Chapter 4 Russia
5.3 Final Thoughts and Discussion
Currently, as noted in the first chapter, analysts are preoccupied with the power and further potential of offensive cyber operations. Defensive posturing is often regarded as bordering on impossible due to the multitude of factors working against the defender.
Specifically, attribution problems are consistently noted as a key aspect that will befuddle network security specialists into the future. With no ability to react to cyber incursions in a timely and accurate manner, it is quite clear that cyber attackers are in an advantageous position.
However, the aim of this thesis is to delve deeper into this problem by analyzing past cases and
seeing how trends may or may not alter this offensive advantage in the future.
Joseph Nye's framework provides a great guide for this task; in particular, his approach to deterrence with regards to cost/benefit analysis and dissuasion allows for much more realistic thinking on this issue. When approaching cyber operations from this cost/benefit analysis standpoint, the idea of an emerging defensive paradigm seems more and more likely. As has been illustrated, both the United States and the Russian Federation are attempting to make strides with regards to their defense postures and deterrence and dissuasion capabilities. The United States, because of its status-quo position, has evidence that lines up with all of Joseph Nye's noted methods of deterrence and dissuasion. In contrast, the Russian Federation heavily leans towards using Classical methods of deterrence and pays less attention to Broad methods.
Regardless, both are at times attempting to change the offensively focused nature of the current world of cyber operations.
It remains to be seen whether these approaches will lead to fundamental change in the future, as much also rests on the advancement of attribution technology. Regardless, there is ample evidence that nation-states throughout the world will eventually embrace defensive posturing and possibly also norms development that may lead cyber to develop in a similar trajectory to nuclear weapons; where their destructive capabilities are viewed as too grave to leave to chance. Initially in this paper, cyber was also compared to the emergence of air power in the 20th century. Air power changed the nature of warfare and how strategy was designed; in the present, cyber is actively changing the nature of warfare and developing doctrines and paradigms as well. It remains to be seen exactly how states and their doctrines adjust to these new threats;
although like air power, it is likely that defensive countermeasures will emerge in time as status-quo powers prefer norms development and defensive posturing.
Bibliography
Acılar, Ali & Markin, Maxim & Nazarbaeva, Elena. (2011). Exploring the Digital Divide: A Case of Russia and Turkey. 584.
"Active Cyber Defense (ACD)." Information Assurance by the National Security Agency.
https://www.iad.gov/iad/programs/iad-initiatives/active-cyber-defense.cfm.
"Advanced Persistent Threat Groups." FireEye. Accessed March 27, 2018.
https://www.fireeye.com/current-threats/apt-groups.html.
Andrew, Christopher M.& Mitrokhin, Vasili. (1999). The Mitrokhin archive : the KGB in Europe and the West. London : Allen Lane 296-297, 298, 308-309, 310.
Applegate, Scott D. “The Dawn of Kinetic Cyber.” Presented at the 5th International Conference on Cyber Conflict, Tallin, Estonia, 2013.
https://ccdcoe.org/cycon/2013/proceedings/d2r1s4_applegate.pdf
APT28—A Window Into Russia’s Cyber Espionage Operations?. Special Report. FireEye, 2014.
https://www2.fireeye.com/apt28.html.
Baylon, Caroline, Roger Brunt, and David Livingstone. “Cyber Security at Civil Nuclear Facilities: Understanding the Risk.” Chatham House. 2015.
"Assessments: Cyber Resilience Review (CRR)." United States Computer Emergency Readiness Team.
https://www.us-cert.gov/ccubedvp/assessments.
Baraniuk, Chris. "Why the Forgotten Soviet Internet Was Doomed from the Start." BBC Future.
October 26, 2016.
http://www.bbc.com/future/story/20161026-why-the-forgotten-soviet-internet-was-doomed-from-the-start.
Berry, Alex, Josh Homan, and Randi Eitzman. "WannaCry Malware Profile." FireEye. May 23, 2017.
https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html.
Biddle, Stephen. “The Gulf War Debate Redux: Why Skill and Technology Are the Right Answer.” International Security 22, no. 2 (1997): 163-174. doi:10.2307/2539372
https://www.jstor.org/stable/2539372?seq=1#page_scan_tab_contents
Blank, Stephen. "Cyber War and Information War a la Russe." In Understanding Cyber Conflict: Fourteen Analogies. Georgetown University Press. 89.
