iWar
Page 16
In regard to Russian information warfare campaigns, the idea of a UN agreement on cyberspace was like music to the ears of the arms control–enamored national security policy makers within the administration of President Obama. Christopher Painter, the State Department’s cybersecurity policy maker, has promoted the idea of establishing norms of behavior in cyberspace. The idea is to negotiate an agreement with states like Russia and China that would limit cyberattacks. In May 2015, Painter told a Senate hearing the Obama administration is seeking an international call for “voluntary measures of self-restraint,” such as state promises not to attack critical infrastructure, not conduct cyberattacks on systems used to respond to cyberattacks, and cooperation on investigating cyber crime. But relying heavily on international agreements with Russia would not work because Moscow systematically has violated or circumvented all its arms agreements, most recently the 1987 Intermediate-Range Nuclear Forces Treaty, which limits the United States and Russia from building missiles with ranges of between 310 miles and 3,400 miles. Moscow was caught cheating on the accord several years ago in building a new ground-launched cruise missile called the SSC-X-8. The missile has a range of more than 310 miles.
The danger posed by Russian cyberattacks against U.S. critical infrastructures comes amid alarming indications the governments and utilities in charge of the American infrastructure are woefully unprepared to deal with cyberattacks.
“It is only a matter of the ‘when,’ not the ‘if’ we’re going to see a nation-state, group, or actor engage in destructive behavior against critical infrastructure in the United States,” Admiral Mike Rogers, commander of the U.S. Cyber Command and director of the National Security Agency, warned in a speech in March 2016. Rogers called the cyberattack against the Ukrainian electricity grid a “very well-crafted attack” that included monitoring the response by Ukrainian recovery technicians. “And their strategy also focused on how they could attempt to slow down the [electrical power] restoration process,” he said.
“Seven weeks ago it was the Ukraine. This isn’t the last we’re going to see this, and that worries me,” Admiral Rogers added.
The problem with critical infrastructure control networks is that they use “operational technology” (OT), which is very different from traditional information technology (IT) found in most computers and networks, according to Idan Udi Edry, chief executive officer of the Israeli cybersecurity firm Nation-E. As a result, critical infrastructures for the electric grid, water system, and other sectors are highly vulnerable to cyberattacks. “When you have an existing IT network and now you are connecting the OT part into the existing network, all of a sudden you’ve created millions of points that are completely vulnerable for cyberattacks,” Edry said. “This is exactly where I see the potential threat in the United States. The potential damage from such attacks is huge and that’s exactly where hackers want to put the effort,” he said.
The threat of infrastructure cyberattacks prompted two military commanders to sound the alarm in a letter to the secretary of defense in early 2016. “We respectfully request your assistance in providing focus and visibility on an emerging threat that we believe will have serious consequences on our ability to execute assigned missions if not addressed—cyber security of [Defense Department] critical infrastructure Industrial Control Systems,” Northern Command’s Admiral William Gortney and Pacific Command’s Admiral Harry Harris stated in the February 11, 2016, letter to Ashton Carter. “We must establish clear ownership policies at all levels of the department, and invest in detection tools and processes to baseline normal network behavior from abnormal behavior,” the four-star admirals stated, adding that once completed “we should be able to track progress for establishing acceptable cyber security for our infrastructure [industrial control systems].”
The commanders’ worries were prompted by Department of Homeland Security statistics showing a sevenfold increase in cyberattacks on critical infrastructure between 2010 and 2015. The attacks were carried out against what the Pentagon calls “platform information technology”—critical national security hardware and software, including industrial controls and SCADA. They identified several types of malware—including Shamoon, Shodan, Havex, and BlackEnergy—that they warned could potentially “debilitate our installations’ mission critical infrastructure.”
“As geographic combatant commanders with homeland defense responsibilities and much at stake in this new cyber connected world, we request your support,” they added. As shown in Ukraine, BlackEnergy remains the most sophisticated malware used in infrastructure attacks. Shamoon was linked to the 2012 cyberattack against the state-run Saudi Aramco oil company that damaged thirty thousand computers and was believed to have been carried out by Iran. Havex malware has been linked to cyberattacks on industrial control systems, and Shodan is a search engine that is believed to have helped foreign hackers map remote industrial control networks for possible attacks.
Admiral Rogers, the Cyber Command leader and NSA director, has been discussing the infrastructure cyber threat in meetings with executives and security officials in the electrical power and water industries. Power companies are working to develop micropower grids and “island-able” power grids, along with distributed storage and power generation, to mitigate the effects of a large-scale cyberattack.
• • •
Western intelligence agencies are just beginning to focus on Russian information warfare programs. A NATO official in charge of monitoring Russian information revealed that Moscow adopted a comprehensive approach to achieving what he termed “information dominance,” spending up to $500 million a year on warfare that employs lies and disinformation, hoaxes, and the use of Internet trolls. In Russian information warfare campaigns, television under state control is a major outlet. “In Russia television is God,” the NATO official, an information operations specialist, told me. The major television channels are government owned and others are run by oligarchs, like the oil and gas conglomerate Gazprom, that broadcast only content that is in line with the government. “In our countries, this would be free media, but they’re not free media. If you switch on the Russian TV, there are others like five, six, seven different channels and you hear the same narratives. All the same topic. So that’s pretty clear that they are getting the same instructions.”
