Hacks, leaks and disruptions – Russian cyber strategies

Andrei Soldatov and Irina Borogan examine Russia’s approach to cyber. During the Second Chechen War, Putin started using information as a weapon by targeting journalists. Cyberattacks were needed to target foreign websites, but cyber warfare was outsourced to allow plausible deniability, as it is difficult to demonstrate that a group is supported by the government. This makes it different from traditional warfare. However, Russia is now the first suspect for any attack, and Russian cyber security companies have now lost foreign trust. Xymena Kurowska and Anatoly Reshetnikov examine Russia’s trolling complex at home and abroad. In Russia, political trolling is used to manufacture cynicism that stimulates disengagement. “Neutrollisation” undermines the role of the Internet as a space for political engagement and informed debate. Russia uses the same method also in foreign policy, in a sort of “trickster diplomacy”. Sven Herpig and Thomas Reinhold discuss the problem of credible attribution in cyberspace. In international law, attribution describes the process of identifying an attack against a state. In the case of cyber operation, apart from technical aspects, there also intelligence aspects: some information and data that would allow attribution cannot be shared because they would expose intelligence operation. There are just a few cases in which credible attribution, based on public evidence, was made against Russia. Pointing at Russia without credible attribution is problematic because it fails to convince and emboldens the projection of power of Russia. Elena Chernenko discusses Russia’s cyber diplomacy providing an overview of what Russia has tried, without success, to achieve internationally with regard to cyber regulations. It’s interesting to note that one of Russia’s goal was to protect its political system from outside manipulation, as many were convinced that the so-called ‘Arab spring’ and other ‘coloured revolutions’ were inspired and managed from outside and that the Internet was one of the tools used to create and foment anti-government sentiment.

Piret Pernik examines the early days of cyberattacks. In 2007, Estonia was attacked during the Bronze Soldier crisis, provoked by Estonia's decision to move a Soviet-era memorial in Tallinn. The cyberattacks were arguably carried out by non-state hackers, but Russian authorities refused to cooperate in the investigations, so they, at least implicitly, supported the attacks. In 2008, cyberattacks were made against Georgia as a tool in the military conflict. Cyberattacks against Ukraine (2014-2017) had an unprecedented scale, and targeted infrastructure provoking major power outage. Jarno Limnell examines Russian cyber activities in the EU offering also some solutions, such as de-digitalisation in elections, involving tech companies in discussions on cybersecurity, and more cooperation between European countries. Jean-Baptiste Jeangène Vilmer discusses some lessons learned from the Macron leaks, an exception that proves the rule as it was unsuccessful. There was a disinformation campaign, an hack, and a leak, but information wasn’t able to reach mainstream sources of information. Oscar Jonsson looks at the next front: the Western Balkans. Russia opposes of EU and NATO enlargement, thus targeting countries such Serbia, Montenegro, and Macedonia.

Siim Alatalu explains that NATO started paying some attention to cybersecurity in 2002, but only after 2007 cyberattacks on Estonia it committed to cyber defence. Cyber should become an important part of its strategy. Patryk Pawlak provides an overview of what has been done by the EU and its member states to protect and defend its cyberspace.

In the conclusion, Nicu Popescu and Stanislav Secrieru notes that Russia is different by other cyberpowers for two reasons: the integration of cyber intrusions and strategic communications is blatant and it seems to have used cyberattacks more than any other power.

Tags: Russia Cybersecurity European policies and legislation Fake news and disinformation Serbia Ukraine Montenegro North Macedonia Georgia Estonia