The Evolution of Russian Cyber Warfare: A Modern Threat to Global Security
In the 21st century, the importance of a nation's cyber arsenal and capabilities has become a critical factor in sizing up who the most significant threat is. To be considered a threat to the United States, a country needs to possess technological prowess and have independent interests from the United States. The country that most fits this criterion and is the biggest threat to American security is Russia due to its aggressive nature and comfort level with conflict. Though other countries share similar offensive capabilities in traditional and hybrid warfare, this assessment is based on Russia's character in pursuing war policies and advancements in cyber warfare.
Russia has been called the United States's "most dangerous and successful" adversary because of its "information operations against the United States" (Hicks et al.). Deemed a digital influencer by McDonald and Mina, Russia has gained a reputation due to its aggressive intelligence tactics used to achieve political objectives. For example, in 2018, Russia's Internet Research Agency gained recognition after "the U.S. special counsels investigations indictment of 12 operatives … on charges of spreading disinformation during the 2016 [presidential] election." (McDonald and Mina). Disinformation campaigns can be difficult to trace precisely how far and wide they have infiltrated civilian life and what narratives have been influenced. However, these types of activities fall squarely within the gray zone of conflict—a place between peace and war.
Russia is comfortable with destruction and has historically leveraged the advantages of using hybrid warfare tactics. The recent disinformation campaigns are just one aspect of Russia's approach. Causing destabilization within a country aids Russia in achieving its interests. A similar strategy was applied in Ukraine in 2014 during the Euromaidan revolution; Russia sought to delegitimize the new government via "military aggression, proxy war, and disinformation" (Sokol). Ukraine has long experienced relentless intervention and threats from Russia, which has provided outside observers a front-row seat to Russian tactics and capabilities. Russia treats Ukraine like a "guinea pig", testing cyber attacks and psychological warfare strategies (Greenberg). While simultaneously wreaking havoc on Ukraine's infrastructure and civil stability, Russia has also used these interactions to send messages to other countries about what they can do and how far they are willing to go. As Greenberg noted, "By turning the lights out in Kiev - and by showing that it's capable of penetrating the American grid - Moscow sends a message warning the U.S. not to try a Stuxnet-style attack on Russia or it's allies … it's all a game of deterrence".
Russia has shown on numerous occasions that they are not interested in an allyship with the United States. Instead, the U.S. is an adversary to Russian interests. Lee observed, "Russia might actually strike American utilities as a retaliatory measure if it ever saw itself as backed into a corner" (Greenberg and Lee). "Being backed into a corner" is entirely open to interpretation by the Russian government; it could simply mean they cannot obtain their objective and feel threatened.
The U.S. is not prepared to handle massive blackouts like those caused by Russian malware in Ukraine. As Lee stated when commenting on Russia's capabilities with planting malware within the U.S.'s critical infrastructure, "The people who understand the U.S. power grid know it can happen here ." Greenberg also noted that "American engineers have less experience with manual recovery from frequent blackouts ." In addition, the power systems used in the Ukraine power grid are less technologically advanced than in the U.S., making it more of a challenge. However, this makes the U.S. is a more appealing target providing a larger attackable surface to work with given the higher level of the interconnectivity of critical systems (Greenberg). In addition to not being prepared to handle massive blackouts across key cities, the U.S. is also not prepared to handle psychological attacks like what was seen in the disinformation campaigns. Unfortunately, because of the freedom the U.S. affords its citizens, disinformation has proven to be challenging to combat.
When looking at appropriate policy prescriptions, it is essential to emphasize the comfort level of Russia operating within the gray zone and how the pressure caused by the imminence of war is part of their strategy. The power grid and other vital components of critical American infrastructure should be the main priority, closely followed by efforts to combat disinformation campaigns.
In no particular order, critical infrastructure should be segmented systematically as much as possible in the event malware infiltrates a system; hyper-segmentation can help prevent malware from spreading, making it more difficult to attack. Additionally, failover mechanisms should allow the systems to shut down before destruction. Assante proved that machines could be hacked to death, never to come back alive again (Greenberg). In attempting to restore power, this could be devastating and cause fatal delays if the machines needed to be replaced. Moreover, finally, ensuring full redundancy in all systems. For example, if a location were infected with ransomware, the engineers would have the ability to fail over to isolated backup systems. This isolation would also keep the malware isolated and prevent it from spreading to other locations.
Strengthening cyber attribution is a potential solution to aid in weakening disinformation campaigns. In the context discussed by Hicks, cyber attribution was focused on attributing an attack to a specific country. In the situation addressed in this essay, attribution would be applied to determining the source of origin for information. Perhaps by displaying the source of material in circulation, making it clear where the information originated.
In conclusion, Russia is the biggest threat to American security not because of its capabilities but because of its will for war and blatant disregard for peaceful institutions. As history has shown, Russia will do whatever it takes to be perceived as powerful, even at the cost of human lives.
Greenberg, Andy. “Russia’s Cyberwar on Ukraine Is a Blueprint for What’s to Come.” Wired, 20 June 2017, www.wired.com/story/russian-hackers-attack-ukraine.
Hicks, Kath et al, “By Other Means: Part II: Adapting to Compete in the Gray Zone”, Center for Strategic and International Studies, 2019 www.csis.org/analysis/other-means-part-ii- adapting-compete-gray-zone. Accessed 7 Feb. 2022.
Sokol, Sam. “Russian Disinformation Distorted Reality in Ukraine. Americans Should Take Note.” Foreign Policy, 2 Aug. 2019, foreignpolicy.com/2019/08/02/russian- disinformation-distorted-reality-in-ukraine-americans-should-take-note-putin-mueller- elections-antisemitism.
