Please read the article in the link https://www.wired.com/story/russia-cyberwar-escalation-power-grid/. How do you think the U.S. can deter or prevent Russian aggression? To what extent should the U.S. use offensive cyber operations against Russia? Or should it ever choose this option?
While I don’t believe that the U.S. can fully prevent Russia’s aggression, there are ways to deter punishing cyber-criminal groups, imposing sanctions, and making cybersecurity improvements on U.S. infrastructure are far more efficient methods for deterring Russian cyber-attacks than using offensive cyber operations.
Due to disinformation campaigns being one of Russia’s most powerful cyberspace tools, they should be a primary target for minimizing their aggression. This can take the form of informing the public about disinformation campaigns and the methods used to manipulate beliefs. Another way could be to enforce terms of service policies on social media sites to remove blatant forms of disinformation.
Punishing cyber-criminal groups that have ties to Russia can be another way to mitigate aggression. It not only gets rid of groups targeting the U.S., but it can also deter Russia from using them as an avenue for offensive cyber operations. While there is difficulty in serving legal punishment due to different frameworks and security tools like VPNs hiding IP addresses, if groups continue to be caught, it can partially alleviate the problem.
Next, imposing sanctions on Russia can restrict aggression from multiple angles. From a financial perspective, it limits the amount of resources generated and strains the current resources available for offensive cyber operations. Furthermore, from an international perspective, it can force countries to alter their actions after breaking laws and taking offensive action, which can apply to their offensive cyber operations.
Finally, investing in cybersecurity practices for U.S. infrastructure can deter Russian aggression via difficulty. According to the article, since the U.S. houses a more digitized economy and structure, a powerful enough cyberattack makes the country vulnerable. However, if sufficient investments were made into that digitized economy to secure it, it would deter Russia’s aggression due to not being a feasible target.
Regarding the extent of U.S. offensive cyber operations, they should be utilized, but to a minimal degree and primarily in retaliation to attacks. Referring to the article, due to how the U.S. Cyber Command implemented malware into Russia’s power grid, the possibility of Russia interpreting that as an attack would have the U.S. be at fault by choosing to act first as opposed to waiting. While I think the U.S. has plans that can work, using offensive cyber operations should be one of the final measures to counteract aggression from other countries.