One of the dominant narratives today is that any time there’s a cyber attack or hacking incident, the bogeyman du jour is judged to be responsible. When China is the enemy of the day, we claim the Chinese did it. Sometimes we’ll claim North Korea did it. And today we claim that Russia is behind it.
Despite the lack of evidence that any state is sponsoring this hacking, blame always falls in some way on the government of the country from which the hacking is supposed to have originated. As a result of recent hacking and ransomware scandals, which led to gas shortages and shut down meatpacking plants, Russia has gotten a lot of blame for being responsible for or turning a blind eye to cyber crime. And President Biden decided to tell President Putin that the US has had enough.
Unfortunately, the way Biden went about it wasn’t the smartest. Biden claimed that during his recent tete-a-tete with Putin he gave Putin a list of 16 critical infrastructure areas that are off-limits for attack, whether cyber or otherwise, from energy to water and everything in between. The implications are twofold.
First, Biden presenting a list to Putin basically telegraphs that if any one of those 16 areas is attacked, the US could be brought to its knees. Talk about telegraphing your weaknesses to your enemies. Now that Putin knows those areas are off limits, he can feel free to inform anyone else he wants what those areas are. And if non-state hackers end up hacking those sectors, even with state support, Putin can deny he had anything to do with it, because who would be dumb enough to deliberately poke a thumb in the US’ eye after being warned?
Secondly, the list implies that every other sector is fair game for hackers, whether private sector or public sector. Or at the very least, it’s implied that attacking any other area won’t bring down the hammer on the hackers or any country supporting them.
While Biden may have been well intentioned, his execution was boneheaded and hamfisted. It seems like it was more an attempt to play to American voters by showing that he was “tough” with Putin than it was intended to actually send a message to Putin. So the next time a critical area of infrastructure gets hit by ransomware or hackers, just remember that President Biden may have given them the roadmap.