Follow us on social

Cyber-war-scaled

A lesson in cyber spying vs. cyber attack

So far the the 'Solar Winds' hack has added up to espionage, not sabotage. Let's be careful how we respond.

Analysis | Europe

One of the very first challenges for the Biden administration in foreign and security policy will be how to respond to the massive “SolarWinds” hack of U.S. government systems, most probably (though not yet certainly) carried out by the Russian intelligence services.

President-elect Joe Biden has said that the incident will be “an overwhelming focus for my administration.”

This is a relatively uncharted region of interstate relations, for which it is vitally important to draw up ground rules. Unfortunately, the response to the hack by American officials, politicians, and the media has already done much to blur the facts of the case and make a sensible response more difficult.

The most important thing to remember in this regard is the difference between an “attack” and an act of espionage. The SolarWinds hack has been generally described in the United States as the former (including by incoming national security adviser Jake Sullivan, and Biden), but was in fact the latter. Nobody is suggesting that the hackers in this case introduced viruses to paralyze U.S. state systems or damage domestic infrastructure and services. This was purely an information-gathering exercise.

This distinction is crucial. An attack on the citizens or infrastructure of another state has traditionally been considered an act of war. Actions by the United States, Russia, Israel and other countries in recent decades have somewhat blurred this distinction. But no one can doubt that if another country carried out a major act of sabotage on American soil, (especially one threatening the lives of citizens), then Washington’s response would — rightly — be a ferocious one.

As a matter of fact, while Russia has engaged in limited operations against Estonia and Ukraine, the only countries that have to date carried out a truly successful and destructive act of cyber-sabotage are the U.S. and Israel, through the "Stuxnet” virus, which as introduced into the Iranian nuclear system and first uncovered in 2010. 

Espionage by contrast is something that all states do all the time — often to friends as well as adversaries. We may remember the scandal under the Obama administration when U.S. intelligence was found to have hacked into the communications of German Chancellor Angela Merkel and other senior leaders of NATO countries. The hacking of a Belgian telecom company by British intelligence (“Operation Socialist”) is another example. And I would be both shocked and deeply disappointed to learn that U.S. intelligence is not trying to penetrate the state information systems of Russia and China. 

And for each revealed act of espionage there is a well-established and calibrated set of responses. The aggrieved country issues a formal protest and expels a given number of “diplomats” from the country responsible. That country expels an equal number of diplomats. The media and the writers of spy thriller writers have a party. Then everything goes back to normal. For after all, everybody knows that there is no chance whatsoever that states will ever give up spying.

There are, however, three aspects of cyber-espionage that make it different from and more dangerous than traditional espionage.

Firstly, as Jake Sullivan has pointed out, unlike most forms of espionage, hacking can be used both for spying and for sabotage, and one can form the basis for the other. A key goal of responsible statecraft should be to establish a clear line between the two when it comes to cyberspace: to develop a set of calibrated and limited responses to cyber-espionage, and to make clear that cyber-sabotage will lead to a much fiercer and more damaging retaliation.

Secondly, unlike traditional espionage, the cyber variety is an area where third parties, uncontrolled by either side, can play a major role and cause serious damage to relations (and of course this also gives all sides plausible deniability — as with U.S. moves against Iran).

For example, those behind the authors of the 2011 cyber-attack on the G20 summit in Paris have never been identified. Several major hacks have been conducted by independent cyber-anarchists, or even by clever teenagers, sometimes it seems simply for fun. In the present atmosphere, however, all such hacks against the United States are likely to be blamed on Russia and to lead to a further deterioration of relations.

Thirdly, and in part because of these blurred lines, no clear and understood international traditions are in place concerning the response to cyber-espionage, and there is a serious risk of overreaction leading to a spiraling escalation of tension and retaliation.

This is what the Biden administration must avoid. Apart from the immediate damage to relations, overreaction would mean that when — as is bound to happen someday — Russia or China eventually discover a cyber-espionage operation against them by U.S. intelligence, they will not only look justified in a disproportionate and escalatory response — they will actually bejustified.

One thing that Biden must definitely not do is to follow the suggestion that the United States should shut Russia out of the SWIFT international bank transfer system which— the most damaging of all U.S. sanctions against Iran, and one that would have a disastrous effect on Russian trade.

Last year, then Russian prime minister Dmitry Medvedev said that Russia would regard such a move as equivalent to an act of war and would respond accordingly. Various Russian responses would be possible, including a definitive move into the Chinese geopolitical camp and massive military aid to Iran. Without doubt however, one of them would be to move from cyber-espionage to cyber-sabotage against the United States.

The most sensible response would in fact be to follow literally President-elect Biden’s statement that his administration will “respond in kind” to the attack is the most sensible — that is to say in the cyber-field. The first step (as after any counter-intelligence failure) must obviously be to strengthen U.S. cyber-defenses which. Amongst other things, this requires using presidential orders to combine, streamline, and rationalize the competing plethora of U.S. agencies currently responsible for cyber-security.