Buchan, Russell. “The International Legal Regulation of State-Sponsored Cyber Espionage. ” In International Cyber Norms: Legal, policy & Industry Perspectives edited by Anna-Maria Osula and Henry Rõigas, 65-86. Tallinn: NATO CCD COE Publication, 2016.
Bumgarner, John and Scott Borg, “Overview by the US-CCU of the Cyber Campaign against Georgia in August of 2008” United States Cyber Consequences Unit, August, 2009, 4, http://www.registan.net/wp-
content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf
Carr, Jeff, “Project Grey Goose Phase II Report: The evolving state of cyber warfare” greylogic, March, 2009, 5
http://fserror.com/pdf/GreyGoose2.pdf
Clarke, Richard A. and Robert K. Knake. Cyber War: The Next Threat to National
Security and What To Do About It. New York, NY: Ecco, 2010: 6
Clayton, Blake and Adam Segal. “Addressing Cyber Threats to Oil and Gas Suppliers.” Council on Foreign Relations. 2013.
ComScore. "ComScore Releases Overview of European Internet Usage in September 2011."
News release, November 14, 2011.
https://www.comscore.com/Insights/Press-Releases/2011/11/comScore-Releases- Overview-of-European-Internet-Usage-in-September-2011?cs_edgescape_cc=TW.
Cordesman, Anthony H. with the assistance of Charles Ayers. Korean Special, Asymetric, and Paramilitary Forces. Washington, DC: Center for Strategic and International Studies,
2016. 29.
https://csis-prod.s3.amazonaws.com/s3fs-public/publication/160809_Korean_Special_Asymmetric_Paramilitary_Forces.pdf Demchak, Chris C. and Peter J. Dombrowski. “Rise of a Cybered Westphalian Age”. Strategic
Studies Quarterly, (Spring 2011): 31-62.
Denning, Dorothy E., and Bradley J. Strawser. "Active Cyber Defense: Applying Air Defense to the Cyber Domain." I n Understanding Cyber Conflict: Fourteen Analogies.
Georgetown University Press.
"Doctrine of Information Security of the Russian Federation." The Ministry of Foreign Affairs of the Russian Federation. December 5, 2016
http://www.mid.ru/en/foreign_policy/official_documents/-/asset_publisher/CptICkB6BZ2 9/content/id/2563163.
Dunn, Elizabeth Cullen and Michael S. Bobick, AMERICAN ETHNOLOGIST, Vol. 41, No. 3, 405, ISSN 0094- 0496, online ISSN 1548-1425. C 2014 by the American Anthropological Association. All rights reserved. DOI: 10.1111/amet.12086
https://static1.squarespace.com/static/55f7642be4b07229ccbb16e7/t/5665d74ba976af1373 1334c6/14495148274 9 8/Dunn_Bobick-2014-Empire+strikes+back_war%26occupation.pdf Dzyubenko, Olga. "U.S. Vacates Base in Central Asia as Russia's Clout Rises." Reuters. June 3,
2014.
https://www.reuters.com/article/us-kyrgyzstan-usa-manas/u-s-vacates-base-in-central-asia-as-russias-clout- rises-idUSKBN0EE1LH20140603.
Fahrenkrug, David T. “Countering the Offensive Advantage in Cyberspace: An Integrated Defensive Strategy.” Presented at the 4th International Conference on Cyber Conflict, Tallinn, Estonia, 2013.
https://ccdcoe.org/cycon/2012/proceedings/fahrenkrug.pdf
“Foreign Ministers' Joint Statement on Georgia” U.S Department of State, Office of the Spokesman. August, 2008
https://web.archive.org/web/20080831110250/http://www.america.gov/st/texttrans-english/2008/August/20080827152352xjsnommis0.9067346.html
Friedman, George. The Medvedev Doctrine and American Strategy, Stratfor Enterprises LLC., September, 2008
https://www.stratfor.com/weekly/medvedev_doctrine_and_american_strategy
Geist, Edward. “Deterrence Stability in the Cyber Age.” Strategic Studies Quarterly, (Winter 2015): 44-62.
Gellman, Barton, and Ashkan Soltani. "NSA Infiltrates Links to Yahoo, Google Data Centers Worldwide, Snowden Documents Say." Washington Post, October 30, 2013.
Accessed March 24, 2018.
https://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo- google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html?utm_term=.12576195b082.
