Russias Approach to Cyber Warfare

Russias Approach to Cyber state of warf arPolicy Briefing on the Imminent Russian Cybersecurity Threat The Need For Action Against Russian CybercrimesIn recent years, Russia has build a reliance on using cyberwar and crimes as a tactic to achieve their strategic goals both in their nest-abroad and against Hesperian countries. The linked pleads mustiness be prepargond to retaliate against any cyber clap tell at our nation by assessing options to limit and counter the Russians without leading to an all overescalation and possible war.BackgroundThe relative frequency with which we hear about Russian hackers hacking into a countrys all important(p) selective in categoryation and systems has become more and more regular, and as a result of this it is important to trace back the history of Russian cyber warf ar. The first instance of a large scale Russian cyber attack happened in Estonia in 2007. At the time, tensions were postgraduate between Russia and the former Soviet St ate, and the Kremlin authorized a trial which targeted Estonian organisational agencies and businesses through handling of massive DDoS (distri unlessed denial of service) attacks that shut down myriad websites essential to the functioning of these agencies and businesses (Batashvili). In 2008, Russia coordinated an even larger cyber attack during the Russo- tabunn War. On August 7, a cyber attack was conducted from Russia against Georgian government and media websites, maculation at the comparable time Russian troops were crossing the Georgian border. According to the Report of the Independent International Fact-Finding Mission on the impinge in Georgia, the attack lead to several Georgian servers and high amounts Internet traffic be taken envision of and placed under external control (Batashvili). The offensive persisted through the conflict lasting until ceasefire was announced on August 12. Furthermore, the Kremlin had tested their abilities in the lead up to the impac t, shutting down the official website of the death chair of Georgia for an entire day on July 10. The Russian cyber attacks affected practically all Georgian government websites, crippling the states might to suffice to the conflict. Additionally, attacks targeted Georgian media, business, and some other(a) governmental organizations in order to control them from turning the conflict away from Russias favor by making it difficult for information of what was happening inside of the conflict zone to spread out to the rest of the instauration. According to a report by the US Cyber Consequences Unit, the primary objective of the cyber campaign was to support the Russian invasion of Georgia, and the cyber attacks fit neatly into the invasion plan. The attacks achieved their intent, since they world-shakingly impeded the ability of the Georgian government to deal with the Russian invasion by interfering with communications between the government and the public, stopping many payme nts and financial transactions, and causing confusion about what was happening (US Cyber Crimes Unit).Recent cyber attacks against Ukraine are a worrying signal of a continued exercising of this strategy. Ukrainian president Petro Poroshenko said that during in the final two months of 2016, Ukrainian state institutions had 6,500 instances of hacking, most directed towards the ministries of defence and finance, in addition to Kievs power grid and the treasury. According to the Poroshenko, the operation came at the hand of the Russian security services, following the same playbook as they had in Georgia (Batashvili).Russian cyber operations are not use solely in tandem with array offensives however, with many excessively universe employed in the wars on information, especially against Western nations. The 2016 American presidential election, while highly publicized is not the barely instance in which at that place is evidence of Russian interference with the 2017 French and Germ an elections also creation targeted. Numerous French officials and agencies, including the Defense Minister and DGSE have raised concern over the issue of Russian interference in the nations election, citing concern that fake news and cyber attacks were being directed to now President Macron and his party as they were not the candidates the Kremlin believed would be most beneficial to the Russian state interests. German intelligence agencies have also brought up similar concerns about Russian cyber activities being directed against Germany and its election, with Chancellor Angela Merkel, herself seeing attacks as threatening the foundation of German democracy and the effective functioning of the German state (Delker). Russian Objectives As right today, Russian use of cyberwarfare has three common and consistent objectivesCapturing Territory Without Resorting to Overt orConventional Military ForceThis was the strategic goal we sawRussia laborious to achieve in 2014, when they vi ctorfully annexed Crimea. Theannexation of Crimea relied on a group of Russian Special Forces operativesknown as the little green men, who took their directives from a newly createdRussian special operations command. The deployment of these highly trainedoperatives, in coordination with a massive information warfare campaign, aswell as the affair of local Russianloyalist proxies created the opportunity for Russia to takeover without needingto shed blood as they had forced momentum to shift in their favor allowing forCri message in Ukraine to voter turnout for secession from Ukraine (Chivis). In 2008,Russia used similar tactics in its invasion of Georgia, during which they similarly coordinated cyber attacks against essential government computingservices while at the same time operating special operation forces incoordination with Russian loyalists from the Georgian State. A major impact ofthese tactics has led to a weakened ability to integrate these countries