In recent years, Russia has found a reliance on using cyberwar and crimes as a tactic to achieve their strategic goals both in their near-abroad and against Western countries. The United States must be prepared to retaliate against any cyber attack directed at our nation by assessing options to limit and counter the Russians without leading to an overescalation and possible war.
The frequency with which we hear about Russian hackers hacking into a country’s important information and systems has become more and more regular, and as a result of this it is important to trace back the history of Russian cyber warfare.
The first instance of a large scale Russian cyber attack happened in Estonia in 2007. At the time, tensions were high between Russia and the former Soviet State, and the Kremlin authorized a campaign which targeted Estonian governmental agencies and businesses through use of massive DDoS (distributed denial of service) attacks that shut down countless websites essential to the functioning of these agencies and businesses (Batashvili).
In 2008, Russia coordinated an even larger cyber attack during the Russo- Georgian War.
On August 7, a cyber attack was conducted from Russia against Georgian government and media websites, while at the same time Russian troops were crossing the Georgian border. According to the Report of the Independent International Fact-Finding Mission on the Conflict in Georgia, the attack lead to several Georgian servers and high amounts Internet traffic being taken control of and placed under external control (Batashvili). The offensive persisted through the conflict lasting until ceasefire was announced on August 12. Furthermore, the Kremlin had tested their abilities in the lead up to the invasion, shutting down the official website of the president of Georgia for an entire day on July 10. The Russian cyber attacks affected practically all Georgian government websites, crippling the state’s ability to respond to the conflict. Additionally, attacks targeted Georgian media, business, and other political organizations in order to control them from turning the conflict away from Russia’s favor by making it difficult for information of what was happening inside of the conflict zone to spread out to the rest of the world. According to a report by the US Cyber Consequences Unit, “the primary objective of the cyber campaign was to support the Russian invasion of Georgia, and the cyber attacks fit neatly into the invasion plan”. The attacks achieved their intent, since they “significantly impeded the ability of the Georgian government to deal with the Russian invasion by interfering with communications between the government and the public, stopping many payments and financial transactions, and causing confusion about what was happening” (US Cyber Crimes Unit).
Recent cyber attacks against Ukraine are a worrying signal of a continued use of this strategy. Ukrainian president Petro Poroshenko said that during in the final two months of 2016, Ukrainian state institutions had 6,500 instances of hacking, most directed towards the ministries of defence and finance, in addition to Kiev’s power grid and the treasury. According to the Poroshenko, the operation came at the hand of the Russian security services, following the same playbook as they had in Georgia (Batashvili).
Russian cyber operations are not use solely in tandem with military offensives however, with many also being employed in the wars on information, especially against Western nations. The 2016 American presidential election, while highly publicized is not the only instance in which there is evidence of Russian interference with the 2017 French and German elections also being targeted. Numerous French officials and agencies, including the Defense Minister and DGSE have raised concern over the issue of Russian interference in the nation’s election, citing concern that fake news and cyber attacks were being directed to now President Macron and his party as they were not the candidates the Kremlin believed would be most beneficial to the Russian state interests.
German intelligence agencies have also brought up similar concerns about Russian cyber activities being directed against Germany and its election, with Chancellor Angela Merkel, herself seeing attacks as threatening the foundation of German democracy and the effective functioning of the German state (Delker).
As practiced today, Russian use of cyberwarfare has three common and consistent objectives:
This was the strategic goal we saw
Russia trying to achieve in 2014, when they successfully annexed Crimea. The
annexation of Crimea relied on a group of Russian Special Forces operatives
known as the “little green men”, who took their directives from a newly created
Russian special operations command. The deployment of these highly trained
operatives, in coordination with a massive information warfare campaign, as
well as the involvement of local Russian
loyalist proxies created the opportunity for Russia to takeover without needing
to shed blood as they had forced momentum to shift in their favor allowing for
Crimeans in Ukraine to vote for secession from Ukraine (Chivis). In 2008,
Russia used similar tactics in its invasion of Georgia, during which they
similarly coordinated cyber attacks against essential government computing
services while simultaneously operating special operation forces in
coordination with Russian loyalists from the Georgian State. A major impact of
these tactics has led to a weakened ability to integrate these countries with
Western thought.
In 2013, Russian Chief of the General Staff, General Valery Gerasimov showed Russia’s current views on such hybrid cyber warfare tactics, stating that in modern conflicts non-military means are put to use more than 4 times as often than are conventional military operations (Gerasimov). This suggests in the future such cyber attacks will be likely, and even at this point many are not being properly identified. In its use of cyberspace, Russia has shown it can find success in achieving territorial expansion goals in a manner that is nonviolent and seemingly peaceful, however there is always the underlying threat of actual military force being used unsparingly.
