Category Archives: Terror

Hey State Dept. What’s the Hurry?

Posted on by
Office of the Spokesperson
Washington, DC
May 19, 2016

Terrorist Designations of ISIL-Yemen, ISIL-Saudi Arabia, and ISIL-Libya

U.S. State Department: The Department of State has announced the designation of the Islamic State of Iraq and the Levant’s (ISIL’s) branch in Libya (ISIL-Libya) as a Foreign Terrorist Organization under section 219 of the Immigration and Nationality Act (INA). Today, the Department is also simultaneously designating ISIL-Libya, along with the ISIL branches in Yemen and Saudi Arabia, as Specially Designated Global Terrorists under Section 1(b) of Executive Order (E.O.) 13224, which imposes sanctions and penalties on foreign persons that have committed, or pose a serious risk of committing, acts of terrorism that threaten the security of U.S. nationals or the national security, foreign policy, or economy of the United States.

The consequences of the FTO and E.O. 13224 designations include a prohibition against knowingly providing, or attempting or conspiring to provide, material support or resources to, or engaging in transactions with, these organizations, and the freezing of all property and interests in property of these organizations that is in the United States, or come within the United States or the control of U.S. persons. The Department of State took these actions in consultation with the Departments of Justice and the Treasury.

ISIL-Yemen, ISIL-Saudi Arabia, and ISIL-Libya all emerged as official ISIL branches in November 2014 when U.S. Department of State-designated Specially Designated Global Terrorist and ISIL leader Abu Bakr al-Baghdadi announced that he had accepted the oaths of allegiance from fighters in Yemen, Saudi Arabia, and Libya, and was thereby creating ISIL “branches” in those countries.

While ISIL’s presence is limited to specific geographic locations in each country, all three ISIL branches have carried out numerous deadly attacks since their formation. Among ISIL-Yemen’s attacks, the group claimed responsibility for a pair of March 2015 suicide bombings targeting two separate mosques in Sana’a, Yemen, that killed more than 120 and wounded over 300. Separately, ISIL-Saudi Arabia has carried out numerous attacks targeting Shia mosques in both Saudi Arabia and Kuwait, leaving over 50 people dead. Finally, ISIL-Libya’s attacks have included the kidnapping and execution of 21 Egyptian Coptic Christians, as well as numerous attacks targeting both government and civilian targets that have killed scores of people.

After today’s action, the U.S. Department of State has now sanctioned eight ISIL branches, having previously designated ISIL-Khorasan, ISIL-Sinai, Jund al-Khilafah in Algeria, Boko Haram, and ISIL-North Caucasus. Terrorism designations are one of the ways the United States can expose and isolate organizations and individuals engaged in terrorism, impose serious sanctions on them, and enable coordinated action across the U.S. Government and with our international partners to disrupt the activities of terrorists. This includes denying them access to the U.S. financial system and enabling U.S. law enforcement actions.

About that Prison in the Heart of London

Posted on by

Belmarsh prison: ‘The jihadi training camp right in the heart of London’

Jamal, 27, a Muslim university graduate, served part of his sentence for bank fraud in Belmarsh maximum-security prison. He was released two weeks ago and turned whistleblower. This is his shocking testimony, as told to David Cohen

StandardUK: Soon after I arrived in Belmarsh in 2014, news came through that Mosul in Iraq had fallen to Islamic State and the prison erupted. There were chants of “Allahu Akbar”, wild banging on the doors and joyous shouting of “we are going to take over” throughout the wing. It was like a big party that went on unchecked for several hours.

 belmarsh13.jpg

I was devastated because I watched how prison officers seemingly took no action, leaving new inmates like myself with the impression that the real people in charge were not the warders, but a terrifying group of radical Islamists known as “the Brothers” or “the Akhi”, which is Arabic for brother.

Related reading: List of most notorious prisoners at Belmarsh

We had around 200 people on our wing, about half of them Muslim, but there was a hard core of 20 “brothers” in for terrorism or terror-related of-fences who were very popular and had enormous influence. They were treated like celebrities by the other inmates and included the guy who in 2007 tried to blow up Glasgow airport.

