“Those whom the gods
wish to destroy, they first make mad.”
- ancient Greek saying, wrongly attributed to Aeschylus
The
New York Times ran a
story on Saturday that starts with the sentence “The United States is stepping up digital
incursions into Russia’s electric power grid in a warning to President Vladimir
V. Putin and a demonstration of how the Trump administration is using new
authorities to deploy cybertools more aggressively, current and former government
officials said.”
The story
goes on to discuss how government cyber warriors have implanted malware in the
Russian grid – and for that to be able to do any damage, it has to be on
control networks. Of course, there have been multiple reports that the Russians
have planted malware in US control networks, including:
- The 2019 Worldwide
Threat Assessment, prepared by the Director of National Intelligence,
the FBI and the CIA. While the WTA doesn’t directly say the Russians are
in electric utility control networks, it does say they’re in a position to
cause multiple outages at will, which means the same thing;
- Vikram Thakur of Symantec, quoted in a January article
in the Wall Street Journal, where
he said that at least eight utilities had been penetrated at the control
network level; and
- Chris Inglis, formerly deputy director of the NSA, who said
recently that over 200,000 “implants” (the same word used in the NYT
article, meaning malware) had been planted in water, natural gas and electric
power infrastructure (presumably at least some of those in control networks
of electric utilities).
To be
honest, I would have been surprised to hear that the US wasn’t doing this to the Russians, and I’m glad they are. But the
question is: What is the purpose of doing this?
Of course,
there’s a very obvious reason for planting malware in the Russian grid (discussed
at length in the article): Since the Russians have malware in our grid and
could cause outages whenever they want (if the CIA and FBI are to be believed),
the knowledge that we’ve done the same thing to them will make them much more
hesitant to pull the cyber trigger on us. So we’re protecting ourselves, just
as our huge nuclear missile and bomber fleets have so far protected us from
nuclear attack from Russia (and previously the Soviet Union), under the
Mutually Assured Destruction principle, also known as MAD.
But there’s
a big difference between nukes and cyberattacks. A nuclear attack on anywhere
in the US, even the middle of some desert, is totally unthinkable. There’s
literally no risk we will accept that would open up the possibility – even if
very very very small - of this happening. This means we will absolutely never
launch a first strike against Russia, since we could wipe out the whole
country, but their nuclear submarines would still survive to destroy most of
the US. And the Russians will never launch a first strike against the US, for
the same reason (of course, a dictator who doesn’t care about his countrymen
might do that, if cornered. Kim Jong-un comes to mind here).
But a
cyberattack isn’t at all unthinkable. A lot of these have been launched by
state actors (including us, of course); the NotPetya attack caused $10 billion
in damage worldwide (question 1: Who was responsible for that? Answer: Without
a doubt, Russia. Question 2: Has Russia been in any way held responsible for
this, or is there even any likelihood that they will be? Answer: You gotta be
kidding! The same goes for the Malaysian airliner that was downed over the
Ukraine in 2014, the cyberattacks on the Ukraine, etc. Do you notice a pattern
here?) – yet we’re still able to go to the grocery store, write blog posts, etc.
Of course, some people will die in a cyberattack on either our or Russia’s
grid, but tragedies happen every day. Neither the US nor Russia considers a
grid cyberattack to be an unthinkable event.
Of course,
the Russians certainly wouldn’t launch a cyberattack on the US grid
willy-nilly. But they might do it due to some provocation, such as our killing
Russian troops in Syria. When they were attacked, US forces killed about 100 Russian mercenaries in Syria
last year, but the courageous Mr. Putin pretended that they weren’t really
Russians and didn’t take any measures against us (way to stand behind your
guys, Vlad!). If it had been regular Russian troops or say airmen, Putin would
have felt compelled to respond in some way. Or perhaps if the US directly aided
a new offensive by the Ukrainians to drive the Russians and their allies out of
the Donbass region of the Ukraine – again, Putin would probably feel compelled
to respond in some serious way, like causing blackouts in the US.
So let’s say
the Russians black out a few major cities, although probably just for a few
hours. What will we do then? The article makes it pretty obvious that we’ll
probably launch a similar attack against the Russians. And given that their
grid is less redundant and resilient than ours (and we’ll naturally want to
cause more damage than they caused to us), it will probably be more destructive
and kill more people. So what’s Russia going to do then? I’d say there’s a
pretty good chance they’ll strike back. They might launch a broader
cyberattack, perhaps hitting water and/or natural gas pipelines (although I
find it hard to believe that a cyberattack alone could cause a serious natural
gas disruption. However, water supplies are a bigger concern). And since real
Russian civilians would presumably have been killed by our retaliatory cyber
strike, they might even launch some sort of very limited military attack, which
would kill even more US civilians and military personnel.
I think you
see where this is going: Once the conflict moves into the military phase, it
becomes very possible that a “limited” nuclear strike will be launched, perhaps
on a US military base overseas, so it doesn’t kill a lot of US civilians. But
then we launch a bigger nuke strike, and sooner or later we have a full nuclear
exchange and that’s the end of civilization.
