According to the Bloomberg report, Russia may leverage vulnerabilities in critical infrastructure, including large banks, stock exchanges, power grids, and airports, as pressure points against the West. Ashmore (2009) says the future of Russian cyber warfare is offensively poised. Mshvidobadze (2014) also claimed that analysts examining espionage malware of apparent Russia origin indicate a preparation of the battlefield for cyber war.
Russia is developing information warfare capabilities such as computer network operations, electronic warfare, psychological operations, deception campaigns, and mathematical programming impact. Ashmore (2009) agrees that Russia is developing new information war strategies with the use of hackers that support Russian government information specialists, providing Russia with assets to use during future cyber conflicts. Heickero (2010) also identifies the main organizations responsible for offensive and defensive cyber capabilities as the Federal Protective Service (FSO), the Federal Security Service (FSB), and the Main Intelligence Directorate (GRU). Russia’s approach to information warfare and information operations differs from that of Western countries to some extent. Russia sees information as a valuable asset that has strategic value and is a key factor for the stability of the state, for the regime, and for influential actors.
According to Dr. Matthew Crosston, one of the leading experts both in cyberwar and Russian foreign policy, part of the reason why Russia is such a major threat to the United States is not only its increasing capabilities but the reasoning and psychology behind its attacks and development of such capabilities. Russia’s purpose in developing cyber capabilities seems to be predatory in nature. This predatory purpose is heavily influenced by “the fact that much of the power dominating cyber capability in the Russian Federation is organized and controlled by federal security agencies but also quasi-outsourced to criminal groups, sometimes independently and sometimes in strict conjunction with governmental oversight.” Crosston also notes the cynical cyber mindset of Russia is somewhat controlled by short-term thinking that has massive profit and political power-wielding motives.
While not all cyberattacks originating in Russia come from the state, Russia has been seen as a safe haven for cyber criminality directed against foreign interests and to some extent domestic cyber criminality. Many have pointed out that Russia has not acted resolutely enough to deal with these law breakers. Thus, what makes Russia especially dangerous, according to Mshvidobadze (2014), is the collusion between the Russian state and cyber criminals. Criminal operators confound attribution and hone their skills on criminal activity, which ends up being a cost-effective reserve cyber force available to the state when needed. There has also been a conjoining of criminal and governmental malware which could result in even more potent cyber weapons. All together this makes Russian cyber espionage widespread, hard to detect, difficult to attribute, and costly to counter.
Heickerö (2010) pointed out Russian strategy emphasizing the importance of information warfare during the initial phase of a conflict to weaken the command and control ability of the opponent. This was evident in the 2007 attacks against Estonia and the 2008 attacks against Georgia. Some calculate this was also extensively used during the intervention in Syria in 2015. To add to this, Herzog (2011) claimed that the severity of the Estonian attacks was a wake-up call to the world. It showed that potentially autonomous transnational networks, such as state-sponsored, pro-Kremlin hacktivists, could avenge their grievances by digitally targeting the critical infrastructure of technically sophisticated states. Herzog suggested that enhancing cyber security and creating new multinational strategies and institutions to counter cyber threats was essential to the sovereignty and survival of states. The biggest challenge, however, is striking a balance between Internet freedom and maintaining adequate early-warning monitoring systems.
Cordesman and Cordesman (2002) criticized the disconnect between US cyber-defense and cyber-offense. This was later expansively enhanced by the work of Crosston (2011; 2013; 2014) This conceptual analytic disconnect permeates US governmental efforts and the response of state and local authorities, the private sector, and non-governmental organizations. They believe in a need for a “comprehensive annual net assessment of cyber threats that combines analysis of the threat that states present in terms of cyberwarfare with the threats that foreign, domestic, and non-state actor groups can present in terms of cyber-crime and cyber-terrorism.”
Ashmore (2009) believes that the international community should work together to track and prosecute cyber criminals that operate outside the country being attacked. Also, Ashmore (2009) believes that nations should “work together to share technical data to maintain cyber defenses and keep up with the newest and ever-changing cyber-attacks” because individual hackers usually share information on new techniques that can penetrate IT defense structures. This prescription, however, requires enormous amounts of trust from both sides, which is hard to ask for even amongst allies. While the international community should come together to secure cyberspace, it is a completely different ballgame to ask states to share their defense techniques. Not only could this information be used to identify vulnerabilities in their defenses, if the information is stolen by hackers, it could be used against these states and in turn applied to the hackers’ networks to make countermeasures impotent.
Another prescription offered by Ashmore (2009) is the creation of laws that make cybercrimes illegal with the hope that the punishments would deter potential cyber criminals. The problem with this is that there is already plenty of laws criminalizing hacking and cyber espionage, none of which have slowed the frequency of cyberattacks. Will new laws prevent the average middle-class Joe from sending vicious malware to his ex-employer out of spite? Maybe. Will new laws prevent criminal hacktivists from launching a politically motivated attack to their adversary’s networks? The answer is most likely no. Just as terrorists continue to murder, maim, and rape their victims regardless of the laws that forbid such actions, those who want to hack likely will. It does not matter what laws are in place. It is this innate internal motivation of the hacker that states like the Russian Federation count on and strategically utilize. For the most part, Russia is the undisputed leader in this newly politicized world of the dark net.