Former inmate: Belmarsh prison ‘is like a jihadi training camp’

They were intelligent, well read and soft-spoken and they welcomed me with open arms because, as a fellow Muslim, they thought they could turn me into one of them. They would drape their arm around me, call me “my brother”, offer me cigarettes, food and any support I needed.

Their next step was to drum home their message about Islam and to tell us that we were inside because of the evil system. They would say that the kuffar [a derogatory term for non- Muslims] had been killing our women and children and that our calling was to become “a soldier of peace”. They talked about going to fight in Syria and Iraq when they got out and joining the war for a Muslim caliphate.

I was brought up the son of a bookkeeper in a mainstream Muslim household that mixed with Jewish and Christian people and respected all religions. I was in prison because of what I had done as a stupid young bank clerk signing off documents at the request of others. I had not benefited by one penny financially and naively thought my reward would be fast promotion, but I was balanced enough to know that I was in the wrong, not the system.

In my second week, on the way to Friday prayers, I said something about showing tolerance to other religions and one of the Akhi, who was in for terrorism, turned to me and said emphatically: “No, there is zero tolerance, they are all kuffar and we have to destroy them.” After that he let it be known that I was kuffar and that nobody should greet me or associate with me.

I felt vulnerable because I saw what happened to people branded kuffar. In the cell be-side mine, there were two black Muslims and a Christian and one day there was a lot of petty arguing over a kettle. The next day, the Muslims made up a story about the Christian disrespecting Islam and next thing 25 prisoners stormed his cell and beat him up. He got moved after that. In my cell there were also two black guys who had converted to Islam, and when I was made kuffar, they let it be known that if anybody stormed our cell, they would not protect me. I was scared so I asked to see the imam, but that was another mistake.

There are about six imams in Belmarsh and apart from one, who was supportive, the other imams either ignored me or appeared to be sympathetic to the extremists. It was shocking. After that I kept my head down and only left my cell if I had to. All around I witnessed people being radicalised. Instantly you could see the change. They would start to wear their trousers rolled below the knee, something Prophet Muhammad did, they would grow facial hair, they would call each other “Akhi” and they became hyper-aggressive towards anybody not into radical Islam.

Three quarters of those being radicalised had been involved in gangs  and were in for violent crime or drugs. They understood that the biggest gang inside Belmarsh was the Brothers and that they needed them for their protection. But it also gave them a sense of identity.

People would boast that as soon as they got out, they were going out to Syria. They were young and impressionable. There were so many would-be jihadists in there I felt like an intruder at a jihadi training camp. There were also plenty of moderate Muslim inmates like myself who suffered because we couldn’t speak out. I couldn’t believe how the flaws in the system effectively support the extremists.

After five months I got moved to Highpoint, a category C men’s prison in Suffolk. I was there for the Charlie Hebdo attack in January 2015 and again there were prisoners openly praising the attackers and embracing one an-other, although not as many as in Belmarsh. I complained to a chief prison officer who said: “We know what’s going on but we don’t have the funding or staff to do anything about it.” Again, the imams were useless. When I told one imam that we were being asked to take on jihad and sought guidance as to what our duties were, he said: “It’s not clear-cut. Do whatever you think is right.” People took their passivity as a licence to follow jihadism.

Because there was no challenge to this from the authorities, you are left to your own devices. Later I was transferred to Brixton prison where the imam was excellent, but he was seen as “a weak imam” by many inmates because they associate moderateness with weakness. The higher the category of prison, the more the Brothers have impact. The prisons need to isolate the extremists from impressionable young prisoners under the age of 30. The imams could be playing a huge role as they are the ones who can identify them.

