Russian state-sponsored cybercrime and information warfare
- Streamline the information sharing process across the public and private sectors through the use of fusion centers.
- Develop a strategy for addressing and combatting foreign propaganda and disinformation.
As the Trump Administration develops a cybersecurity strategy for engaging Russia, it will invariably address cybercrime. Cybercrime emanating from Russia may be carried out by an array of actors ranging from disenchanted individuals to criminal groups. However, amid traditional cybercrime, it is highly likely that the Trump Administration will face state-sponsored attacks as well as attacks carried out by actors operating with tacit Kremlin approval. Devising a policy to effectively combat these cybercrimes requires that they be evaluated in the context of Russian information operations. This piece offers a primer on the integration of cyber tools in Russian information operations and recommendations for the Trump Administration.
Information Operations: A Primer
Whether it is the state-backed exfiltration of information from secure networks, the launching of distributed denial of service (DDOS) attacks, or the spreading of disinformation online, much of the cybercrime indicative of state-level planning and emanating from Russia support traditional Russian information operations objectives.
The U.S. Joint Chiefs of Staff define information operations as “the integrated employment, during military operations, of information-related capabilities in concert with other lines of operation, to influence, disrupt, corrupt, or usurp the decision of adversaries and potential adversaries while protecting our own.”[i] While the Western definition of information operations is limited to wartime, it is important to note that Russian information operations are considered essential in wartime, the prelude to war and during peacetime.
Russian attention to information technologies and their value to psychological operations is a continuation of Soviet interest. Beginning in 1942, the Military Institute of Foreign Languages offered spetspropaganda (special propaganda) theory as a subject. After institutional reorganization, it is now a part of the Military Information and Foreign Languages Department of the Military University of the Ministry of Defense of the Russian Federation curriculum.[ii]
It is important to note there are several differences between the Russian and Western definitions of information warfare and information operations. Russian theorists view information warfare “as influencing the consciousness of the masses as part of the rivalry between the different civilizational systems adopted by different countries in the information space by use of special means to control information resources as ‘information weapons.’”[iii] Compared to Western views, the Russian approach combines “the military and non-military order and the technological (cyberspace) and social order (information space) by definition, and make direct references to ‘Cold War’ and ‘psychological warfare’ between the East and the West.”[iv]
The NATO Strategic Communications Center of Excellence explains, “During the crisis in Ukraine, we have witnessed the application of a new type of warfare where dominance in the information field and hybrid, asymmetric warfare are the key elements.”[v] The application of these elements contributed to the success of Russian operations “without open military conflict and deployment of large amounts of military power to the conflict area.”[vi] However, the deployment of cyber tools during the annexation of Crimea followed years of strategy development refined by trial and error.
Tactics: A Summary
Case study analysis of Russian information operations campaigns such as those during the first and second Chechen Wars, the 2007 cyber-attack on Estonia, the 2008 Russian-Georgian War, the annexation of Crimea, and the 2016 coup attempt in Montenegro highlight the Kremlin’s preferred objectives and evolving tactics. In short, what we have seen and can expect is a combination of narrative control and hybrid warfare.
The Kremlin will leverage state-funded media as well as social media platforms, television and radio to establish, develop and maintain narrative control. As NATO StratCom COE puts forth, “Control of narratives is seen as a more powerful tool than setting the media agenda, because recipients of the information reject those stories that contradict their ‘base narrative’ or ‘strategic narrative.’ Narrative control means control over the process of interpreting information.”[vii] Russia attempted to establish narrative control in Estonia, Georgia, and Ukraine through evoking historical memory and comparing the target governments to fascist regimes. This was carried out through various channels including the deliberate spreading of falsified information online, defacing government websites and launching denial of service attacks to limit the ability of the governments to communicate with their domestic populations.
In the struggle for narrative control, targets face a myriad of thematic communication frames used as part of social conditioning to train individuals to associate certain feelings or opinions with objects or subjects in a specified context. Common thematic communication frames employed by Russia include the traditional ‘East versus West’ struggle, the need for Russian involvement to restore social order, and references to Slavic history with Russia as the uniting force. The Kremlin pursuit of narrative control is likely to continue, bolstered by the illegal access and publication of material critical or embarrassing of targets. Likely targets include governments in Russia’s near abroad seeking membership in western organizations and alliances such as NATO and the European Union as well as governments advocating policies unfavorable to Russia.
