Russia | cyberarmscontrolblog

January 13, 2017

The United States is Losing the Cyber War Race (I)

Part I

Much of the original thinking about Cyber War was developed in the United States. But America has fallen behind. Russian cyberwar doctrine is more comprehensive, more integrated, has more powerful weapons, and is more up to date.

Cyber Warfare must be seen as part of a larger strategy of “Information Warfare”, known in Russia as “Информационная война“. Information warfare is a very broad subject, and includes a number of actions outside of the cyber domain. (Derkachenko writes that “information warfare” as a term is being changed to the term “information operations”, but the term “cyberwar” is becoming more popular. The United States does not have a regular television show on information warfare, but Russia does. Dimitri Taran runs a very comprehensive show on Channel 1 TV Crimea.

Much Russian writing about Cyber Warfare and Information Warfare draws upon a number of different examples and case studies of conflicts that had, in the Russian view, an important information content. Information warfare is seen to be a type of Twilight Zone somewhere between a Cold War and a “Hot” War. “Thus, by its nature information warfare it occupies a position between the “cold” war . . . and actual combat with the participation of the armed forces.” See Svargaman, Что такое информационная война? who describes the so-called “next-generation” information warfare as including: Substitution — Information warfare can take the place of traditional military action, or as Svargaman writes “contactless destruction” [“бесконтактного поражения”]. Use of TV as Weapon — Television channels can be used to manipulate public opinion either by highlighting or obscuring crucial events. The Russian view is that information warfare has limited power, but should be thought of as complementing and enhancing “traditional methods of warfare”. [“информационная война имеет свои границы возможностей . . . дополняет и усиливает традиционные средства ведения войны”]

In the Russian view, the state (the government) has a strong role to play in management of information on a national basis. According to Pocheptsov, this includes tactical mass mind control, agenda-setting (information management), and strategic management of mass consciousness. [“Тактическое управление массовым сознанием; Управление информационной повесткой дня; Стратегическое управление массовым сознанием”] One can just imagine what would happen in the United States if the President asked for budget authority to conduct information operations so as to accomplish “mind control” or “strategic management mass consciousness”. Pocheptsov sees films and other cultural exports of the United States as being a type of “sociological propaganda” [Социологическая пропаганда], and even fine arts are seen as a type of information warfare. The Cold War is seen as a “war of mass culture” with abstract expressionism pitted against socialist realism. ” [“холодная война оказалась войной массовых культур, например, абстрактный экспрессионизм против социалистического реализма”]

This viewpoint is generally more comprehensive (larger in scope) that views in the United States.

Cyber War in Crimea and Ukraine

This blog is not intended to take a position on the situation in the Ukraine and Crimea. The Crimea has been controlled by different powers through history: Greece, then Rome, then the Byzantine Empire, the Empire of Trebizond, control by Venetian Republic. Catherine the Great in 1783 got the Crimea from the Ottoman Empire, which had occupied Constantinople. In 1921 it was a Soviet Socialist Republic, and became a state of Russia from 1945-54, then the Ukrainian SSR from 1954-1991. (Khruschev transferred the Crimea to the Ukraine.) After 1991 it was slightly separate from the Ukraine as the “Autonomous Republic of Crimea with Sevastopol City. Now it has been annexed by The Russian Federation. Most of the people who live in the Crimea are ethnic Russians (61%) and speak Russian and many are inter-married with families living in Russia proper. Nevertheless, Russian actions in 2014 were viewed as being a violation of international law by Europe, and this triggered a series of sanctions. But here, we want to look at the information or cyber warfare aspects of the Russian annexation.

The annexation of the Crimea took place within the context of the revolution in the Ukraine. During those events, the Ukrainian leadership which was friendly to Russia was thrown out. Ukraine was divided ethnically. Away from the Crimea, the ethnic Russian share of the population drops off sharply. In the simplest terms, in the West, Ukrainians are in the majority, in the East, ethnic Russian are in the majority.

