26 September 2023

Is Future Escalation in Cyber Conflict a Foregone Conclusion?

EMILIO IASIELLO

Recently, Artur Lyukmanov the director of the Russian Foreign Ministry’s International Information Security Department warned that continued cyber clashes threatened to catalyze into “all-out war” between Russia and the United States. Lyukmanov, who also serves as special representative to Vladimir Putin on international cooperation on information security, stressed that such cyber hostilities were a deteriorating force, which could lead to direct conflict, particularly if cyber attacks were misinterpreted or else caused a devastating impact against critical infrastructure, ultimately compelling some form of retaliatory action.

This statement comes at a time when the cyber part of the Ukraine war has brought in state, nonstate, and even private sector involvement in various aspects of coordinated and autonomous cyber offensive and defensive operations. The activities have extended beyond the two principal states involved in the war, with cyber attacks coming from foreign state and nonstate assets and targeting sympathetic governments and even private sector organizations that have demonstrated solidarity with either side. This situation underscores Lyukmanov’s concerns that cyber hostilities quickly risk becoming global problems given the amount of official and non-official participants such events can bring to the table, creating an unchecked free-for-all in cyberspace.

What’s become abundantly clear, especially to cyber watchers, is how a borderless domain invites the participation of actors throughout the world during a very border-driven conflict. No longer a hypothesized assumption, the next kinetic war emerging from a geographic hot spot will likely replicate what has transpired during the Ukraine war. Some may argue that Russia’s statement via Lyukmanov is saber rattling, especially given that some of the more noteworthy cyber attacks have been linked to Russian state actors. Whether it was the destruction caused by NotPetya, the disruption of BlackEnergy and Industroyer, or the surreptitious exploitation of a SolarWinds attack, there is little doubt that Russia has demonstrated a willingness to employ offensive cyber operations to its benefit.

However, this does not mean Russia’s concerns of cyber hostilities risking escalation and kinetic conflict are not without merit. Moscow has watched how the United States has made bold strides in becoming a more active player on the world stage with respect to cyber engagement. The Department of Defense recently published its 2023 Cyber Strategy, which further underscored the focal point of U.S. foreign policy – that the United States will seek out allies and collaborators in order to mitigate threats to its national security. The Strategy is clear in stating U.S. intent to closely partner with the private sector and governments as part of its global cybersecurity strategy to promote Western interests and mitigate the threat from adversarial nations. Perhaps this has been no more evident than how the United States has dedicated material and financial assets to bolstering Ukrainian cyber defenses, as well as encouraging the private sector to do the same.

The United States’ preference in using hunt forward operations has been a disconcerting surprise to Russia, and likely other adversaries, for its unapologetic use of offensive cyber activities to root out potential cyber threats from occurring, or at least, minimizing their effectiveness. Lyukmanov’s statement certainly reflects Moscow’s growing concern these increased U.S. Cyber Command’s (CYBERCOM) activities, no matter how a “defend forward” spin terminology is applied to them, are being used to justify U.S. offensive operations. Regardless of how they are perceived, it is evident that they have been successful, at least enough for China and Russia to call them out publicly. Indeed, instead of leveraging this as a quiet capability, the United States has publicized their operations, with the general in charge of them admitting that hunt forward teams are “always” deployed. In fact, the United States recently asserted that it had activated a team for “defensive hunt” operations near Russia, and with an estimated 39 teams at its disposal, it is no wonder that Beijing and Moscow have taken careful note. A CYBERCOM spokesperson admitted that by working together, CYBERCOM learns from these information-sharing exchanges while it enhances the security of the networks on which allies depend.

Russia is concerned given the United States’ stature as the preeminent global cyber power, a position based on the aggregation of the country’s standing is seven categories to include strategy and doctrine, cyber intelligence capability, cyber empowerment and dependence, offensive capabilities, and global leadership, among others. However, adding to its misgivings is the perceived extent of cyber cooperation between Western governments and the private sector with respect to targeting the activities of a state. Critical to the interworking of a global interconnected Internet, any help received from them would give a state a significant advantage. And if these companies willingly help the West over other countries, it certainly puts targets on their backs, regardless of if they are backed by states with their own potent cyber weaponry.

This very well would help explain Russia’s fervent lobbying for splinternetting the Internet and pushing for cyber sovereignty. Russia certainly has no counter to these Internet companies aiding Western efforts in the Ukraine war and beyond, as opposed to its frenemy China who at least can try to combat such partnerships via its own goals of setting up infrastructure in countries with its Chinese technologies. No doubt Moscow understands that continued private sector assistance is a threat to its cyber operations, so much so that Lyukamanov called it “an escalatory path [that] adds higher risks of confrontation.” But statements are not made in a vacuum and if Moscow continues to be stymied in both its war efforts in Ukraine and in cyberspace, it may feel compelled to retaliate.

Russia’s economy has unsurprisingly taken a hit as it spends more on its war effort than it is making on oil production. Sanctions have done their part while Moscow seeks to recalibrate its supply chains to other markets. Though it has strengthened ties with China and Iran, Moscow may find itself increasingly painted into a corner especially if its situation steadily deteriorates. Exacerbating matters is any continued offensive and defensive partnership-driven cyber successes against Russia’s operations that may be perceived as escalatory aggression and could prompt disruptive cyber attacks against private sector companies – particularly technology and Internet ones that are seen as Western accomplices. And while any significant impact would be felt globally, Russia has already tested removing itself from the Internet already in order to determine the reliability of the “Runet” – Russia’s part of the Internet – to work in case of external distortions. Russia may be better able to weather such storms than others.

The timing of Lyukamanov’s statement leads one to wonder if it is indeed a bluster more than a legitimate promise. But its relevancy should not be disregarded because the cyber part of the Ukraine conflict has been anything but what cyber watchers have expected. This means the only thing that can be accurately expected is in fact the unexpected. Right now, private sector collaboration and cooperation have yielded positive results. But the more private sector entities enter kinetic and cyber frays the more apt they will be targeted for their involvement, which in turn could elicit further retaliation by their government allies. The potential for escalation is quite clear, becoming a scenario less speculative and more realistic, particularly if an adversary finds itself in a tenable position with few options and dwindling exit strategy opportunities.

No comments: