Skip to main content

Opinion: America must declare war on ransomware attackers


The ransomware attack on Colonial Pipeline made news for a few weeks last month because it caused fuel shortages at gas stations. But the greater underlying issues and risks from cybersecurity attacks are barely noticed or are shrugged off as just another trade-off in a world of connected technology. 

Colonial reportedly paid almost $5 million to Darkside, a cybersecurity criminal organization. Darkside claims to be “apolitical” and not participating in any state-based geopolitical activities. However, Darkside does not attack any companies with Russian-language keyboards.

Since the Colonial Pipeline attack, there have been multiple other such attacks against government and corporate organizations. Responses from the federal government include an executive order by President Joe Biden, a plea by the head of the FBI for corporate America do its part by updating its cybersecurity software and an admission by Energy Secretary Jennifer Granholm that foreign adversaries have the capability to shut down U.S. power grids. 

The reality now is that our governments, our businesses, our schools, our infrastructure and other systems are, to a great extent, already compromised. That is, the global network of state adversaries and cybercriminal organizations are already capable of doing us great harm when they choose to do so. 

The U.S. and its allies need to urgently change their approach to cybersecurity as we are at increasing risk.

It is important to recognize that these activities are not just espionage and intelligence efforts but are actually a state of hidden warfare that will have more consequences than any physical invasion that an adversary could launch. Therefore, Congress and the president should, in fact, formally declare war against cybersecurity attacks. 

Massive funding increases need to be authorized to fight this war. We are woefully understaffed and underfunded in all key agencies and departments involved. On the other hand, the redundant and vulnerable private-sector development of virtual armies of cyber defenders has costs untold billions of dollars to U.S. businesses and institutions.

The popular use by Russia and China of alleged non-state actors such as Darkside needs to be confronted by declaring such persons and organizations as “illegal combatants” under U.S. law. 

Cybersecurity laws need to be federalized. As it is, each state has its own rules about what companies must do when they are attacked. And, such a new federal law needs to require immediate reporting to and comprehensive cooperation with the federal government for all cybersecurity attacks. Companies often get attacked, pay ransom to the attackers and do not report it to the government or anyone else. The resulting lack of information puts our national effort at risk.

Any software sold and used in the U.S. or used globally by U.S. businesses should be required to pass quality controls to avoid having more software in the market that creates opportunities for more attacks for the cybercriminals. 

The cybersecurity industry also needs to be harmonized and regulated at the federal level. It is amazing that a company needs a state license to provide armed guard or security alarm services but absolutely no certification, background checks or license to provide cyber security services. 

As individuals and as a nation, we need to wake up to the current and on-going threats. While politicians and citizens argue constantly about a range of lesser issues, we are completely missing the bigger picture. 

These cybersecurity attacks is essentially state-sponsored terrorism and a war against the United States, its economy and its citizens. 

Every person and company in the U.S. needs to get on board this war effort.

Donald Moore is a lawyer, investor in the global security, transportation and infrastructure sectors and an assistant adjunct professor for the University of Michigan School of Law.