This is not simple or crude propaganda. It is a highly sophisticated endeavor. For example, Russian television producers often set up phony debates on news programs that present what appear to be differing points of view, in an attempt to boost credibility. In reality, the faux debates are carefully staged as part of information warfare themes. Entertainment programs also are geared to influencing publics, with many shows featuring “heroic” government officials. No more tractor films, as in the Soviet days; modern Russian propaganda programming is targeted, sophisticated, and effective—at least internally, within Russia. It also is broadcast abroad to countries with large ethnic Russian populations, such as Ukraine and the Baltic states of Lithuania, Latvia, and Estonia.
Overseas, RT, formerly known as Russia Today, a well-funded, twenty-four-hour Russian channel, and Sputnik, the digital news service, serve as Moscow’s main propaganda outlets for information campaigns. Moscow also is trying to control the Internet, since the free unfiltered information it provides has been categorized by the government as a threat to the state. Like China, the government hires thousands of Internet trolls to promote propaganda and disinformation themes.
An internal British government report on Russian hybrid warfare and influence operations I obtained reveals Moscow is expanding its reach beyond Ukraine. “Now there are increasing worries this tactic is being used elsewhere, as part of a broader strategy to undermine the U.S. and Europe,” the March 25, 2016, report says.
In Finland, journalist Jessikka Aro exposed Russia’s use of pro-Kremlin trolls—those who seek to discredit people through online attacks. Russian trolls targeted Aro in an online campaign of vilification on social
media, the key battleground in the information war. The campaign used Russian operatives sending complaints about her to media leaders, ombudsmen, and government officials, including Finland’s president. The campaign also used cyberstalking, along with the use of threatening phone calls and even protests outside her office. The trolls also resorted to sending fraudulent text messages to her that appeared to be from her deceased father. “My private life, family affairs, and nonexistent political background have been under scrutiny,” she says. “During the last year I have been accused of destroying the freedom of speech probably hundreds of times, an absurd claim coming from anonymous profiles or public propaganda figures, who bully people and spread Russian lies.” Finnish police eventually investigated the smear campaign and identified two people behind the effort who were linked to pro-Russian activists in Finland. A Russian dissident, Lyudmila Savchuk, also has exposed Russian online trolls after infiltrating a front company called the Internet Research Agency, later renamed Glavest, located in St. Petersburg, Russia. Savchuk disclosed that she and others at the company were paid to produce false posts and comments on blogs, social media, and news websites, using proxy servers to mask their IP addresses. The posts all praised the Russian government and Vladimir Putin and attacked opposition political figures and pro-European Ukrainian and Western leaders. They also spread disinformation—including the false claim that Malaysian Airlines flight MH17, a commercial airliner shot down over Ukraine, was attacked by Ukrainian government forces. The July 17, 2014, airliner attack in reality was the work of pro-Russian rebels who used a Moscow-supplied SA-11 surface-to-air missile. All 283 people on board the aircraft were killed. Moscow propaganda organs shifted into high gear in denying Russian involvement in the disaster.
In the United States, pro-Kremlin trolls tweeted false news of several disasters, such as a chemical accident at a Louisiana factory and an outbreak of the Ebola virus in Atlanta. The ruse employed fake screenshots of established news websites and some of the tweets were addressed to media outlets and politicians. The motive behind the campaign appeared to be to trigger a public panic. The New York Times traced the fake tweets to the Internet domain add1.ru, which is connected to the Glavest disinformation operation in St. Petersburg.
U.S. Air Force general Philip M. Breedlove, commander of the U.S. European Command and NATO commander from 2013 to 2016, sees Russia’s use of hybrid warfare as a combination of diplomacy, information warfare, and military and economic measures, along with traditional warfare, covert action by military and intelligence operatives, and cyberwarfare. A key feature is spreading lies and disinformation through state-run Russian news outlets and attacking the credibility of target states.
“Informationally, this is probably the most impressive new part of this hybrid war, all of the different tools to create a false narrative,” Breedlove said. “We begin to talk about the speed and the power of a lie, how to get a false narrative out, and then how to sustain that false narrative through all of the new tools that are out there.”
Russia used military forces differently in hybrid warfare, as the Little Green Men in Crimea showed. They were successful in creating ambiguity as to whether they were official Russian military forces. Breedlove argues that intelligence means should be employed to publicize the truth behind such actions, and then to forcefully disseminate the information to global publics. “What the military needs to do is to use those traditional military intelligence tools to develop the truth,” he says. “The way you attack a lie is with the truth. I think that you have to attack an all-of-government approach with an all-of-government approach. We need to, as a Western group of nations or as an alliance, engage in this information warfare to . . . drag the false narrative out into the light and expose it.”
Breedlove rejected the Obama administration’s approach of doing little to counteract Russian information warfare over concerns the efforts could be destabilizing. “In Ukraine, what we see is diplomatic tools being used, informational tools being used, military tools being used, economic tools being used against Ukraine,” he said. “We, I think, in the West, should consider all of our tools in reply. Could it be destabilizing? The answer is yes. Also, inaction could be destabilizing.”
