Why US can attack Russia on cyber over Ukraine?

Join today’s leading executives online at the Data Summit! Look here.

Following a report that the US Cyber ​​Command has been working to counter Russian cyber attacks against Ukraine, the former commander’s general counsel said the US is doing everything it can to ensure that all its military activities – including to the cyberfront – staying away from making the country a “co-belligerent” under the terms of international law.

“The United States is not a party to the current armed conflict between Russia and Ukraine and by all indications it is calibrating its support for Ukraine to keep it that way,” said Gary Corn, who served as the US staff attorney general counsel. . Cyber ​​Command from 2014 to 2019, in an email to VentureBeat.

“That means [the U.S.] does not engage in activities that would amount to a prohibited use of force under the UN Charter, or otherwise make it a co-belligerent party of Ukraine,” said Corn, who is now a professor at Tech Law and Security Program of the American University.

Corn, a retired United States Army colonel and military attorney who served in the military for 27 years, noted that “co-belligerent” is the appropriate term under international law (as opposed to the term “co-combatant” sometimes is used).

The New York Times reported on Sunday that teams with the US Cyber ​​Command — which is part of the Department of Defense — have been working from military bases in Eastern Europe to neutralize Russian cyber offensives against Ukraine.

These so-called “cyber mission teams” of the United Fighter Command have been working to “disrupt Russia’s digital attacks and communications,” according to the Times.

VentureBeat has reached out to the US Cyber ​​Command and the Department of Defense (DoD) for comment.

Comply with the law

Deploying a cyber operation is “one of many tools at the President’s disposal to potentially use in this crisis to defend against cyber threats and, where appropriate, advance U.S. interests,” Corn said in the email. email to VentureBeat.

Russia has proven to be an active cyber threat, whether related to the current conflict or not, and Cyber ​​Command’s job is to defend against that threat, he said.

However, “if the president were to instruct the US Cyber ​​Command to carry out activities beyond its normal operations to defend DoD networks — and that’s a big ‘if’ — you can bet that those activities would be subject to intense inter-agency coordination and in the NSC [National Security Council]’ said Koren.

This coordination would be aimed at “among other things, ensuring that they comply with national and international legislation and taking into account risks of unintended consequences,” Corn said.

Along with Russia’s many reported attacks on Ukrainian civilians, cyber-attacks have been observed against a number of civilian digital targets in Ukraine since the unprovoked Russian invasion of the country on Feb. 24, according to technology vendors such as Microsoft and Amazon.

Those include cyber-attacks targeting humanitarian and emergency services in Ukraine, and the cyber-attacks could ultimately be considered violations of the Geneva Convention, Microsoft president Brad Smith said. Amazon says it has observed “particularly gross” cyberattacks involving “malware aimed at disrupting medical supplies, food and clothing aid” in Ukraine.

‘red lines’

As Russia’s attack on Ukraine expanded this week, so did the debate over whether the US should do more to help Ukrainian forces. For example, supplying weapons has been seen as okay until now.

“The line of what makes a state a co-belligerent under international law is not black and white, but in general providing weapons, financing or other similar support is not enough,” said Corn.

On the other hand, establishing no-fly zones over Ukraine — or aiding the transfer of Polish fighter jets — would amount to US meddling too much militarily, Pentagon officials said.

However, there seems to be less risk that reported activities of the US Cyber ​​Command to fight Russia in the cyber field in the same way.

Still, it’s not a zero risk — as Russian President Vladimir Putin has issued a general threat of retaliation against “those who may be tempted to intervene” and try to “get in our way” in Ukraine.

“As military planners say, the enemy always gets a voice,” Corn told VentureBeat. “And Putin has already telegraphed that he will draw his own red lines regardless of what international law has to say.”

The New York Times report indicated that U.S. officials believe the country’s cyber forces could “temporarily suspend Russian capability” without the activity being considered an act of war. But shutting down Russian systems permanently would go too far, according to the report.

The Times did not provide details on the activities carried out by the US Cyber ​​Command, but suggested that the efforts are focused more on mitigating Russian cyber attacks on Ukraine than on offensive operations against Russia.