As events unfolded, there was a military component, but the information component of the takeover was stunning. The Russian operations should be studied as a textbook case of superiority. Public meeting, newspapers, radio, television, social media, and other informational networks was quickly harnessed by what can best be described as a coherent trans-media strategy. It went well beyond anything that happened in Libya or during the “Arab Spring” in Egypt.

Interviews with citizens Crimea showed evidence of a completely different sense of reality. The ethnic Russians there were 100% convinced that Ukrainian fascists from Kiev were marching towards the Crimea. These fascist invaders were “burning Russian homes and raping Russian women”. There was a complete sense of panic, and the scarcity of information (except what was being supplied), made the uncertainty even greater. Having watched the speeches that were being streamed on YouTube, this writer can attest to their emotional content and dramatic content.

When the time came, it was a foregone conclusion that the vote would be overwhelmingly in favor of union with the Russian Federation.

In terms of information warfare doctrine, the Ukraine is a perfect example of how a coherent and well-managed campaign can complement other actions, here the use of military force, much of which was covert.

If we compare US actions in the Middle East, there is no such coherency between military action and information operations. The Russian actions in Crimea appear to indicate the United States has lost the ability or does not have the skills to conduct an equally integrated cyber strategy. If there is a “cyber race”, the Americans are losing.

In the next part of this blog, we will examine other examples and cases of cyber and information warfare.

References (courtesy of Psyfactor.org)

Ярослав Деркаченко, Эволюция понятия «информационная война», 2016.

Георгий Почепцов, Информационная политика и безопасность современных государств, 2011.

January 11, 2017

The Rise of Cyber Nationalism

Countries now have informal gangs of cyber warriors positioned to attack foreign countries. This appears to have happened a number of times. Reports indicate that after the president of Taiwan made a congratulatory telephone call to Mr. Trump, the 45th President elect of the United States, nationalists in mainland China launched a series of cyber attacks against facilities in Taiwan. Since there are so many Chinese in the mainland, and since Taiwan is so small in comparison, one can imagine the severity of the damage. Various news reports (The Diplomat, The Jamestown Foundation, Financial Times) indicate that the current Chinese government is “worried” about the ferocity of these cyber attacks.

Cyber Nationalism

In China, the fear is “cyber nationalism”, the spontaneous development of nationalist “armies” of hackers who attack foreign countries viewed as being antagonistic to China. Below we list various techniques identified as being associated with cyber nationalists.

Malicious Hacking. Attacks may take place against websites of a foreign government in an “enemy” country. Or attacks may take place against foreign newsmedia that publishes information not favorable to the hacker’s home country, its foreign policy, its domestic policy, its leadership, or its government. In general, “hacking” is a broad and less-than-specific term that may refer to a number of actions including (1) Denial of Service (DOS) attacks against a website, thus more or less making it impossible for people to find the website or use it; (2) Introduction of propaganda onto the target website; for example, instead of having its regular home page show up, a defaced home page will show up containing a negative message for readers; (3) Alteration of information on a website, either in a major or subtle way; (4) introducing malicious code onto the target website.

Social Media. A second tactic is to bombard social media with the intended political message. This can be of either the positive or negative variety. “Positive” refers to setting up social media locations, such as a Facebook page, that expresses a point of view compatible with that of the cyber nationalists. “Negative” refers to visiting social media pages of organizations or individuals who have an opposing (or targeted) point of view, and introducing (or bombarding the site with) harsh comments. There are a number of social media sites, but since Facebook is the world’s largest carrier of email, for all practical purposes, these social media wars take place on Facebook.

News Media. An increasing number of online news outlets invite comments on different news stories. Actually, this is a form of customer retention strategy. People will keep coming back to a website if they can “interact” with it. Sometimes these comments can be made anonymously; other times they require registration to identify the commentators. Online registration has a variety of levels of security and authenticity. In most cases, however, it is possible to register with only a reference email account, and email accounts themselves can be false. This makes it possible for trolls to be accredited anonymously, or to even register under more than one identity. These comments in the media can have a significant effect, one would suppose. (We need to take a look at more detailed social science and communications/media research to see if anyone has empirically measured the effects on public opinion and published the results in a scientific journal.) But for the time being, let’s assume these armies of commentators can have an effect.

