As the Kremlin’s rhetoric grows more bellicose and White House press secretary Jen Psaki warned Tuesday that “Russia could at any point launch an attack in Ukraine,” most of the attention has been focused on possible Russian military and political actions and American and allied military and economic responses. However, U.S. military and intelligence officials warn, the most dangerous escalation is likely to occur in cyberspace.
The Russians have a field-tested, battle-ready doctrine of hybrid warfare that combines hacking, disinformation and malware with missiles and manpower and could inflict serious damage on the financial, energy, communications and other online infrastructure of America and its allies if the conflict escalates. While Western nations have an arsenal of top-secret retaliatory options that include hacking Russian government and personal financial and other records, the last thing we want is mutual assured cyber destruction.
Despite repeated classified and public warnings, not until 2018 did the U.S. establish the Cybersecurity and Infrastructure Security Agency (CISA) in the Department of Homeland Security, and only recently has the agency stepped up its efforts to coordinate government and private information-sharing and defensive measures. Second, cyber defenses must react to an ever-changing array of attacks that are hard to anticipate and difficult to trace. If someone fires a missile at you, you know where it’s coming from.
Here — in addition to squeezing energy supplies to Western Europe, which gets 41 percent of its natural gas from Russia, or causing military trouble elsewhere — are some of the Kremlin’s active options to retaliate for additional military assistance to Ukraine, tougher economic sanctions or other measures:
- Leak stolen information and double down on disinformation campaigns to deepen divisions in the U.S. and other Western countries. Amplifying COVID disinformation is only Moscow’s latest gambit in its effort to pit us against one another. Disrupting elections is another Moscow specialty: There are no indications that Russia has abandoned state-backed hacking operations such the ones waged against the Democratic National Committee (DNC) in 2015 and 2016 or the theft and leak of DNC leadership emails in 2016 that diverted attention from Donald Trump’s vulgar “Hollywood Access” tape on the eve of the 2016 election.
- Play the “kompromat” card. Under President Vladimir Putin, a former Soviet KGB officer, Russia’s military and foreign intelligence agencies continue to harvest compromising information about key figures. Unleashing a flood of such information would divert attention and roil the political and social landscapes of many countries.
- In the worst-case scenario, Moscow could escalate its cyberattacks on critical infrastructure. Last week, with the fragility of global supply chains in full view, the U.S. government issued an alert to American critical infrastructure firms to be on the lookout for Russian cyber threats. Phil Venables, Google Cloud’s chief information security officer, recently said vulnerabilities remain in part “because many organizations, including public sector and critical infrastructure, rely on hard-to-defend outdated legacy systems and software.”
The National Security Agency and U.S. Cyber Command have begun more-intensive monitoring of cyber threats ahead of this November’s midterm election, and last week the Biden administration appointed a 30-year Central Intelligence Agency veteran to oversee election threats.
Russia has made “maskirovka” (disguise) tactics of denial and deception a central element of its military doctrine since at least the early 20th Century. The 1978 Soviet Military Encyclopedia emphasized maskirovka on strategic levels, including political, economic and diplomatic measures in addition to military actions. “The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness,” General Valery Gerasimov, chief of the general staff of the Russian Federation, wrote in 2013.
It’s unclear, however, what Putin’s ultimate goal is and how far he’s willing to go in deploying these hybrid tools. Continuing long-running disinformation efforts and information-seeking hacks are one thing; disrupting America’s or its allies’ financial systems or damaging other critical infrastructure could be considered an act of war that could draw not only a counterattack in cyberspace, but a conventional military one, as well.
Jeffrey Trimble is a former journalist and broadcast manager with extensive knowledge of Russia and disinformation, having served as Moscow bureau chief for US News & World Report; he is currently a lecturer at Ohio State University.
John Walcott is a member of the Global TechnoPolitics Forum advisory board and an adjunct professor in the School of Foreign Service at Georgetown University. He has reported for Newsweek, The Wall Street Journal, and other outlets on or from more than 80 countries during a career that has spanned more than four decades. He is played by Rob Reiner in “Shock and Awe,” a film about the team of journalists who challenged the Bush administration’s case for invading Iraq.