Yesterday, Russia accused the British Warship, Defender, of trespassing their territorial waters. The British however, not acknowledging Crimea as a legitimate territory of Russia, acknowledge otherwise:
‘We don’t recognise the Russian annexation of Crimea – it was illegal. These are Ukrainian waters and it was entirely right to use them to get from A to B.’ said Boris Johnson
The news came shortly after the G7 summit and the Biden-Putin meeting at Geneva, where tensions between the East and West were thought to have rekindled. At Cornwall, the leaders of the member states agreed on their interest in creating ‘stable and predictable relations’ with Russia. In hindsight, their attempt to do so seems to have quickly fallen short.
Wednesday last week, US President Biden and Russian President Putin met in a four-hour-long meeting to discuss the future of their diplomacy – especially ones evolving in the cybersphere. Since the 2016 Presidential election, Russian hackers have targeted American citizens and their democracy. Biden saw this meeting as an opportunity to address this problem. The question is: How well did he do?
From climate change to the territorial integrity of Ukraine, the two leaders exchanged views on their future relations. This is especially true for Biden when it comes to protecting his democracy against Russian cyberattacks that have been occurring more frequently this past year:
Last December, Texas-based tech firm, SolarWind, became a target of a data breach – which many have blamed the Russians for. The hackers did so by installing a code into the company’s software, leaving 18,000 of their high-profile members vulnerable to the hack. Their members include US agencies – including parts of the pentagon, and private companies like Microsoft, Cusco, Intel and Deloitte.
Last month, Russia-based ransomware group DarkSide, shut down the Colonial Pipeline, triggering a run on petrol supplies. Consequently, as many as three-quarters of fuel stations in North Carolina were left without petrol.
In the same month, JBS, the world’s largest meat processing company, was hacked by another Russia-based ransomware group REvil. The cyber-breach led to a global weekend shutdown of JBS operations: around 7,000 workers in Australia were stood down with 3,000 more in the US and Canada having their shifts cancelled.
With a list of ongoing cyberattacks, how is Mr Biden going ahead in repairing his “virtual relationship” with Russia? Before the meeting, Biden was thought to have adopted a softer stance on Russia as he initially agreed to Putin’s suggestion of a (cyber)prisoner swap. However, this stance was quickly abandoned; The US has become more transparent about their cyber capabilities and Mr Biden does not seem to be modest about it:
“[I]f, in fact, they violate these basic norms, we will respond with cyber. He knows”
Additionally, Biden also warned of invoking Article 5 which was discussed and agreed ahead in the G7 summit:
“… the Alliance is determined to employ the full range of capabilities at all times to actively deter, defend against, and counter the full spectrum of cyber threats, including those conducted as part of hybrid campaigns, in accordance with international law. We reaffirm that a decision as to when a cyber attack would lead to the invocation of Article 5 would be taken by the North Atlantic Council on a case-by-case basis.”
As seen from the G7 Communique, cyber warfare is not just a two-party conflict. Countries from around the world have felt the attacks from the Russian cyber forces. This was especially true as the pandemic has led to the rapid digitalisation of information: from private healthcare to vaccine development information.
July last year, Foreign Secretary Dominic Raab issued a press release condemning the Russian Intelligence Services, which have been collecting information on vaccine development and research into the COVID-19 virus. The same issue was reported by the Canadian Communication Security Establishment (CSE), the US Department for Homeland Security (DHS) Cybersecurity Infrastructure Security Agency (CISA) and the National Security Agency (NSA).
Three months later, a Microsoft blog post warns of many more cyberattacks coming from three nation-states actors and targeting seven key companies in research for the COVID-19 vaccines. The targeted pharmaceutical companies and vaccine researchers were mostly in their clinical trials and based in Canada, France, India, South Korea and the United States. The tech giant believes that the attacks originated from Russia and South Korea. Tom Burt, Corporate Vice President, Customer Security and Trust, wrote in the blog post that:
“Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials. One is a clinical research organization involved in trials, and one has developed a Covid-19 test. Multiple organizations targeted have contracts with or investments from government agencies from various democratic countries for Covid-19 related work.”
Early last month, the Irish minister for public procurement and eGovernment reported the ‘most significant (cyber attack) on Irish state’ as Conti, ransomware thought to be based in Russia, hacked into the country’s health system. The cyberattack was responsible for the suspension of various services from X-ray to mental health prescriptions and stole 700GB of data.
Where does this leave us, as citizens, and our privacy?
As cyberattacks become more frequent, the world responded with an army of cyber task force security; For example, the National Cyber Security Centre (NCSC) was launched in October 2016 to combat cybercrimes, along with other cyber-focused agencies such as the CESG (the information assurance arm of GCHQ), the Centre for Cyber Assessment, CERT-UK, and the Centre for Protection of National Infrastructure.
In the US, the Cybersecurity and Infrastructure Security Agency (CISA) was founded in 2018 with a similar mission to “Lead the National effort to understand and manage cyber and physical risk to our critical infrastructure.” In 2020, they managed to minimise the spread of disinformation regarding COVID-19 and the 2020 presidential election.
Even private firms have decided to take action; in April, Microsoft announced the making of AccountGuard, a threat notification service, available to healthcare and human rights organisations working on Covid-19.
President Biden remains strong on his action against cyber crimes – but will the EU and the UK take a similar stance?
In last week’s EU meeting, German Chancellor Merkel and French President Macron proposed a meeting with Russia – surprising other members as talks with Russia have halted since they announced their annexation of Crimea in 2014. Not surprisingly, the proposal was quickly turned down with other members leaving the German Chancellor disappointed:
“I would have wished for a more courageous step”
Though bad news for Merkel and Macron, other European members see this as a tough stance towards Russia. Aware of their previous behaviours from cybercrimes to gas supply curbs, a senior research fellow on Russia at the Polish Institute of International Affairs commented:
“The French perspective is for us quite naïve and dangerous for Europe as a whole … We’d be giving up values, support for democracy, civic society, Crimea. Everything Putin did, just after a meeting, will be gone and forgotten.”
Tensions between the East and the West have soured this past year; from cybercrimes, to bomb warnings and curbing of gas supply – a friendship pact with Russia seems like a reach for now.
However, the Biden-Putin talks in Geneva and the actions that are taken in response to growing cyber-attacks indicate that the West and East virtual relationship might get a little better in the future.
About the Author: Annisa Kumaladewi
Annisa Kumaladewi is a contributing current affairs Features writer. Her expertise lies in current affairs in the Asian diaspora, Indonesian history and World political philosophy.