. Moscow sees the effort as critical in stemming an already raging 21st-century digital arms race and avoiding a miscalculation that could spark a conflict between the two top military powers.

Such an inadvertent conflagration becomes especially dangerous in the absence of "red lines" not yet established among nations and non-state actors, who are also quickly honing potentially devastating cyber capabilities.

Putin made note of this latent threat in September, asserting that "one of today's major strategic challenges is the risk of a large-scale confrontation in the digital field," part of remarks referred to Newsweek by the Russian embassy in Washington.

The comment came alongside a four-point plan to establish high-level communication between Washington and Moscow on what Russia refers to as "international information security," including through existing bodies dealing with nuclear and computer readiness, as well as through the establishment of new rules of the road mirroring U.S.-Soviet agreements on avoiding maritime incidents, and mutual "guarantees of non-intervention into internal affairs of each other."

Putin is also seeking is a global agreement on "no-first-strike" regarding communications technologies, another reference to the nuclear technologies that long dominated the discourse on arms control, and still do today.

Contacted regarding the prospect of pursuing such a deal, the State Department referred Newsweek to the White House, which referred to national security adviser Jake Sullivan's assurances that both nuclear and cyber issues would be on the table Wednesday.

Sullivan said Wednesday that nuclear talks remained the "starting point" for bilateral discussions, and "whether additional elements get added to strategic stability talks in the realm of space or cyber or other areas, that's something to be determined as we go forward."

But as the U.S. continues to prove vulnerable to ransomware attacks from shadowy groups believed to be operating out of Russia or other former Soviet bloc countries, those with experience in advising the White House on challenges from the region urge Biden to take the opportunity to send a message.

"What I want is for Biden to very clearly explain what the risk is to Vladimir Putin, that we are not going to back down if we are attacked by Russia," Evelyn Farkas, who served as deputy assistant secretary of defense for Russia, Ukraine and Eurasia, "and we're going to be the ones that decide what a 'cyber Pearl Harbor' is, which means Russia doesn't control the escalation dynamic."

us, cyber, command, center
Members of the U.S. Cyber Command are seen at headquarters in this undated photo released by the Pentagon. Petty Officer 1st Class Samuel Souvannason/U.S. Navy

For generations, December 7, 1941 was a date that lived "in infamy," a catalyst for the U.S. entry into the largest war known to mankind. Nearly seven decades later, 9/11 showcased in even deadlier terms a new kind of threat that could strike with little warning, dragging the U.S. into a conflict it is still waging today across the globe.

The threat in the cyber realm has yet to emerge clearly into the open, but recent events suggest how quickly and quietly events could escalate. Just in the past year, this has been demonstrated by mass infiltrations like last year's SolarWinds hack. This was followed by a pair of major ransomware attacks, one that prompted a panic over a fuel shortage as the nation's largest gas pipeline shut down, and another that disrupted the food supply chain as U.S. operations of the world's largest beef supplier were forced to close.

Both the companies behind Colonial Pipeline and JBS USA paid multimillion-dollar ransoms in cryptocurrency, a controversial idea that defies the traditional U.S. government stance of not giving into the demands of "terrorists."

But it's hard to imagine another way private companies could react as long as they remain helpless to such a cyber onslaught from abroad. Potential victims of such attacks, likely to multiply in severity and scope if left unregulated, also seek answers.

"I mean, imagine if you're a healthcare system, you're going to have people dying," J.D. Cook, a former senior CIA official, told Newsweek. "My mom's taking chemo, chemo, all of that other stuff is computerized. You think I care about that principle of you not paying a ransom if my mom dies? If my mom dies because of a ransomware attack, it'll hit home."

While he said such analogies as Pearl Harbor were tantalizing to a public growing increasingly aware of the effects that such cyber capabilities could have on their lives, he urged those tasked with crafting strategy on the issue to just "go and do something, you need to do something and do it tomorrow."

Another relevant historical analogy is that of the 1962 Cuban Missile Crisis, which had less to do with the communist-led island 90 miles off of Florida and more with two superpowers testing how close to each other's territory they could position nuclear-capable weapons.

"We almost went to nuclear war," Raj Shah, chairman of the cybersecurity insurance firm Resilience, told Newsweek.

The standoff that brought the world to the brink barely avoided a potentially apocalyptic exchange between Washington and Moscow. It did, however, pave the way for landmark treaties that would ultimately reverse the then-untethered buildup and deployment of nuclear weapons.

