Cyber Attacks Prove Why Russia is an Adversary
Recently signed into law, the National Defense Authorization Act for Fiscal Year 2019 (NDAA) elects to label both China and Russia as competitors. This designation mirrors rhetoric employed in the National Security Strategy of the United States (NSS) published in December 2017 and by President Trump while conversing with leaders in the international community. Declining to deem Russia and Russian President Vladimir Putin as adversaries, President Trump has faced bipartisan, yet not unanimous, criticism. While the NSS, NDAA, and President Trump classify China and Russia as competitors, it is my assessment that Russia is an adversary of the United States. This assessment is grounded in the insights provided by examining the cyber and electronic warfare strategy of Russia towards the United States.
Russia’s cyber and electronic warfare strategy emphasizes leveraging its capabilities to exert political influence on former Soviet satellites and foreign powers to ensure that such targets enact policies favorable to the Russian government. The two most profound examples of Russia employing its cyber and electronic capabilities for such malicious purposes are cyber campaigns against Estonia in 2007 and Georgia in 2008.
Cyber Attacks Against American Allies
On April 27, 2007, Russia launched a significant cyber campaign against Estonia, widely regarded as the first major cyber conflict in the international community. Estonia, a former Soviet satellite and a member of NATO, infuriated the Russian government after the Estonian government announced the relocation of a Soviet-era statue, commemorating the sacrifices of Soviet soldiers during World War II, from the center of the Estonian capital, Tallinn. When Russian diplomatic efforts failed to yield substantive results, Russia disrupted the availability of cyber and electronic assets of the world’s most connected population by targeting X-Road, the backbone of Estonia’s electronic communication, with distributed denial of service attacks (DDoS). Consequently, government, media, and military communications disintegrated and Estonians were unable to access banking, government, and payment networks for several weeks.
On August 9, 2008, Russia coordinated a massive cyberattack against Georgia, an American ally and former Soviet satellite, while simultaneously conducting conventional warfare against the former satellite with the intention of “liberating” two disputed Georgian-occupied territories: Abkhazia and South Ossetia. Russian cyber and electronic warfare operations against Georgia proved to be more damaging than those against Estonia, as DDoS attacks employed against Georgia successfully collapsed the nation’s banking and telecommunication infrastructure and enabled Russia to force Georgian troops from the contested regions.
Cyber Attacks Against the United States
On October 24, 2008, a team of signals intelligence (SIGINT) analysts at the National Security Agency (NSA) discovered an anomaly on the classified networks of US Central Command (USCENTCOM). The SIGINT analysts detected signals originating from the classified networks of USCENTCOM, networks that were “air-gapped” from the public Internet and regarded as impenetrable. This intrusion into USCENTCOM networks was alarming, as USCENTCOM is a theater-level Combatant Command of the US Department of Defense tasked with coordinating US operations in Afghanistan and Iraq. Subsequent investigations proved the attack was even more troubling for two reasons, the first of which is it was determined that Russia, who has an extensive history of attempting to assert its influence in Afghanistan, was responsible. Second, it demonstrated that the Department of Defense’s classified networks were not impenetrable, as a USB device infected with malware allowed unauthorized parties access to classified information.
The 2016 Election and Beyond
During the 2016 US Presidential Election, Russia executed an extensive cyber campaign against the United States. The first component of this cybercampaign involved breaching the confidentiality of the cyber assets of prominent leaders and organizations associated with the Democratic Party and the Hillary Clinton Campaign and to disseminate damaging documents and reports. The first breach occurred in September 2015, when the Federal Bureau of Investigation (FBI) contacted the Democratic National Committee’s IT department, warning technicians that their network had been penetrated by cyber actors with ties to the Russian Federal Security Services (FSB). Second, on March 19, 2016, Russian cyberwarriors successfully deceived John Podesta, Hillary Clinton’s campaign advisor, into performing prompts within a phishing email, providing such war fighters with unauthorized access to his account. Last, in May 2016, after employing CrowdStrike, a cyber security firm, to remove malicious software from its networks, the DNC was informed that it was the victim of an advanced persistent threat (APT) and the attack seemingly was the product of the Russian Main Intelligence Directorate (GRU). Damaging data and intelligence collected through these cyber attacks were subsequently disseminated through WikiLeaks and other channels to influence the 2016 Presidential Election.
The second component of Russia’s cyber strategy during the 2016 Presidential Election focused on employing fraudulent botnet accounts to conduct disinformation campaigns against American citizens. According to the indictments of Russian hackers handed down by Special Counsel Robert Mueller, the Internet Research Agency (IRA), the Russian organization with ties to the Kremlin that produced such bots, aimed to propagate distrust among Americans in candidates and their political institutions.
Fundamentally, the Russian cybercampaign during the 2016 Presidential Election was designed to weaken America’s democracy and undermine its political institutions and process. Such intentions are purely those of an adversarial nation, not a mere competitor. The Kremlin’s pursuit to fulfill these objectives has extended beyond the 2016 Presidential Election, as according to Facebook, fraudulent accounts have been used, seemingly by the IRA, to promote divisive social issues in the United States on Facebook in recent months, primarily debates about ICE and Charlottesville protesters. Such malicious intentions, coupled with Russia’s devastating cyberattacks against American allies, warrant Russia be deemed an adversary of the United States.
Photo credit Computer Business Review