Home > Blog > United States facing multiple cyber offensives from state and non-state adversaries

United States facing multiple cyber offensives from state and non-state adversaries

by Scott Hickie

Comment

In November, Vice Admiral Michael Rogers, the commander of US Cyber Command, told the House Intelligence Committee that ‘state-sponsored hackers are looking to get into the sorts of systems that control critical infrastructure and embedding the capabilities to attack them’.

Rogers’ comments on the ability of one or two countries to turn out the lights in the United States came after a number of US government services and industries revealed details of cyber incursions.

In November, the US National Oceanic and Atmospheric Administration (NOAA) and US Postal Service acknowledged they had been subject to hacking campaigns during September. The cyber attack on NOAA caused limited disruption, but could have had implications for the country’s environmental intelligence. While no formal attribution has been made, Representative Frank Wolf (R-Va.) publically indicated that NOAA informed him privately that ‘bad actors’ based in China were responsible for the attack. The hack on the US Postal Service compromised data on 800,000 employees.

On 28 October, Security analysts Novetta produced a report on the Axiom Threat Actor, a group understood to be acting on behalf of the Chinese government. The group is reported to have undertaken hacking attempts against various governments, NGOs, media organisations, pro-democracy groups and several Fortune 500 companies over the last six years. The focus on targets in North America, Europe and East and Southeast Asia and the intelligence value of information obtained for Chinese domestic and foreign policies points to Chinese intelligence agency support for Axiom’s activities.

On 3 December, the Center for a New American Security released a report on China’s cybersecurity strategy. The report attempts to highlight opportunities for the United States and China to improve mutual understanding of motives, agenda and stakeholders in their respective cyber doctrines. The report suggests that China’s cybersecurity strategy is ‘driven primarily by the domestic political imperative to protect the longevity of the Chinese Communist Party (CCP).’ This may include using cyber capabilities to express dissatisfaction with foreign powers over maritime territorial disputes, gaining an understanding of an adversary’s military infrastructure and advancing alternative narratives of Chinese government activities. A November Australian Strategic Policy Institute paper on China’s superpower also raised many of these points, but focused on the economic warfare component of China’s cyber capabilities.

The US Department of Homeland Security also revealed that it suspected Russian sponsored hackers had infiltrated critical energy utility systems in a malware campaign called Black Energy. The malware is said to be similar to that used by Russian cyber-espionage group Sandworm, who allegedly targeted NATO and European energy companies earlier in 2014. Concern over Russian cyber activities was highlighted in FireEye’s October report on Russian cyber espionage operations and the APT28 threat group. Unlike Chinese cyber groups, which target specific companies holding key intellectual property that would enable Chinese industries to rapidly modernise, the Russian APT28 team appears more focused on gathering information related to governments, militaries and security organisations that would be of geopolitical benefit to the Russian government.

Assessment

Public disclosure of these high-profile cyber operations against US government agencies and corporate interests has likely influenced the White House in its response to the National Security Telecommunications Advisory Committee reports on the ‘internet of things’ (a proposed development of the internet whereby everyday objects have network connectivity) and cyber attacks on critical infrastructure. US President Barack Obama is likely to implement recommendations from the advisory panel that are aimed at improving planning for worst case cyber attacks and averting risks in the emerging internet of things.

This assessment is taken from our remote-control warfare briefing for December 2014.