On Monday, the Biden administration formally blamed China for a massive cyberattack against Microsoft’s email software that impacted tens of thousands of U.S. businesses, government offices, and schools.
In response to this attack, the Biden administration opted for the “name and shame” approach by calling out China and publicizing an advisory list of more than 50 different tactics used by China’s hackers to target the United States. You can imagine how shaken Xi Jinping and the dictatorship were by being “named and shamed.” They will accept that swap of action for words every day.
During Monday’s press conference, President Joe Biden revealed how weakly he is responding to the real threat of cyberwarfare – and how he fundamentally misunderstands what we are up against.
Speaking at the press conference, President Biden said, “The Chinese government, not unlike the Russian government, is not doing this themselves, but are protecting those who are doing it and maybe even accommodating them being able to do it.”
First, let’s be clear: citing senior officials, the Wall Street Journal reported on Monday that “The U.S. government has high confidence that hackers tied to the Ministry of State Security, or MSS, carried out the unusually indiscriminate hack of Microsoft Exchange Server software that emerged in March.” China’s Ministry of State Security is the equivalent of a combined CIA and FBI that is under the control of the Chinese Communist Party (whose power supersedes the government). There is no systematic activity happening in China that is against the wishes of Xi and the Chinese Communist Party. The western idea of separation between public and private spheres simply does not exist.
Second, President Biden’s overt response to this attack is not proportionate to the severity of the breach. After the SolarWinds attack gave Russia’s Foreign Intelligence Service hackers access to as many as 18,000 SolarWinds customers, including nearly a dozen U.S. government agencies, President Biden responded with sanctions and the expulsion of Russian diplomats.
But this more recent Microsoft hack was significantly more serious than the SolarWinds infiltration. Speaking to the Wall Street Journal, Dmitri Alperovitch, chairman of Silverado Policy Accelerator, said “The Microsoft Exchange hacks by MSS contractors is the most reckless cyber operation we have yet seen from the Chinese actors—much more dangerous than the Russian SolarWindshacks.”
Certainly, there could be covert operations underway that may never be made public, but the public response has ultimately created a double standard. Couple this double standard with Biden’s list of 16 sectors that are off-limits to hacking (creating the assumption that everything else is fair game) and the result is a weak, confusing, public-facing cybersecurity policy.
According to a February Gallup poll, 82 percent of Americans see cyberterrorism as a critical threat. Cyberterrorism is seen as a critical threat by more Americans than any other issue surveyed, including the development of nuclear weapons in North Korea and Iran.
As I write in my upcoming book, “Beyond Biden” (out in November), Americans’ concerns are well warranted considering the scope, scale, and severity of cyberattacks against the United States in recent months – and the direct impact these attacks have had on Americans.
In May, the Russian DarkSide ransomware attack took the Colonial Pipeline offline, which accounts for about 45 percent of the fuel supply on the East Coast. Also in May, the same Russian group that was responsible for the SolarWinds hack targeted 3,000 email accounts in 150 organizations as part of a “continuation of multiple efforts…to target government agencies involved in foreign policy as part of intelligence gathering efforts,” according to Microsoft.
In June, Russian hackers also forced the shutdown of nine beef plants in the U.S. and the same group then launched another attack against Kaseya in July, infecting nearly 1,500 organizations around the world. Importantly, experts noted that in the Kaseya attack, “The gang used a level of planning and sophistication closer to high-level, government-backed hackers, rather than a mere criminal operation.”
President Biden can stand at the podium and attempt to make subtle distinctions between rogue cyber gangs and government-sponsored cyberattacks. But we must ask ourselves the question: In two countries that are ruled by dictators — whose power is ultimately secured through surveillance, control, and suppression of dissent — how likely is it that such sophisticated cybercriminals act independently of the regimes?
Also, in order to effectively address the ongoing cyber threat, the U.S. must recognize that China’s and Russia’s approaches to warfare are fundamentally different than our own. For example, the 1999 Unrestricted Warfare publication by two Chinese military colonels concludes that there are “virtually infinite” new battlefields in modern warfare that erase the lines between soldiers and civilians. Similarly, according to a U.S. Army assessment, we have not identified an effective counter-strategy to Russia’s gray zone warfighting doctrine (or hybrid warfare), which operates between the zones of war and peace.
As the world becomes more digitally interconnected, and as high-value infrastructure targets reside within the private sector, the cyber warfare threat to America is dangerous, especially within the context of the changing geopolitical landscape.
This summer, Beijing and Moscow reaffirmed their commitment to strengthening their strategic partnership by extending their 20-year-old friendship treaty. Russia also agreed to sign on to China’s data security initiative, an effort that was launched in response to the Trump administration’s moves to restrict Chinese technologies that pose national security risks. Further, Russia and China agreed to cooperate on information security and to “continue to promote the construction of a global system.”
The goals of Gen. Sec. Xi and President Vladimir Putin to weaken and supersede the United States are clearly aligned. President Biden’s inability to respond firmly to these cyber acts of war only empower the Chinese and Russian dictatorships.
It’s time we get serious about fighting this invisible war.
• To read, hear, and watch more of Newt’s commentary, visit Gingrich360.com.