Part of the Ukrainian power grid was recently taken down by a cyber
attack, almost certainly by Russian hackers with ties to the Kremlin,
the first time there has been such a determined wartime attack.
In the face of such an unprecedented assault, policymakers and intelligence analysts need to consider what might come next. Russian President Vladimir Putin has numerous options for further escalation, with four obvious scenarios: local instability, intimidation, frozen cyber conflict and coercion.
In the least aggressive scenario, local cyber instability, Putin would continue to use offensive cyber capabilities only within Ukraine to further destabilize and delegitimize the existing government and economy.
The power attack is evidence he has already started down this path. The "little green bytes" might deny service to Ukrainian government and media sites, or further target critical infrastructure. As in other post-Soviet frozen conflicts, the goal is not necessarily to prevail, but to keep Ukraine destabilized for years and unable to pose any challenge.
This option could allow Putin to maintain pressure on Ukraine while avoiding an increase in tensions with the West. He might even be able to accomplish this while claiming to be de-escalating the larger conflict. The international community might be happy, however, to countenance a ‘cyber war’ in Ukraine if it caused little tangible damage to other countries, limited the body count, and generated fewer disturbing media images and political pressure.
Under the second option, intimidation, Putin could use offensive or espionage cyber capabilities against NATO or EU member nations, in effect saying that Russia has additional cards up its sleeve and may play them if necessary.
After all, an intimidating cyber escalation would simply be a natural extension of Putin’s provocative behavior in other military actions. In the last 15 months, Russia has sneaked submarines into Swedish and Finnish territorial waters, stating that Finland’s growing ties with NATO were a "special concern;" flown jet fighters and nuclear-capable bombers along the periphery of Europe; and buzzed NATO ships, including the US guided-missile destroyer USS Ross as it sailed in international waters off the Russian-occupied Crimean peninsula.
These provocations have already started in cyberspace with more aggressive Russian espionage and limited attacks, which one experienced analyst has called, “letting loose the hounds.” A larger, planned campaign of just-deniable-enough attacks of little green bytes might be one additional tool of provocation for Putin to wield.
In a frozen cyber conflict, Putin might try to make the Internet itself a new zone of instability. This option is extreme and not as likely as the others, but might offer Putin an intriguing possibility: inflict on the Internet just enough long-term disruption so that it is less useful, less trusted, and less an enabler to Western economies and societies.
Targets could include core Internet functions, like DNS root servers, or even physical attacks on undersea cables disguised to look like accidents.
With sanctions biting severely (and Western news spreading “lies”) Putin may feel little to lose by disrupting core Internet services, which may be useful to Russia but critical to his perceived foes. The idea that no adversaries would risk disrupting the entire system would be as discredited as it was in 1914.
Coercion is Putin's most aggressive option, using cyber capabilities to disrupt the economic targets in the West. Imagine a massive, long-term and continuing attack against the West’s financial system, which is the instrument of Western sanctions against him. What if, Sony-style, one bank a week were to be targeted for a disruptive and embarrassing attack?
And now that Russian hackers have a taste for taking down electrical grids, perhaps they might decide to pressure wavering European countries to see if they can reduce Putin's pain by increasing it on others.
Today, Putin sees himself in a potential existential conflict with the West, perhaps driving toward an actual shooting war, with the very survival of his regime at stake. In 2013, sanctions including asset freezes and export prohibitions pushed Russia to the brink of a recession, and the economy grew by only 1.3 percent.
The World Bank predicts that ongoing sanctions coupled with the decrease in oil prices will shrink the Russian economy by 3.8 percent. Putin could calculate that Russia has few remaining stakes in the global economy and financial system.
Cyberspace, and cyber attacks, offer many ways, especially for a capable nation-state, to target an adversary. In the current conflict, the most likely near-term options for Russia are perhaps local instability, intimidation and coercion. Of course, the scenarios discussed in this chapter are not mutually exclusive; Putin could jump between them or even employ them all simultaneously.
Fortunately to help analyze Russia’s current cyber actions, it may be enough to analyze his actions in the physical world: Russian hostility in Europe is likely to be matched with Russian hostility online. If this process starts to get out of control, then Western leaders have to be at their highest level of concern.
