Key Takeaways
A recent report from a British think tank ranked the United States as the world’s greatest cybersecurity power and has it as the only nation with tier one capabilities
Tailored Access Operations is a secretive elite group of hackers within the NSA that targets and exploits foreign entities
The United States has been behind major cyber attacks against Iran, China, and Russia.
The United States remains by far the world’s most cyber-capable nation with no major competitors for the title. The International Institute for Strategic Studies, a British think tank, released a 182-page report that reviews the cyber capabilities of 15 of the world’s biggest players in hacking and digital defense and put the USA in its own category.
The report assesses both government and private-sector capabilities for each country in seven categories:
Strategy and doctrine
Governance, command and control
Core cyber-intelligence and capability
Cyber empowerment and dependence
Cyber security and resilience
Global leadership in cyberspace affairs
Offensive cyber capability
The report defines a tier one country as “world-leading in all the seven categories” and a tier-2 country as having “world-leading strengths in some of the categories”.
The United States is the only tier one country in the report. The U.S. remains the most capable cyber state, according to the report, largely due to significant investments and “clear political direction for the pursuit of national cyber power” since the mid-1990s. The report puts U.S. adversaries, Russia and China, in the second tier of cyber powers that includes the United Kingdom, Canada, Australia, Israel and France.
The report identifies three major factors that set the United States apart as the world’s only cyber superpower:
Dominant military capabilities in both offensive and defensive cybersecurity
A world-leading group of U.S. technology and cybersecurity companies that help protect domestic industry and foster cyber talent
A highly evolved government approach to cybersecurity and managing hacking risks
The U.S. is often successfully attacked by less capable nations — including Russia, China, Iran and North Korea. The report notes, “The ways in which the U.S. wields its cyber power appear politically and legally constrained when compared with its main cyber adversaries”. The U.S. refuses to retaliate in many cases and instead takes a more diplomatic route of economic sanctions and indictments of hackers. The US capability for offensive cyber operations is probably more developed than that of any other country, although its full potential remains largely undemonstrated.
Tailored Access Operations (TAO)
The United States has its own elite team of hackers. TAO is a highly secret NSA program that collects intelligence about foreign targets by infiltrating their computer systems.
TAO's primary base is in the NSA headquarters in Fort Meade. It’s estimated that some 600 members of the unit work rotating shifts 24-7 in an "ultramodern" space at the center of the base called the Remote Operations Center (ROC).
The group is led by Rob Joyce, the nation’s “hacker-in-chief”. Joyce spoke at a security conference in 2016, and revealed TAO’s general techniques and the best way to stop groups like his from getting into your system. At the conference, Joyce busted myths about the way people think the NSA can hack, “A lot of people think the nation states, they’re running on these engines of zero days. You go out with your master skeleton key and unlock the door and you’re in. It’s not that,” he said. “Take these big corporate networks, these large networks, I will tell you that persistence and focus will get you in, we will achieve that exploitation without the zero days. There are so many more vectors that are easier, less risky, and quite often more productive.”
Joyce explained TAO and other nation states get in through persistence, hence the name Advanced Persistent Threat, "Don't assume a crack is too small to be noticed, or too small to be exploited". Those are the ones the NSA, and other nation-state attackers will seize on, he explained. "We need that first crack, that first seam. And we're going to look and look and look for that esoteric kind of edge case to break open and crack in."
Notable U.S. attacks on other nations
In June 2010, Iran was the victim of a cyber attack when its nuclear facility in Natanz was infiltrated by the cyber-worm 'Stuxnet', said to be the most advanced piece of malware ever discovered. It destroyed perhaps over 1,000 nuclear centrifuges and set Tehran's atomic program back by at least two years. Most sources credit the attack to the U.S. and specifically to TAO.
In 2013, Edward Snowden revealed that the United States government had hacked into Chinese mobile phone companies to collect text messages and had spied on the China Education and Research Network (CERNET), from where internet data from millions of Chinese citizens could be mined. Snowden also said the NSA infiltrated the servers in the headquarters of Huawei, China's largest telecommunications company
In June 2019, Russia said that its electrical grid could be under cyber-attack by the United States
Conclusion
The United States is home to the top cybersecurity companies in the world: IBM, McAfee, Cisco, CyberArk, CrowdStrike, Palo Alto Networks. This gives the U.S. an unparalleled pool of talent for its cyber operations. The federal government also has long-established and well-funded programs, when compared to foreign countries, that conduct defensive and offensive cyber operations. The United States is not untouchable, our government and private sector systems do get breached by foreign threats; however, do not be deceived by headlines. The United States is still the world’s one and only cyber superpower.