The Bear is Inside the Wire

Russian hackers, fresh from breaching the State Department’s unclassified networks in recent months, have managed to sneak into “sensitive but unclassified” White House networks, CNN reported on April 7. The perpetrators gained access to real-time non-public details of the President’s schedule, precisely the type of information foreign intelligence services prioritize for collection.

The White House has downplayed the story. But other US officials have confirmed that Russia was indeed the source of the White House hack, according to NBC News.  Former Assistant Executive Director of the FBI Shawn Henry has stated categorically, “I have no doubt that the Russians and the Chinese are in all of these White House networks.”

Russia is undoubtedly a sophisticated and determined adversary in the cyber domain, arguably more capable than China. Russia also has proxies to do its bidding, as it demonstrated by the cyber attacks on Estonia in 2007. For years, Russia has “integrated cyber operations into its military doctrine,” as well as into the larger toolkit it employs for economic and political purposes.

They are getting better—the ongoing campaign against Ukraine shows that Moscow has upped its game since the 2008 conflict with Georgia.  Recent Russian maneuvers have included cyber attacks to disrupt Ukraine’s communications systems and undermine Ukrainian authorities. Using a mix of old-style propaganda and advanced information operations, Russia has succeeded in blending cyber components with other ways of warfighting.  NATO has acknowledged this threat and recognizes the pressing need to address it.

Russia’s cyber spies do more than spy.  They have penetrated the US electrical grid, and engaged in such extensive computer network exploitation against US research and development efforts that the Office of the National Counterintelligence Executive has labelled Russia “a national long-term strategic threat to the United States.”

This menacing cyber activity is all the more concerning because the line between computer network exploitation and computer network attack is thin, turning only on the matter of intent. Hackers and criminals based in Russia have also made their mark, and the country has a long history of blending crime, business, and politics. The stakes are high, too: Russia’s slice of the global cybercrime market has been estimated to range into the billions—over $2.3 billion in 2011.

One could be forgiven for looking at Russian President Vladimir Putin’s behavior and recalling the Cold War. The incursion into Ukraine, seizure of the Crimean peninsula, violations of NATO airspace, amped-up propaganda efforts, and sharply worded anti-Western rhetoric are the tip of a very large iceberg.

This broader context matters because Putin’s Russia seeks to craft an alternative world order in which the shadowy practices of what some have called hybrid warfare—which includes a significant cyber component—hold sway over rules-based institutions and agreements.  Russia’s actions have come at a cost, however. Russia’s economy has felt the pinch, particularly against the backdrop of declining worldwide oil prices. Sanctions imposed by the US and the European Union in response to Russia’s moves against Ukraine took their toll, targeting major banks and principal energy concerns in Russia.  

The cyber domain, and US-Russian relations within it, must be understood and appreciated in conjunction with all of these other developments. Like land, sea, air, and space, cyber is a critical dimension for the formulation and execution of strategy and tactics—not only for our adversaries, but for our response to them. In each of these domains, Russia has employed cyber means and tools to probe the target, including the Baltic countries and Ukraine.

Attribution is always a challenge in the cyber context. What is certain, though, is the need for the US government and the private sector to be ready for attempts to pull off new exploits and to possess the resilience to cope with them effectively, even if we cannot prevent them from happening in the first place. As we have argued elsewhere, we must drive home to Russia that actions have consequences even as we take urgent measures to inoculate ourselves against this growing danger.

The evidence of disturbing Russian cyber-activity is clear. Consider, for example, the so-called Energetic Bear (a.k.a. Dragonfly/Crouching Yeti) campaign to infect energy and industrial firms around the world with malicious software. The perpetrators of this attack, ongoing since 2010 and identified by researchers as being linked to the Russian government, have hit a number of European countries hard as well as the United States—by stealing data and mapping the infrastructure of the targeted networks.

A new Executive Order that imposes material costs including economic sanctions on “persons engaging in significant malicious cyber-enabled activities” is an important instrument that will help drive home to cyber-adversaries that their actions have consequences.

At the same time, congressional leadership is needed: Legislation to facilitate information sharing between the public and private sectors, enact liability protections, and incentivize desired behaviors is long overdue. 

In turn, the Obama administration should articulate a clear cyber-deterrence strategy, designed to influence the behavior of adversaries and actors, including but not limited to Russia.  Such a strategy must encompass working with allies and organizations such as NATO. 

No further wake-up calls are needed. The alarm has been ringing for far too long already.

Frank J. Cilluffo is Director of the George Washington University Center for Cyber and Homeland Security and previously served as Special Assistant to the President for Homeland Security. 

Sharon L. Cardash is Associate Director of the George Washington University Center for Cyber and Homeland Security and previously served as Security Policy Advisor to Canada’s Minister of Foreign Affairs.

Image: Russian hackers broke into sensitive but unclassified White House networks in recent months. Other recent Russian maneuvers have included cyber attacks to disrupt Ukraine’s communications systems and undermine Ukrainian authorities. (Creative Commons)