In a similar manner to capturing
territory through covert, non-militarial expansion, Russia is also capable of
using cyber warfare in order to create a conflict which gives them solid
reasoning to use military force in foreign nations (Chivis). For instance, the
Russian annexation of Crimea has lead to a reasonable concern that the Kremlin
could engage in a hybrid strategy to manufacture a conflict worthy of military
action elsewhere, possibly the Baltic states. As it did in Crimea, Russia could
try to create tension in a country like Estonia by conducting a campaign which
foments discord between the minority Russian population and the Estonians. In
creating these sentiments which portray the government of Estonia as oppressive
towards the minority Russians, the Kremlin can justify a Russian military
intervention their behalf of the Russian minority, as Russian sentiment still
sees these people as their own. Conducting an operation of this sort requires
the accompaniment of simultaneous cyber operations directed at inflaming
attitudes and creating difficulties in executing both national and NATO
responses. It would almost certainly be accompanied by efforts to influence
broader European and world opinion in ways that favored Russia’s intervention
through use of propaganda and opinion shifting which portrays Russia as acting
on behalf of a repressed population that seeks its aid. On the ground, it would
involve the use of Russian secret agents and proxies, both to act as
aid/support for local populations creating tensions, and to coordinate with
military forces awaiting instruction and guidance.
This last objective is the most
pressing for the United States and Western countries out of the near vicinity
of Russia. In this objective, the Kremlin seeks to use cyber operations in lieu
of military action or war to create tension and distress in Western
governments. The goal of this strategy is to influence and create favorable
political outcomes in targeted countries to serve Russia’s national interests
(Chivis). The countries where these types of operations are most likely to find
success are those with high levels of corruption and weak legal systems.
However, more stable countries such as the United States and the United Kingdom
are similarly susceptible to such operations. Examples of ways the Kremlin can
engage in cyber operations to influence an outside nation’s political system
include the use of fake “troll” accounts used on social media to spread
propaganda and create divides amongst the citizens of that nation. Also the
hacking of servers of government officials can provide them with material which
they can use to either influence that official through blackmail, or which can
be leaked to induce further tension. In creating these narratives, Russia has
the ability to influence democracy by planting false information and
manufacturing biases against those that act against the interests of the
Kremlin.
The continued use of cyber attacks by the Russian government brings up very realistic threats both domestically and internationally for the United States.
Internationally as Russia continues with their their goals of territorial expansion, the United States is faced with the concern of a wider influence of Russian thought and expansion of pro-Russian policies in areas where the United States has worked to promote democracy and peace. The desire of Russia to reassemble the Soviet Union remains very real, and as seen in Estonia, Georgia, and Crimea cyber attacks can play a key role in these territorial gains. By allowing continued expansion of the Russian state, the United States risks losing the strategic relationships they have developed with these countries as well as the progress they made towards finding them more independence from Russia as democracy began to take its roots in these nations. Furthermore, these attacks can be used by Russia in places like Syria as a way to promote the Assad regime which works in coordination with Russia in achieving other strategic goals, such as the development of an oil pipeline through Syria.
Domestically, Russian cyber attacks can destabilize the US government by creating rifts and tensions amongst the American populace through the spread of false information and fake news. As seen by the hacks against the DNC as well as the use of trolls during the 2016 Presidential Election, Russia’s use of cyber attacks can undermine American democracy by allowing for a foreign nation to alter the minds of our citizens, feeding them lies and inflammatory material to create disarray in our democracy. This is especially hurtful as Russia can cite American disorder as a reason to not take our example and implement democracy in the American fashion to foreign nations. Attacks by Russia can also cripple the government’s ability to function towards the service of its citizens.
The 2016
Presidential Policy Directive (PPD) 41 – United States Cyber Incident
Coordination – defines a significant cyber attack as “likely to result in
demonstrable harm to national security interests, foreign relations, the
domestic and global economy, public confidence, civil liberties, or public
health and the safety of the American people.” (PPD 41). Cyber attacks by
Russia against domestic communication or critical IT infrastructure fall under
this classification.