Not much is known about the mission, though, as US cyber operations are among the “most secretive elements of the conflict,” the Times report said.

Cyber ​​weapons are weapons

Founded in 2010, US Cyber ​​Command is headquartered in Fort Meade, Maryland, with the National Security Agency (NSA).

Also known as “USCYBERCOM,” the organization is “a military command that operates in real-time worldwide against determined and capable adversaries,” according to the command’s website.

U.S. Cyber ​​Command was elevated to a unified combatant command in 2018, and its commander is General Paul Nakasone, who also serves as director of the NSA.

Many of the U.S. Cyber ​​Command personnel are members of the military, and “they view cyberweapons as weapons,” said David Murphy, a U.S. Air Force veteran who served as a dedicated mission trainer for the U.S. Cyber ​​Command from 2017 to 2018. has served.

Murphy said he was not surprised to see the report that USCYBERCOM is playing a role in Ukraine’s cyber defense against Russia.

The commando has spent “a lot of money and a lot of effort training new recruits and training military personnel specifically to carry out these types of missions,” he said. “This is really what they intended to do with Cyber ​​Command.”

Still, deploying US Cyber ​​Command in this way seems unprecedented — at least as far as we’re publicly aware, said Murphy, who is now a cybersecurity manager at accounting firm Schneider Downs.

During a House Intelligence Committee hearing on Tuesday, Nakasone reportedly said the US Cyber ​​Command has carefully monitored “three or four” major cyber attacks by Russia against Ukraine to date. Cyberscoop’s report did not indicate whether Nakasone discussed other activities of the US Cyber ​​Command surrounding the situation between Russia and Ukraine.

Attribution is difficult

Whatever role the US Cyber ​​Command has played, their actions are “very likely to be justified, proportionate and fit within the broader armed conflict law,” said Chris Morgan, senior cyberthreat intelligence analyst at Digital Shadows, a digital risk protection firm. .

Still, “attribution is often a huge challenge in any attack or move in cyberspace,” Morgan said in an email. “While the actions of the cyber mission teams would likely be appropriate, it is realistically possible that their activity is misattributed to other cyber threat actors, who are also carrying out other attacks with similar impact.”

All of this means there is a “fine line” for the US Cyber ​​Command to walk to counter Russia’s offensive cyber capabilities, he said.

In another sense, the challenge of attributing cyberattacks in this situation could actually benefit the US, said Jason Hicks, field CISO at cybersecurity consultancy Coalfire.

To evade attribution by Russia, the US Cyber ​​Command would have to avoid launching attacks that only the command, or a US intelligence agency, could have done, Hicks said. “Ideally, our troops should use tools and techniques that are available to the general public, rather than custom tools and exploits,” he said in an email.

“However, if mistakes are made or if there is an attack that only our government can carry out, that’s a different story,” Hicks said.

Cyber ​​relaxation?

In the event of a major cyberattack against Russian targets, there’s also no guarantee that Russia won’t just assume the US military is involved after all, Hicks said.

But hopefully Russia is too distracted to worry about what the US might do on the cyber front, said John Bambenek, principal threat hunter at IT and security firm Netenrich.

“Russia is fully engaged in Ukraine with cyber operations and frankly is in an unexpected quagmire, so their ability to respond is limited,” Bambenek said in an email.

Another possibility: The US and Russia are essentially in a cyberdetente right now.

“In the unwritten rules of cyber warfare, escalations will result in counter-attacks, which can easily cripple systems on the attacker’s side of the border,” Aaron Turner, vice president of SaaS attitudes at detection and response company Vectra, said in an email.

“We’ve most likely reached some sort of relaxation,” Turner said, “where both sides understand that catastrophic cyberattacks will most likely result in mutually assured destruction of systems.”

VentureBeat’s mission is to be a digital city square for tech decision makers to learn about transformative business technology and transactions. Learn more

This post Why US can attack Russia on cyber over Ukraine?

was original published at “https://venturebeat.com/2022/03/09/why-the-u-s-can-engage-russia-on-cyber-over-ukraine/”