A screenshot of what appeared to be Russian ransomware affecting systems worldwide in June 2017. The Ukrainian government posted the shot to its official Facebook page. Via The New York Times

By: Shawn Stefanick, Columnist

On April 16, 2018, the U.S. and U.K. publicly blamed Moscow for a series of cyber intrusions into the backbone of the Internet. The attacks targeted routers and switches that operate as the Internet access gateway for private sector firms and critical infrastructure in the U.S. and U.K.[i] This episode is one of many recent high-profile attacks that have been attributed to the Russian government, including the NotPetya ransomware attack that proliferated globally.[ii] Amid Russia’s escalating actions in cyberspace, there has been a lack of discussion as to what the driver behind Moscow’s aggressive behavior is. The answer is simple yet counterintuitive; the Kremlin is obsessed with information. Moscow’s use of its cyber capabilities can be grouped into three categories: the control, exploitation, and manipulation of information.

The Kremlin’s conceptual understanding of cyberspace and its strategic approach in employing its cyber capabilities differs drastically from its Western counterparts. Russian doctrine and officials use “information” in place of cyber and “information space” instead of cyberspace. According to Russia’s 2016 Doctrine of Information Security, Russia defines the “information space” as the “combination of information, informatization objects, information systems, the Internet, “communications networks, information technologies,” and any entity or technology involved in the generation, development, processing, or manipulation of information.”[iii] This emphasis on information distinguishes Moscow’s conceptualization of cyberspace from the West’s[iv] and includes elements of culture, society, and psychology that the U.S. military would classify as psychological operations (PSYOP) or information operations (IO).[v] Cognizance of these fundamental differences allows us to see how Moscow’s actions are centered around information.

The control of information in cyberspace is the core tenet of Moscow’s cyber strategy domestically and abroad. The Kremlin is convinced that it is engaged in a perpetual, existential struggle with internal and external actors who are out to challenge its national security in cyberspace.[vi] Hence, Moscow’s 2016 information security doctrine outlines the necessity of developing “a national system of managing the Russian segment of the Internet” and eliminating “the dependence of domestic industries on foreign information technologies.”[vii] Russia has also enacted several laws that inhibit the free and anonymous flow of information domestically. In 2015 and 2016, Russia passed laws that would de-anonymize users in Russia by banning Virtual Private Networks and anonymous messaging applications and would require all companies with data on Russian citizens to store them in data centers located within Russia.[viii],[ix] And, internationally, the Kremlin has sought to rewrite the rules and shape the norms of behavior in cyberspace to its advantage. Moscow recently authored and proposed a UN Convention on Fighting Cyber Crimes, a 58-page document that included 72 articles such as the “mutual assistance regarding the collection of electronic information,” “cooperation among private bodies offering telecommunication services” and “joint investigations” of malicious actors and activity.[x] Additionally, at the G20 Summit in Hamburg in July 2017, Putin proposed to Trump that the U.S. and Russia create a joint “cyber security unit.”[xi] This increased access to information would expand Moscow’s access to and “control” of global information and subsequently enhance Moscow’s ability to exploit information.

Russia actively exploits information to countenance its objectives abroad and at home. According to Russia’s 2014 Military Doctrine, Moscow will seek to use informational and other “non-violent” means to achieve political objectives before resorting to the use of military force.[xii] The Kremlin utilizes cyberspace to disseminate pro-Russian propaganda and sow distrust and discord to undermine support for the governments or institutions of its rivals. The E.U. is set to publish a communique that singles out “Russia directly” for its “information warfare” campaigns across Europe.[xiii] Moreover, Moscow seeks to discredit foreign institutions and political leaders by exploiting adverse information and leaking it to third-party news outlets, such as Wikileaks. The 2016 D.N.C. hack and the leak of private emails to discredit the Democratic Party and presidential candidate Hillary Clinton exemplifies how the Kremlin “exploits” information.

Additionally, Moscow actively seeks to manipulate information within cyberspace. Through the manipulation of information, Russia can influence the perceptions and understandings of events and influence the decision-making process of foreign leaders. Russia’s hacking of global routers and switches illustrates this approach. As outlined by a Department of Homeland Security advisory on April 16th, 2018, compromising these nodes within the Internet allows Russia to conduct man-in-the-middle attacks (whereby an attacker sits in between the transmissions of information between two parties).[xiv] Russia would be able to intercept all communications, but also, at a time of its choosing, to manipulate or alter the information that is being communicated to its strategic advantage.

