“While I can’t go into detail here, the Russian cyber threat is more severe than we had previously assessed,” the director of national intelligence, James Clapper, told the Senate Armed Services Committee during the 2015 presentation of the “Worldwide Threat Assessment of the U.S. Intelligence Community.”
The report lists sophisticated cyberattacks as the principle national security threat facing the United States. “Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact,” the assessment notes.
Russia is singled out as one of the most sophisticated nation-state actors in cyberspace. The report notes that Russia’s Ministry of Defense is establishing its own cyber command, responsible for conducting offensive cyber activities (similar to the United States Cyber Command).
The report says that Russia’s cyber command will also be responsible, again similar to its U.S. counterpart, for attacking enemy command and control systems and conducting cyber propaganda operations. Furthermore, “unspecified Russian cyber actors” have developed the capability to target industrial control systems and thereby attack electric power grids, air-traffic control, and oil and gas distribution networks.
However, the report points out that the United States will not have to fear debilitating strategic cyberattacks on a large scale:
“Rather than a ‘Cyber Armageddon’ scenario that debilitates the entire U.S. infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security.”
The assessment also provided a hint that we may see an increase in “naming and shaming” campaigns, similar to the cyber espionage charges against five Chinese military officials accused of hacking into U.S. companies back in May 2014. The report argues that “the muted response by most victims to cyber attacks has created a permissive environment in which low-level attacks can be used as a coercive tool short of war, with relatively low risk of retaliation.”
In addition, the report notes that identification of perpetrators has become a lot easier in the last few years. Perhaps this is the reason why the U.S. intelligence community chose to go public at this stage.
U.S. intelligence agencies have known for years that Russia is a much more capable adversary in cyberspace than China and that Moscow employs more sophisticated and stealthier cyberattack methods. “The threat from China is overinflated, (and) the threat from Russia is underestimated,” Jeffrey Carr, head of the web security firm Taia Global and author of the book Inside Cyber Warfare, emphasized in an interview last year. Carr added:
“Russia certainly has been more active than any other country in terms of combining cyber-attacks, or cyber-operations, with physical operations. The Russia-Georgia war of 2008 was a perfect example of a combined kinetic and cyber operation. And nobody else has ever done that – China has never done anything like that.”
In another article back in 2014, Carr stated that the United States has neglected to keep track of Russia’s ever growing cyber power. “If you want to properly assess a threat, you need to understand your adversary’s intent, capability and opportunity,” Carr wrote. “The U.S. government has not kept current on Russian technical advancements which means that we cannot estimate capability accurately.”
Back in 2010, in a report for the EastWest Institute, my colleague Greg Austin and I proposed “cyber military exercises” between the United States and Russia as a vehicle for trust building. While the idea may seem far-fetched, it perhaps might have allowed for both countries to become more familiar with each other’s capabilities and helped reduce tensions. This could have happened without reducing one’s side capability for waging cyber war.
Bruce Schneier emphasizes that it is almost impossible to stop the spread of sophisticated attack tools in cyberspace or to keep them secret for too long. In his article “The Democratization of Cyberattack” he laconically summarizes the predicament of cyber warriors: “Today’s NSA secrets become tomorrow’s Ph.D. theses and the next day’s hacker tools.”