Washington and Moscow are in a war of words over a series of so-called ransomware attacks on organizations and businesses in the US and other countries. These increasingly sophisticated cyber attacks represent a new type of warfare whose goal is to disorganize and even destroy the national economy, writes the magazine "Konverzejšn".
This is called “hybrid warfare”. It is a mixture of conventional and unconventional methods used against a much stronger adversary and aimed at achieving political goals that would not be possible in traditional warfare.
Often the problem is identifying the culprits. In hybrid warfare, the state responsible for the actions will often use non-state actors, which allows it to deny responsibility. But over the past two decades, many cyberattacks on Western state institutions and businesses have been far more sophisticated than a few technically savvy individuals acting as "lone wolves" and bearing the hallmarks of actions undertaken with the support or approval of hostile governments.
The scale of cyber-attacks carried out at the military level signals the involvement of state actors behind the scenes who organize or instigate these attacks. Russia has emerged as one of the international actors that has developed a sophisticated cyber warfare strategy.
So what do we know about the way Russia is waging hybrid warfare through cyber attacks? The Russian doctrine of cyber warfare, or "hybrid military", was shaped by political scientists such as Alexander Dugin - a Russian philosopher called "Putin's Rasputin" or "Putin's Brain". He is a professor of sociology at Moscow State University and was targeted by US sanctions following Russia's 2014 takeover of Crimea.
Another key thinker in this area is Igor Panarin, a senior adviser to Putin with a PhD in psychology. Among the high-ranking military figures are Valery Gerasimov, the head of the Russian General Staff and the author of the "Gerasimov Doctrine", which, according to the Carnegie Foundation, "is an entire government concept that combines hard and soft power in many domains and transcends the boundaries between peace and war."
Such thinkers have long argued that Russia achieves its political goals through information warfare, not military force.
Cyberspace is often depicted as having three layers – physical (hardware), logical (how and where data is distributed and processed), and human (users). It is mostly managed by private organizations rather than state actors. Thus, cyber attacks are in a gray area when it comes to who should be responsible for prevention. There is also the question of who mounts the attacks and whether they are criminal enterprises or some state agency is behind them.
This confusion about responsibility for protection plays into the hands of the Russian government. It can harm opponents, no matter how big or powerful they are, without launching a military campaign.
In recent years, cyber attacks by Russian criminal groups have targeted hospitals, power grids and industrial facilities. The Kremlin described the allegations of its involvement as "baseless". But while there may not be a direct link between the government and whoever is carrying out the attacks, Russia is knowingly allowing these groups to operate from its territory.
Russian state agencies have offered their services in tracking down these criminal groups. But this promise has been repeated over the years and has never yielded results – an eyesore compared to their enthusiasm for fighting activist groups operating in the country.
Many countries have stepped up efforts to develop strategies to combat cybercrime. These initiatives include hybrid warfare exercises in 24 EU member states, simulating an orchestrated cyber attack on EU military and cybersecurity infrastructure.
The EU has also established what it calls a "hybrid fusion cell" to provide strategic analysis to EU decision-makers in efforts to deter and respond to cyber attacks. A group of analysts within the EU Intelligence and Analytical Center (EU INTCEN) analyze intelligence coming from the EU and various national institutions such as GCHQ, MI5 and police intelligence agencies in the UK and provide risk assessments for decision-makers to shape domestic policy.
Both the EU and the US have imposed sanctions on Russian individuals and entities for their harmful activities targeting cyber infrastructure. But dealing with such a threat from tightly disciplined and rigidly hierarchical state-sponsored groups is not easy.
As soon as Western intelligence agencies can develop new initiatives to deal with hybrid tactics, cybercriminals seem to be able to develop new means of attack. Thus, an agile management model is needed to effectively use public and private resources to counter hybrid warfare threats.
Hybrid warfare is a huge, complex threat that does not stand still - and that requires a proportionate response if states are to defend themselves.
The article was published in the magazine "Konverzejšn"
Translated by: D. Vraneš Redžić
See more:
Download the app and follow the news
FOLLOW US ON
