• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Excelitas Qioptiq banner

BATTLESPACE Updates

   +44 (0)77689 54766
   

  • Home
  • Features
  • News Updates
  • Company Directory
  • About
  • Subscribe
  • Contact
  • Media Pack 2022

Russia and the Threat of Massive Cyberattack By James Andrew Lewis

February 5, 2022 by Julian Nettlefold

04 Feb 22. Concern about Russian cyber activities highlights that cyber actions occur in the larger framework of nation-state strategies. They are not sui generis. Russia’s leadership has done remarkably well in playing what is a relatively weak hand, and this will guide its thinking on cyber actions. Putin has gained and kept the initiative. The United States reacts to Russia, not the other way around. Part of the explanation for this comes from Russia’s cold-blooded calculations of how and when to push the limits of conflict and how to manipulate the West. These calculations shape the probability of a cyberattack against U.S. critical infrastructure and suggest it is very unlikely.

Understanding the risks of a cyberattack requires judging what Russia wants from the conflict. Much has been written about this. An optimal goal would be to bring Ukraine back into the Russian orbit (perhaps under new leadership more sympathetic to Putin). Other goals include limiting Ukrainian involvement with the European Union and NATO, reasserting Russian regional dominance, and encouraging nationalist sentiment in Russia to shore up domestic political support for Putin.

Russia will use political, cyber, and perhaps military tools to press Ukraine, the United States, and Europe to move in the direction of concessions to Russian interests, but without greatly increasing the risk of direct military conflict with NATO. One possible scenario would be a swift incursion after the Beijing Olympics to take another slice of Ukraine. A full invasion and a drive to the Polish border would bring Russia up against NATO, risks getting bogged down in a messy insurgency, and increases the difficulty of repairing the damage to Russia’s international position. The Russians would prefer that any action be quick.

Kremlin strategists are not as risk averse as the United States and have developed concepts on how to use cyber tools for coercive effect. They have more than 15 years of experience in using these tools. While they could disrupt U.S. critical infrastructure, they have chosen not to do so. The most successful Russian use of cyber tools against the United States has been in creating false narratives that heighten political turmoil in the United States and Europe (this also explains Russia’s clumsy diplomatic pronouncements intended to increase public pressure on Western governments). There has been almost no cost to the Russians for their earlier political interference, and while heightened exposure of the tactics has reduced their value, continued political fragility in democracies will be a tempting target. Ransomware attacks are motivated by financial gain, not politics, and too granular and insufficiently damaging by themselves to provide Russia an advantage without risk. They are largely unrelated to the Ukrainian situation (other than affecting Russia’s willingness to crack down on criminals).

The best outcome for Russia would be to be able to present any action as a fait accompli, where it could say to the world that its security goals had been met and the international community should put the invasion behind it, as was the case in the 2014 incursion into Crimea. It is possible that some nations might even welcome this. But attacking the United States would undercut this goal. A massive cyberattack against the United States or a NATO ally would make it harder to move on and create risk without benefit.

Any Russian action against the United States would occur under the shadow of nuclear weapons. The risk of nuclear war virtually eliminates the likelihood of a massive cyberattack on the critical infrastructure of another nuclear power in any but the most extreme circumstances. Nuclear states, no matter how bellicose their rhetoric, have been careful to avoid cyber actions against each other that could be considered equivalent to the use of force (e.g., physical damage or casualties), rather than espionage or crime. A major attack on U.S. critical infrastructure would create an unacceptable risk of retaliation, would be impossible for the international community to ignore, and would not support Russian goals to present action in Ukraine as a fait accompli. Russia gains nothing from a cyberattack on the United States that it would not get from actions limited to Ukrainian targets.

Russia does not intend to start a third world war, and it is likely only to take actions that advance its goals for Ukraine while avoiding the risk of greater conflict. As part of this, cyberattacks against Ukraine are highly likely, but very unlikely against the United States or NATO. Russia has the capability to carry out such attacks and has done the necessary reconnaissance of U.S. critical infrastructure targets, but it is unlikely to undertake a cyberattack against elements like the power grid unless in a major conflict with the United States and NATO.

That an attack is unlikely does not mean the United States can ignore its defenses. Critical infrastructure remains vulnerable to cyberattack nearly 25 years after the first presidential directive called for reducing risks, reflecting both the complexity of the systems and the gridlock that has afflicted U.S. governance. Even Iran is not impeded from lurking on our infrastructure networks. The United States may be able to deter the Russians in Crimea, and they are unlikely to attack U.S. critical infrastructure, but this is their choice. In another situation, they could change their minds. Cybersecurity cannot depend on the kindness of strangers.

James A. Lewis is a senior vice president and director of the Strategic Technologies Program at the Center for Strategic and International Studies in Washington, D.C.

Commentary is produced by the Center for Strategic and International Studies (CSIS), a private, tax-exempt institution focusing on international public policy issues. Its research is nonpartisan and nonproprietary. CSIS does not take specific policy positions. Accordingly, all views, positions, and conclusions expressed in this publication should be understood to be solely those of the author(s).

© 2022 by the Center for Strategic and International Studies. All rights reserved.

Filed Under: News Update

Primary Sidebar

Advertisers

  • qioptiq.com
  • Exensor
  • TCI
  • Visit the Oxley website
  • Visit the Viasat website
  • Blighter
  • SPECTRA
  • InVeris
  • Britbots logo
  • Faun Trackway
  • Systematic
  • CISION logo
  • ProTEK logo
  • businesswire logo
  • ProTEK logo
  • ssafa logo
  • DSEi
  • Atkins
  • IEE
  • EXFOR logo
  • KME logo
Hilux DVD2022

Contact Us

BATTLESPACE Publications
Old Charlock
Abthorpe Road
Silverstone
Towcester NN12 8TW

+44 (0)77689 54766

BATTLESPACE Technologies

An international defence electronics news service providing our readers with up to date developments in the defence electronics industry.

Recent News

  • EXHIBITIONS AND CONFERENCES

    May 27, 2022
    Read more
  • VETERANS UPDATE

    May 27, 2022
    Read more
  • MANAGEMENT ON THE MOVE

    May 27, 2022
    Read more

Copyright BATTLESPACE Publications © 2002–2022.

This website uses cookies to improve your experience. If you continue to use the website, we'll assume you're ok with this.   Read More  Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT