The military cyber policy of western nations depends on a strong understanding of the nature of the cyber threat from adversaries, not least Russia. Samuel Cranny-Evens looks at the drivers behind Russia’s aggressive cyberwarfare stance.

By examining some of the key cyberattacks that have been attributed to Russia’s cyber operatives, it is possible to see the role that cyber plays in an informational struggle. For example, the 2020 attack against the US company SolarWinds, which became known in 2021, demonstrated the reach of Russian hackers, as well as their ability to conduct very refined attacks.

The breach was attributed to the SVR, Russia’s foreign intelligence service, which denied the attacks in May. The hack provided access to nine US federal agencies and a multitude of businesses including those in the energy sector, for over nine months. The SolarWinds example could be interpreted as an attempt at sabotage, to disrupt managerial capacity, with the added psychological element of undermining the credibility of US information technology providers.

Furthermore, Microsoft reported on 25 October that the Russian group NOBELIUM had been launching attacks against cloud service and managed service providers intending to gain access to the relationships that these providers have with governments, think tanks and companies. NOBELIUM is also known as Cozy Bear, or ATP29 and is the group associated with the SVR, believed to have conducted the SolarWinds attack. This shows how persistent the information struggle is for the Russian intelligence services and how even a successful attack is to be followed up with additional efforts.

The SolarWinds attack and many others are also likely to have had an espionage element, providing Russia’s intelligence services with access to competitors in the energy market and possibly to defence manufacturers and government agencies. This raises one important caveat about cyberattacks; they broadly fit into the pattern of international competition that has always existed between states. This led military historian Hew Strachan to express concern over describing cyberattacks as a form of warfare in a March 2021 episode of the Royal United Services Institute Western Way of War podcast.

//  Swedish Armed Forces currently operate 147 CB90s. Credit: Saab.

Cyber for Russia forms part of a continuous shaping campaign designed to influence the political conversation. This has direct outputs such as the 2016 email account hack of the US Democratic Party, which led the CIA to conclude that Russia had deliberately intervened in the 2016 election to help Donald Trump become president.

In 2020, the UK’s government stated that Russian hackers had meddled in the 2019 General Election, and the Russian hacking group APT28 – otherwise known as Fancy Bear – was implicated in a 2017 hack and release of leaked documents in Emmanuel Macron’s presidential campaign.

Perhaps the most damaging result of these efforts has been the degradation of the reputation of the West’s democracies and the implication that they are not the pure institutions they were once thought to be. However, a blog posted by CSIS in 2020 observed that Russia has a long history of interfering in foreign elections, indicating that the current paradigm is more of a continuation than a decisive change in tack.

What has changed, is the tactics used by Russia’s cyber assets to achieve their outcomes. The primary approach appears to be the hack and leak, revealing embarrassing details about election competitors for leverage and then ‘fire hosing’ this information through social media channels to amplify and spread its effects.

Attempts to influence the outcome of a political campaign or reduce its legitimacy represent the strategic aspect of Russia’s information struggle, which holds that the borders between peace and war are blurred and that countries exist in a constant state of competition. In this sense, the use of cyber can be regarded as a shaping operation designed to impact an opponent’s thinking without resorting to physical force.

Below the level of international political competition, Russia has also demonstrated the ability to exert physical effects that could be related to a military campaign. In December 2015 a Ukrainian power grid was remotely taken offline by a cyber-attack that had gained access to the SCADA systems controlling the substations and denied power to 200,000 people. This attack was preceded by the 2007 attacks on Estonia that took much of the country’s banking system offline and was followed by an additional attack on Ukraine’s power supply in 2016.

Overall, the goal of Russia’s information struggle has multiple simultaneous goals. It is designed to obfuscate and degrade the quality of information. This has the dual effect of damaging trust in the information audiences receive in the West as well as raising the prospect of restricted freedom in the use of the internet. It also allows Russia to exert some control over the narrative that is spun around its actions.

This aspect of the information struggle would likely become more prominent in the event of a war, wherein Russia would seek to present itself as the just and right cause thereby garnering international support. Aspects of this are apparent in Russia’s Syria campaign, which has routinely sought to deny the use of chemical weapons and loudly advertise the return of refugees to their homes.

Finally, there is a straightforward espionage element, which provides Russia’s intelligence services with a relatively safe and deniable means to access foreign systems to gain a greater understanding of the western system. The role of cyber is therefore clearly important to the Russian concept of information struggle but should be understood in the context of what Moscow perceives to be a constant state of competition.

// Main image: Russia’s use of cyber-attacks as a strategic tool fits within its concept of information warfare. Credit: Shutterstock: Olga_Y