Russian cyberattack on Georgia shows why the US should pass the Georgia Support Act

On October 22, 2019, the US House of Representatives unanimously passed the Georgia Support Act (H.R.598), reaffirming continued US support for the independence and sovereignty of Georgia and asserting US opposition to Russian aggression in the region. Less than a week later, on October 28, Georgia was hit with a major cyberattack, which has since been widely attributed to Russian military intelligence. While it is not clear whether the cyber incident was a direct response to the newly passed act on the part of the Russian government, it certainly appears that way, and it is clear that US support for Georgia has been a point of contention in US-Russia relations for well over a decade.

When looking at the provisions of H.R.598, it becomes even more difficult not to draw such a conclusion, with one of the main focal points of the bill being US cybersecurity cooperation with Georgia. Once some semblance of normalcy returns to Washington, the Senate should show its support for a vulnerable strategic ally by passing H.R.598. This is especially vital as Georgia is scheduled to hold parliamentary elections in October, which will present yet another opportunity for Russia’s destabilizing cyber operations.

The Georgia Support Act directs the State Department to report to Congress on several topics related to the country’s security. A cybersecurity cooperation section posits that the US secretary of state should: (1) Provide Georgia such support as may be necessary to secure government computer networks from malicious cyber intrusions, particularly such networks that defend the critical infrastructure; (2) Provide Georgia support in reducing reliance on Russian information and communications technology; (3) Assist Georgia to build its capacity, expand cybersecurity information sharing, and cooperate on international cyberspace efforts.

The large-scale attack at the end of October disrupted and damaged servers within the Georgian president’s office, judicial system, government municipalities, and non-governmental organizations, and interrupted the broadcasts of at least two major television stations. The attack was widely condemned—the US Department of State and British Foreign Office took the rare measure of publicly attributing blame to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU). The UK’s National Cyber Security Centre assessed with the “highest level of probability” that the GRU carried out the attack, and a Pentagon spokesperson described it as another example of “Russian malign behavior.” A number of other countries condemned the attack, including Australia, the Czech Republic, Denmark, Estonia, Lithuania, the Netherlands, Norway, Poland, and Sweden.

Subscribe for the latest on the Caucasus

Receive updates for events, news, and publications on the Caucasus from the Atlantic Council.

Georgia’s Ministry of Foreign Affairs emphasized in a statement that “Georgia will continue to work closely with its partners to strengthen cybersecurity at the national level to minimize future risks and potential threats.” US Secretary of State Mike Pompeo similarly asserted that the United States would support Georgia in enhancing “cybersecurity and countering malicious cyber actors” and “offer additional capacity building and technical assistance to help strengthen Georgia’s public institutions and improve its ability to protect itself from these kinds of activities.” At the end of March, Georgia’s Central Election Commission (CEC), charged with overseeing the election process in the country, announced it will enhance its cybersecurity capabilities with the support of the International Foundation for Electoral Systems (IFES), a US-based non-profit.

This support is crucial, especially with Georgia’s upcoming parliamentary elections in October presenting yet another prime opportunity for the Russian government to sow discord and division among the Georgian population. General Tod D. Wolters—the commander of US European Command and NATO’s Supreme Allied Commander Europe (SACEUR)—testified in front of the Senate Committee on Armed Services in late February that “Georgia continues to be a steadfast partner and contributor to global security.” But as he also stated, the Kremlin believes “chronic instability” in the South Caucasus is necessary for Russia to maintain regional hegemony. Cyber operations are simply another method to propagate this instability, along with constant military pressure and continuing “borderization” in the occupied territories of Abkhazia and the Tskhinvali region (South Ossetia).

The US Senate could take a significant step toward helping its vulnerable ally by passing the Georgia Support Act and ensuring its provisions are met. The multitude of statements supporting Georgia and condemning the Russian attacks are, of course, a politically positive message for Georgia—but to think statements can change or deter the Kremlin’s behavior is beyond naïve. Concrete actions, such as the passage and signing of H.R.598 into law, would be a message of support backed with real weight.

George Tsereteli is a Europe and Eurasia senior research associate at McLarty Associates. The views expressed are the author’s own.

Further reading:

Image: Georgian and U.S. flags are seen on an armoured vehicles during the multinational military exercise "Agile Spirit 2019" at Orpolo firing range, in Georgia August 9, 2019 REUTERS/Irakli Gedenidze