Putin’s cyber Armageddon doctrine seeks to expand Russia's offense beyond battlefield
The latest cyber attacks could be viewed as 'Putin's shot across the bow,' a signal to the US of more to come
{{#rendered}} {{/rendered}}
The Russian cybercriminal group KillNet struck the websites of multiple U.S. airports with distributed denial-of-service (DDoS) attacks, taking them off-line temporarily on Monday. On Tuesday, Killnet claimed another cyberattack, blocking the entire network infrastructure of the largest U.S. bank, JPMorgan. A spokesperson for the bank said that no operations were impacted, without denying that its networks were compromised by a cyber intrusion. Across the Atlantic, Russia unleashed a barrage of missile and drone strikes throughout Ukraine in an apparent escalation of it seven-month war against its post-Soviet neighbor.
Russian cyberstrikes on the U.S. homeland are almost certainly part of Putin’s shift in strategy, expanding Russia’s offensive operations beyond the actual battlefield in Ukraine and into the cyber domain.
This week’s cyber intrusions may have been Putin’s "shot across the bow," signaling to Washington that Russia possesses the capability to inflict devastating damage. White House spokesman John Kirby’s statement that it is too soon to know if Kremlin was behind the cyberstrikes on U.S. airports is naïve. It is a false distinction whether a Russian government employee or a KillNet hacker pulled the cyber trigger. Russian intelligence routinely hires cybercriminals to do its dirty work, to ensure plausible deniability.
{{#rendered}} {{/rendered}}
Moscow believes that in Ukraine, Russia is fighting a proxy war with the Washington, given that the U.S. government has been providing top-of-the-line weaponry and other support to Kyiv that has dramatically enhanced Ukraine’s warfighting capabilities. On Tuesday, Russian Foreign Minister Sergey Lavrov remarked that the United States is "de facto" a participant in Ukraine war, probably signaling that Russia believes it is justified in targeting the U.S., albeit non-kinetically.
Moscow’s goal is to place psychological pressure on Americans by gradually destabilizing the normal functioning of the society via cyber strikes, in order to persuade us to abandon support for Ukraine. The Russians view cyber as a low-cost, flexible, non-kinetic tool capable of dialing the pain inflicted on the opponent up and down, until it reaches the threshold of "unacceptable damage."
{{#rendered}} {{/rendered}}
Russian military planners have concluded that a direct war between Russia and the U.S. is inevitable, given that two have been in confrontation over the control of the post-Soviet states bordering Russia, the area that Moscow views as its sphere of influence and security perimeter – that is, its version of the Monroe Doctrine.
Fearing Washington's conventional superiority, Russian strategists conceptualized a cyberwarfare doctrine, which they believe would allow them to exploit American’s reliance on technology both in daily life and in military operations. Russia has studied our vulnerabilities and has already practiced conducting cyber intrusions into our networks and computer systems for two decades. A previously highly classified cyber multi-year Russian cyber operation code named by U.S. investigators as "Moonlight Maze" dates back to 1999. In it, the Russians breached multiple U.S. government and military agencies, including weapons labs, and exfiltrated massive amounts of sensitive data. The Russians have compromised the networks of many sectors of the economy and countless government agencies, including the White House, the State Department and the Pentagon.
{{#rendered}} {{/rendered}}
Russia is considered by U.S. intelligence to be the most formidable foreign cyber actor, with a flexible arsenal capable of producing carefully tailored effects. The DDOS attacks of the airport websites on Monday did not affect the systems that handle air traffic control, internal airline communications and transportation security, causing only a temporary inconvenience. Russia’s ransomware attack on the Colonial Pipeline, a critical part of U.S. petroleum infrastructure, supplying around half of the East Coast’s fuel, did more damage.
The six-day shutdown of the pipeline, which transports 2.5 million barrels per day of gasoline, diesel fuel, heating oil and jet fuel, resulted in gas shortages, outages at gas stations, price hikes, long lines, and panicking consumers. Similarly, Russia’s ransomware attack on JBS, which processes one-fifth of the nation’s meat supply, raised the issue of food security and affordability.
CLICK HERE TO GET THE OPINION NEWSLETTER
{{#rendered}} {{/rendered}}
The most destructive cyber weapon is a computer worm capable of taking over programmable systems of critical infrastructure. The Russians have been mapping out access to U.S. critical infrastructure facilities and conducting proof-of-concept operations, as part of what is called in the intelligence business "cyber preparation of the battlefield." However, even carefully planned cyber operation of this complexity can get out of control and spill over into unintended targets, resulting in cascading impact and wreaking havoc across global cyberspace.
As we saw in the case of Stuxnet, a U.S.-Israeli computer worm that was covertly deployed to a uranium enrichment facility in Iran to sabotage and slow down the Iranian nuclear program. Although Stuxnet achieved its mission of destroying numerous centrifuges in Iran’s Natanz uranium enrichment facility by causing them to burn themselves out, the virus mutated and spread to other "supervisory control and data acquisition," or SCADA, systems installed in similar power plants, infecting other energy-producing facilities and wreaking havoc all over the world. As the first known computer virus that actually crippled hardware, Stuxnet was a "game changer" in cyber warfare, earning respect from cybersecurity researchers and instilling fear in governments, including the Kremlin. It is unclear if Russia has a Stuxnet-like capability, but the Kremlin took careful note of it.
Since at least March 2016, six of the 16 sectors designated by the Department of Homeland Security as critical have been penetrated by the Russians, including energy, water, aviation, commercial facilities, critical manufacturing and nuclear facilities. In June 2018, top Trump administration officials were advised that the threat to the U.S. electric grid was so serious, that the country needed to prepare for a catastrophic power outage, possibly caused by a cyberattack.
{{#rendered}} {{/rendered}}
CLICK HERE TO GET THE FOX NEWS APP
Following Russia’s DDOS attacks on U.S. airports on Monday, the director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), warned about "potential attacks on U.S. critical infrastructure," remarking that the "Russians are very unpredictable" and "their back is up against the wall." On Thursday CISA released twenty-five advisories, flagging current security vulnerabilities and exploits surrounding our Industrial Control Systems and providing mitigation recommendations.
In the first recorded cyberattack on a power grid outside a military conflict, Russia temporarily shut down Ukraine’s power grid in a crippling operation during Christmas of 2015, causing a blackout for 250,000 people in freezing temperatures. Putin will almost certainly not resort to launch a similarly debilitating attack on the U.S. homeland in peacetime. However, if Moscow and Washington are indeed in a direct kinetic war, and especially if Putin is cornered and facing defeat, unleashing Cyber Armageddon is an integral part of Putin’s Playbook.
{{#rendered}} {{/rendered}}