by Bill Gertz
Polish strategic analyst Jolanta Darczewska views the Crimean takeover as a classic case of Russian information warfare aimed at furthering the neofascist vision of Russian president Vladimir Putin, who lamented in a 2005 speech that the fall of the Soviet Union in 1991 was the “greatest geopolitical catastrophe of the century.” The remark signaled new Russian aggressiveness in seeking to restore at least some of the closest former Soviet states under Russian control.
“The Crimean operation perfectly shows the essence of information warfare: the victim of the aggression—as was the case with Crimea—does not resist it,” Darczewska wrote in a 2014 report, “The Anatomy of Russia Information Warfare.” “This happened because Russian-speaking citizens of Ukraine who had undergone necessary psychological and informational treatment (intoxication) took part in the separatist coup and the annexation of Crimea by Russia.” Russian information warfare will intensify, she warned, as Moscow has achieved a sense of impunity on the information battlefield and is constantly assessing, modifying, and perfecting its use of information warfare methods and techniques. The information operations will continue because the techniques are central to Putin’s new geopolitical doctrine, which is Russian-centered, antiliberal, oriented toward rivalry with the West, and aimed at reasserting Russia’s dominance over the Eurasian landmass.
Crimea was just the beginning of Russian covert action against Ukraine, which has continued with the semi-secret military support for pro-Russian rebels in the eastern part of the country, large-scale nuclear forces exercises near the border in Ukraine, and unprecedented threats by Russian leaders, including Putin, to use nuclear weapons against the United States and the West.
For the United States, the Crimea operation was the most visible and alarming manifestation of hybrid information warfare. It was the first large-scale military aggression since Russian forces carried out operations against the former Soviet satellite republic of Georgia in 2008. Russian operations in the information sphere are taking nonkinetic warfare—conflict that limits or eliminates the use of overt military force—to a new level in aggressively working to fan anti-U.S. and anti-Western sentiment both within Russia and globally. Director of National Intelligence James Clapper told Congress in 2015, “Russian state-controlled media publish false and misleading information in an effort to discredit the West, undercut consensus in Russia, and build sympathy for Russian positions.”
Along with the operations under Putin, Russia has adopted a new ideology based on the false notion that the country and its culture are under siege from hostile forces in the West, led by the United States.
Understanding the threat of Russian information warfare requires first knowing Putin, his strategic vision, and how he is ordering the comprehensive use of Soviet-style intelligence, covert action, and strategic influence activities in a coordinated campaign of information warfare. The ultimate goal of the Russian leader is to expand Russia’s control over an area stretching from the Pacific Ocean across Europe to the Atlantic Ocean over the next two decades.
The ideological roots of Russian strategic information warfare against the West can be traced to a combination of neofascism, Russian nationalism, and opposition to Western liberalism. Its two main theorists have been identified as Igor Panarin, professor at the Russian Foreign Ministry Diplomatic Academy, and Aleksandr Dugin, professor of sociology and philosophy at Moscow Lomonosov University and director of the Center for Conservative Studies at Moscow State University. Panarin was a former colonel in the KGB and was also with the Federal Agency of Government Communications and Information, the signals intelligence service. Both academics are closely tied to the Russian intelligence and security services, including the dominant FSB.
Dugin worked as an officer in the GRU, a military spy agency that is one of Moscow’s key information warfare arms. From 1988 to 1989, Dugin was a leader of the notorious anti-Semitic Russian nationalist organization Pamyat. He went on to found the pan-Russian social movement Eurasia, which was funded by Russian intelligence services.
Panarin has labeled what he says were two periods of “information aggression” against Russia. The first occurred under the glasnost—openness—of reform communist leader Mikhail Gorbachev in the mid-1980s and ended with the fall of the Soviet Union in 1991. The second wave took place around 2000 and is predicted to continue until 2020, when Putin’s nationalist Eurasian ideal is to be realized. This view regards the so-called Color Revolutions of the early 2000s that rocked the former Soviet republics as information aggression against Moscow, along with the upheavals of the Arab Spring, which took place across North Africa and the Middle East.
Panarin defines information warfare in the Russian context as the use of influence operations, including social control to influence polities; social maneuvering through the intentional control of publics to achieve certain goals; information manipulation through the use of accurate information in ways that produce false implications; disinformation, or the spreading of manipulated or fabricated information; information fabrication, or the production of false information; and lobbying, blackmail, and extortion of sought-out information.
The secret and open tools of information warfare include propaganda, intelligence operations, analysis of media and monitoring the effects, and organizational elements. The organizational methods include coordination and steering of operations, secret agents of influence to shape the opinions of political leaders, and media acting in line with state goals. Special channels for information warfare include special operations military forces that can conduct activities disguised as a foreign state. Panarin calls the single center used to carry out information warfare as “the information KGB,” and he has claimed that the anti-Russian protests in Ukraine leading up to the ouster of Yanukovych were Western information aggression.
