Russian Cyber Warfare Capabilities in 2014 (We aren't in Georgia anymore)

Ukrainian hackers
deface Russian newspaper
Russia's latest offensive against Ukraine over Crimea has revealed how little Russian expertise the U.S. has (see this New York Times article) as well as the failure of the U.S. Intelligence Community to anticipate Russian military actions against Georgia in 2008 and Ukraine in 2014 (See former DCI Michael Hayden here).

I've worked closely with a recently retired Russia analyst from the IC for the past six years and he has confirmed to me that since the end of the Cold War, Russia has never been a high priority for U.S. policymakers. Indeed, no one has wanted to be bothered by potentially problematic briefings about Russia.

You can see the end result of that knowledge gap in just about every article that has come out recently describing Russia's "Cyber Playbook". They all describe the same tactics that I and other researchers have written about six years ago. Unfortunately, Russia's past tactics in Estonia and Georgia do not even come close to adequately describing their tactical options with Ukraine. Here's a few reasons why:

No more Nashi
In 2008, the Russian government had been fostering and financing the Nashi youth organization for the past three years. Nashi members were involved in the Estonia cyber attacks of 2007, Georgian gov't websites in 2008 and targeted individual Georgian supporters in 2009. Today, the Nashi as it existed under Vladislav Surkov and Vasily Yakemenko is no more. And the same could be said for Surkov and Yakemenko thanks to Putin after he replaced Dmitry Medvedev as President.

Russian hackers aren't all supporting the Russian gov't on Ukraine
Back in 2008, Russian hacker forums were actively recruiting volunteers for attacks against Georgia. Not so today. In fact, I've been told that many Russian hackers are angry with Putin and are supporting their Ukrainian friends. Others, like @Rucyborg on Twitter, are trying to embarrass the Putin administration by breaching servers that contain sensitive information about the dealings of the Russian government such as this incident reported by the Hindustan Times.

New Russian Military Doctrine published in 2010
Russia published its 2010 military doctrine which acknowledged the "intensification of the role of information warfare" and assigned as a task to "develop forces and resources for information warfare."

Funding for dual-use Information Security R&D
Since 2010, Russia like the U.S., China and other countries has made dual use information security research and development a top priority at dozens of top research institutes and universities. Such research includes but isn't limited to:
  • intrusion models
  • information system attack assessment models
  • security protection profiles
  • operating system vulnerabilities
  • electronic warfare capabilities that target automated systems from airborne platforms. 
Russian Military and Security Services Hacker Training
At least twelve institutes provide world-class instruction to their graduates in dual use information security and electronic warfare technologies, who are then hired by the Security Services and Ministry of Defense for offensive and defensive operations. Some of those institutes are included in the below graphic which was Taia Global's depiction of Russia's cyber security organization in 2011.

Copyright 2011 Taia Global Inc. All Rights Reserved
My point with this article is not to say that the Russian government doesn't still have the capability to use proxies the way that it did in 2008 and before. I'm sure that it does, however it has invested large sums of money to give its military and security services capabilities that are far beyond what they had in 2008. If you want to properly assess a threat, you need to understand your adversary's intent, capability and opportunity. The U.S. government has not kept current on Russian technical advancements which means that we cannot estimate capability accurately. In fact, the National Commission for the Review of the Research and Development Programs of the U.S. Intelligence Community. released its findings late last year after a two year study and its very first finding was:
The Commission found a limited effort by the IC to discern and exploit the strategic R&D—especially non-military R&D—intentions and capabilities of our adversaries,and to counter our adversaries‘ theft or purchase of U.S. technology. 
Bottom line: We can't afford to continue to belong to the "Mile-wide" club when it comes to Russian capabilities. We need to do better.