Giles, Keir. “’Information Troops’ – a Russian Cyber Command?” Presented at the 3rd International Conference on C y b e r C o n f l i c t , T a l l i n n , E s t o n i a , 2 0 1 1 . http://conflictstudies.org.uk/files/Russian_Cyber_Command.pdf
Giles, Keir, “Russia’s Public Stance on Cyberspace Issues,” presented at the 4th International Conference on Cyber Conflict, Tallinn: Cooperative Cyber Defense Centre of Excellence (2012): 63-74,
https://ccdcoe.org/publications/2012proceedings/2_1_Giles_RussiasPublicStanceOnCyb erInformationWarfare.pdf
HAMMERTOSS: Stealthy Tactics Define a Russian Cyber Threat Group. Special Report.
FireEye, 2015.
https://www2.fireeye.com/rs/848-DID-242/images/rpt-apt29-hammertoss.pdf
Harding, Luke, and Alec Luhn. "Putin Says Russian Role in Election Hacking 'theoretically Possible'." The Guardian. June 1, 2017.
https://www.theguardian.com/world/2017/jun/01/putin-says-russian-role-in-election-hacking-theoretically-possible.
Harold, Scott W. "The U.S.-China Cyber Agreement: A Good First Step." The Rand Blog (blog), August 1, 2016. Accessed March 26, 2018.
https://www.rand.org/blog/2016/08/the-us-china-cyber-agreement-a-good-first-step.html.
Hathaway, Oona A. “The Drawbacks and Dangers of Active Defense.” Presented at the 6th International Conference on Cyber Conflict, Tallinn, Estonia, 2014.
Heickerö, Roland. (2018). FOI Emerging Cyber Threats and Russian Views on Information Warfare and Information Operations.
Holdsworth, Nick, Russia claims media bias, Variety, August, 2008
http://variety.com/2008/scene/news/russia-claims-media-bias-1117990468/
"Iraq War Illegal, Says Annan." BBC News. September 16, 2004.
http://news.bbc.co.uk/2/hi/middle_east/3661134.stm.
Junio, Timothy J. “How Probable is Cyber War? Bringing IR Theory Back in to the Cyber Conflict Debate.” Journal of Strategic Studies, (2013).
Kramer, Mark. "Policy Memos: The Soviet Roots of Meddling in U.S. Politics." PONARS Eurasia. January 2017.
http://www.ponarseurasia.org/memo/soviet-roots-meddling- us-politics.
Kristensen, Hans M., Norris, Robert S., and Ivan Oelrich. “From Counterforce to Minimal Deterrence: A New Nuclear Policy on the Path Toward Eliminating Nuclear Weapons.”
Federation of American Scientists and The Natural Resources Defense Council.
Occasional Paper No. 7. April 2009.
https://fas.org/pubs/_docs/occasionalpaper7.pdf
Kuzio, Taras. (2005). Russian Policy toward Ukraine during Elections. Demokratizatsiya: The Journal of Post-soviet Democratization. 13. 491-517. 10.3200/Demo.13.4.491-518
http://www.taraskuzio.com/International%20Relations_files/russia_elections_ukraine.pdf Lambert, Nicholas. "Brits-Krieg: The Strategy of Economic Warfare." In Understanding Cyber
Conflict: Fourteen Analogies. Georgetown University Press.
Libicki, Martin C., Lillian Ablon, Timm Webb. “The Defender’s Dilemma: Charting a Course Toward Cybersecurity.” RAND Corporation. 2016.
Lindsay, Jon R. “Stuxnet and the Limits of Cyber Warfare.” Security Studies Vol. 22, Issue 3 (2013): 365-404.
Lotrionte, Catherine. “A Better Defense: Examining the United States’ New Norms-Based Approach to Cyber Deterrence.” Georgetown Journal of International Affairs Special Cyber Issue, 3rd ed. (January 2014): 71-84.
http://journal.georgetown.edu/wp-content/uploads/2015/07/gjia13007_Lotrionte-CYBER-III.pdf
Mandel, Robert. Optimizing Cyberdeterrence: A Comprehensive Strategy for Preventing Foreign Cyberattacks. Washington, DC: Georgetown University Press, 2017.
Markoff, John, Before the Gunfire, Cyberattacks, The New York Times, August, 2008 http://www.nytimes.com/2008/08/13/technology/13cyber.html
Matsakis, Louise. "HACK BRIEF: RUSSIAN HACKERS RELEASE APPARENT IOC EMAILS IN WAKE OF OLYMPICS BAN." Wired. October 1, 2018.
https://www.wired.com/story/russian-fancy-bears-hackers-release-apparent-ioc-emails/.