I’ve decided to speak out, at some danger to myself, because I want to expose the reality of what’s going on. The Government has sunk cash into their Prevent programme to tackle radicalisation in the community, but ignored the fact that the biggest jihadi training camp in the UK is right here in Belmarsh in the heart of London. It’s beyond belief. We need the counter-terrorism budget to extend to prisons, otherwise it’s useless.

Since I’ve come out, I have been working with my mentor, Sab Bahm, founder of the Salaam Peace charity in east London. I have been reminding myself that I was once “gifted and talented” at school, captain of the football team, a straight-A star student. I have to pick myself up and start again. But before I do, I feel a responsibility to pass this on. Somebody in power needs to do something about it. It is appalling and outrageous what they are being allowed to get away with.

  • Jamal’s name has been changed

Debris Found for EgyptAir #804

Posted on by

Missing EgyptAir Flight Likely Downed by Terror Attack, Minister Says
Airbus A320 carrying 66 passengers, 10 crew lost by radar while flying at 37,000 feet above the Mediterranean; EgyptAir vice president tells CNN wreckage found.

 Previous flights for the same day.
Haaretz: An EgyptAir jet carrying 66 passengers and crew from Paris to Cairo disappeared from radar over the Mediterranean south of Greece on Thursday, with Athens saying the plane swerved in mid-air before plunging from cruising height and vanishing.
Egypt’s aviation minister said a terrorist attack was more likely to have taken down the aircraft than a technical failure.
EgyptAir Vice President Ahmed Adel has since said in an interview with CNN that the wreckage of the missing plane has been found.

“There are so many reasons why a plane can fall from the sky and crash. We have no explanations at this stage. We need more investigation,” he said.
Egypt’s envoy to France said Greek authorities had informed his counterpart in Athens that they had found blue and white debris corresponding to EgyptAir’s colors.
Later, Egypt’s Civil Aviation Ministry said that Greek authorities have found “floating material” that is likely to be debris from the missing aircraft.

Greece deployed aircraft and a frigate to search for the missing Airbus and officials said they had found pieces of plastic and two life vests that appeared to have come from an aircraft in the sea 370 kilometers (230 miles) south of Crete.
Egyptian Prime Minister Sherif Ismail said it was too early to rule out any explanation, including an attack like the one blamed for bringing down a Russian airliner over Egypt’s Sinai Peninsula last year.

Egypt said it would lead the investigation and that France would participate. Other countries also offered to help, including Britain and the United States.
In Washington, U.S. President Barack Obama received a briefing on the disappearance from his adviser for homeland security and counter-terrorism, the White House said.
Greek Defense Minister Panos Kammenos said the Airbus had first swerved 90 degrees to the left, then spun through 360 degrees to the right. After plunging from 37,000 feet to 15,000, it vanished from Greek radar screens.
According to Greece’s civil aviation chief, calls from Greek air traffic controllers to flight MS804 went unanswered just before it left Greek airspace, and it disappeared from radar screens soon afterwards.
There was no official indication of a possible cause, whether technical failure or sabotage by hard-line Islamists who have targeted airports, airliners and tourist sites in Europe, Egypt, Tunisia and other Middle Eastern countries over the past few years.
The aircraft was carrying 56 passengers — with one child and two infants among them — and 10 crew, EgyptAir said. They included 30 Egyptian and 15 French nationals, along with citizens of 10 other countries.


Asked if he could rule terrorist involvement, Prime Minister Ismail told reporters: “We cannot exclude anything at this time or confirm anything. All the search operations must be concluded so we can know the cause.”