Should such an
attack actually occur, the National Cyber Response Group would lead the
defensive response as an arm of the National Security Council (PPD 41). The
Secretary of Defense, in tandem with the directors of our Intelligence agencies
would be responsible for managing incoming threats, and coordinating any
strategy or movement that would require active military response. In the event
that the telecommunications systems of the National Security and Emergency
Preparedness sector fail, the National Coordinating Center for Communications
would be tasked with re-establishing communications. Furthermore, PPD 41
stipulates that if an operation with clear attribution is found to have
occured, the Cyber Response Group shall assemble a team of qualified and
skilled cyber personnel to respond to the cyber incident. This response team
shall have experience together in the form of practice sessions and war games.
After addressing
the immediate effects of a Russian cyber attack, it’s imperative the United
States consider its options of strategic and tactical responses. One option for
the United States is response through non-military means such as indictment,
diplomacy, or sanctions (Bate). A lower-level military and intelligence
strategy that could possibly be employed by the United States is the use of
counter-surveillance intelligence operations, non-attributable cyber or
conventional attacks, or attributable cyber or conventional attacks (Herb).
These operations would target Russian military, civilian, or critical
infrastructure systems.
Since NATO
classifies cyberspace as the fifth operational domain, it is likely that if the
United States identified a significant cyber incident against its citizens as
originating from Russia, their response would come in the form of aggressive
cyber tactics. The possibility of conventional military expeditions may be
explored, however the risk of further escalation makes it more likely that the
United States respond only through cyber operations.
One possible
response the United States could utilize in retaliation to Russian cyber
attacks is low-level cyber intrusion, distributed across a array of cyber
incidents that could not be collectively categorized as a major attack. This
intrusion would appear as a result of what is called “loud cyber weapons”,
which are tools that can be traced back to the U.S military (Herb). The US
military would send these weapons, embedded with encrypted codes, into Russian
networks. The United States would then publicly provide the encryption key to
end the intrusions caused by these weapons as a way to claim responsibility for
the attack. The purpose of taking credit for the attacks is a key paradigm
shift in U.S military strategy, now emphasizing attribution as a key aspect of
a successful operation, and public knowledge as vital for deterrence. The
United States also has the option of conducting more basic cyber attacks
against Russia’s network, including by not limited to: alteration of government
websites, disruptions of Internet service, interferences and disablements of
communications, or the spreading of propaganda (Department of Defense Law of
War Manual). In the aftermath of the hack of the DNC, senior officials weighed options
for counter attacks on the Russian Federal Security Service (FSB) and the Main
Intelligence Agency (GRU), including the use of the NSA’s TreasureMap tool,
which tracks all global connections to the Internet, and can be utilized to
install malware in targeted Russian computer systems with the purpose of
intelligence gathering and future cyber-assaults (Bamford).
The United States also has to ability to
employ the use of “logic bombs” in cyber operations targeting both military and
non-military targets in Russia. “Logic bomb” are codes developed with the
purpose of overloading a computer’s system rendering them incapable to operate
by presenting them with an endless amount of logic questions to answer. Sending
these “logic bombs” into computer systems critical to Russia’s infrastructure
will lead to the United States causing dramatic economic and operational
damages to the Russian government and its people (Sternstein). The United
States has invested a large sum of money into the development of these “logic
bombs”, with initial investment coming back in 2014 when U.S. Cyber Command
offered a $460 million contract to develop a “computer code capable of killing
adversaries.”(Storm).
The United States
could use logic bombs or other cyber intrusion methods to attack Russian
critical infrastructure in a more serious fashion, leading to a larger
potential for loss of human life or safety. These attacks include targeting
systems such as those of a dam above a populated level where a hacking
could lead to floodgates being opened onto Russian citizens, or disabling air
traffic control services leading to air safety where planes pose a threat to
each other and the land beneath them. These options, particularly if they are
easily traceable, have the potential to escalate quickly into further
intensified conflict.
The United States also has the ability to
use similar cyber operations to directly attack Russian military targets, with
possible targets including the shut off of power at a nuclear facility or an
airfield, which will lead to the cause of serious casualties. These attacks
will most definitely lead to a triggering of a notable escalatory threshold of
response by the Russians. It is significant that many Russian industrial
networks run computer systems operating Windows XP, and in some cases even
older systems, while maintaining connections to the Internet. Not only are these
dated systems particularly vulnerable to attack, as evidenced by the United
States already demonstrating its ability to break into these systems. In
November 2016, the United States reportedly penetrated Russian military
systems, leaving behind malware to be activated in retaliation in the case of
Russian interference of U.S. elections (Dilanian et. al). This demonstrated
both confidence in the success of the malware implant, and political
willingness to trigger a consequential conflict given Russia attacks the United
States in a serious manner (Bernish).