Dugin’s information warfare theories reflect a more military orientation. He regards the Color Revolutions as part of American “net-centric warfare” and has proposed a “Eurasian” network warfare system to engage in counter-information warfare. To defeat Western information operations, Dugin called for creating a special group of senior officials from the Russian intelligence services, along with academics, scientists, journalists, and cultural activists, to wage information warfare on a U.S.-led “Atlantic network.”
Russian information warfare is aimed at defeating what the nationalists regard as the dominant Western ideology of liberalism, based on individualism, technocracy, and globalism, and which took down the ideology of communism.
Panarin too is a Russian supremacist who advocates defeating Western liberalism. Panarin bases his views on Putin’s 1999 manifesto, “Russian at the Turn of the Millennium,” which urged returning Russia to superpower status. An ideological trinity of spiritualism, state power, and cyber sovereignty are key elements. The Russian theorists also use the term netcode to describe the basis of information warfare; the U.S. netcode is said to be global hegemony and anti-Russian statehood. The Russian netcode seeks to defeat the West and establish a Russia-centered civilization, with the new Moscow-dominated Pacific-to-Atlantic sphere of influence. In their thinking, pro-Western Ukraine is a main impediment to achieving the goal.
Phillip Karber, a former U.S. arms control official and national security expert, says Russian hybrid warfare spans the spectrum of conflict domains and levels of conflict. On the low end, Moscow is using political subversion, such as seizing government buildings, sabotage, assassination and terrorism, propaganda and media campaigns, and supporting agents of influence. For certain campaigns, such as the ongoing destabilization in eastern Ukraine, Russian hybrid warriors are deploying paramilitary forces posing as volunteers and militias to conduct attacks and destroy government infrastructure. The Russians also use threats of military force and preparations for military incursions, along with cyberattacks. For soft power, negotiations and legal warfare are being used in an attempt to legitimize Russian activities and to inhibit Western counterattacks and countermeasures. Ru
ssia’s nuclear forces, currently undergoing major modernization, also provide a coercive information warfare weapon. Russian leaders frequently hype Moscow’s nuclear strength, and nuclear bombers have sharply increased provocative flights near U.S. coasts.
The United States is ill-prepared to deal with the threat, according to Karber, president of the Potomac Foundation. “Modern decision makers in Western democracies are neither prepared for Russian disguised operations, denial, duplicity, and deception on the low end of conflict, nor steeled against brazen nuclear posturing and direct threats at the high end,” Karber told me. “This hybrid combination often leads to ‘decidophobia’ and fear of ‘escalating’ even when that only means reciprocal matching of behavior the Russians are already practicing.”
On the cyber front, Moscow’s cyberwarfare operators are regarded by U.S. intelligence agencies as the world’s most sophisticated. The basis of Russia’s advanced cyber operations stems from the skilled technological base left over from the Soviet Union. Many Soviet-era KGB and GRU intelligence service personnel have launched cybersecurity companies that provide ideal cover for Russian government cyberattacks, according to defense officials. “Anyone who would risk using a Russian cybersecurity company should have his head examined because the risks are great,” a senior U.S. military officer familiar with intelligence reports about Russian cyberwarfare capabilities told me.
The military annexation of Crimea also demonstrated that the Russians are leading the way with cyberattacks, including the first known cyberattack against a foreign nation’s electrical power grid, which temporarily turned out the lights for tens of thousands of Ukrainians. On December 23, 2015, covert Russian cyber actors struck Ukraine’s power grid in what a U.S. State Department security report called the “first blackout to be caused by malicious software.”
“While cyber attacks on critical infrastructure systems have long been viewed as digital aggression with physical consequences, very few have been documented to date, making the late December events in Ukraine a hallmark incident,” the report by the Overseas Security Advisory Council, which supports American businesses overseas, stated. “Subsequent reports indicate that airport, rail, and mining system networks were also targeted, leading some to believe the hackers were focused on disrupting Ukraine’s critical infrastructure.”
The Ukrainian power supplier Prykarpattyaoblenergo, which provides electrical services to customers across the western Ukrainian region of Ivano-Frankivsk, announced that the utility suffered a “large-scale breakdown” on December 23 that left 700,000 homes across the region without power for several hours. Ukraine’s Energy Ministry announced the outage was caused by interference with the supplier’s automated control system.
The linkage to Russian hackers emerged from a forensic analysis of the malicious software found on the networks. A computer virus called a backdoor Trojan—because the software can infiltrate a system by appearing to be a nonthreatening program—and known as BlackEnergy 3 was first observed in 2007 and has been linked directly to Russian government hackers. It specifically affects remotely controlled networks used to operate critical infrastructure systems, which include electrical grids, financial networks, telecommunications, transportation, water and waste management, and other strategic functions. The software contains a unique feature, called KillDisk, that permits remote cyberattackers to rewrite files on the infected systems with random data, and then to block any user from rebooting the system, thus making the computer inoperable. BlackEnergy 3 also allows remote cyberattackers to search infected computers for software used in electric control systems—the signature that the virus is aimed at taking down electric grids.