French President Francois Hollande also said the cause was unknown. “No hypothesis can be ruled out, nor can any be favored over another.”
With its archaeological sites and Red Sea resorts, Egypt is a traditional destination for Western tourists. But the industry has been badly hit by the downing of a Russian Metrojet flight last October, in which all 224 people on board were killed, as well as by an Islamist insurgency and a string of bomb attacks.
No response
Greek air traffic controllers spoke to the pilot as the jet flew over the island of Kea, in what was thought to be the last broadcast from the aircraft, and no problems were reported.
But just ahead of the handover to Egyptian controllers, calls to the plane went unanswered.
“About seven miles before the aircraft entered the Cairo airspace, Greek controllers tried to contact the pilot but he was not responding,” said Kostas Litzerakis, head of Greece’s civil aviation department. Shortly after exiting Greek airspace, it disappeared from radars, he said.
Greek authorities were searching the sea south of the island of Karpathos, Greece’s Defense Minister Kammenos told a news conference.
“At 3:39 A.M., the course of the aircraft was south and southeast of Kassos and Karpathos (islands),” he said. “Immediately after, it entered Cairo flight information region and made swerves and a descent I describe: 90 degrees left and then 360 degrees to the right.”
The Airbus plunged from a height of 37,000 feet (11,280 meters) to 15,000 feet before vanishing from radar, he added.

Egyptian Civil Aviation Minister Sherif Fathi said authorities had tried to resume contact but without success.
‘No one knows anything’
At Cairo airport, authorities ushered families of the passengers and crew into a closed-off waiting area.
Two women and a man, who said they were related to a crew member, were seen leaving the VIP hall where families were being kept. Asked for details, the man said: “We don’t know anything, they don’t know anything. No one knows anything.”
Ayman Nassar, from the family of one of the passengers, also walked out of the passenger hall with his daughter and wife in a distressed state. “They told us the plane had disappeared, and that they’re still searching for it and not to believe any rumors,” he said.
The mother of a flight attendant rushed out of the hall in tears. She said the last time her daughter called her was Wednesday night. “They haven’t told us anything,” she said.
In Paris, a police source said investigators were now interviewing officers who were on duty at Roissy airport on Wednesday evening to find out whether they heard or saw anything suspicious. “We are in the early stage here,” the source said.
Airbus said the missing A320 was delivered to EgyptAir in November 2003 and had operated about 48,000 flight hours.
The missing flight’s pilot had clocked up 6,275 hours of flying experience, including 2,101 hours on the A320, while the first officer had 2,766 hours, EgyptAir said.
At one point, EgyptAir said the plane had sent an emergency signal at 04:26 A.M., two hours after it disappeared from radar screens. However, Fathi said later that further checks found that no SOS was received.
Egypt and France to cooperate
The weather was clear at the time the plane disappeared, according to Eurocontrol, the European air traffic network.
Under UN aviation rules, if the aircraft is found to have crashed in international or Egyptian waters, Egypt will automatically lead an investigation into the accident, assisted by countries including France, where the jet was assembled, and the United States, where engine maker Pratt & Whitney is based.
Russia and Western governments have said the Metrojet plane that crashed on October 31 was probably brought down by a bomb, and ISIS said it had smuggled an explosive device on board.
That crash called into question Egypt’s campaign to contain Islamist violence. Militants have stepped up attacks on Egyptian soldiers and police since Egypt’s President Abdel-Fattah al-Sissi, then serving as army chief, toppled elected President Mohamed Mursi, an Islamist, in 2013 after mass protests against his rule.
In March, an EgyptAir plane flying from Alexandria to Cairo was hijacked and forced to land in Cyprus by a man with what authorities said was a fake suicide belt. He was arrested after giving himself up.
EgyptAir has a fleet of 57 Airbus and Boeing jets, including 15 of the Airbus A320 family of aircraft, according to airfleets.com.

***** Other details include:

  1. Plane went through full maintenance less than a week ago.
  2. Plane departed about 25 minutes late.
  3. MS804 stopped in Tunisia, Cairo, Brussels, Eritrea prior to Paris.
  4. Passenger list included: 15French 30Egyptian 1British 1Belgian 2Iraqis 1Kuwaiti 1Saudi 1Sudanese 1Chadians 1Portuguese 1Algerian 1Canadian

Final summary: Debris has been spotted some 210 miles southeast of Crete in the Eastern Mediterranean that is believed to have been from EgyptAir Flight MS804. The passenger jet, an Airbus 320, left the Charles De Gaulle Airport in Paris, France at about 9:30pm local time. On board were 56 passengers, 7 crew and 3 air marshals. At around 2:30am Cario-time, Flight 804 was crossing into Egyptian airspace and being handed off from Greek air controllers. The last radio traffic indicated that there were no problems. At an altitude of some 37,000 feet, the Airbus 320 suddenly dove some 22,000 feet and began to swerve and turn, then, disappeared from radar. Search efforts were launched immediately.

