For the owners and operators of the Colonial Pipeline, the resumption of normal operations following an attack of ransomware probably brought little pleasure. Not least because, according to an official, they had paid up to $5 million to the attackers in ransom in the process. But to have one’s business entirely paralysed in this way is not so much a wake up call, as it has been fashionable to call it, as a time to get serious.

Instead, it is a notice of near-term danger. These sorts of attacks are often linked, either speculatively or directly, to states — and hacks of large American software and companies are normally attributed to expansionist foes like Russia and to China. To think, this one was apparently done by amateurs.

The amateurs may not be state-sponsored, but they are still a problem. The group is apparently called DarkSide and specialises in a form of cyber-criminality. The Biden administration is at pains to say that it has links to the territory, if not the government, of Russia. DarkSide itself claims to be shutting down in light of attracting rather a lot of unwelcome attention. but where it went, other groups will travel. And where amateurs tread, the professionals employed by states are soon likely to be.

The Colonial attack seems to have taken 45 per cent of the region’s petrol distribution offline almost by accident. An accident this time, but likely a vision of the future. State actors would likely attack the same targets with a little more deliberateness. In domains other than natural resources, the cyber wargames of states have had a good deal of recent success.

Chinese theft of American intellectual property is a continual bugbear

The hacking of Microsoft Exchange Server which came to light earlier this year is a salient example. The attackers, profiled as being unusually persistent and aggressive, are said to have accessed the emails and internal communications of up to 30,000 American organisations. This is very likely an underestimate, just as the scale of earlier hacks and breaches tends to grow in the rear-view mirror. It took rather a while for the scale of the hack of Equifax in 2017, and the theft of data from over 100 million people, to be glimpsed. There is barely a ceiling to the numbers of people and businesses these attacks could affect. 

Microsoft and security companies publicly blamed the Chinese state for the hack of the Exchange software. The nature of the attack — with its internal persistence and aggression, and its signs of sophisticated prior coordination suggests more than the opportunistic ransomware attacks on the Colonial Pipeline and of the sort which have occasionally bedevilled British hospitals and much of the Ukrainian internet and economy in the past half-decade. In those cases, if the hackers themselves are to be believed, they were merely fishing for some cash and found they had paralysed states and countries by accident.

State attackers are more tenacious, more targeted, and more destructive — in narrow terms, and in the broader analysis of national security. Chinese theft of American intellectual property is a continual bugbear that has given an unreasonable advantage to an economic competitor. But when Russia appears to have attempted to hack into the research programmes of the British state, American companies and further afield last year, to steal research as each fought against the covid pandemic — including the data of and research into potential vaccines — it is hardly difficult to see the national security threat all this could pose.

Whatever it is that amateurs can do, the threat from hostile states is infinitely greater. State-funded cyberwarfare is better resourced and unshackled from the motive of making a buck. It can be more insidious or more broadly destructive. It can steal essential information without appearing to have done anything, or it can wreck general chaos with aplomb. China is claimed to be behind a cyberattack which caused blackouts in Mumbai amid rising tensions with India, fitting rather nicely any objective of threatening pandemonium.

Whatever it is that amateurs can do, the threat from hostile states is infinitely greater

With much of China’s funding for cyber warfare completely off the books, and possibly supplementing China’s official military spending quite handily. This is  something alluded to by Matt Pottinger and H. R. McMaster, formerly of Donald Trump’s National Security Council and in a position to know, in a recent discussion for the Hoover Institution. Both were bullish on the subject of America’s ability to win any confrontation with China across a “full spectrum” of theatres, be they land, sea, air, space and the cyber world. But one could detect a little nervousness for both in the latter category.

We ought perhaps to update our assumptions of how much China is spending to outmatch and overawe the United States in conventional military strength.

The Trump administration’s National Security Strategy, a document prepared in 2017, noted that through cyberwarfare, “adversaries could disrupt military command and control, banking and financial operations, the electrical grid, and means of communication”. Government networks are not immune from the same attackers, the document stated, and must therefore be protected by layered defences, more secure networking, and the real world interruption of cybercriminal enterprises. This might prove difficult in the face of an adept and richly-resourced Chinese cyberwarfare division.

With many of China’s efforts to attack American companies being missed and concealed, and therefore not even arriving in the public domain, this is the front in American and Chinese pseudo-conflict that many in the US and Europe neglect to think about. Increased wariness of the growing risk this presents may be one positive consequence of a ransomware attack pulled off by some apparently repentant Russian criminals.