The second entirely appropriate response is for Washington to intensify its own existing cyber-intelligence operations against Russia. That, however, is another reason not to engage in overblown moral outrage over the latest hack. The American pot already has quite a global reputation for calling kettles black, and there is no need to blacken it further.

Finally, the Biden administration should do everything possible to develop agreed international restraints on state cyber-operations, including an absolute ban on cyber-sabotage. This should involve opening new negotiations with Moscow on longstanding Russian proposals for an international “arms control” treaty in the area of cyber-warfare, and for a joint U.S.-Russian working group to establish mutual ground rules and confidence building measures.

These Russian proposals cannot be accepted as they stand (above all because of Moscow’s desire to limit free flows of information); however, more than a decade ago, then- National Security Agency Director Keith Alexander said that “I do think that we have to establish the rules, and I think what Russia has put forward is, perhaps, the starting point for international debate.” This remains true today, and the danger of a failure to reach international agreement has grown vastly since then.

One of the worst things about hysterical statements in the United States about "cyber-attacks" is that unwary readers might mistakenly conclude from them that things can't get any worse. They can get much, much worse.


(FrameStockFootages/Shutterstock)
Analysis | Europe
 Abdel Fattah al-Burhan Sudan
Top image credit: Sudan's army chief Abdel Fattah al-Burhan gestures to soldiers inside the presidential palace after the Sudanese army said it had taken control of the building, in the capital Khartoum, Sudan March 26, 2025. Sudan Transitional Sovereignty Council/Handout via REUTERS

Saudi Arabia chooses sides in Sudan's civil war

Africa

In the final days of Ramadan, before Mecca's Grand Mosque, Sudan's de facto president and army chief, General Abdel Fattah al-Burhan knelt in prayer beside Saudi Crown Prince Mohammed Bin Salman. Al-Burhan had arrived in the kingdom just two days after his troops dealt a significant blow to the paramilitary Rapid Support Forces (RSF), recapturing the capital Khartoum after two years of civil war. Missing from the frame was the United Arab Emirates (UAE), the Gulf power that has backed al-Burhan’s rivals in Sudan’s civil war with arms, mercenaries, and political cover.

The scene captured the essence of a deepening rift between Saudi Arabia and the UAE — once allies in reshaping the Arab world, now architects of competing visions for Sudan and the region.

For two years, Sudan has been enveloped in chaos. The conflict that erupted in April 2023 between the Sudanese Armed forces (SAF) and the RSF, led by General Mohamed Hamdan Dagalo "Hemedti," has inflicted immense suffering: an estimated 150,000 killed, allegations of mass atrocities staining both sides but particularly the RSF in Darfur, 12 million displaced, and over half the population facing acute food insecurity.

keep readingShow less
Donald Trump Massad Boulos
Top image credit: Republican presidential nominee and former U.S. President Donald Trump is joined by Massad Boulos, who was recently named as a 'senior advisor to the President on Arab and Middle Eastern Affairs,' during a campaign stop at the Great Commoner restaurant in Dearborn, Michigan, U.S., on November 1, 2024. REUTERS/Brian Snyder/File Photo

Trump tasks first time envoy with the most complex Africa conflict

Africa

As the war between the Democratic Republic of the Congo (DRC) and allied militias against the Rwandan-backed M23 rebel group continues, the Trump administration is reportedly tapping Massad Boulos as the State Department’s special envoy to the African Great Lakes region.

In this capacity, Boulos will be responsible for leading the American diplomatic effort to bring long-desired stability to the region and to end a conflict that has been raging in the eastern DRC for decades.

keep readingShow less
Sens. Paul and Merkley to Trump: Are we 'stumbling' into another war?
Top photo credit: Sen. Rand Paul (R-Ky) (Gage Skidmore /Creative Commons) and Sen. Jeff Merkley (D-Ore.) )( USDA photo by Preston Keres)

Sens. Paul and Merkley to Trump: Are we 'stumbling' into another war?

QiOSK

Senators Rand Paul (R-Ky.) and Jeff Merkley (D-Ore.) have co-written a letter to the White House, demanding to know the administration’s strategy behind the now-18 days of airstrikes against the Houthis in Yemen.

The letter calls into question the supposed intent of these strikes “to establish deterrence,” acknowledging that neither the Biden administration’s strikes in October 2023, nor the years-long bombing campaign by Saudi Arabia from 2014 to 2020, were successful in debilitating the military organization's military capabilities.

keep readingShow less

Trump transition

Latest

Newsletter

Subscribe now to our weekly round-up and don't miss a beat with your favorite RS contributors and reporters, as well as staff analysis, opinion, and news promoting a positive, non-partisan vision of U.S. foreign policy.