Big Picture:

The unprecedented expansion of computers, mobile phones, the internet and digital applications has opened new doors for cybercriminals to exploit and inflict economic and political damage. Over the past 20 years, Russia has perfected the use of the cyberspace to execute its malicious activities, and continues to grow due to the rapid advancements of technology and novel attack algorithms and mechanisms. The Russian cyberattacks on the U.S. power grid infrastructure and the recent attacks on the U.S. Federal Government Agencies demonstrate the extreme level of imminent threat Russian cyberattacks pose to the national security of the country. The U.S. has failed to properly take preventive and defensive measures to counter and mitigate the effects of many cyberattacks it has faced in the past few years. 

Operative Definitions:

1. Cyberattacks: Deliberate and offensive activity by an individual or organization in the cyber realm in an attempt to breach computer systems, networks, and infrastructures to gain unauthorized access, steal data, disrupt and deny access to services, or destroy the host environment. 
2. Types of Cyberattacks: Cyberattacks range from exploiting existing security vulnerabilities, denial of service attacks, internet surveillance, phishing and spear phishing to spyware, ransomware, and scareware, which are sub-families of malware. 

Important Facts and Statistics:

1. The cyberattack linked to the Russian hacker group “Cozy Bear” in 2020 is among the most sophisticated cyber attacks of all time and is believed to have infected more than 17,000 customers of SolarWinds, a major U.S. information technology firm. The Department of Defense, State Department, Treasury Department, the U.S. Military, and hundreds of universities and colleges were affected by the attack.
2. Global cyberattack damages are estimated to have reached $6 trillion in 2021, and since the U.S. is a favorite target for hackers, it bears the majority of costs and damages. 

Four-Point Plan:

(1) Balance the offense-defense cyber mechanisms. The U.S. has historically prioritized offensive over defensive cybersecurity. This has led to fewer resources allocated to the defensive mechanisms, causing U.S. cyber defense systems to remain vulnerable. The U.S. must adopt a short-term defense-dominant strategy to reinforce cyber defense systems and stabilize the offense-defense balance. The current cyber defense systems and networks must be updated to the latest security technologies with the help of private vendors. This also includes implementing effective threat intelligence programs, detailing security policies, enabling encryption at all points and regularly testing the systems for exploits and vulnerabilities. This approach is not only effective against Russian cyber aggression, but also for the overall health of the American cybersecurity system. 

(2) Raise awareness and educate the general public and employees. Humans are the weakest link in the cybersecurity chain. Cyber attackers in general, including the Russian hackers, increasingly rely on social engineering techniques to entice employees and individuals into visiting a malicious website, executing a malware or simply clicking on an ill-natured URL. People, regardless of their work sector, must be educated about the latest cyber threats in order to mitigate the destructive effects of cyberattacks. As the U.S. is progressing towards further digitization, universities must start requiring a digital security course as part of their core curriculum. Similarly, organizations both in the government and non-government sectors that rely heavily on computers and network systems should offer cybersecurity training and education courses to their employees before onboarding. 

(3) Continue diplomatic talks and increase costs of aggression. Although Russia has historically proven uncooperative and insincere in keeping almost any of its diplomatic promises related to cyber peace, diplomatic talks cannot be ruled out. We shouldn't rely solely on them, but they are a cost and resource effective option. And the U.S. must continue increasing costs for Russian aggression in cyberspace through freezing financial assets, economic sanctions, etc. 

(4) Actively retaliate against Russian cyber aggression. This option may be criticized by some analysts, as it can potentially escalate the cyber warfare between the U.S. and Russia; however, the U.S. must engage in more persistent engagement and defensive strategies instead of passively waiting for the Russian hackers to intrude into the American cyber networks and infrastructure. Russian offensive capabilities are nowhere near the massive cyber offense arsenal of the U.S., and giving the Russians a taste of their own medicine can potentially counter their aggression.

Why This Initiative Is Important:

Russia’s aggression in the cyber realm poses an imminent threat to U.S. national security. From interfering in elections to attacking infrastructure and information technology sectors, Russia’s cyberattacks have inflicted enormous damage, which shows signs of rapid ultra-modern advancement. This initiative effectively and comprehensively checks the Russian aggression, while also reinforcing a more sustainable and functional cybersecurity system. 

Acknowledgements:

The following student worked on this proposal: Sayyed Hadi Razmjo, College of William and Mary. 

Sources:

"Cyberattacks." Global Security Mag Online. (2020, July 10). https://www.globalsecuritymag.fr /Germany-and-France-among-the,20200713, 100602.html.

Schneier, Bruce. "The US Has Suffered A Massive Cyberbreach. It's Hard To Overstate How Bad It Is." The Guardian, 2020, https://www.theguardian.com/commentisfree/2020/dec/23/cyber-attack-us-security-protocols.

"Top 6 Cybersecurity Predictions And Statistics For 2021 To 2025." Cybercrime Magazine, 2022, https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/.

"U.S. Government: Proposed Cyber Security Spending 2021." Statista, 2022, https://www.statista.com/statistics/675399/us-government-spending-cyber-security/.