In response to a
Russian cyber attack, the United State’s strategic responses should be a result
of its classification of the attack as being non-significant, significant, or
an act of war. State Department Cyber Coordinator Chris Painter said the United
States would respond to incidents on a case-by-case basis in testimony before
the House Subcommittee on Information Technology and National Security in November
2016, saying that retaliation “could be through cyber means. It could be
through diplomacy. It could be through indictments and law enforcement
actions.”(Pellerin).
Some of these
responses require action while others do not; the path taken must be dependent
on actual and anticipated effects of a cyber attack, including damage, injury,
and death. Painter testified that, “cyber activities may in certain
circumstances constitute an armed attack that triggers our inherent right to
self-defense as recognized by Article 51 of the U.N. Charter”(Hearing on “Digital Acts of War:
Evolving the Cybersecurity Conversation”). The United States could also identify a
cyberattack as being an infringement upon its territorial integrity and
political independence, per Article 2(4) of the Charter. However, recent
political happenings indicate that the United States would be hesitant in
invoking Article 51, regardless of whether a Russian cyber attack lead to
nominal death, injury, or damage. Instead, the United States could limit its
declarations and address the attack as a “significant cyber incident,” invoking
the full support of the U.S. military while avoiding over-escalation.
Furthermore, even though NATO justifies military response in the realm of
cyberspace, the lack of precedent means that the United States actually has
more options in responding to Russia if it were to employ use of cyber means,
that may or may not lead to conventional consequences. The United States would
need to decide between conducting a covert or overt counter-cyber attack. The
tactical considerations noted above show that hidden, non-attributable cyber
attacks do not fall within the Department of Defense’s deterrence strategy, and
would not be treated as a suitable strategy. In the aftermath of the 2014 Sony
Pictures hacking by the North Korean government, the United States didn’t
respond with a public cyber operation, and it was “unclear how the United
States may have retaliated against the North in secret, if it even did
so.”(Sanger). The lack of a publicly noticed retaliation as well mild economic
sanctions now seems ineffective as punishment. A situation could come up that
would give the United States the opportunity to execute an immediately
observable cyber attack or a preparatory attack (logic bomb), with the target
being either a Russian military or civilian infrastructure. Similar to Russia,
the United States should also avoid directly targeting a military structure in
order to avoid escalation to full-scale war. As a result of this, the United
States should choose to deploy a cyber weapon against critical Russian
infrastructure, leading to conventional consequences being faced by Russia.
Even the use a medium-level choice in terms of retaliation, would require
global ramifications to be taken into account.
Even still, it is
my recommendation to engage in a retaliatory strategy, which employs the use of
both a combination of an observable cyber attack through use of “loud cyber
weapons” and “logic bombs” against significant parts of the Russian
infrastructure. The United States cannot allow Russia to attack them and take
global credit for the attack without retaliating in some way to show dominance
over Russia. “Loud cyber weapons” are particularly suitable for retaliation
that the public is aware of and will show the world that the United States is
not only willing to retaliate, but is better skilled in cyber war and confident
enough in its abilities to retaliate swiftly. “Logic bombs” targeted against
non-military sites that still hold significant value to Russian infrastructure
will be the second leg of the suggested attack. The crippling of essential
infrastructure will both warn the Russians that an attack on us will be met
with an attack that hurts their citizens and keep them from being able to
retaliate back since they will not have the resources to come back at the
United States.
Batashvili, David. “Russia’s Cyber War: Past, Present, and Future.” EUobserver, 15 Feb. 2017, euobserver.com/opinion/136909.
Delker,
Janosch. “Germany Fears Russia Stole Information to Disrupt Election.”
POLITICO, POLITICO, 28 Jan. 2018,
www.politico.eu/article/hacked-information-bomb-under-germanys-election/.
The Military Doctrine of the Russian Federation, approved by
Russian Federation presidential
edict on February 5, 2010 (translated). Accessed at
http://carnegieendowment.org/files/
2010russia_military_doctrine.pdf.
Understanding Russian “Hybrid Warfare” and What Can Be Done About It (2017) (testimony of Christopher S. Chivvis). Print.
US Cyber
Consequences Unit. (2009) ‘Overview by the US-CCU of the cyber campaign against
Georgia in August of 2008’
Valery Gerasimov, “The Value of Science is in the Foresight:
New Challenges Demand Rethinking the
Forms and Methods of Carrying out Combat Operations,” Voyenno-Promyshlennyy
Kurier, February 26, 2013.
You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.
Read moreEach paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.
Read moreThanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.
Read moreYour email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.
Read moreBy sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.
Read more