Justin Sherman
Much of the Western analysis and commentary on Russian cyber threats since Russia’s full-scale invasion of Ukraine in February 2022 have focused on state actors as well as some cybercriminal groups. However, another set of players has a key role in the Russian cyber ecosystem: private sector cybersecurity companies.
The Russian “cyber web” is complex, shifting, and often opaque, encompassing state-encouraged “patriotic hackers,” independent developers, and state-recruited cybercriminal groups, among many other actors. The state does not control every actor—it could not control every single actor, in all ways, at all moments even if it wanted to do so. Entrepreneurialism, competition, and innovation abound in the Russian cyber web, too. Nonetheless, the state can coerce any actor at a single time and can use incentives, procurement contracts, and other mechanisms to compel them to behave in different ways. In this vein, the Russian government can and does draw on a spectrum of actors to assist with offensive, defensive, educational, recruitment, and other objectives related to cyber. The Russian government can use nonstate cyber actors to augment state capabilities, acquire new talent or services for the state, add a veneer of deniability to intelligence operations, and much more. Furthermore, security agencies such as the Federal Security Service (FSB), Foreign Intelligence Service (SVR), and military intelligence agency (GRU) have relationships with nonstate cyber actors that vary in structure and purpose over time.
Private cyber firms in Russia occupy an important role in this ecosystem. Although not every Russian cybersecurity firm is a government contractor, many firms provide services to the state. These services include supporting defensive operations, supplying defensive technologies, providing defense-oriented threat intelligence, identifying vulnerabilities to patch in Russian systems, offering open-source intelligence and reconnaissance services and technologies, identifying vulnerabilities for offensive operations, building exploits for offensive operations, assisting with offensive operations, cultivating talent, building propaganda-guided and national security– themed educational materials, and helping the security services recruit cyber talent. Some of these dynamics are not unique to Russia, such as a private company providing a state agency with firewalls. Other dynamics do stand out, such as the potential for the state to coerce a company or to carry out intelligence operations against dissidents or civilian critical infrastructure.
No comments:
Post a Comment