Moscow’s actions in cyberspace are centered around controlling, exploiting, and manipulating information. This approach is fundamentally different than the U.S.’s traditional focus on networks and the data that is stored and transmitted. According to a former senior intelligence official, the U.S.’s thinking has been to traverse “cyberspace, finding and fix[ing] something in cyberspace,” and “decide if they will exploit it, attack it, or defend it.”[xv] Moreover, despite President Trump’s May 11, 2017, executive order, the U.S. has yet to formulate a national cybersecurity doctrine.[xvi] America’s lack of a national cybersecurity doctrine and a fundamentally different conceptualization of cyberspace impedes our ability to counter Russia’s actions. On April 9, 2018, Natalie Laing, the NSA’s deputy director of operations, publicly acknowledged that the U.S. does not “have the political fortitude to say how we’ll strike back” in cyberspace against Russian aggression. A doctrine is not a substitute for adequate capabilities, yet a lack of one muddles the decision-making process regarding how to counter our adversaries’ actions and how to respond to attacks. It would behoove the Pentagon and policymakers to incorporate how Moscow understands and operates within cyberspace, particularly its focus on controlling, exploiting, and manipulating information into an American cybersecurity doctrine. A traditional approach restricts the choices available to counteract Moscow and leaves us vulnerable to influence and disinformation operations.

[i] Levi Maxey, “Russia Hacks Its Way to “the High Ground of the Internet,”” The Cipher Brief, April 16, 2018. https://www.thecipherbrief.com/article/tech/u-s-uk-blame-russia-probing-internet-routers-globally

[ii] Sarah Marsh, “US joins UK in blaming Russia for NotPetya cyber-attack,” The Guardian, February 15, 2018. https://www.theguardian.com/technology/2018/feb/15/uk-blames-russia-notpetya-cyber-attack-ukraine

[iii] The Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” The Ministry of Foreign Affairs of the Russian Federation, December 5, 2016. http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163

[iv] The Department of Defense defines cyberspace as “a global domain consisting of the interdependent networks of information technology infrastructures and resident data, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.”

Click to access R43848.pdf

[v] The Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” The Ministry of Foreign Affairs of the Russian Federation, December 5, 2016. http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163

[vi] Darya Korsunskaya, “Putin says Russia must prevent ‘color revolution,’” Reuters, November 20, 2014. https://www.reuters.com/article/us-russia-putin-security-idUSKCN0J41J620141120

[vii] The Ministry of Foreign Affairs of the Russian Federation, “Doctrine of Information Security of the Russian Federation,” The Ministry of Foreign Affairs of the Russian Federation, December 5, 2016. http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ29/content/id/2563163

[viii] Vladimir Kozlov, “Russian personal data law set to come into force despite fears,” ComputerWeekly, August 2015. https://www.computerweekly.com/feature/Russian-personal-data-law-set-to-come-into-force-despite-fears

[ix] Sascha Kohlmann, “Russian Law Banning VPNs Comes Into Effect,” The Moscow Times, November 1, 2017. https://themoscowtimes.com/news/russian-law-banning-anonymous-online-surfing-comes-into-effect-59434

[x] The Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Ireland, “DRAFT UNITED NATIONS CONVENTION ON COOPERATION IN COMBATING INFORMATION CRIMES,” The Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Ireland, February 20, 2018. https://www.rusemb.org.uk/fnapr/6394

[xi] Alana Abramson, “Donald Trump Wants to Form a Cyber Security Unit With Vladimir Putin,” Time, July 9, 2017. http://time.com/4850583/donald-trump-vladimir-putin-g20-meeting-election-hacking/

[xii] The Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Ireland, “THE MILITARY DOCTRINE OF THE RUSSIAN FEDERATION,” The Embassy of the Russian Federation to the United Kingdom of Great Britain and Northern Ireland, June 29, 2015. https://rusemb.org.uk/press/2029

[xiii] Rikard Jozwiak “European Commission To Call Out Russia For ‘Information Warfare,’” RadioFreeEurope/RadioLiberty, April 25, 2018. https://www.rferl.org/a/european-commission-to-call-out-russia-for-information-warfare-/29192052.html

[xiv] National Cyber Security Centre, “Advisory: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices,” National Cyber Security Centre, April 16, 2018. https://www.ncsc.gov.uk/content/files/protected_files/article_files/Russian%20State%20Sponsored%20Actor%20Advisory.pdf

[xv] Levi Maxey, “U.S. Searches for Cyber Doctrine With Russians “Ten Years Ahead,”” The Cipher Brief, September 22, 2017. https://www.thecipherbrief.com/u-s-searches-cyber-doctrine-russians-ten-years-ahead

[xvi] The White House, “Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure,” The White House, May 11, 2017. https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/