Of course,
hopefully cooler heads will prevail and someone will step in and talk some
sense into both participants before the confrontation goes that far. But that’s
not enough. Sometimes, during a period of high tension, the word to stand down might
not get through to every officer with nuclear weapons under his command. One
guy thinks he’s doing the right thing, presses the button, and…
Which brings
me to a good true story – events before and during the
Cuban Missile Crisis
in 1962. What set the crisis off was probably the US invasion of Cuba at the
Bay of Pigs in 1961, along with the US installation at around that time of
Jupiter nuclear-armed missiles in Italy and Turkey, aimed at the Soviet Union.
The Soviets decided to retaliate by installing similar missiles in Cuba, where
they were detected by a U-2 spy plane. President Kennedy then escalated the
conflict by declaring a naval blockade of Cuba. But even though the Soviets
moved a number of vessels into the waters around Cuba, there was no conflict.
The Soviets backed down and removed the missiles, followed by the US removing the
Jupiter missiles from Turkey and Italy. Nobody dead, not a shot fired in anger. Seems to be a textbook case on how a
well-controlled (on both sides) military confrontation can produce a
satisfactory result for both parties, right?
No, that’s
not right. The full story came out after the fall of the Soviet Union, showing
how close the world came to Armageddon. It seems one of the submarines that the
Soviet Union deployed to Cuba during the crisis was the target of depth charges
foolishly dropped by a US Navy vessel, which was trying to get the sub to
surface so it could be identified. The problem is that this sub had lost all
communications with the outside world because of its depth, and the two
commanding officers (one was actually the political officer that traveled on
all Soviet naval vessels) reasonably believed that open war had broken out, and
the depth charges were meant to destroy them.
This sub had
nuclear torpedoes on board (only the US had submarine-based
nuclear ballistic missiles at the time), and the two commanding officers
decided to use one of them to sink the US ship that was dropping the depth
charges. The Soviet navy’s protocol for using these weapons was that it
required consent of both commanding officers, which would normally have meant
the sub would have fired the missile. However, it happened that the commander
of the flotilla also happened to be on the submarine (this wasn’t normal), and because
of this, his approval also was required. This man, Vice Admiral
Vasily
Arkhipov, wouldn’t approve of the launch; the sub surfaced and was recalled
to the Soviet Union.
It turns
out, it was very fortuitous for the human race that Arkhipov was on the sub at
the right time. As it happened, there was a cabal of hotheaded generals at the
Pentagon (including Gen. Curtis LeMay, who later would run for Vice President
with George Wallace, and was reported to have advocated nuking Vietnam). For them,
the nuclear strike on the US ship would have been like manna from heaven,
because it was an excuse to do what they had been advocating anyway: launch a
first strike on the USSR before the Soviets were able to deploy the
overwhelming number of ICBMs that the US already had in place (although the
Soviets still had lots of nuclear bombers and the US would probably never have been able
to block them all). They would have blamed Russia for the first nuclear strike
and used that excuse to launch their attack – which of course would have been
followed by retaliation from Russian bombers that were in the air at all times
during the crisis, as well as any land-based missiles that weren’t destroyed by
the US strike. So even though the US might have technically survived, even just
a few nuclear strikes on key cities would have made it a hollow “victory”
indeed (remember, the bombs would have been thermonuclear, vastly more powerful than the bombs that destroyed Hiroshima and Nagasaki). And of course the fallout would have killed many more people, in the US
and the Soviet Union as well as in adjacent countries.
The moral of
the story? I suppose it’s good clean fun to deploy a bunch of malware on the
Russian grid, to match (and maybe more than match) the malware the Russians
have planted on ours. But actually retaliating against a grid attack with a
grid attack of our own could very well lead into the military realm, which
could then easily lead into the nuclear realm. And even though the controls on
nuclear weapons are supposed to contain their use until the president has made
the decision to use them, there can never be 100% certainty that those controls
will hold.
If the
Russians actually do bring down part of our grid, instead of retaliating in
kind, we should turn to tools like sanctions, which seem to have caused a lot
of real pain for Mr. P and his cronies. The only problem with the sanctions on
Russia so far is that they haven’t been deployed at anywhere near the level
they should be. For example, once it became clear that the Russians were
responsible for shooting down Malaysia Airlines flight 17 (and a Russian
parliament member admitted that about two weeks after the incident), I think
Russian planes should have been banned from all international airspace until
the Russians had admitted their involvement and paid full reparations to all of the 300
victims’ families, as well as to the Netherlands and other countries who lost
their nationals or were otherwise affected. Of course, five years later the
Russians have paid exactly $0.00, and I know of no current action to change
that situation.
If instead
of sanctions, we retaliate against a Russian grid cyberattack on the US with a
similar or greater attack on the Russian grid, we can be sure the Russians will
retaliate for that, then we’ll retaliate for that strike, etc. This will likely
escalate to military retaliation and then, even though the US and Russian
leaders will hopefully behave responsibly, we’ll just have to pray that no US
or Russian general or admiral anywhere in the world, on the land, sea or air,
will become confused at the heat of the crisis and do something they shouldn’t
do. But what could possibly go wrong?
Any opinions expressed in this blog post are strictly mine
and are not necessarily shared by any of the clients of Tom Alrich LLC. If you
would like to comment on what you have read here, I would love to hear from
you. Please email me at tom@tomalrich.com.