Shah said it is now time for the U.S. to express what red lines look like in the cyber realm, and then back it up with a staunch deterrence capable of enforcing them.

"We have to be open about it, and we have to be able to communicate what those lines are, and then defend them so there's not a miscalculation on the other way," he said. "But I think the status quo of our pipelines going down every week is not tenable."

And even though the situation may seem relatively calm on the surface, these lines are being tested everyday. Conflicts are playing out with increasing velocity and viciousness behind the screens of some of the country's most vital infrastructure.

So much so that a Department of Homeland Security combining the two areas was established in 2018, known as the Cybersecurity and Infrastructure Agency (CISA). Brian Harrell, who served as CISA's assistant director of infrastructure security until last August, can attest to the seriousness of this challenge.

"Our critical infrastructure sectors are the modern day battlefield and cyberspace is the great equalizer," Brian Harrell, former Assistant Director for Infrastructure Security at CISA, told Newsweek. "Hacker groups can essentially attack with little individual attribution and virtually no consequence. With over 85% of all infrastructure owned and operated by the private sector, significant investment and attention must be placed on hardening key critical systems. I anticipate more attacks focused on energy, water, and financial services happening in the future."

It might only be a matter of time before an adversary goes too far, forcing the battle out of the shadows into the open.

"If a nation-state adversary were to set foot on our homeland and physically destroy our infrastructure, we would view this as an act of war," Harrell said. "We should have a very similar mindset with respect to an enemy destroying or degrading our critical systems with a cyber attack."

One such attack that seemed to test the boundaries came in February, when a still-undisclosed group managed to remotely access the controls of a water treatment center in Oldsmar, Florida and increased the output of sodium hydroxide, a highly caustic chemical also known as lye, from a safe 100 parts per million to a dangerous 11,100 ppm.

If even one person had died as a result of this, or a future attack, it may prove a game changer.

"The cyber red line—I think everybody is fairly clear on this—is loss of life," William Hurd, a former CIA clandestine officer who served in Congress as a Texas representative from 2015 to this January, told Newsweek.

He referenced the incident in Florida as one that could have elicited a "kinetic response"—military action—if U.S. lives were lost.

Doug Wise, who served in the CIA as a member of the Senior Intelligence Service and was deputy director of the Defense Intelligence Agency, also drew the line at U.S. casualties. But a U.S. response to even in the worst-case scenarios is a matter of uncharted territory.

"That's the beauty of these cyber attacks, because we struggle at trying to compare the attack mechanism to the kinetic attack mechanism, particularly, strategic to strategic," Wise told Newsweek. "It's ones and zeros and malware versus one-megaton warheads on Titans and on B-1's. How do you make that comparison so you can decide on proportional responses?"

And then there's the intrinsic challenge of attribution when it comes to cyberwarfare, a realm in which actions are deliberately shrouded in deception and uncertainty.

"I think it would take a significant cyber attack against the aviation infrastructure, power infrastructure, water distribution, and the transportation infrastructure," Wise said. "I think it would take probably two to three simultaneous attacks against these targets, along with clear attribution. The attribution issue is always the stumbling block."

Identifying the source and location is the unique challenge in cyberwarfare, he said.

When you launch a missile, you get a kinetic signature from which you can generate geo-coordinates for the point of origin," Wise said. "With a cyber attack, the origin is obscured as well as the transport path, thus making attribution to the actual actor a significant challenge. Would the United States be willing to start World War III absent exquisite attribution, or go against a Russian organized crime group? I think not."

While the Biden administration has not directly blamed the Kremlin for the recent ransomware incidents, U.S. officials have called on their Russian counterparts to hold the groups behind the attack accountable. Putin said during an interview with the Rossiya-1 outlet that he would agree to extradition of those arrested in Russia should the U.S. do the same, something Biden has vowed he would reciprocate in the event such attacks were launched from U.S. soil.

He called Putin's similar assurance "potentially a good sign and progress."

Part of Russia's strategy in raising these issues with the U.S. is to seek a seat at the table as the protocols of this brave new frontier are crafted in the midst of ongoing cyber clashes.