withWestern though t. In 2013, Russian Chief of the General Staff, General Valery Gerasimov describeed Russias current views on such hybrid cyber warfare tactics, stating that in modern conflicts non- war machine means are put to use more than 4 times as often than are schematic soldiers operations (Gerasimov). This suggests in the future such cyber attacks will be likely, and even at this point many are not being properly identified. In its use of cyberspace, Russia has shown it can come across conquest in achieving territorial expansion goals in a manner that is nonviolent and seemingly peaceful, however there is always the underlying threat of actual military force being used unsparingly. Creating a Pretext for Overt,Conventional Military ActionIn a similar manner to capturingterritory through covert, non-militarial expansion, Russia is also capable ofusing cyber warfare in order to create a conflict which gives them solidreasoning to use military force in unconnected nations (Chivis). For i nstance, theRussian annexation of Crimea has lead to a reasonable concern that the Kremlincould engage in a hybrid strategy to manufacture a conflict valuable of militaryaction elsewhere, possibly the Baltic states. As it did in Crimea, Russia couldtry to create tension in a country like Estonia by conducting a campaign whichfoments discord between the minority Russian population and the Estonians. Increating these sentiments which portray the government of Estonia as oppressivetowards the minority Russians, the Kremlin can justify a Russian militaryintervention their behalf of the Russian minority, as Russian sentiment stillsees these race as their own. Conducting an operation of this sort overlooksthe accompaniment of simultaneous cyber operations directed at inflamingattitudes and creating difficulties in executing both national and NATOresponses. It would almost certainly be accompanied by efforts to influencebroader European and world opinion in ways that favored Russias int erventionthrough use of propaganda and opinion shifting which portrays Russia as actingon behalf of a repress population that seeks its aid. On the ground, it wouldinvolve the use of Russian secret agents and proxies, both to act asaid/support for local populations creating tensions, and to coordinate withmilitary forces awaiting bid and guidance.Using Hybrid Measures to Influencethe Politics and Policies of Countries in the West and ElsewhereThis last objective is the mostpressing for the United States and Western countries out of the near vicinityof Russia. In this objective, the Kremlin seeks to use cyber operations in lieuof military action or war to create tension and distress in Westerngovernments. The goal of this strategy is to influence and create favorablepolitical outcomes in targeted countries to serve Russias national interests(Chivis). The countries where these types of operations are most likely to findsuccess are those with high levels of corruption and weak legal systems.However, more stable countries such as the United States and the United Kingdomare similarly susceptible to such operations. Examples of ways the Kremlin canengage in cyber operations to influence an outside nations political systeminclude the use of fake troll accounts used on social media to spreadpropaganda and create divides amongst the citizens of that nation. Also thehacking of servers of government officials can provide them with material whichthey can use to every influence that official through blackmail, or which canbe leaked to induce further tension. In creating these narratives, Russia hasthe ability to influence democracy by planting anomalous information andmanufacturing biases against those that act against the interests of theKremlin.American StakesThe continued use of cyber attacks by the Russian government brings up very realistic threats both domestically and internationally for the United States.Internationally as Russia continues with their their goals of territorial expansion, the United States is faced with the concern of a wider influence of Russian thought and expansion of pro-Russian policies in areas where the United States has worked to tug democracy and peace. The desire of Russia to reassemble the Soviet Union remains very real, and as seen in Estonia, Georgia, and Crimea cyber attacks can play a recognize role in these territorial gains. By allowing continued expansion of the Russian state, the United States risks losing the strategic relationships they have developed with these countries as well as the progress they made towards conclusion them more independence from Russia as democracy began to take its roots in these nations. Furthermore, these attacks can be used by Russia in places like Syria as a way to promote the Assad regime which works in coordination with Russia in achieving other strategic goals, such as the development of an oil pipeline through Syria. Domestically, Russian cyber attacks can destabilize the US government by creating rifts and tensions amongst the American populace through the spread of false information and fake news. As seen by the hacks against the DNC as well as the use of trolls during the 2016 Presidential Election, Russias use of cyber attacks can undermine American democracy by allowing for a foreign nation to change the minds of our citizens, feeding them lies and inflammatory material to create disarray in our democracy. This is especially hurtful as Russia can cite American disorder as a reason to not take our example and implement democracy in the American fashion to foreign nations. fervours by Russia can also cripple the governments ability to function towards the service of its citizens. Government Organization for a Cyber Attack The 2016Presidential Policy Directive (PPD) 41 United States Cyber IncidentCoordination defines a significant cyber attack as likely to result indemonstrable harm to national security