Every day, America is attacked by foreign adversaries. These attacks don’t involve explosions, tanks, or fighter jets dropping bombs. Many times, they don’t even make the news. The enemy is rarely seen or identified. But none of this makes the threat any less real. The phrase “cybersecurity is national security” is often used, and perhaps even overused. Unfortunately, over the past few weeks, people have been exposed to the reality of that trope.
The Navistar International Corporation is the most recent American business to be targeted by a cyberattack. This follows similar attacks against the world’s largest meat producer, JBS, and the Massachusetts Steamship Authority. And these are only the attacks that made the news. Though most of them go unreported, millions of cyberattacks are attempted every day. Our nation is at risk.
And if you think that waiting in line to buy gas is the worst that could happen, you don’t understand the real threat from a cyberattack. As just one example, a major attack on our electrical grid could lead to widespread starvation, social chaos, and an unknown number of deaths due to a breakdown in our medical capabilities.
This scenario is a glaring reminder that America’s cyber-connected systems, whether in the private or public sector, are vulnerable. And our adversaries know it.
Both of the attacks on JBS and the Colonial Pipeline have been attributed to Russia-backed ransomware groups that are based in Eastern Europe. Not surprisingly, Russian President Vladimir Putin has denied any involvement in these cyberattacks. He shamelessly did so to President Joe Biden’s face during last week’s summit. I can only hope Biden knows it would be foolish to take him at his word.
Who funds these cyberterrorist groups? Russia. Who trains these groups and provides them the financial services that are necessary to monetize these attacks? Russia. And who protects these groups? Russia. It’s no coincidence that Western nations are the exclusive targets of these attacks and that Russia never finds itself a victim. Russia is hiding behind criminal groups and attacking American companies with impunity. It must start paying a price.
Biden’s response was to sign an executive order that beefs up some cyberdefenses. The order creates new security standards and requires all agencies to use basic cybersecurity measures. Though these measures are sorely needed, they are not even close to sufficient in order to begin deterring these threats.
And to say that Biden’s showing last week was insufficient would be an understatement. Following attacks on American infrastructure, businesses, and citizens, Biden provided Putin with a list of 16 entities that are off-limits. Does that mean everything else is fair game?
All of American infrastructure needs to be off-limits. We cannot allow our enemies to continue attacking us with impunity for the sake of not ruffling any feathers.
Our defensive strategy has proven insufficient. It’s time to play offense.
I recently joined two of my Democratic colleagues on the House Intelligence Committee in writing a letter to Biden. There’s nothing partisan about standing up to a foreign enemy, and we urge Biden to change his tune and make one thing clear: Cyberattacks on our infrastructure will be met with swift and proportional retaliation.
Diplomatic objections clearly aren’t enough to deter the illegal and dangerous behavior that threatens the public and our vital infrastructure systems. These attacks will continue to increase in both frequency and severity until we establish a red line. We must start extracting a cost from those who attack America — and not just what’s on Biden’s “off-limits” list.
America has a considerable technological advantage over our attackers. It’s time to start using some of these capabilities to make our adversaries pay a price for attacking us.
Last week, Biden missed a valuable opportunity to send the world a message: If Russia continues supporting cyberattacks against America, we will strike back. Fortunately, that doesn’t mean it’s too late not only to make that message clear but to ensure it has teeth. Both Republicans and Democrats on the Intel Committee stand ready to encourage cyber-peace through strength.
Chris Stewart, a Republican, represents Utah’s 2nd Congressional District in the U.S. House of Representatives. He serves on the House Permanent Select Committee on Intelligence.
