Russian Cyber Operations. Scott Jasper

       Foreword

      Since World War II, we have faced Russia in the Cold War and now, after the “fall of the Wall,” in a new era of both conflict and competition. Scott Jasper, on the faculty at the Naval Postgraduate School, does an excellent job of laying out the facts and the issues that Russia poses to the United States and other nations. We are at a critical juncture, and it is not clear how Russia will evolve. Scott helps us frame key issues in the cyber domain from both a technical and legal perspective.

      On November 9, 1989, East German spokesman Günter Schabowski said that the people of East Germany would be free to travel to West Germany, which led to the fall of the Berlin Wall and the unification of Germany. These actions led not only to the dissolution of the Soviet Union on December 26, 1991, but also to the end of Russia’s position as a superpower rival of the United States. These facts continue to impact Russian politics today.

      Much has changed since 1991. Amazon, iPhones, “the cloud,” Twitter, Facebook, and the underlying financial strength of Internet-based businesses have been huge for the US economy. But not for Russia. Its economy has been weak, and sanctions have had a significant and detrimental impact on the country.

      But Russia has not been quiet during this time.

      In 2007, we predicted that cyber power would be used as an element of national power and that cyber operations would evolve from disruptive to destructive attacks. This in part was based on the fact that international networks were moving from analog to digital—a process that the invention and development of the iPhone helped to accelerate. As the networks became more digital, it was logical to see that they could also be avenues for exploitation and attack. And Russia has led the way in the offensive use of cyber power across a number of operations.

      In April and May of 2007, Russian hackers attacked Estonia over a disagreement on the relocation of the Bronze Soldier of Tallinn, an elaborate grave marker for Soviet soldiers. Cyber power was now being used as an element of national power. Russia used cyberattacks in its physical attack on Georgia in August of 2008. It attacked the Georgian government and financial companies at the same time that its military units crossed into Georgia.

      In October 2008, the United States detected malware in classified networks. It is ironic that the intrusion into Department of Defense networks would lead to the formation of US Cyber Command. On November 11, 2008, Secretary Bob Gates delegated the operational control of DOD defensive units under me, placing both offense and defense under one commander and paving the way for the creation of US Cyber Command.

      In the first posture statement to the House Armed Services Committee on September 23, 2010, we noted that “competition and even conflict in cyberspace are a current reality.” Since then, by closely watching the Russians, we have observed them increasing the intensity of overt and covert confrontation in every domain. In large part, this is in order to achieve their goal of restoring Russia to the status of a great power and fulfill their objective of reasserting influence on the global stage.

      Russia has incorporated cyber operations into new models and forms of warfare, as we witnessed in their annexation of Crimea, followed by the havoc and disruption they are creating in Ukraine over the Donbass region. In Ukraine, the Russians have undermined the international norms of responsible behavior they originally helped establish. These attacks are testing legal criteria for qualification of their cyber operations as a wrongful act or an armed attack.

      In 2016, Russia used cyber-enabled information operations to subvert and interfere in elections here in the United States, in our allies’ European Union elections, and in the 2017 French presidential election. In using new tools of influence, Russia has simply adapted tried and tested techniques and measures from the Cold War to the Internet age.

      Russia has also conducted disruptive and destructive attacks (named Bad Rabbit and NotPetya, respectively). On June 27, 2017, Russia used NotPetya to attack key Ukrainian organizations. While the majority of the attacked companies were in Ukraine, companies that did business with the country were also affected, including Maersk, Merck, FedEx subsidiaries, and a number of other global companies. Tom Bossert, former Homeland Security adviser to the White House, claimed the total damage from this one attack was over $10 billion, as noted by Andy Greenberg in Wired magazine on August 23, 2018.

      US diplomacy, sanctions, indictments, and other government responses have not altered Russian behavior in cyberspace. Russian cyber activities are prompting a new US cyber strategy of persistent engagement in day-to-day competition to defend US interests. At the same time, Russian state and proxy actors have increased the speed, scale, and sophistication of their cyber operations. They are using innovative techniques and tools, some stolen and released, including fileless malware and legitimate applications.

      Scott highlights that commercial security capabilities have evolved in automated cyber defenses to defeat cyber offensive operations. Commercial entities are integrating endpoint detection and response capabilities into security operating platforms with cloud-based threat intelligence. The implementation of these defenses in a technical offset strategy that embraces data-correlation technologies holds promise to diminish Russian advantages.

      In reply to Russian cyber operations that act as aspects of conflict or components of competition, Scott examines actual cyber campaigns and incidents to understand how Russia exploits technical means and legal regimes to evade attribution and retribution. The most concerning example of this strategy was when Russia penetrated the control rooms of American electric energy utilities in 2018. To counter these operations that routinely and adeptly fall below the threshold of an armed attack, Scott evaluates methods for cost imposition and argues for robust solutions for resilience to withstand attacks.

      This book is a must-read as the possibility for future cyber engagements with Russia grows. Scott Jasper provides a great foundation and analysis that all of us would benefit from knowing.

      Gen. Keith Alexander, USA (Ret.)

      former commander of US Cyber Command and former director of the National Security Agency