‘Unsafe’ intercept over South China Sea

Posted on by

Pentagon: ‘Unsafe’ intercept over South China Sea

 

Washington (CNN)At least two Chinese J-11 tactical aircraft carried out an “unsafe” intercept of a United States EP-3 reconnaissance aircraft that was conducting a routine mission in international airspace over the South China Sea, a U.S. defense official told CNN Wednesday.

The Chinese jets came within 50 feet of the American aircraft at one point, the official said.
The incident took place on Tuesday.
 
“We have made progress reducing risk between our operational forces and those of the People’s Republic of China by improved dialogue at multiple levels under the bilateral Confidence Building Measures and the Military Maritime Consultative Agreement,” Capt. Jeff Davis, a Pentagon spokesman, said.
“Over the past year, we have seen improvements in PRC actions, flying in a safe and professional manner,” he said. “We are addressing the issue through the appropriate diplomatic and military channels.”
A separate defense official told CNN this type of incident is not something the U.S. military frequently sees in that region with Chinese aircraft. Incidents with Russian aircraft in the Black Sea that have been well documented over the past year are much more common.
This is an incident that “definitely has people’s attention” at the Pentagon, the second official said.
“This is potentially part of a disturbing trend line as the Chinese try to push their military envelope into greater parts of the sea surrounding their mainland,” Sen. Chris Murphy, a Democrat who serves on the Senate Committee on Foreign Relations, told CNN’s Wolf Blitzer.
Murphy said that it is important that the U.S. does not overreact to these types of occurrences, which have recently involved Chinese and Russian militaries.
“What the Chinese and the Russians are trying to do is to provoke us into some kind of action that will feed into their domestic narratives, both in China and in Russia,” Murphy said.
****
What is China doing?
 

China’s Putting Anti-Stealth Radar in the South China Sea

Radar installed on an “artificial” island could detect the B-2, F-35, and F-22.

PopularMechanics: China appears to be building an anti-stealth radar system on an artificial island in the middle of the South China Sea, where a military-grade system would be useful in detecting stealth aircraft in the contentious and contested area.

Satellite imagery obtained by the Center for Strategic and International Studies’ Asian Maritime Transparency Initiative and DigitalGlobe (which provided the images above and below) shows the Cuateron Reef recently enlarged by dredging and now measuring about 52 acres. Beijing didn’t stop there. The imagery also shows that China has built or is building two radar towers, a lighthouse, a communications tower, bunker, and quay for the docking of supply ships. The most interesting development is a large field covered with evenly spaced 20 meter poles. This is the kind of thing you’d need for over-the-horizon high-frequency radar systems, which can detect objects at up to 3,000 kilometers (1,864 miles), including stealth aircraft.

While HF radars can spot stealth planes, they cannot guide missiles to targets—for now. Even so, the radars are useful in providing an early warning network, cueing Chinese fighter planes such as the J-11—also based on an artificial island in the South China Sea—to the probable location of stealth aircraft.

The position of the radar would be ideal for detecting American and allied aircraft operating from bases in the Philippines. The Philippines, embroiled in a dispute with China over the Scarborough and Second Thomas shoals—has made its air and naval facilities available to the United States.

In recent years, China has laid claim to 90 percent of the South China Sea. While many countries claim part of the South China Sea, none have claimed—and seized—as much as China. To support its claim, China has taken several shoals and reefs and expanded them dramatically with sand dredged from the sea floor. China believes (or at least claims) that this bit of terraforming amounts to a legal transformation of these shoals from nuisance navigational hazards to full sovereign territory, complete with a12-mile territorial boundary and a 200 mile exclusive right to economic development.

