Tim Culpan

The US Opens a Risky New Front in Cyberdefense

A US operation to secretly remove malware from networks at home and overseas highlights the new front Washington is opening in its approach to global cyberdefense. It’s a much-needed strategy, but one that ought to be handle delicately if the US is to maintain the cooperation necessary to keep pulling off such sneaky maneuvers.

The US and its allies found malicious code developed and planted by Russia’s military intelligence agency, the GRU, in thousands of devices worldwide, Attorney General Merrick Garland revealed Wednesday. The US and other nations have been on the alert for the possibility that Russia would conduct cyberattacks on businesses or critical infrastructure to retaliate against sanctions over the war in Ukraine.

But the mission disclosed this week went further than identifying where malware had turned up. According to the New York Times, secret court orders allowed the US to remove the malicious software from Russian control by taking steps that included entering corporate networks without the companies’ knowledge.

It’s a big shift from the time when Western governments mainly portrayed themselves as victims of hacking, incapable or unwilling to counter cyberthreats by intruding into foreign systems. The new proactive approach, including publicizing what authorities are doing to try to preempt attacks, reflects the realities of modern cyberwarfare.

What’s remarkable about this operation is the decision to surreptitiously enter companies’ computer networks. It’s one thing to have the police show up to your house when you aren’t at home to investigate and detain an intruder. It’s another thing entirely to cart away the intruder and never tell you about it. While US allies might not mind, corporations both foreign and domestic could be forgiven for being alarmed at the prospect of US authorities secretly rummaging around in their computers hunting for malware, even if it’s for a good cause.

The US is able to get away with such maneuvers because its cybercapabilities are so robust, and its relationship with partners so close, that it has built up trust and respect. The strongest of these links is the Five Eyes alliance — Australia, Canada, New Zealand, the UK and the US — in which intelligence is collated and shared.

Given the admission that it worked with allies, it’s unlikely that the US intruded into overseas networks without those partners being aware. Still, foreign governments might have been unable to stop them, even if they wanted to. One reason is the importance of speed and secrecy in such operations. Once malware is found and a decision made to remove it, a team will want to work quickly and meticulously so as not to alert the adversary or spark them into activating the software’s nasty payload.

“No government would offer carte blanche, in-advance approval, but I could imagine the conversation would be such that they communicate and act if they spot malware in a partners’ network,” said Greg Austin, senior fellow in cyber, space and future conflict at the International Institute for Strategic Studies in Singapore.

That kind of collaborative approach is important not only to carry out the operation, but to keep partners amenable to further cooperation. Governments don’t like allowing outsiders, including friends, to encroach on their territorial sovereignty even in cyberspace.

Washington’s eavesdropping programs have come under scrutiny in the past, with its ECHELON signal interception system — whose existence was first revealed by a National Security Agency whistleblower in 1972 — being investigated by the European Parliament 20 years ago. Although European governments were powerless to halt such overarching surveillance, suspicion grew and detractors — including Russia and China — were given further ammunition to call out the US as an untrustworthy hypocrite.

With the US once again demonstrating its extraordinary ability and willingness to exercise power beyond its own borders, there is greater risk that it will go too far and alienate the like-minded nations it relies on to combat incursions from malevolent actors.

Russia’s war on Ukraine has become another opportunity for the US to show its incredible cyberstrength. But with such power comes great responsibility, and even its friends will be watching.