History has shown that the ability to affect an adversary’s information and information systems augments the effects of kinetic operations. Command and control and communication nodes are frequently early targets during times of war. Russia’s coordinated land invasion and cyber-attacks on news stations in Gori during the 2008 Russian-Georgian War as well as the cutting of fiber optic cables during the annexation of Crimea are indicative of such objectives. Future Russian influence campaigns will likely be marked by a period of preparation, attempting to control the narrative followed by coordinated cyber-attacks and limited kinetic operations. After securing government, military and communication centers, the Kremlin will employ cyber tools, traditional and social media to further promote support for the Russian campaign. It is likely that the success of the hybrid warfare techniques used in Ukraine will be employed in future conflicts.
Recommendations for the Trump Administration
There are two central recommendations to address Russian-posed cybersecurity information challenges. First, the Trump Administration should work to improve information sharing between the public and private sectors through the use of fusion centers. Second, the Administration should develop a strategy for addressing disinformation campaigns and foreign propaganda.
Recommendation 1: Improve Information Sharing Between the Public and Private Sectors
In order to best combat state-sponsored cybercrimes, the Trump administration must work to streamline the information sharing process across the public and private sectors. There are numerous limitations to sharing information, for example, the information may be protected on the public side or considered proprietary on the private side. Sharing cyber threat intelligence across sectors may reveal invaluable information about attack targets and tactics. For example, information sharing about attacks may reveal indicators of state-level planning or coordinated attacks targeting an entire sector or sectors. A timely solution to the information sharing conundrum would utilize existing information sharing and analysis resources. For this reason, the Trump administration should encourage public and private sector actors to utilize primary fusion centers.
Per the U.S. Department of Homeland Security, “Fusion centers operate as state and major urban area focal points for the receipt, analysis, gathering, and sharing of threat-related information between federal; state, local, tribal, territorial (SLTT); and private sector partners.”[viii] Ideally, fusion centers allow actors from the private sector to share attack information without risking proprietary information and shareholder value. And the public sector can share relevant attack information with the private sector, thereby allowing private sector actors to test their systems and networks against possible threats. However, this model may require granting clearances to select individuals in the private sector.
To complicate matters, there are numerous groups trying to improve information sharing, some are specific to industries such as the sector-based National Council of Information Sharing and Analysis Centers, others are organized by region and so forth. Centralizing efforts via fusion centers will reduce the number of nodes required for the initial information sharing. For example, if a private sector company reports attack information to its designated fusion center, that information can then be sanitized of company-specific information and immediately disseminated to the National Network of Fusion Centers including private and public sector partners and the U.S. Department of Homeland Security. Information sharing will be critical to combatting state-sponsored attacks as the same techniques will likely be deployed against various targets, as evidenced by Fancy Bear. In multiple cases, the same software vulnerabilities were exploited to successfully attack various target groups.
Recommendation 2: Address Disinformation and Foreign Propaganda
The Trump Administration should develop a strategy for addressing and combatting foreign propaganda and disinformation. The strategy does not need to follow all points as outlined in the Countering Information Warfare Act of 2016 that has been introduced in the Senate. However, the bill proposes valid points including that the Department of State establish a Center for Information Analysis and Response to among many activities, “develop and synchronize government initiatives to expose and counter foreign information operations directed against U.S. national security interests and advance fact-based narratives that support U.S. allies and interests.”[ix] The Trump Administration should consider a strategy that addresses many of the concerns raised in the Countering Information Warfare Act of 2016.
Evaluating Russia’s political objectives in the context of information operations allows experts to determine likely targets and methods of future cyber-attacks, whether it be limiting a country’s ability to join Western organizations or influencing elections abroad. Crafting an effective strategy addressing state-sponsored cybercrime will require more robust information sharing and will need to account for a wide range of issues including cyber defense infrastructure and more traditional issues such as combating foreign propaganda and disinformation.
[i] Joint Chiefs of Staff. Publication 3-13: Information Operations. (2012), iii. Retrieved from:
[ii] Darczewska, Jolanta. The Anatomy of Russian Information Warfare: The Crimean Operation, A Case Study. (Warsaw: Centre for Eastern Studies, 2014), 9.
[iii] Ibid. 12.
[v] NATO StratCom COE, Analysis of Russia’s Information Campaign against Ukraine, 32.
[vii] Ibid. 46.
[viii] Department of Homeland Security. State and Major Urban Area Fusion Centers. Retrieved from: https://www.dhs.gov/state-and-major-urban-area-fusion-centers
[ix] US Congress. All Bill Information (Except Text) for S.2692 – Countering Information Warfare Act of 2016. Retrieved from: https://www.congress.gov/bill/114th-congress/senate-bill/2692/all-info