When it comes to threats in cyberspace, conventional wisdom and expert commentary assign the number one slot to the country with the most failed operations. A failed operation is defined within the intelligence agencies of most countries as a compromised operation, i.e., one whose existence was discovered. It’s important to note that the attribution of any specific country to any specific attack is an untrustworthy mix of art and science based upon IP address, who was victimized, technical evidence in the code, and what ‘feels right’ to the person or team investigating. Based upon this formula, China has been ceded the top position as the number 1 cyber threat in the world.
Instead, I propose that you put aside the marketing hype, the questionable attribution methods, and the upside-down formula of # of failed ops = greatest threat and re-evaluate the cyber threat landscape through a more rational lens. To that end, and in the hopes of stimulating some informed discussion on the topic, here are seven reasons why the Russian Federation should replace China as the world’s most dangerous cyber adversary:
- Russia is the only nation that has engaged in a military action with a cyber warfare component: The Russia-Georgia War of August, 2008.
- Russia is the only nation that has engaged in a cyber attack that crippled components of an entire nation’s critical infrastructure sporadically over a three week period: The Estonia Cyber Attacks 2007.
- Russia’s Prime Minister formerly ran industrial espionage operations for the KGB and still considers such operations an asset to the country.
- Russia has built a parallel military and civilian information warfare infrastructure that it actively uses against internal and external adversaries. For example, the Federal Security Service’s 16th Directorate which is responsible for the interception, decryption, and processing of communications has been recently been identified as Military unit (VCH) 71330.
- The Russian government is reported to fund organizations like the Nashi, which engage in cyber attacks and other malicious acts.
- Individuals closely aligned with the Russian government are prominent venture capitalists who invest in the world’s largest social network companies and in US technology startups as a self-funding open source intelligence operation.
- Unlike China, Russian cyber operations are rarely discovered, which is the true measure of a successful op.
This is an edited version of an entry that also appears on Carr’s blog. Carr is also the author of ‘Inside Cyber Warfare: Mapping the Cyber Underworld’ (O’Reilly Media, 2009).