Medvedev, Sergei A. “Offense-Defense Theory Analysis of Russian Cyber Capability.” Master’s Thesis, Naval Postgraduate School, 2015.
http://calhoun.nps.edu/bitstream/handle/10945/45225/15Mar_Medvedev_Sergei.pdf?
sequence=1
Myers, Steven Lee. “E-Stonia” Accuses Russia of Computer Attacks, The New York Times, May, 2007
http://www.nytimes.com/2007/05/18/world/europe/18cnd-russia.html
Nakashima, Ellen, and Craig Timberg. "NSA Officials Worried about the Day Its Potent Hacking Tool Would Get Loose. Then It Did." Washington Post, May 16, 2017.
Accessed March 24, 2018.
https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the- day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html?utm_term=.4ec69cfa3812.
Nakashima, Ellen, and Steven Mufson. "U.S., China Vow Not to Engage in Economic Cyberespionage." The Washington Post. September 25, 2015.
https://www.washingtonpost.com/national/us-china-vow-not-to-engage-in-economic-cyberespionage/2015/09/25/90e74b6a-63b9-11e5-8e9e-dce8a2a2a679_story.html?
noredirect=on&utm_term=.87b9f0d10a53.
Nye, Joseph S. “Deterrence and Dissuasion in Cyberspace.” International Security Vol. 41 Issue 3 (Winter 2016/17): 44-71.
Orrin Hatch United States Senator for Utah. "Hatch Introduces Legislation to Combat Cybercrime." News release, June 29, 2017. United States Senator Orrin Hatch.
https://www.hatch.senate.gov/public/index.cfm/2017/6/hatch-introduces-legislation-to-combat-cybercrime.
Patterson, Dan. "Cyberweapons Are Now in Play: From US Sabotage of a North Korean Missile Test to Hacked Emergency Sirens in Dallas." TechRepublic.
https://www.techrepublic.com/article/cyberweapons-are-now-in-play-from-us-sabotage-of-a-north-korean-missile-test-to-hacked-emergency/.
“ P a u l B a r a n a n d t h e O r i g i n s o f t h e I n t e r n e t . ” R a n d C o r p o r a t i o n . https://www.rand.org/about/history/baran.list.html
Perper, Rosie. "Russian Hacking Group Fancy Bear May Have Spied on Germany's Government." BusinessInsider. February 28, 2018.
http://www.businessinsider.com/russian-hackers-fancy-bear-germany-cyber-attack-2018-3
Persio, Sofia Lotto. "North Korea Executes Official In Charge of Nuclear Test Site: Report.”
Newsweek. December 19, 2017. http://www.newsweek.com/north-korea-purges-and-executes-official-charge-nuclear-test-site-report-752196.
Peters, Benjamin. "The Soviet InterNyet." Aeon. October 17, 2016.
https://aeon.co/essays/how-the-soviets-invented-the-internet-and-why-it-didn-t-work.
Peterson, Nolan. "Long at War With Each Other, Ukraine and Russia Trade On.." Newsweek.
January 28, 2018.
http://www.newsweek.com/long-war-each-other-ukraine-and-russia-trade-793142.
Rivera, Jason, and Forrest Hare. “The Deployment of Attribution Agnostic Cyberdefense Constructs and Internally Based Cyberthreat Countermeasures.” Presented at the 6th International Conference on Cyber Conflict, Tallinn, Estonia
Rochlin, Gene I. & Chris C. Demchak (2008) The Gulf war: technological and organizational implications, Survival, 33:3, 260-273, DOI: 10.1080/00396339108442594
https://www.tandfonline.com/doi/abs/10.1080/00396339108442594?
%20journalCode=tsur20
Roigas, Henry “The Ukraine Crisis as a Test for Proposed Cyber Norms.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 135-144. Tallinn:
NATO CCD COE Publication, 2015.
https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Roigas_15.p df
“Russia to provide $200 mln in urgent aid for S. Ossetia,” Sputnik International. August, 2008
https://sputniknews.com/russia/20080811115961365/
Sanger, David E., and William J. Broad. "Trump Inherits a Secret Cyberwar Against North Korean Missiles." The New York Times. March 4, 2017.
https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html.
