US offensive cyber security strategy draws fire on itself
Published: May 12, 2021 04:43 PM
File Photo: VCG

File Photo: VCG

The US' largest fuel pipeline Colonial Pipeline recently was forced to shut down after a ransomware cyber attack, cutting off supply for eastern coastal states. For the first time in history, the US entered a state of national emergency caused by a cyber attack.

Less than six months ago, hackers exploited the loopholes in the systems developed by the American software company SolarWinds to attack major US government agencies, including the departments of homeland security, defense, and commercial, causing the most serious breach in US history.

These events have repeatedly reminded us that even the US, which has the most powerful cyber security capabilities and the most complete cyber security system in the world, is not immune to cyber attacks. This shows that global cyberspace security is still in a state of chaos.

With its unique advantages in cyberspace, the US government has long pursued an offensive cyber security strategy and has always focused on the development of offensive cyber weapons. The US has seriously overestimated its ability to control offensive cyber weapons and underestimated the difficulty of cyber defense. The US has focused on intensifying conflicts with countries like China and Russia and seriously underestimated the power of non-state actors. The US has overestimated the benefits derived from its offensive strategy and underestimated the damage and costs brought about by the chaotic cyberspace.

Adhering to the spirit of openness, American internet pioneers established the internet and promoted its globalization. However, in the 21st century, the US has transplanted geopolitics and Cold War mindsets into cyberspace. In May 2017, the WannaCry ransomware erupted on a large scale, attacking nearly 100 countries around the world. EternalBlue, the tool used by the hackers was leaked from the US National Security Agency's cyber weapon division. The offensive cyber security strategy of the US directly endangers all countries in the world. 61 percent of organizations experienced ransomware related disruptions in 2020, according to a recent survey.

The Colonial Pipeline cyber attack which triggered state of national emergency in the US indicates prompting concerns that cyber risks are rapidly becoming reality. The threat of cyber attacks on critical social infrastructure related to the national economy and people's livelihood has reached a new height. Traditional cyber security technologies and institutional systems, and even the US cyber security offensive strategy and defensive model are facing disruptive effects. As the population of world's internet users has reached 5 billion, an efficient and linked global cyber security governance system is in urgent need to be formed.

For starters, the US' offensive strategy has become the biggest source of chaos in the global cyberspace. The US continues to portray China, Russia and other countries into rivals, creating division in cyberspace. With the continuous rise of supranational non-international actors such as internet super-platforms and transnational hacker organizations, it is simply difficult to build a complete defense system solely relying on the US or with its allies.

Second, dominating public power and public resources, governments of all countries should be the "gatekeepers" of network governance and network security. However, the US has long been repelling other countries to play important roles in cyber security affairs and resisting the UN to play a leading and coordinating role in global cyberspace. Coupled with the leakage of the US security agency's cyber weapons and the interest relationship between the US government and hacker organizations, the US inevitably draws fire on itself.

Therefore, every cyber security incident in the world is constantly escalating an overall level of threat. These are the consequences of the hegemony countries' long-term attempts to promote the politicization, militarization and division of global cyberspace. Only when countries committed into cyberspace, can the global cyberspace establish a basic order, effectively combat various cybercrimes, and have common security.

If the US does not change its muddled approach, cyber threats will not decrease, and the trend of cyber security upgrades will not be reversed. Only when countries get out of a narrow geopolitical mindset, can the world escape a zero-sum reality. Only in this way can the US and the world make breakthroughs in cyber security issues. Only open cooperation is the way to ensure network security.

The author is director of the Center for Internet and Society at Zhejiang University of Media and Communications and founder of Beijing-based technology think tank ChinaLabs.