The Bear is back. It’s happening on the ground in and around Ukraine, inside the virtual inboxes of the Democratic National Committee and at American news organizations. Russian cyberattacks are yielding eye-popping headlines warning not only of a return to Cold War-style behavior, but of the relative decline of American capabilities and power.
The list of U.S. entities believed to have been breached by Russian hackers is long and troubling. It includes the White House, the State Department, the Defense Department, the NASDAQ stock exchange, the U.S. electrical grid and the Democratic National Committee. Russian cyberattackers have also attempted to hack the Moscow bureau of The New York Times.
As the targets have moved beyond U.S. government to key civilian institutions, there has been a good deal of speculation about possible motives. These range from a desire to influence the outcome of November’s U.S. presidential election to the broader goal of undermining U.S.-European relations.
What do we know about Russia’s capabilities, strategies and intents? And what should we know about this top-notch adversary, more advanced and stealthier than any other, so we can most effectively assess and address the prospect of a Russian threat?
A deft and powerful player
The United States remains a powerhouse of innovation and technological capacity. But the country is not alone when it comes to sophisticated tools and tradecraft in the cyber domain. Key players comprising Russia’s “cyber arsenal” include Russia’s foreign intelligence service (SVR), military intelligence agency (GRU), Federal Security Service (FSB), and Federal Protective Service (FSO).
Testifying before the U.S. Senate Armed Services Committee earlier this year, U.S. Director of National Intelligence James Clapper noted that Russia’s cyberattacks are becoming more brazen, “based on its willingness to target critical infrastructure systems and conduct espionage operations even when detected and under increased public scrutiny.”
Since the fall of the Berlin Wall, Russia’s security and intelligence services have practiced the world’s second-oldest profession using high-tech tactics. Years ago, Russia was quick to recognize and integrate the potential leverage that online tools and action could offer to military doctrine, strategy and operations. But recently Russia has been honing this model of war fighting, blending electronic and real-world power into a hybrid that is more than the sum of its parts.
The first lessons came from Russia’s 2008 conflict with neighboring Georgia. By 2013, Valery Gerasimov, chief of the General Staff of the Armed Forces of the Russian Federation, was laying out the Russian military doctrine for the 21st century with emphasis on “nonmilitary means” (such as political and economic actions) supported by “concealed” military efforts (such as activities undertaken by special operations troops – or cyberspace operatives). Starting in 2014, that integrated approach was used in battle with Ukraine.
Attacks directed against the United States and other countries’ governments and businesses have yielded economic and diplomatic secrets that serve to strengthen Russia’s industries and negotiating hand in matters of trade and global politics. Put bluntly, stealing the results of others’ research is faster and cheaper than investing oneself, just as knowing other players’ cards makes deciding a poker player’s next moves easier and more effective.
Concealing its true motives
Russia makes extensive use of surrogates to further the country’s objectives. These groups and individuals may be directly supported and sanctioned by the Russian state, or they may simply be operating at a level of remove that affords Russian officials plausible deniability. This in itself is not new: Russia has long relied on proxies to conceal its own hand and engage in deception – a practice known as “maskirovka.” In the digital context, accurately identifying who is behind the keyboard is an ongoing challenge even for the most tech-savvy among us, though the U.S. and other countries are getting better at it.
Beyond identity, intentions are always tricky to establish correctly from the outside. Recall, for example, the Cold War practice of Kremlinology – analyzing the Soviet Union’s government and policies to determine its future actions – which fell short of science even at the best of times. Some cases, however, are easier to analyze than others. For instance, Russian cybercriminals are assuredly motivated by the prospect of profits. But the lines between criminals and state-backed attackers are not necessarily well-defined; there have been reports about the convergence between the two groups in Russia – with this confluence serving to magnify the country’s cyber capacity.
There are many reasons these manifestations of Russian capability and threat matter: They can destabilize countries and regions, and bring economic or even physical harm directly or indirectly to U.S. interests and those of our allies. These types of damage are real, if not always fully tangible.
Determined Russian propagandizing online has advanced narratives that seek to undercut “the institutions of the West” and spread social unrest in target countries. One method has been spreading fear of immigrants. In January 2016, Russian media outlets carried a fake story alleging a Russian girl had been raped in Berlin by a refugee.
Increasing our knowledge of Russia’s capabilities, motives and intentions will allow us not only to deter attacks and respond to ones that happen, but also to act in ways that influence Russia’s behavior toward outcomes the U.S. deems desirable. Today’s digital threats are at once pervasive and profound, with no single defense or solution. We need more research into potential countermeasures tailored to specific adversaries if we are to thwart them and bolster U.S. national and economic security.