Cyber Warfare
The Russian government is considered to be one of the most advanced cyber actors globally, with highly sophisticated cyber capabilities on par with the other major cyber powers. Open source information about Russian cyber programs and funding is scarce, but an ultimate goal of the government is to gain information superiority, both in peacetime and in military conflicts.
According to U.S. intelligence, Russia is a top nation state threat to American interests. Russian armed forces have been establishing a cyber command and a specialized branch to carry out computer network operations. It is likely that Russia aspires to integrate cyber into all military services. For example, the Russian government news agency TASS has reported that strategic missile forces are establishing special cyber units, and according to Russian general Yuri Kuznetsov, cyber defense units in the Russian armed forces will acquire operational capabilities by 2017.
Researchers from China have observed that Russian armed forces have rehearsed both attacking an adversary’s cyber targets and defending themselves against cyber attacks. It is believed that Russia, in addition to its espionage over the last decade against Western governments, is conducting its own active research and development of cyber weapons. It has also been alleged that FSB develops sophisticated computer malware programs.
However, despite a belief shared by many that Russia possesses capabilities to conduct cyber network attacks with physical effects equivalent to a kinetic attack, in the recent hybrid conflicts in Georgia and Ukraine, only a limited use of cyber attacks has been recorded. No physical damage, or disruption of critical infrastructure or weapons has been reported, but there is evidence that Russian actors are capable of taking down services. For example, Russian APT28 (Pawn Storm/Sofacy/Tsar Team) shut off transmissions of French TV5 Monde for 18 hours, and its cyber attacks allegedly resulted in significant damage to the channel’s infrastructure. Moreover, the Ukrainian security service (SBU) reported in December 2015 that Russian security services have planted malware into the networks of Ukrainian regional power companies. Power outages are reported to have occurred shortly thereafter. However, due to the lack of investigation and evidence, it is not possible to attribute these outages to any actors.
The majority of analysts concede that Russian cyber attacks have been closely coordinated with military operations both in Georgia and Ukraine. As part of their information warfare campaign, Russians used electronic warfare (EW) and signals intelligence in both theatres. Much less known is the fact that in March 2014, Russian EW forces rerouted internet traffic from Crimean servers to Russian servers, most likely for eavesdropping purposes. There is also consensus that the effects of Russian cyber attacks have been limited – in Georgia, cyber attacks created a military advantage only at the operational and tactical levels, and in Ukraine, Russian cyber attacks had only a short term tactical effect. Hence in both theatres, strategic effects (diminishing opponent’s will or capacity to resist) and military effects (degrading performance of opponent’s military) were not achieved.
The most sophisticated cyber capabilities used in these conflicts have been cyber espionage campaigns sponsored or supported by the Russian government. For example, security companies have gathered evidence indicating that APT28 (which targeted the Georgian government), and APT29 (whose targets are consistent with Russian government interests in regards to the Ukrainian conflict) were both sponsored by the Russian government. Russian APTs possess sophisticated cyber capabilities (e.g. ability to exploit zero-day vulnerabilities, target mobile devices, evade detection, and hide operational command and control). Furthermore, a prominent cyber espionage campaign against the Ukrainian military and government officials, Operation Armageddon, has been attributed by SBU to the Russian Federal Security Service (FSB). This has been corroborated by technical evidence from an independent security company.
In addition to gathering intelligence, some Russian APTs are able to remotely access industrial control systems (ICS). A cyber espionage group Sandworm (that has been active in Ukraine) uses BlackEnergy malware that is believed to also be embedded into critical infrastructure in the U.S. It is interesting to note that four Russian APTs have been using particular types of malware, which suggests links between these actors.
Russia is developing asymmetric measures to offset the West’s technological and conventional edge. While total information superiority has not been attained, the final outcome of the cyber build up is uncertain, and it will continue to be a topic of concern for businesses and nations for the foreseeable future.