The radar site, first noticed in 2015, became particularly newsworthy after last week’s announcement that China had deployed HQ-9 long-range surface-to-air missiles on another artificial island in the South China Sea. Although the two systems are too far apart to support one another, together they do support the argument that China is fortifying the South China Sea.

Russia’s Other War, Cyber

Posted on by

 

Finding weakness and exploiting it in the cyber realm is hidden warfare, few speak about. For the West, Russia tops the list. China, Iran and North Korea are also on the short list. For Russia’s other targets, the Baltic States are in the Russian target list.

CBS: The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Thursday, as he delivered the annual assessment by intelligence agencies of the top dangers facing the country.

“While I can’t go into detail here, the Russian cyber threat is more severe than we had previously assessed,” James Clapper, the director of national intelligence, told the Senate Armed Services Committee, as he presented the annual worldwide threats assessment.

As they have in recent years, U.S. intelligence agencies once again listed cyber attacks as the top danger to U.S. national security, ahead of terrorism. Saboteurs, spies and thieves are expanding their computer attacks against a vulnerable American internet infrastructure, chipping away at U.S. wealth and security over time, Clapper said.

Russia ‘was behind German parliament hack’

BBC: Germany’s domestic intelligence agency has accused Russia of being behind a series of cyber attacks on German state computer systems.

The BfV said a hacker group thought to work for the Russian state had attacked Germany’s parliament in 2015.

This week it emerged that hackers linked to the same group had also targeted the Christian Democratic Union party of Chancellor Angela Merkel.

Russia has yet to respond publicly to the accusations made by the BfV.

Sabotage threat

BfV head Hans-Georg Maassen said Germany was a perennial target of a hacker gang known as Sofacy/APT 28 that some other experts also believe has close links with the Russian state. This group is believed by security experts to be affiliated with the Pawn Storm group that has been accused of targeting the CDU party.

The Russian Cyber Threat: Views from Estonia

Tensions between Russia and its adversaries in the West are escalating. In recent years, Russia has undermined the security of its neighbors by violating their land borders, crossing into their airspace unannounced and harassing them above and below sea level. Less noticed or understood, however, are Moscow’s aggressive actions in cyberspace. The small Baltic country of Estonia—a global leader in digital affairs—is well-placed to shed light on the tactical and strategic aspects of Russia’s offensive computer network operations.

In fact, three civilian and intelligence agencies responsible for cyber security—the Estonian Information System Authority, Internal Security Service and Information Board—recently issued reports that help put together different pieces of the puzzle. The conclusion is that “in cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO.” Now policymakers on both sides of the Atlantic must decide what to do about it.

Russia has been developing and employing offensive cyber capabilities for years. Russian cyber threat groups consist of professional, highly skilled practitioners whose daily jobs are to prepare and carry out attacks. And they don’t go after low-hanging fruit; instead, they receive specific orders on which institutions to target and what kind of information is needed. Criminals, hacktivists, spies and others linked to Russian strategic interests are usually well-financed, persistent and technologically advanced. They have a wide range of tools and resources, including the ability to carry out denial-of-service attacks, develop sophisticated malware and exploit previously unknown software vulnerabilities. Russian threat actors cloak their identities by using remote servers and anonymizing services. They target everything from the mobile devices of individuals to the IT infrastructure of entire government agencies.

Often, Russian threat actors map target networks for vulnerabilities and conduct test attacks on those systems. After carrying out reconnaissance, they conduct denial-of-service attacks or try to gain user access. Common techniques include sending emails with malicious attachments, modifying websites to infect visitors with malware and spreading malware via removable media devices like USB drives. Once inside, they continue to remotely map networks, attempt to gain administrator-level access to the entire network and extract as much sensitive data as possible. Such access also lets them change or delete data if that’s what the mission requires. They’ll often go after the same targets for years to get what they need. They have the confidence that comes from perceived anonymity and impunity; if they make a mistake or fail, they’ll simply try again.

