Russian Cyber Warfare Capabilities in 2014 (We aren't in Georgia anymore)
|Ukrainian hackers |
deface Russian newspaper
I've worked closely with a recently retired Russia analyst from the IC for the past six years and he has confirmed to me that since the end of the Cold War, Russia has never been a high priority for U.S. policymakers. Indeed, no one has wanted to be bothered by potentially problematic briefings about Russia.
You can see the end result of that knowledge gap in just about every article that has come out recently describing Russia's "Cyber Playbook". They all describe the same tactics that I and other researchers have written about six years ago. Unfortunately, Russia's past tactics in Estonia and Georgia do not even come close to adequately describing their tactical options with Ukraine. Here's a few reasons why:
No more Nashi
In 2008, the Russian government had been fostering and financing the Nashi youth organization for the past three years. Nashi members were involved in the Estonia cyber attacks of 2007, Georgian gov't websites in 2008 and targeted individual Georgian supporters in 2009. Today, the Nashi as it existed under Vladislav Surkov and Vasily Yakemenko is no more. And the same could be said for Surkov and Yakemenko thanks to Putin after he replaced Dmitry Medvedev as President.
Russian hackers aren't all supporting the Russian gov't on Ukraine
Back in 2008, Russian hacker forums were actively recruiting volunteers for attacks against Georgia. Not so today. In fact, I've been told that many Russian hackers are angry with Putin and are supporting their Ukrainian friends. Others, like @Rucyborg on Twitter, are trying to embarrass the Putin administration by breaching servers that contain sensitive information about the dealings of the Russian government such as this incident reported by the Hindustan Times.
New Russian Military Doctrine published in 2010
Russia published its 2010 military doctrine which acknowledged the "intensification of the role of information warfare" and assigned as a task to "develop forces and resources for information warfare."
Funding for dual-use Information Security R&D
Since 2010, Russia like the U.S., China and other countries has made dual use information security research and development a top priority at dozens of top research institutes and universities. Such research includes but isn't limited to:
- intrusion models
- information system attack assessment models
- security protection profiles
- operating system vulnerabilities
- electronic warfare capabilities that target automated systems from airborne platforms.
At least twelve institutes provide world-class instruction to their graduates in dual use information security and electronic warfare technologies, who are then hired by the Security Services and Ministry of Defense for offensive and defensive operations. Some of those institutes are included in the below graphic which was Taia Global's depiction of Russia's cyber security organization in 2011.
|Copyright 2011 Taia Global Inc. All Rights Reserved|
The Commission found a limited effort by the IC to discern and exploit the strategic R&D—especially non-military R&D—intentions and capabilities of our adversaries,and to counter our adversaries‘ theft or purchase of U.S. technology.
Bottom line: We can't afford to continue to belong to the "Mile-wide" club when it comes to Russian capabilities. We need to do better.