Opinions
2019.06.18 08:59 GMT+8

U.S. cyber attacks on Russia's power grid plays with fire

Updated 2019.06.18 08:59 GMT+8

Editor's note: Li Zheng is an associate research fellow at the China Institute of Contemporary International Relations, Institute of American Studies, and director of the American Security Center, Institute of American Studies. The article reflects the author's opinion, and not necessarily the views of CGTN.

Recently, the New York Times disclosed that the U.S. Cyber Command has launched a network penetration of the Russian power grid. The U.S. cyber force has taken a more aggressive stance, installing malware in the Russian power grid, threatening to ignite these "hidden bombs" when necessary to cause damage to the Russian power grid. This report is likely to cause concern in countries around the world, including China and Russia. This means that the U.S. is taking the lead in breaking through the taboo of cyber militarization and directly threatening the security of other countries' critical infrastructure.

The behavior is very dangerous and may lead to unpredictable chain reactions. The power grid is the most important critical infrastructure in a country. Attacking the grid will not only lead to power outages and social panic, but also cause more serious issues such as water supply disruption and even nuclear power plant failures. Attacks on a power grid are nearly seen as an act of war and are likely to trigger retaliation. It is widely believed that Russia also has the ability to attack the U.S. power grid, which will trigger the first cyber war between major powers.

A customer waits while a cashier jots down his bill. Many businesses have turned off their digital tills after cyber attacks on businesses in Ukraine, June 27, 2017. /VCG Photo

Compared to traditional war, cyber war is less subject to political constraints and more likely to have disastrous consequences. The New York Times reported that the Trump administration signed a confidential National Security Presidential Memorandum in 2018, authorizing the head of the U.S. Cyber Command to launch a cyber attack without the president's approval.

This kind of authorization implies a huge risk, as U.S. cyber forces could potentially launch cyber attacks without the authorization of Congress and public supervision, and cyber attacks may trigger war. Also, because the public may not be clear about the truth, a war caused by cyber attacks could cause greater social panic, and conflicts may escalate rapidly under the people's stress response.

Based on the risks, the academic community believes that a country should be very cautious in launching cyber attacks, especially cyber attacks on critical infrastructure. The U.S. government has also proposed that cyber attacks against critical U.S. infrastructure will be regarded as acts of war, and the U.S. will respond in a manner that includes strategic weapons. It is not known whether the U.S. fully assessed the risks before commencing cyber operations on the Russian grid.

Russia's President Vladimir Putin (R) delivers a speech at the International Cybersecurity Congress in Moscow, Russia, July 6, 2018. /VCG Photo

The actions of the U.S. will undermine the international community's efforts in cyber arms control. Technically, since cyber attacks are easier than cyber defenses, countries are reluctant to limit their cyber weapon capabilities in order to avoid a downside in potential cyber conflicts. Restricting the scope of cyber attacks is a more feasible way to implement cyber arms control than limiting the types and functions of cyber weapons. The U.S. had previously made a commitment that it would not be the first to use cyberweapons to cripple the other's critical infrastructure during peacetime. The U.S. has violated its previous position, which will greatly damage the mutual trust between countries on this issue.

Planting malware in Russia's power grid also undermines the international community's trust in U.S. industrial internet products. From previous cases, the power grid control system is often attacked by an entity from the country that makes its internal products. Therefore, if a country's critical infrastructure is equipped with U.S. industrial internet devices, these devices could be controlled by U.S. cyber forces more easily. Some devices may even have backdoors and Trojans installed from the factory.

U.S. cyber penetration could cause more countries to issue warnings on the security risks of U.S. industrial internet products. Recently, the Chinese government announced that it will establish a national technical safety management inventory to protect critical infrastructure safety, which is likely to be emulated by more countries.

(If you want to contribute and have specific expertise, please contact us at opinions@cgtn.com.)

Copyright © 

RELATED STORIES