"When it comes to crafting the red lines of cyberwarfare, it's important to remember that the enemy gets a vote as well, which is why some people worry that this could lead to an escalating conflict that spills out from the cyber world to the physical world," Tatyana Bolton, policy director for R Street's Cybersecurity & Emerging Threats team, told Newsweek. "Our critical infrastructure relies on computer systems as much as it does physical systems. The line between the digital world and the real world is quickly disappearing."

Bolton, who served as CISA's cyber policy lead in the Office of Strategy, Policy and Plans, also sees loss of life, or "significant physical destruction," as the likely threshold for a U.S. response that transcends those two worlds. She acknowledged the gravity of this eventuality and supported dialogue, but she also urged an even tougher U.S. position against Russia.

"Yes, looking for additional ways to punish Russia for it's bad behavior in the cyber realm could be risking escalation," Bolton said. "But if we don't face the risk of escalation, we face another, more dangerous risk-letting Russia get away with doing whatever it wants in cyberspace."

While the U.S. and Russia calculate their readiness to engage one another through strength or dialogue in the cyber world, they've also scrambled to hone their online arsenals. Here, the U.S. retains an advantage.

But as the leaders of two nations who dominated the premier geopolitical competition of the late 20th century take the stage Wednesday, the U.S. has once again pulled ahead of its rival in developing current and future capabilities leveraged on new battlefields, the likes of which the world has never seen.

"Domains of competition, it's not strictly military anymore," Mike Madsen, who serves as Director of Strategic Engagement for the Pentagon's Defense Innovation Unit, told Newsweek. "It's economic, it's social, it's all these different things. We talked about air superiority and air supremacy, and there's a day when there's going to be concepts of cyber curiosity and cyber supremacy in a domain of competition."

He said that domain is already becoming a reality, of concern not only to Pentagon planners, but one that can and has affected the everyday U.S. citizen.

"In this era of Great Power competition, the technology race is the most important front," Madsen said. "It is critical that DoD not only attract the best emerging commercial technology and talent by lowering the barriers to entry, but to integrate this technology into our systems."

He noted that national security issues have expanded beyond the traditional military parameters.

Our nation's security today is no longer limited to military strength but it also relies on our economic health," Madsen said, "and we need to leverage our asymmetric advantage of the serial entrepreneurship of technology ecosystem which birthed Silicon Valley, where the triad of government, academia and industry work together."

As such, the U.S. has invested heavily in its own cyber capabilities, seeking to outpace Russia and other competitors to achieve and maintain what's known as a Qualitative Military Edge (QME) using both public and private assets.

"Achieving QME is an endless effort that requires constant innovation and commitment to gain advantages over adversaries, technically and tactically," Amyn Gilani, chief growth officer at CounterCraft, a cybersecurity firm that sets out to thwart virtual threats such as ransomware attacks, told Newsweek.

Doing so, he argues, takes the efforts of both public sector entities such as DIU and private institutions like his own.

"This is why it is essential for the federal government to collaborate with the most innovative technology companies to achieve cyberspace superiority," said Gilanie, a former U.S. Air Force intelligence analyst who supported projects at U.S. Cyber Command, the National Security Agency and Department of Homeland Security. "It is essential that the federal government leverage the private sector to fulfill technology needs and prototype solutions to fine-tune customers' needs."

As public-private partnerships have helped enhance the country's cyber capabilities in a similar way it's fueled innovation among more conventional arms, the U.S. has also turned to its existing alliances abroad to tackle foreign foes in the digital domain. The foremost of these coalitions is the 30-state NATO, which in 2019 added discussions of cyber attacks to the admissibility of Article 5—collective defense.

Contacted by Newsweek, a NATO spokesperson referred to discussions that took place among the alliance as Biden visited Europe over the weekend.

"Reaffirming NATO's defensive mandate, the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law," a joint statement issued Monday by the heads of NATO states. "We reaffirm that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis."

If serious enough, NATO members agreed that "the impact of significant malicious cumulative cyber activities might, in certain circumstances, be considered as amounting to an armed attack."

The statement said NATO would intensify its focus in the cyber realm, including "sharing concerns about malicious cyber activities, and exchanging national approaches and responses, as well as considering possible collective responses."

"If necessary, we will impose costs on those who harm us," the statement added. "Our response need not be restricted to the cyber domain."