Defensenews
In the face of such an unprecedented assault, policymakers and intelligence analysts need to consider what might come next. Russian President Vladimir Putin has numerous options for further escalation, with four obvious scenarios: local instability, intimidation, frozen cyber conflict and coercion.
In the least aggressive scenario, local cyber instability, Putin would continue to use offensive cyber capabilities only within Ukraine to further destabilize and delegitimize the existing government and economy.
The power attack is evidence he has already started down this path. The "little green bytes" might deny service to Ukrainian government and media sites, or further target critical infrastructure. As in other post-Soviet frozen conflicts, the goal is not necessarily to prevail, but to keep Ukraine destabilized for years and unable to pose any challenge.
This option could allow Putin to maintain pressure on Ukraine while avoiding an increase in tensions with the West. He might even be able to accomplish this while claiming to be de-escalating the larger conflict. The international community might be happy, however, to countenance a ‘cyber war’ in Ukraine if it caused little tangible damage to other countries, limited the body count, and generated fewer disturbing media images and political pressure.
Under the second option, intimidation, Putin could use offensive or espionage cyber capabilities against NATO or EU member nations, in effect saying that Russia has additional cards up its sleeve and may play them if necessary.
After all, an intimidating cyber escalation would simply be a natural extension of Putin’s provocative behavior in other military actions. In the last 15 months, Russia has sneaked submarines into Swedish and Finnish territorial waters, stating that Finland’s growing ties with NATO were a "special concern;" flown jet fighters and nuclear-capable bombers along the periphery of Europe; and buzzed NATO ships, including the US guided-missile destroyer USS Ross as it sailed in international waters off the Russian-occupied Crimean peninsula.
These provocations have already started in cyberspace with more aggressive Russian espionage and limited attacks, which one experienced analyst has called, “letting loose the hounds.” A larger, planned campaign of just-deniable-enough attacks of little green bytes might be one additional tool of provocation for Putin to wield.
In a frozen cyber conflict, Putin might try to make the Internet itself a new zone of instability. This option is extreme and not as likely as the others, but might offer Putin an intriguing possibility: inflict on the Internet just enough long-term disruption so that it is less useful, less trusted, and less an enabler to Western economies and societies.
Targets could include core Internet functions, like DNS root servers, or even physical attacks on undersea cables disguised to look like accidents.
With sanctions biting severely (and Western news spreading “lies”) Putin may feel little to lose by disrupting core Internet services, which may be useful to Russia but critical to his perceived foes. The idea that no adversaries would risk disrupting the entire system would be as discredited as it was in 1914.
Coercion is Putin's most aggressive option, using cyber capabilities to disrupt the economic targets in the West. Imagine a massive, long-term and continuing attack against the West’s financial system, which is the instrument of Western sanctions against him. What if, Sony-style, one bank a week were to be targeted for a disruptive and embarrassing attack?
And now that Russian hackers have a taste for taking down electrical grids, perhaps they might decide to pressure wavering European countries to see if they can reduce Putin's pain by increasing it on others.
Today, Putin sees himself in a potential existential conflict with the West, perhaps driving toward an actual shooting war, with the very survival of his regime at stake. In 2013, sanctions including asset freezes and export prohibitions pushed Russia to the brink of a recession, and the economy grew by only 1.3 percent.
The World Bank predicts that ongoing sanctions coupled with the decrease in oil prices will shrink the Russian economy by 3.8 percent. Putin could calculate that Russia has few remaining stakes in the global economy and financial system.
Cyberspace, and cyber attacks, offer many ways, especially for a capable nation-state, to target an adversary. In the current conflict, the most likely near-term options for Russia are perhaps local instability, intimidation and coercion. Of course, the scenarios discussed in this chapter are not mutually exclusive; Putin could jump between them or even employ them all simultaneously.
Fortunately to help analyze Russia’s current cyber actions, it may be enough to analyze his actions in the physical world: Russian hostility in Europe is likely to be matched with Russian hostility online. If this process starts to get out of control, then Western leaders have to be at their highest level of concern.
Defensenews