interests, foreign relations, thedomes tic and global economy, public confidence, well-behaved liberties, or publichealth and the safety of the American people. (PPD 41). Cyber attacks byRussia against domestic communication or life-sustaining IT floor fall underthis classification.Should such anattack actually occur, the National Cyber repartee Group would lead thedefensive response as an arm of the National security Council (PPD 41). TheSecretary of Defense, in tandem with the directors of our intelligence operation agencieswould be responsible for managing incoming threats, and coordinating anystrategy or movement that would require active military response. In the eventthat the telecommunications systems of the National Security and EmergencyPreparedness sector fail, the National Coordinating Center for Communicationswould be tasked with re-establishing communications. Furthermore, PPD 41stipulates that if an operation with clear attribution is found to haveoccured, the Cyber Response Group shall assemble a tea m of qualified andskilled cyber personnel to respond to the cyber incident. This response teamshall have experience together in the form of practice sessions and war games. U.S. Strategic Responses After addressingthe immediate effects of a Russian cyber attack, its imperative the UnitedStates consider its options of strategic and tactical responses. one(a) option forthe United States is response through non-military means such as indictment,diplomacy, or sanctions (Bate). A lower-level military and intelligencestrategy that could possibly be employed by the United States is the use ofcounter-surveillance intelligence operations, non-attributable cyber orconventional attacks, or attributable cyber or conventional attacks (Herb).These operations would target Russian military, civilian, or criticalinfrastructure systems. Since NATOclassifies cyberspace as the fifth operational domain, it is likely that if theUnited States identified a significant cyber incident against its citizens a soriginating from Russia, their response would come in the form of aggressivecyber tactics. The possibility of conventional military expeditions may beexplored, however the risk of further escalation makes it more likely that theUnited States respond only through cyber operations. Low-Level Attributable Cyber Intrusion One possibleresponse the United States could utilize in retaliation to Russian cyberattacks is low-level cyber intrusion, distributed across a array of cyberincidents that could not be collectively categorized as a major attack. Thisintrusion would appear as a result of what is called loud cyber weapons,which are tools that can be traced back to the U.S military (Herb). The USmilitary would send these weapons, embedded with encrypted codes, into Russiannetworks. The United States would then publicly provide the encryption key toend the intrusions caused by these weapons as a way to claim responsibility forthe attack. The purpose of taking credit for the attacks is a key paradigmshift in U.S military strategy, now emphasizing attribution as a key aspect ofa successful operation, and public knowledge as vital for deterrence. TheUnited States also has the option of conducting more basic cyber attacksagainst Russias network, including by not limited to alteration of governmentwebsites, disruptions of Internet service, interferences and disablements ofcommunications, or the spreading of propaganda (Department of Defense righteousness ofWar Manual). In the aftermath of the hack of the DNC, senior officials weighed optionsfor counter attacks on the Russian Federal Security Service (FSB) and the MainIntelligence Agency (GRU), including the use of the NSAs TreasureMap tool,which tracks all global connections to the Internet, and can be utilized toinstall malware in targeted Russian computer systems with the purpose ofintelligence gathering and future cyber-assaults (Bamford). Medium-Level Cyber Attack -No Immediate CasualtiesThe United States also has to ability toemploy the use of logic bombs in cyber operations targeting both military andnon-military targets in Russia. Logic bomb are codes developed with thepurpose of overloading a computers system rendering them incapable to operateby presenting them with an endless amount of logic questions to answer. Sendingthese logic bombs into computer systems critical to Russias infrastructurewill lead to the United States causing dramatic economic and operationaldamages to the Russian government and its people (Sternstein). The UnitedStates has invested a large sum of money into the development of these logicbombs, with initial investment coming back in 2014 when U.S. Cyber Commandoffered a $460 one million million million contract to develop a computer code capable of killingadversaries.(Storm). High-Level Cyber Attack Possible Casualties The United Statescould use logic bombs or other cyber intrusion methods to attack Russiancritical infrastructure in a more serious fashion, leadin g to a largerpotential for loss of homophile life or safety. These attacks include targetingsystems such as those of a dam above a populated level where a hackingcould lead to floodgates being candid onto Russian citizens, or disabling airtraffic control services leading to air safety where planes pose a threat toeach other and the land beneath them. These options, particularly if they areeasily traceable, have the potential to escalate quickly into furtherintensified conflict.Military-Level Cyber Attack Escalatory The United States also has the ability touse similar cyber operations to directly attack Russian military targets, withpossible targets including the shut off of power at a nuclear expertness or anairfield, which will lead to the cause of serious casualties. These attackswill most definitely lead to a triggering of a notable escalatory threshold ofresponse by the Russians. It is significant that many Russian industrialnetworks