Pages

22 December 2018

NATO Can No Longer Afford to Be Complacent About Russia’s Cyber Threat

Dominik P. Jankowski

As NATO’s relations with Russia seem to be hitting a post-Cold War low, numerous experts argue that the West is already in a state of conflict with Moscow in three domains: intelligence, information warfare and cyber. In particular, Russia’s increasingly hostile actions in the cyber domain have lent new urgency to the debate over cybersecurity in the West, including within NATO. The recent Russian plot to hack the Organization for the Prohibition of Chemical Weapons, discovered and thwarted by the Netherlands, is yet more proof that complacency over Russian cyber operations will prove costly. Russia has decided to adopt a more belligerent, gloves-off approach. Under the current circumstances, NATO must speed up its cyber adaptation process to confront the resurgence of an old foe.

Yet this cyber challenge from Russia is actually not new. By the 1990s, Russia had already managed to develop a sophisticated cyber toolbox, including cyberespionage instruments. The first indications of its capabilities came in the early 2000s, when Russia waged its coordinated cyber operation to combat Chechen separatists’ online information campaign. Russian authorities then progressively began to outsource some cyber activities, including hacking and cyberattacks, to informal actors, such as activists, so-called patriotic hackers and criminal organizations. The aims were simple: first, to lower the strategic risk by creating plausible deniability; and second, to lower the operational and financial cost. Obviously, in technical and financial terms the informal actors relied heavily on the Russian authorities, especially the intelligence agencies. But Russia’s low-cost and low-risk cyber strategy seemed to pay off in numerous cases, including during the cyberattack on Estonia in 2007 and the hacking of a power plant in Ukraine in 2015. 

The success of Russia’s cyber warfare is based on two main pillars. First, in its strategic framework, Russia tries to include cyber warfare in a broader concept of information warfare that includes hacking, in the form of computer network operations and electronic interference, and psychological and disinformation campaigns. These cyber capabilities contribute to the enhanced, so-called anti-access and area denial bubbles Russia has built in the vicinity of its borders with NATO countries, such as the Kaliningrad Oblast, Crimea and the Arctic. Cyber also plays a significant role in Russia’s strategic deterrence framework. 

Second, consistent with its historical belief that the best defense is a good offense, Moscow has embedded offensive cyber capabilities in particular in its conventional military operations. Russia has used cyber as a conventional force enabler in its most recent conflicts, in Georgia in 2008, in Ukraine from 2014, and in Syria from 2015. Russia has employed offensive cyber capabilities outside the battlefield as well. A staff report from the Senate Committee on Foreign Relations found evidence that ahead of meddling in the 2016 U.S. presidential election, Russia had attempted to manipulate elections in 18 other countries. This permitted Russia to test its own operational procedures and examine Western patterns of response and defense against cyberattacks. 

For its part, NATO is no novice when it comes to dealing with cybersecurity. In 2002, at the Prague Summit, the alliance for the first time used the word cyber in an official declaration and decided to strengthen its capabilities to defend against cyberattacks. But a major shift in NATO’s policy came much later, at the Warsaw Summit in 2016, when NATO embraced a new paradigm and defined a new role for itself in cyberspace. 

Moving forward, Russia’s cyber capabilities will expand, and its operations will become more sophisticated and more difficult to track.

In particular, two major decisions were taken in 2016. First, NATO declared cyberspace a domain of operations in which the alliance must defend itself as effectively as it does in the air, on land and at sea. In practical terms, that means NATO has been developing a doctrine to integrate defensive cyber operations in support of conventional ones. Second, NATO decided to adopt a cyber defense pledge that was conceived as a political instrument to expand NATO’s cyber mandate—basically a high-profile tool to exert pressure on allies to invest more resources into cyber defense. The pledge commits allies to exchange best practices, share information and assessments, and enhance skills and awareness among all relevant stakeholders.

The next major shift came at this year’s Brussels Summit in July, when the alliance decided to further enhance NATO’s ability to operate in cyberspace by creating and launching a Cyberspace Operations Center as part of an enhanced allied command structure. The center will be fully operational and staffed by 2023. While NATO will not conduct offensive cyber operations as an alliance, the center will help to coordinate cyberattacks any of its member nations launch on their own as sovereign states. 

Despite these promising steps in the right direction, NATO still needs to incorporate three major elements to shore up its future cyber posture. First, the alliance must fully include cyber in its wider deterrence strategy. Deterrence can work in cyberspace, especially if properly linked to NATO’s wider conventional and nuclear deterrence and defense posture. In the cyber domain, NATO has no geographic depth, which means that every ally constitutes the first line of defense. So, this strategic challenge will also require identifying how and where NATO works best for its allies as a provider of cyber capabilities.

Second, NATO should start a serious discussion within the alliance regarding the formal attribution of hostile cyber activities. Leaving false clues is one of the many ways cyber actors can conceal their identities. Others include spoofing IP addresses, switching toolkits and using other techniques to confuse institutions that are trying to track their tradecraft. All of that makes attribution a complex and costly affair. But knowing who is behind an attack is necessary in order to deter any further aggressors and defend against those that aren’t deterred. In most cases, NATO will depend on intelligence-sharing by the allies with the most advanced cyber capabilities to track and attribute any hostile activity.

Third, NATO must deepen its cooperation with the private sector, which is a driving force in technological innovations. For the cyber defense pledge to function properly, NATO should work as a forum for exchanges with the tech industry. More regular joint exercises and training with the private sector as well as cooperation on forging international norms in cyberspace could serve as a point of departure. 

Moving forward, Russia will remain a primary threat in the cyber domain. Its cyber capabilities will expand, and its operations will become more sophisticated and more difficult to track. Russia’s actions have already led the U.S. and many European allies to adopt more assertive cyber strategies. At the same time, NATO, as a collective defense organization, must shore up its deterrence to respond.

Dominik P. Jankowski is political adviser and head of the political section at the Permanent Delegation of the Republic of Poland to NATO. The views and opinions expressed here are the author’s own and do not necessarily reflect the official positions of the institution he represents.

No comments:

Post a Comment