In the old days, I would have agreed with the author’s final assessment, we are not in a cold war because “[h]acks still happen every day, true, but digital infrastructure survives and thrives despite them.”
Except they don’t. The author does not appear to be familiar with Stuxnet and Shamoon. Both cyber attacks disabled physical systems. In the case of Shamoon, over 30,000 computers were permanently disabled. Saudi Arabia’s ARAMCO and Qatar’s RasGas were idled for ten days while they replaced all their hard drives.
The cyber community has struggled for many years to determine when the accumulative effects of cyberattacks would be considered an act of war. For the author to dismissively state we are not and will not be in a cyber war refutes months and years of really heavy discussions. It chooses to ignore widespread attacks on our infrastructure, on our way of life, on our quality of life, on our governments, on our critical infrastructure, and on our very lives. There have been stories for years that cyberattacks have caused deaths, and some of these stories are mostly true. The killings have not been counted in mass numbers, so far they have been limited to single-digit numbers of victims.
Besides these few contentious points, however, this is an excellent, thought-provoking article, well worth reading.
By Rowland Manthorpe, technology correspondent
Nothing is as easy, or alluring, as an apt historical comparison.
So, when the Foreign Office releases a list of “reckless and indiscriminate” Russian cyber attacks, the images come swiftly to mind: Stalin, Kennedy, the Bay of Pigs, the Berlin Wall.
But before we declare a new Cold War, we would be wise to pause. Thinking in analogue terms may be precisely what gets us into trouble.
The foreign secretary is clearly alert to this danger.
In his statement on Wednesday, he notes that several of the cyber attacks damaged Russian institutions as well as foreign ones.
He blames the GRU, the Russian military intelligence service, not the Russian people. This is not in any sense a declaration of war.
It is, however, a clear warning, one that deserves to be taken extremely seriously.
The Foreign Office statement contains little news; Russian military intelligence was already linked to most of the attacks it lists. But it confirms what has been suspected for some time.
Not only are Russian agents spreading fake news and propaganda through social networks, but its teams of hackers are worming their way into key Western institutions, leaving destruction and demoralisation in their wake.
To put it mildly, this is very worrying.
The announcement also highlights a further worry: the difficulty of dealing with cyber aggression.
Seeing the attacks collected together, what is striking is their sheer range.
The targets include everything from a UK television station, to the United States Democratic Party, to Ukrainian metro lines – a group united only by the fact that they use digital systems.
Here, in a nutshell, is the danger. If anything that uses a computer can be attacked, then what are the limits for an assailant?
Naming Russia as a perpetrator offers cybersecurity its #MeToo moment
Then there is what military strategists refer to as “asymmetry”.
Put simply, cyber tools give weak states the opportunity to strike against powerful ones.
Isolated, impoverished North Korea can deploy a hack that brings down a large swathe of the NHS. Russia, a fallen superpower hamstrung by economic sanctions, can reach deep into foreign territory with the click of a mouse.
Yet although it is tempting to spin out scenarios in which cyber attacks shut off banks or power plants, we should note that few of these attacks have (so far) come to pass.
The attacks listed by the Foreign Office were mainly aimed at political institutions, often with the aim of spying or leaking documents. They were intended to de-legitimise political and social systems, not provoke outright war.
In a speech earlier this year, the head of the British Army coined a phrase to describe this kind of attack.
Cyber, said General Sir Nicholas Carter, was a “weapon system” which was “exploiting the seams between peace and war”.
Other similar systems included bribery, corrupt business practices and assassinations such as the attempted killing of Sergey and Yulia Skripal.
These weapons systems, General Carter explained, were not fired and targeted in the same way as guns or missiles. Instead, they seeped out slowly, weakening an adversary until it was no longer able to respond.
“The risk we run,” he said, “is that rather like a chronic contagious disease, it will creep up on us, and our ability to act will be markedly constrained; and we’ll be the losers of this competition.”
By making the GRU’s actions public in this way, the government is presumably hoping to stir its NATO allies to avoid this fate.
But it will also be thinking about the general public – because the sad truth is that there is very little we can do to stop cyber attacks of this kind, so the only option is to learn to live with them.
This might sound grim, but I can see positives. We might start creating more decentralised platforms, which are more resilient in the face of attack. We might learn to have a saner attitude to mass surveillance. We might tone down the battle for attention raging on social media.
Or we might not – and instead fall prey to dissent and division. With Brexit dividing the country, that seems entirely possible. No wonder government ministers regularly cite it as a major national security threat.
But when I feel gloomy, I think back to the early days of the internet.
Back then, we were told, nothing would be safe, because legions of teenage hackers would find their way into everything.
More from Cyberattacks
Hacks still happen every day, true, but digital infrastructure survives and thrives despite them.
Even now, it is still possible that we will look back on this episode in the same way: as a blip, a nasty one, sure, but nothing that deserves the name “new Cold War”.