S c h e l l i n g , T h o m a s C . Arms and Influence. Y a l e U n i v e r s i t y P r e s s , 1 9 6 6 . http://www.jstor.org/stable/j.ctt5vm52s.
Schmitt, Michael N. Tallinn Manual on the International Law Applicable to Cyber Warfare.
Cambridge: Cambridge University Press, 2013. doi:10.1017/CBO9781139169288.
Schmitt, Michael N. Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations. C a m b r i d g e : C a m b r i d g e U n i v e r s i t y P r e s s , 2 0 1 7 .
doi:10.1017/9781316822524.
Slayton, Rebecca. “What is the Cyber Offense-Defense Balance? Conceptions, Causes, and Assessment.” International Security Vol. 41 Issue 3 (Winter 2016/17): 72-109.
Stubbs, Jack. "Exclusive: Wannacry Hits Russian Postal Service, Exposes Wider Security Shortcomings." Reuters. May 24, 2017.
https://www.reuters.com/article/us-cyber-attack-russia-idUSKBN18K26O.
United Nations. Security Council. "Security Council Rejects Demand For Cessation of Use of Force Against Federal Republic of Yugoslavia." News release, March 26, 1999.
https://www.un.org/press/en/1999/19990326.sc6659.html.
United States. The White House. Office of Management and Budget. By Mick Mulvaney.
https://www.politico.com/f/?id=0000015f-931e-ded9-a15f-9bdf94370000.
“Up In Flames: Humanitarian Law Violations and Civilian Victims in the Conflict over South Ossetia” Human Rights Watch, January, 2009
https://www.hrw.org/report/2009/01/23/flames/humanitarian-law-violations-and-civilian-victims-conflict-over-south.
"U.S. Cyber Command (USCYBERCOM)." United States Strategic Command. September 30, 2016. Accessed March 27, 2018.
http://www.stratcom.mil/Media/Factsheets/Factsheet-View/Article/960492/us-cyber
%20command-uscybercom/.
U.S Department of State. Office of the Coordinator for Cyber Issues. "Explanation of Position at the Conclusion of the 2016-2017 UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context o f I n t e r n a t i o n a l S e c u r i t y . " N e w s r e l e a s e , J u n e 2 3 , 2 0 1 7 . https://www.state.gov/s/cyberissues/releasesandremarks/272175.htm.
Väljataga, Ann. "Back to Square One? The Fifth UN GGE Fails to Submit a Conclusive Report at the UN General Assembly." NATO Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia. September 1, 2017.
https://ccdcoe.org/back-square-one-fifth-un-gge-fails-submit-conclusive-report-un- general-assembly.html.
Virilio, Paulo. "The Kosovo War Took Place in Orbital Space." Interview by John Armitage.
C T h e o r y . O c t o b e r 1 8 , 2 0 0 0 A c c e s s e d M a r c h 2 6 , 2 0 1 8 .
http://www.ctheory.net/articles.aspx?id=132.
Waterman, Shaun. Analysis: Who cyber smacked Estonia?, United Press International, June, 2007
http://www.upi.com/Analysis-Who-cyber-smacked-Estonia/26831181580439/
Wayne, Shawn. "Russia–Georgia Trade Corridor Agreement Moving Forward." Georgia Today.
May 25, 2018.
http://georgiatoday.ge/news/10455/Russia–Georgia-Trade-Corridor-Agreement-Moving-Forward.
Weedon, Jen. “Beyond ‘Cyber War’” Russia’s Use of Strategic Cyber Espionage and Information Operations in Ukraine.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 67-78. Tallinn: NATO CCD COE Publication, 2015.
Wirtz, James J. “Cyber War and Strategic Culture: The Russian Integration of Cyber Power into Grand Strategy.” In Cyber War in Perspective: Russian Aggression against Ukraine, ed. Kenneth Geers, 29-38. Tallinn: NATO CCD COE Publication, 2015.
https://ccdcoe.org/sites/default/files/multimedia/pdf/CyberWarinPerspective_Wirtz_03.pdf Zetter, Kim. "An Unprecedented Look at Stuxnet, The World's First Digital Weapon." Wired.
November 3, 2014.
https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/.
Zetter, Kim. "How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History." Wired. July 11, 2011.
https://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/.
Zunes, Stephen. "U.S. Role in Georgia Crisis." Foreign Policy in Focus. August 14, 2008.
https://fpif.org/us_role_in_georgia_crisis/.