An Insight Into Digital Realpolitik

Saishya DuggalCyber Security

The best way to understand cyberpolitik is by evaluating the events that have underscored its importance: Stuxnet and beyond.

The word realpolitik often generates esoteric, perplexing worries in the mind of the average Joe, conjuring up images of an elaborate congress and combative political discourse. It’s me: I’m this average Joe. A little research, however, reveals a painfully less dramatic meaning. Very simply, realpolitik refers to nation-states making decisions based on pragmatic considerations over ideological or theoretical ones. For the longest time, realpolitik focused on economic, military, and political factors. Then, the Internet came along and commenced an era of cyberpolitik. Rothkopf accurately defines this as a time where “actors are no longer just states and raw power can be countered or forfeited by information power”. The best way to understand the phenomenon of cyberpolitik is by evaluating the events that have underscored its importance.

The Surprise of Stuxnet

In 2010, a malicious computer worm called Stuxnet was discovered, though its development dates back to 2005. The worm intended to disrupt or delay Iran’s nuclear program—specifically, it sought to affect the centrifuges that enriched uranium in the country’s nuclear program. After entering the system through a USB stick, the 500-kilobyte worm worked in three phases:

Firstly, it targeted all machines working on Microsoft Windows.

Then, it infected the machinery part of the industrial control system made by the Siemens Step7 software.

Lastly, it infected the programmable logic controllers (PLCs), which controlled the uranium centrifuges. 

Post discovery, there was widespread speculation about the worm’s makers. Several reports attributed it to the United States and Israel, arguing that a worm of such sophistication could not be made without the backing of a nation-state. Neither government has, however, acknowledged its suspected part in building the computer worm. 

Stuxnet, thus, became a premier example of covert cyberpolitik, pushing back Iran’s nuclear program by at least 2 years and bringing into light the immense potential of cyber warfare in sabotaging critical infrastructure over conventional forms of realpolitik. Fruhlinger succinctly articulates the importance of Stuxnet in international relations:

“..Stuxnet is significant because it represented the first widely recognized intrusion of computer code into the world of international conflict, an idea that previously had been in the realm of cyberpunk sci-fi”.

The Strike on SolarWinds

Another dimension of cyberpolitik is its associated attribution challenge. You never know for sure which nation-state authored a cyber attack, though speculation remains rife with claims and reports regarding likely perpetrators. Much like the Stuxnet case, the SolarWinds hack is not credited officially to any single nation-state, though most suggest Russia’s role and responsibility. 

In 2020, SolarWinds, a notable software company from the US, fell victim to a supply chain breach. Microsoft Corp President Brad Smith called this “the largest and most sophisticated attack the world has ever seen”. The company’s IT performance monitoring system, Orion, had a malicious code, Sunburt, inserted into it. This compromised the data of several thousand public and private organisations. Besides this, the hackers (called Nobelium by Microsoft) got access to emails from governmental agencies like the US Treasury and Justice and Commerce departments. 

The private company FireEye was the first to detect the attack. It had been infected with malware attached to a software update that SolarWinds unknowingly sent to it and other companies like Microsoft, Intel, Cisco, Deloitte, and government agencies.

The Cyber Unified Coordination Group (UCG), a task force made by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA), was the US response to the attack. It believed Russia to be the “likely” brains behind the attack. However, the Russian spy chief denied the country’s involvement in the attack. 

While Sunburst’s threat actor is suspected to be linked to Russia, China also became affiliated with this case when a report suggested that the SolarWinds bug was being used by the country to possibly spy on thousands of US government employees. The challenge of attribution in cyberpolitik reflected itself again in this incident. The Chinese government called this attribution a “complex technical issue” and lacking evidence, emphasising its stance as opposing all forms of cyber attacks and theft.

Conclusion: Operation Aurora and Others

Cyberpolitik is peppered with innumerable examples of nation-states suspected of being perpetrators of a digital attack. In 2010, China targeted private companies in the US in a series of social engineering attacks, commonly called Operation Aurora. Google and twenty other tech giants fell victim to this cyber espionage, an attempt to steal US business secrets. The Chinese government denied any involvement. Olympic Destroyer is another example of such a cyberattack, which sought to disrupt the Winter Olympics in Pyeongchang, South Korea, in 2018. US Intelligence agencies issued a joint statement months later, labelling Russia as the perpetrator. 

Digital realpolitik and powerplay have become the preferred tools for nation-states globally. An infosec truism comes to mind here: It’s not a question of if but when. These are the loud words facing every government and company in a digitally driven 21st century.