Russia’s cyber war: past, present, and future

Other serious incidents involve cyber attacks on critical infrastructure, such as the power grid in western Ukraine.

In this context, it is instructive to revisit the beginnings of Russia’s cyber warfare strategy.

The first case of a massive Russian cyber attack occurred in Estonia in 2007. During a politicised dispute over a historical legacy issue between Russia and its former colony, Estonian government agencies and businesses came under massive DDoS (distributed denial of service) attacks that crippled dozens of websites.

As it turned out, that cyber assault against Estonia was only a dress rehearsal. An even more spectacular instance of cyber warfare occurred during the Russo-Georgian War in August 2008.

On 7 August 2008, while Russian army units were crossing the border into Georgia, a cyber attack originating from Russia was launched against Georgian government and media websites.

According to the Report of the Independent International Fact-Finding Mission on the Conflict in Georgia, on the same day several Georgian servers and swathes Internet traffic were seized and placed under external control.

The Russian cyber offensive continued throughout the war, which ended with a ceasefire on 12 August. The Russians had apparently tested their capabilities shortly before the invasion, on 20 July, when they shut down the website of the president of Georgia for 24 hours.

During the war massive Russian cyber attacks closed virtually all Georgian government websites. Other targets of the attacks included media, as well as Georgian financial, business and other organisations.

The purpose was to support the Russian military operation, disrupting the response to its military assault by the Georgian state and society, and making it more difficult for information about what was happening in the warzone to get out to the outside world.

According to a report by the US Cyber Consequences Unit, “the primary objective of the cyber campaign was to support the Russian invasion of Georgia, and the cyber attacks fit neatly into the invasion plan”.

The attacks served their purpose, since they “significantly impeded the ability of the Georgian government to deal with the Russian invasion by interfering with communications between the government and the public, stopping many payments and financial transactions, and causing confusion about what was happening”.

This case of cyber warfare gained historical significance as it was the first instance of a cyber offensive used as an integral part of a conventional interstate war.

Next level

Russia’s cyber war in August 2008 thus became a landmark, taking strategic use of cyber weapons to the next level.

We now have to expect massive use of cyber warfare in any future attacks by Russia against another state. That is why recent cyber attacks against Ukraine are a worrying signal.

On 29 December 2016, Ukraine president Petro Poroshenko said that during November-December 2016 Ukrainian state institutions were attacked by hackers about 6,500 times. The targets included ministries of defence and finance, as well the state treasury and the capital city’s power grid.

According to the Ukrainian president, the attacks were staged by Russian security services. The basic operational logic of these attacks conforms to what Russians did during the cyber campaign against Georgia in 2008 - this is the scary part.

Right now the military conflict in Ukraine has a form of slow positional warfare in the Donbass region. And yet attacks such as those conducted against Ukraine in November and December 2016 do not make much sense unless their timing is critical.

The impact of such attacks is only temporary, without lasting damage for the targeted country. They have an effect for a limited period of time, and therefore make sense only when launched during a crucial period such as prior to a military offensive - just as it happened in Georgia in August 2008.

Since these latest attacks against Ukraine have no immediate strategic purpose, it is logical to conclude that they constitute a test of Russian cyber capabilities and Ukrainian vulnerabilities in preparation for a possible future wider military attack against Ukraine.

Cyber warfare will probably figure prominently in most future interstate wars, and definitely in those between technologically advanced countries.

Political aggression

Support of military offensives is not the only use Russians have for their cyber operations, however. They are also employing them as an integral part of their information warfare against Western states.

The last American presidential election was not an isolated case, as there are indications that elections in France and Germany, to be held in 2017, may also be targeted by Russians.

Jean-Yves Le Drian, the French defence minister, and Guillaume Poupard, head of the Network and Information Security Agency (ANSSI), have voiced concerns about potential Russian electoral meddling. So has the DGSE - the primary French intelligence agency.

The party of the French presidential candidate Emmanuel Macron has warned that his campaign is being targeted by Russians with both cyber attacks and fake news.

The pro-European Macron is a problem for the Kremlin, since he has emerged as a leading candidate, likely to defeat both Francois Fillon and Le Pen – the two candidates favoured by Moscow.

The heads of the German intelligence agencies have also voiced worries about Russian cyber activities directed against Germany and its election. The chancellor, Angela Merkel, herself raised the same concern.

As Moscow employs all available means to achieve its geostrategic objectives, the cyber domain has become one of the primary theatres for Russian military and political aggression.

Tested in Estonia and tried in Georgia, Russia's cyber arsenal is now pointed not just at Ukraine but at the very heart of Europe itself.

David Batashvili is a freelance writer who worked for the National Security Council of Georgia in 2008-2013