Cyber-narrative in the United States has changed during the last year. China and its economic cyber-espionage has been in the centre of narrative for years, but now politicians and especially the intelligence community emphasise Russia´s cyber-threat.
“Russian cyber-attacks rank as the greatest threat to the United States´ national security”, the US director of national Intelligence James Clapper has stated. Admiral Michael Rogers, director of NSA and commander of the US Cyber Command has publicly estimated that, “Russia has very capable cyber-operators who can and do work with speed, precision and stealth.” These statements were not made by coincidence.
Activities in cyber-domain must always be understood in wider strategic context. Cyber capabilities are nowadays an integral part of nation-states´ “toolbox” to achieve political objectives. The world is moving toward a greater strategic use of cyber-capabilities to persuade adversaries to change their behaviour. Russia´s numerous and advanced operations in the cyber-domain reflect Russia´s aggressive foreign policy. Russia has demonstrated the capacity of some of its cyber-warfare capabilities and increasing willingness to use them. Russia has been one of the key forerunners using the cyber-domain in modern wars and conflicts, and especially has had the ability to combine cyber-operations with conventional warfare, which remains an operative challenge at the moment in many western countries. The trend is, the more Russia develops its cyber-capabilities, the more aggressive and confident it will become.
Defensive, intelligence, or offensive cyber-capabilities are difficult to assess, because governments are keeping their abilities secret, and cyber-capabilities cannot be calculated in the same way as tanks or fighter planes. However, Russia can be estimated to be one of the top three cyber-capable countries in the world. When combining a states´ level of offensive and defence capabilities with the level of cyber-dependence, Russia's position appears to be possibly the strongest in the world. Therefore the cyber-domain provides an excellent opportunity to Russia to increase its power in world politics.
It is too often forgotten in the West that the cyber-domain is primarily a political and strategic domain – where political leadership and attention is needed. Even if Russia has managed to keep its cyber-capabilities largely secret, president Putin has prominently poured significant resources and manpower to strengthen Russia´s ability to act in the cyber-domain. To Russia, the cyber-domain is no different from conventional frames of power politics, and in Russia the cyber domain has been understood as a strategic playfield for decades.
Russia has created a cyber-command within the Defence Ministry which is able to conduct cyber operations as well as information operations. The Russian military also has a specialised unit for cyber-attacks. However, most likely FSO, the FSB and the GRU are the main organisations responsible for creating Russia´s offensive cyber-capabilities.
There are two features in Russia´s cyber activities which are not enough well understood and politically accepted in the West.
First, Russia´s greatest cyber-advantage is its wealth of the most important cyber-asset – talented human capital. There are a great number of skilled and well-educated cyber-people in Russia. Even more notable is the way that the Russian government cooperates with these talented people.
One way is to recruit them, for example sometimes intelligence services offer hackers convicted of cyber-crimes to work for them as an alternative to prison. The more important (and increasing) trend is the government´s close cooperation with criminal and other hacker groups, who are able to do their criminal business in Russia as long as they provide their support to the government when it is asked. Some these groups are so good that they have more advanced capabilities than some governments.
The Russian government has been intentionally blurring the lines between cyber-activists, criminals and state-paid hackers. As the challenge of the attribution remains in cyber-domain, it seems politically tempting to use these “non-state groups” to carry out the operations. Criminals, hacktivists, spies and others linked to Russian strategic interests are usually well-financed, persistent and technologically advanced. They often go after the same targets for years to get what they need. APT28, the Dukes, Red October, Snake and Energetic Bear are just few examples – which we know. Some of these groups has spied also on opposition groups and non-conformists in Russia. Officially the Russian government says that is has nothing to do with these groups.
Second, Russians acting directly for the government or with its approval are testing the boundaries of the cyber-battlefield. Western countries remain fairly quiet. Hackers with connections to the Kremlin have attacked, for example, a French television network, a German steelmaker, the Polish stock market, and the US State Department. These activities are carried out in pursuit of Russia´s strategic objectives. Even if the attribution to Kremlin has been pretty clearly presented, there has been very limited political response from the West. This is encouraging – from the Russian point of view – to act even more aggressively in cyber-domain. The coordinated attack on the Ukrainian electrical grid in December 2015 was clearly an attack on critical national infrastructure. Russia showed what it can do – when it wants. This should have woken the West. But it did not.
Having capabilities is one thing – will to use them is another. Russia seems to have both. Russia has the ability and will to carry out denial-of-service attacks, develop sophisticated malware and exploit unknown software vulnerabilities. Differing from China, Russian cyber-activities focus primarily on intelligence gathering and military reconnaissance of critical infrastructure networks. It has to be remembered that today's intelligence operations enable tomorrow's actions, and Russia is mapping networks to determine the resources necessary for future attacks.
We are living in a digital era in which the speed, interconnectedness, and level of interaction between states and individuals are growing at an exponential rate. As our digital dependence increases and more sophisticated cyber-capabilities being developed, especially by nation-states, political responsibility to also defend countries in the cyber domain becomes crucial. There is no clear “political and legal playbook” to answer the question of how to respond to different kinds of hostile cyber-activities, especially if the attacker is most likely considered to be a nation-state. There is a great deal still for governments to understand, for example about the escalation patterns and ripple consequences of cyber-warfare – particularly where aggression is likely to cross spheres from the virtual world to the real one.
The increase in state-sponsored cyber-attacks by Russia is partly the result of a perception that there is not a significant ‘price to pay' for such attacks. Passivity towards the cyber attacks now occurring only encourages Russia to be more aggressive. Given the likely pressure governments will feel to respond to cyber-attacks, policy-makers need to develop a response framework before a disruptive or destructive cyber-incident occurs.
A political response framework – and the political will to act according to it – is needed. The West needs to develop effective ways to deal with Russia's cyber-warfare which is becoming more sophisticated and aggressive. Otherwise the West is sending a wrong message to the Kremlin, which will use the cyber-domain in an even more severe way.
Contributed by Jarno Limnéll, Professor of Cybersecurity, Dr. of Military Sciences, Finland