Joe, Biden, and, Vladimir, Putin, combo
This combination of pictures created shows then-Democratic presidential candidate Joe Biden—now president—during a speech in Darby, Pennsylvania, on June 17, 2020 and Russian President Vladimir Putin delivering a speech at the Novo-Ogaryovo state residence outside Moscow on January 31, 2018. Biden is set to follow in the path of his predecessors in attempting an early reset in U.S.-Russia relations, but issues straining ties between the two powers have only multiplied in recent years. JIM WATSON/GRIGORY DUKOR/AFP/Getty Images

The prospect of a "physical" attack in response to cyberattacks already has a real-life precedent. The U.S. has already targeted the cyber capabilities of the Islamic State militant group (ISIS) in operations, with an August 2015 airstrike that killed jihadi hacker Junaid Hussain in the de facto caliphate capital of Raqqa, Syria.

But the first known example of an immediate, kinetic reaction came nearly four years later elsewhere in the Middle East.

In May 2019, the Israel Defense Forces reported that they "thwarted an attempted Hamas cyber offensive against Israeli targets" by conducting an airstrike on an alleged headquarters in the Palestinian-controlled Gaza Strip. Israeli forces similarly targeted Hamas cyber stations during last month's 11-day war with Hamas and allied Palestinian factions in Gaza.

Though the fallout from both operations remained relatively contained, how such a response would play out on the state-versus-state level remains anyone's guess. In the meantime, the U.S. and Russia were already playing a murky game behind smokescreens of code.

U.S. Cyber Command partners with foreign governments on missions known as "hunt forward operations," in which "defensive cyber teams are invited by other nations to gather insights from their government networks on adversary behavior," a U.S. Cyber Command spokesperson told Newsweek.

"These operations are one part of our 'defend forward' strategy—where we see what our adversaries are doing, and share with our partners in the homeland to bolster defense," the spokesperson said.

In one such mission targeting Russia's alleged cyber activities, U.S. forces "discovered and disclosed new malware associated with the SolarWinds incident, and then provided key mitigation of the malware, attributed to Russian intelligence SVR."

"When we disclose adversary malware used to conduct espionage; we not only harden our own networks, inoculate more broadly and improve collective cybersecurity," the spokesperson said, "but we also impose costs disrupting adversaries time, money, and access."

The concept of "defense forward" is the broader cyber strategy that includes what's known as "persistent engagement."

"The Department is continuously defending itself from malicious activity and, more broadly, defending the country from significant malicious actions through persistent engagement," a Pentagon spokesperson told Newsweek. "Our persistent engagement activity generates insights that are shared with Federal and private sector partners, making us all more secure. The President may direct the Department to conduct additional cyber operations when he deems them necessary."

As NATO's joint communique asserted, the Biden administration has considered a range of options in response to major cyberattacks.

"The way that I've consistently characterized our response when it came to SolarWinds and to other cyberattacks of that scope and scale is that we are prepared to take responsive actions that are seen and unseen," Sullivan told reporters Sunday, "and I'll leave it at that."

Russian officials have raised concerns regarding such statements and, in an NBC News interview aired that same day, even Putin appeared to fret.

"What people can be afraid of in America, the very same thing can be a danger to us," Putin said. "The U.S. is a high-tech country, NATO has declared cyberspace an area of combat. That means they are planning something; they are preparing something so, obviously, this cannot but worry us."

Both the U.S. and Russia have clearly asserted their right to wage cyber operations both offensively and defensively in the modern era. Until cyber boundaries are set, however, it remains difficult for foes to know when they've crossed them.

Until cyber boundaries are set, however, it remains difficult for foes to know when they've crossed them.

"We need to find what the red lines are, this continues to escalate, and we can't allow it to escalate," Shawn Henry, president and chief security officer of cybersecurity company CrowdStrike, told Newsweek. "It's the exact reason we had nuclear arms talks, because we realize things couldn't continue to escalate, they couldn't spiral out of control. We couldn't worry about an adversary launching a weapon mistakenly because we know what the response would be."

The former FBI executive assistant director said now is the time for dialogue to avoid a catastrophic cyber event, one that could trigger a response that would have not only immediate but generational consequences.

"It takes us back to that exact point in the conversation where nation-states need to sit down and define what the red lines are," Henry said, "and what the responses are going to be says there's no misinterpretation, there's no misunderstanding."

This article has been updated to included further reporting that supported Newsweek Magazine's cover story: Will Putin's Hackers Launch a Cyber Pearl Harbor—and a Shooting War?