Security researchers at the SANS Institute, a nonprofit company that specializes in information security, determined that hackers remotely accessed the Ukraine power companies and disguised the malicious activity, directed changes in electrical power distribution, and then conducted activities that made it more difficult for Ukrainian network administrators to restore power. The cyberattack coincided with another Russian information warfare operation to flood telephone help desks at Ukrainian electric companies so that support staff were distracted from responding to the ongoing technical attack.
From an information warfare perspective, the Russians were further engaging in political messaging over Crimea. Specifically, Moscow was warning Ukraine not to attempt to isolate Russian-occupied Crimea or attempt to cut off electrical power to the peninsula. The cyberattacks coincided with other activities aimed at Ukrainian government and private sector networks, while providing the Russian government with deniability as it continued to carry out information-based strikes and activities.
To highlight the Russian cyber threat, the DIA issued an internal warning in early 2016 stating that industrial security software being developed by a Russian-origin company, Kaspersky Lab, could result in American critical infrastructures becoming vulnerable to Russian cyberattacks. The DIA stated that the software, if adopted by American utilities, would create vulnerabilities inside U.S. industrial control systems, specifically a category of controllers called supervisory control and data acquisition software, known as SCADA, systems. The DIA report disclosed that U.S. electrical and water utilities, as well as other critical industrial sectors, were considering the purchase of the software, which the intelligence agency said could allow Russian government hackers, considered among the most advanced nation-state cyber spies, to get inside industrial control networks, specifically remote-controlled SCADA programs that are used to operate the electrical grid, oil and gas networks, water pipelines and dams, and wastewater systems. Kaspersky denied its software could create vulnerabilities. “The alleged claims are meritless as Kaspersky Lab’s products and solutions are designed to protect against cybercriminals and malicious threat actors, not enable attacks against any organization or entity,” the company said in a statement. “We are not developing any offensive techniques and have never helped, or will help, any government in the world in their offensive efforts in cyberspace.” Efforts by Kaspersky to enter the American industrial network security market continued that same year when the company looked to partner with American defense contractors as a way of winning lucrative U.S. government information security contracts.
Another alarming aspect of Moscow’s preparation for future information warfare operations was disclosed by senior U.S. intelligence officials who revealed that the Russians are conducting “cyber reconnaissance” against critical U.S. infrastructures, including the electric grid. James Clapper, the director of national intelligence, disclosed that Russian cyberwarfare specialists had broken into the computer supply chain of U.S. infrastructure companies and were able to gain access to industrial control networks as a result. “Unknown Russian actors successfully compromised the product supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors’ websites along with legitimate software updates,” Clapper testified to the House Permanent Select Committee on Intelligence. “Politically motivated cyberattacks are now a growing reality, and foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary’s intent became hostile,” he added.
The BlackEnergy malware linked to Russian hackers also has been detected in U.S. industrial control system software since at least 2011. According to a Department of Homeland Security notice from October 2014, industrial control systems used to operate critical U.S. infrastructure, including water and energy systems, have been under attack from cyber actors using malicious software since 2011. DHS and its Industrial Control System–Cyber Emergency Response Team (ICS-CERT), a unit devoted to protecting industrial infrastructures, revealed in the notice what it called “a sophisticated malware campaign that has compromised numerous industrial control systems (ICSs) environments using a variant of the BlackEnergy malware.�
�
The most serious concern is that the Russians are hacking the systems and using the penetrations to prepare for damaging cyberattacks in a future conflict. The activities include reconnaissance operations and implanting clandestine malware inside the industrial control networks. The network intrusions would be used to attack systems in a future conflict, or for coercive information warfare, such as threatening to take out the power grid or other critical infrastructure unless the United States gives in to Russian demands on a particular issue.
Russian hackers also have broken into the White House military office, which is used to coordinate presidential travel, and the Joint Chiefs of Staff email network, shutting down the military command center’s ability to send unclassified emails for at least two weeks.
At the same time Russian government hackers have been conducting cyberattacks against industrial control systems, governments, and private sector networks, Moscow has sought to use the United Nations to limit America’s ability to both defend and counterattack against the Russians, a key feature of a broad-based information warfare campaign, often referred to as legal warfare, or lawfare. In February 2016, Major General Yuri Kuznetsov, director of the eighth directorate of the Russian Armed Forces General Staff, told a security conference in Moscow that the Russians are seeking a United Nations cyber nonaggression agreement. “The global informatization of society enables the use of modern technologies to destabilize the social situation inside countries and influence people,” he said. “The leaders of major countries have come to realize that there is a need for legislative regulation in this field. The first step on the path to establishing these conditions will be a cyber nonaggression pact that is expected to be signed under the auspices of the UN.” The agreement would delineate nations’ obligations to follow principles and norms of conduct in cyberspace.