These tactical activities are carried out in pursuit of strategic objectives. In the long term, this includes undermining and, if possible, helping to dissolve the EU and NATO. Moscow also aims to foster politically divided, strategically vulnerable and economically weak societies on its periphery in order to boost its own ability to project power and influence on those countries’ decisions. Russian cyber threat actors help by stealing military, political or economic data that gives Russia advantages in what it sees as the zero-sum game of foreign relations. The exfiltrated data can be used to recruit intelligence agents or provide economic benefits to its companies. Cyber capabilities can also be used to carry out influence operations that undermine trust between the citizens and the state. Telling examples of that strategy include its multi-week distributed-denial-of-service (DDoS) attacks against Estonia in 2007, its coordinated attacks against Ukraine’s 2014 presidential elections and the false-flag operation against a French telecommunication provider in 2015.

Most worryingly, today’s intelligence operations can enable tomorrow’s military actions. Influence operations, including the use of propaganda and social media, can create confusion and dissatisfaction among the population. Denial-of-service attacks can inhibit domestic and international communication. Coordinated, plausibly deniable attacks on multiple critical national infrastructure sectors can disrupt the provision of vital services such as energy, water, or transportation. This can provide a context for the emergence of “little green men”. Malicious code can be weaponized to hinder military and law enforcement responses. Clearly, cyber capabilities have the potential to be a powerful new tool in the Kremlin’s not-so-new “hybrid warfare” toolbox. With enough resources and preparation, they can be used in attempts to cause physical destruction, loss of life and even to destabilize entire countries and alliances. Such operations could be but a decision or two away in terms of planning, and perhaps several months or years before implementation. What can be done about it?

Preventive and countermeasures exist at the personal, organizational, national and international levels. Individuals should take “cyber hygiene” seriously, since Russian threat actors target both personal and work devices. This includes employing basic security technologies, backing up data, not visiting dubious websites and not opening suspicious emails. Organizations that handle sensitive information should adopt stricter security policies, including for handling of work-related data on personal devices. Information systems managers must be especially vigilant since they are primary targets, and weak personal security on their part may compromise national security. For their part, governments must enact the basics: computer security laws, national cyber strategies, a police focus on cybercrime, national CERTs, public-private partnerships and capable intelligence agencies. They also need continuous training and exercises to keep relevant agencies prepared for their missions. Finally, global cooperation and expeditious exchange of information among cyber security firms, national computer security incident response teams (CSIRTs) and security services are key to identifying Russian attack campaigns and taking defensive countermeasures.

All such countermeasures comprise elements of a deterrence-by-denial strategy that aims to raise the cost of carrying out malicious operations. States have also undertaken diplomatic initiatives to manage the potential instability that could result from the use of weaponized code—namely confidence-building measures, norms of responsible state behavior and attempts to agree on international law. While laudable, none of these have curbed Russian cyber aggression in the short term. For example, Russia’s coordinated December 2015 attack on the Ukrainian electrical grid—highlighted in all three agencies’ reports—was clearly an attack on critical national infrastructure that violated tentative international norms signed by Russia, possibly even while the campaign was being prepared. Defensive and diplomatic countermeasures must be complemented by a cohesive strategy of deterrence-by-punishment by individual countries as well as like-minded allies.

Cyber threat actors with links to Russia (APT28/Sofacy/Pawn Storm, the Dukes/APT29, Red October/Cloud Atlas, Snake/Turla/Uroburos, Energetic Bear/DragonFly, Sandworm Team and others) target NATO members on a daily basis—mainly for espionage and influence operations. But a recent SCMagazineUK article claims that the FSB plans to spend up to $250 million per year on offensive cyber capabilities. “Particular attention is to be paid to the development and delivery of malicious programs which have the ability to destroy the command and control systems of enemy armed forces, as well as elements of critical infrastructure, including the banking system, power supply and airports of an opponent.” Clearly, we had better be prepared.