Breedlove himself was a target of suspected Russian information warfare when his private Gmail account was hacked and the emails leaked online. The outspoken general was revealed as having taken a much harder line on Russia than President Obama or his aides, according to the emails. “I may be wrong, . . . but I do not see the WH really ‘engaged’ by working with Europe/Nato,” Breedlove wrote on September 30, 2014. “Frankly I think we are a ‘worry’, . . . ie a threat to get the nation drug into a conflict . . . vice an ‘opportunity represented by some pretty stalwart allies.’ ” The four-star general made the remarks in an email to former general and secretary of state Colin Powell in seeking advice on “how to work this personally with the POTUS [president of the United States].”
In another email, Breedlove told academic Harlan Ullman, “I think POTUS sees us [the U.S. military and NATO] as a threat that must be minimized, . . . ie do not get me into a war????”
Russian intelligence services play a major role in information warfare and one service developed an Internet influence and monitoring system, according to a report by the CIA-based Open Source Center. “Russia’s Foreign Intelligence Service (SVR) is developing an automated system to monitor blogs and social media to influence public opinion via social networking websites,” the report says. The SVR announced plans for the system through three contracts in January 2012 for an automated system to shape public opinion. The program was to be developed in three stages and completed by 2013, at a cost of around $1 million. The first phase is called “Disput,” or public debate, and “analyzes intelligence gathering methods in ‘Internet-centers’ and regional segments of social networking website.” Disput also will produce analysis to “identify factors that affect the popularity and spread of messages.” Phase 2 is called “Monitor-3” and relies on “a virtual community of experts” devoted to developing methods of effectively creating and disseminating messages. Last is Shtorm-12 (Gale Wind-12), which fires off automatic messages produced using Disput and Monitor-3.
According to the Open Source Center report, the system is directed at influencing both foreign audiences and internal Russian audiences. A main target is Eastern European countries made up of former Soviet republics or Warsaw Pact states that Russia refers to as the “Near Abroad” and the main target of Putin’s pan-Eurasian vision. The report said the SVR system appears based on Russian officials’ belief that social media–enabled foreign covert influence campaigns triggered the Arab Spring and other antigovernment movements. “Russian officials, including Putin, have publicly opposed the use of the Internet to influence foreign audiences, but the establishment of this program in the SVR, Russia’s external intelligence arm, contradicts officials’ public stance,” the report said.
One of the more menacing aspects of Russian information warfare has been Moscow’s ongoing campaign to threaten nuclear attacks against the United States. The campaign included stepped-up flights by nuclear-capable Russian bombers and dangerous aerial intercepts of U.S. reconnaissance aircraft around the world, including northern Europe, the east and west coasts of the United States, and Asia. Beginning in early 2013, Russian Tu-95 nuclear-capable Bear bombers began flying very close to U.S. coasts and borders, in several cases conducting simulated attacks on the United States. One of the practice strikes targeted the U.S. missile defense interceptor base at Fort Greely, Alaska. Another took place off the Atlantic coast and practiced simulated long-range cruise missile strikes on Washington, D.C.
After I disclosed the existence of Russia’s development of a new underwater nuclear drone submarine, code-named Kanyon by the Pentagon and capable of delivering a massive nuclear warhead against U.S. harbors, Russian information warfare specialists took the unusual step of confirming the existence of the experimental
drone submarine by leaking details during a televised press conference with Putin in November 2015. The disclosure on Russian state television of what the Russian military is calling the Status-6 unmanned underwater vehicle was the latest attempt at nuclear intimidation against the United States. Konstantin Sivkov, a member of the Russian Academy of Missile and Artillery Sciences, wrote in a state-run news outlet that the drone leak was aimed at forcing negotiations. “Russia is creating a system of strategic deterrence against which even in the remote future there will be no acceptable defense,” Sivkov wrote. “This will compel our ‘partners’ to sit down at the table for constructive negotiations.”
A Russian government spokesman claimed the leak of the Kanyon by a senior Russian military officer on television was a mistake. But Sivkov asserted that explanation is false. “In no way is it possible to believe that a military leader of the highest rank disclosed such important information by mistake—this would certainly cost him his career at the very least,” he said. Instead, the leak was actually an “information bomb” aimed at intimidating the United States. “The aim is to scare the adversary by means of a ‘bubble,’ to make him agree to certain concessions or undertake work on resource-intensive defense programs in totally unproductive areas,” Sivkov stated in an article published in VPK Voyenno-Promyshlennyy Kuryer Online, a weekly newspaper on military and defense industry issues associated with the arms manufacturer Almaz-Antey. Sivkov compared the Kanyon to the Reagan administration’s Strategic Defense Initiative, which was largely credited with forcing the Soviet Union into spending large sums preparing to counter U.S. strategic missile defenses. Sivkov also believes the Kanyon leak was intended to send the strategic message that the weapon will be built in the distant future. “The aim is the same: to grab the adversary’s attention, to push him in the direction of concessions.”