Russian Cyber Operations. Scott Jasper
Introduction
Below the Threshold
Cyber operations possess the means to achieve really mischievous, subversive, and potentially destructive effects, but how is an injured state supposed to respond? The United States, its allies, and its partners face this dilemma in responding to Russian cyber operations. In March 2017, US senator John McCain said on Ukrainian television that the alleged Russian-sponsored breach of the computer systems of the Democratic National Committee (DNC) was “an act of war.”1 Michael Schmitt, a professor of international law applicable to cyber operations, cringed at the comment and argued that while Russian interference in the 2016 US presidential election was alarming, it did not amount to an act of war. Schmitt said the hacking and dumping of emails by Moscow to WikiLeaks was not “an initiation of armed conflict.”2 A few months earlier at a congressional hearing, Senator McCain had taken issue with a similar assessment reached by Adm. Michael Rogers, director of the National Security Agency (NSA). Admiral Rogers stated that “Russian cyberattacks on the electoral system would have to have produced more significant impact or physical destruction to constitute an armed attack.”3 The challenge today, as succinctly outlined by Schmitt, is that “the Kremlin is adept at carrying out operations that fall short of breaching undisputed legal red lines that would invite robust responses.”4 Russian cyber operations sow discord in societies and threaten critical infrastructure in the United States and across Europe. The United States in particular is now engaged in day-to-day competition with Russia in cyberspace below the level of armed conflict.
In reply to Russian cyber operations that adeptly avoid crossing perceived thresholds for war, this book will examine methods to counter them through cost imposition or defensive solutions. It will provide an analytical framework to evaluate how and whether past, ongoing, and future Russian cyber operations rise to the level of armed conflict or function as a component of strategic competition.5 This book will examine actual cyber campaigns and incidents to understand how the Kremlin exploits technical means and legal regimes to evade attribution and retribution. More specifically, it will explain how Russia uses advanced tactics and techniques for intrusion and evasion to prevent detection and verification of its cyber operations. It will also explore how Russia uses deception through proxies and other means to sustain plausible deniability and avoid responsibility for its cyber operations. The book will explain how Russia tests legal criteria for qualification of its cyber operations as neither a wrongful act nor an unlawful attack. The Russians abuse uncertainty in technical attribution and ambiguity in legal classification to elude repercussions inflicted by injured states through lawful use of countermeasures—for example, by cyber means or by a variety of other methods, such as economic sanctions or legal indictments.
In a speech in Poland in 2019, Secretary of State Mike Pompeo proclaimed that “Russia has grand designs of dominating Europe and reasserting its influence on the world stage. Vladimir Putin seeks to splinter the NATO [North Atlantic Treaty Organization] alliance, weaken the United States and disrupt Western democracies.”6 The 2017 US National Defense Strategy asserts that the Russians are using “areas of competition short of open warfare to achieve their ends (e.g., information warfare [IW], ambiguous or denied proxy operations, and subversion).”7 Cyber operations are merely a means for Russia to obtain political goals and objectives. An examination of their use in asymmetric tools, in hybrid warfare,