run computer systems operating Windows XP , and in some cases evenolder systems, while maintaining connections to the Internet. Not only are thesedated systems particularly vulnerable to attack, as evidenced by the UnitedStates already demonstrating its ability to break into these systems. InNovember 2016, the United States reportedly penetrated Russian militarysystems, leaving behind malware to be activated in retaliation in the case ofRussian interference of U.S. elections (Dilanian et. al). This demonstratedboth confidence in the success of the malware implant, and politicalwillingness to trigger a consequential conflict given Russia attacks the UnitedStates in a serious manner (Bernish).Strategic Considerations for U.S. Decisions In response to aRussian cyber attack, the United States strategic responses should be a resultof its classification of the attack as being non-significant, significant, oran act of war. State Department Cyber Coordinator Chris panther said the UnitedStates would respond to incidents on a case- by-case basis in testimony beforethe House Subcommittee on culture Technology and National Security in November2016, saying that retaliation could be through cyber means. It could bethrough diplomacy. It could be through indictments and law enforcementactions.(Pellerin).Some of theseresponses require action while others do not the path taken must be dependenton actual and anticipated effects of a cyber attack, including damage, injury,and death. Painter testified that, cyber activities may in certaincircumstances constitute an armed attack that triggers our inherent right toself-defense as recognized by Article 51 of the U.N. Charter(Hearing on Digital Acts of WarEvolving the Cybersecurity Conversation). The United States could also identify acyberattack as being an infringement upon its territorial integrity andpolitical independence, per Article 2(4) of the Charter. However, recentpolitical happenings indicate that the United States would be hesitant ininvoking Article 51, regard less of whether a Russian cyber attack lead to tokenish death, injury, or damage. Instead, the United States could limit itsdeclarations and address the attack as a significant cyber incident, invokingthe full support of the U.S. military while avoiding over-escalation.Furthermore, even though NATO justifies military response in the realm ofcyberspace, the lack of precedent means that the United States actually hasmore options in responding to Russia if it were to employ use of cyber means,that may or may not lead to conventional consequences. The United States wouldneed to decide between conducting a covert or overt counter-cyber attack. Thetactical considerations noted above show that hidden, non-attributable cyberattacks do not fall within the Department of Defenses deterrence strategy, andwould not be treated as a suitable strategy. In the aftermath of the 2014 SonyPictures hacking by the North Korean government, the United States didntrespond with a public cyber operation, and it was unclear how the UnitedStates may have retaliated against the North in secret, if it even didso.(Sanger). The lack of a publicly noticed retaliation as well mild economicsanctions now seems ineffective as punishment. A status could come up thatwould give the United States the opportunity to execute an immediatelyobservable cyber attack or a preparatory attack (logic bomb), with the targetbeing either a Russian military or civilian infrastructure. Similar to Russia,the United States should also avoid directly targeting a military structure inorder to avoid escalation to full-scale war. As a result of this, the UnitedStates should choose to deploy a cyber weapon against critical Russianinfrastructure, leading to conventional consequences being faced by Russia.Even the use a medium-level choice in terms of retaliation, would requireglobal ramifications to be taken into account. Even still, it ismy testimony to engage in a retaliatory strategy, which employs the use ofboth a com bination of an observable cyber attack through use of loud cyberweapons and logic bombs against significant parts of the Russianinfrastructure. The United States cannot allow Russia to attack them and takeglobal credit for the attack without retaliating in some way to show dominanceover Russia. Loud cyber weapons are particularly suitable for retaliationthat the public is aware of and will show the world that the United States isnot only willing to retaliate, but is better skilled in cyber war and confidentenough in its abilities to retaliate swiftly. Logic bombs targeted againstnon-military sites that still hold significant value to Russian infrastructurewill be the second leg of the suggested attack. The crippling of essentialinfrastructure will both warn the Russians that an attack on us will be metwith an attack that hurts their citizens and keep them from being able toretaliate back since they will not have the resources to come back at theUnited States. Works CitedBatashvili, David. Russias Cyber War Past, Present, and Future. EUobserver, 15 Feb. 2017, euobserver.com/opinion/136909.Delker,Janosch. Germany Fears Russia Stole Information to Disrupt Election.POLITICO, POLITICO, 28 Jan. 2018,www.politico.eu/article/hacked-information-bomb-under-germanys-election/.The Military Doctrine of the Russian Federation, approved byRussian Federation presidentialedict on February 5, 2010 (translated). Accessed athttp//carnegieendowment.org/files/2010russia_military_doctrine.pdf.Understanding Russian Hybrid Warfare and What Can Be Done About It (2017) (testimony of Christopher S. Chivvis). Print.US CyberConsequences Unit. (2009) Overview by the US-CCU of the cyber campaign againstGeorgia in August of 2008Valery Gerasimov, The Value of Science is in the ForesightNew Challenges Demand Rethinking theForms and Methods of Carrying out Combat Operations, Voyenno-PromyshlennyyKurier, February 26, 2013.