Other Examples of Cyber Nationalism

China is not the only country with entrenched cyber nationalists. Russia is reported to have conducted “information warfare” in connection with its campaign in the Ukraine. (See “Cyber Threats and Russian Information Warfare” published by the Jewish Policy Center; or “Russia’s Information Warfare” published in Politico; or “Russian and the Menace of Unreality: How Vladimir Putin is revolutionizing information warfare” published in The Atlantic; or “Что такое информационная война?” [What is Information Warfare?] published in ВОПРОСИК; or “Информационная война: определения и базовые понятия” [Information warfare: definitions and basic concepts] published in PsyFactor; or “論中共「信息戰」之不對稱作戰” [The Asymmetric Operation/War of PRC’s Information Warfare] . )

And there is no reason to single out Russia or China only. Other countries do the same thing. For Israel, see “Information and Warfare: The Israeli Case” by Gideon Avidor and Russell W. Glenn. India established an “Information Warfare Agency” to counter messages from its dear friends in Pakistan. We can assume that every advanced country has developed an information warfare strategy, or at least is thinking about it. Some countries are better than others.

Issues for Cyber Arms Control

The essential problem of Cyber Nationalism is its informal nature. In cases like China, and reportedly Russia (which are the strongest examples), there is little if any connection between the government and the cyber nationalist movements. What we have is the spontaneous formation of nationalist cyber activists who are willing to cross over international borders and take cyber action in support of their country. In their heart, they are patriots, eager to defend the honor and reputation of their homeland as they see it.

It would be difficult and probably very controversial for any government to crack down on their private citizens because they were promoting their country overseas in cyberspace.

This means that in terms of an international treaty for control of cyber weapons, cyber nationalism would be problematical to include. It would mean that by acquiescing to an international agreement (treaty) nations would need to agree to crack down (arrest; prosecute; punish; fine) their own nationals when they engage in international cyber activism. Even if there were such an agreement, it would be very difficult to enforce from a practical point of view.

How would the government be notified of the violation overseas?
How would it be possible to verify the true identity of the person committing the violation?
What would be the evidentiary requirements in the judicial process?
What would happen if the action taken abroad by a cyber nationalist was considered a crime where it was committed, but not a crime in the country which is the domicile of the alleged offender? (For example, would a United States prosecutor punish an American citizen because they published information on a Chinese website that in China was considered to be illegal, but in the US would be acceptable or even a form of protected speech?)
Given the number of persons involved, how would it be possible from a practical point of view to police the actions of hundreds of thousands of citizens?

The Criminal Element of Cyber Activism. In the above list, we mentioned two general classes of cyber activism expressing cyber nationalism. In most cases, working on social media and making comments on newsmedia websites that themselves invite commentary would not be illegal, regardless of how outrageous or biased the comments. On the other hand, cyber vandalism (denial of service attacks; hacking of websites to change or distort the information there) is definitely illegal, and probably illegal in all countries.

Application to International Treaty

Figure 1 Treaty coverage for cyber crimes connected with cyber nationalism.

We can conclude, therefore, that an international treaty might be able to tighten up the enforcement against criminal actions. Presumably, Country A would be willing to prosecute its citizens who performed recognized cyber crimes in Country B, if Country B was willing to prosecute its citizens who performed recognized cyber crimes in Country A. See Figure 1.

This type of agreement would be difficult to negotiate because the definition of cybercrime changes from one country to another. It would be easier to start with bilateral treaty negotiations, but more effective if a global treaty could be put in place.

November 26, 2015

Cyber Arms Control and the Middle East

The current situation in the Middle East is a disaster. Yesterday, Turkey shot down a Russian SU-24M fighter aircraft flying over Northern Syria near the Turkish border. Although the Turkish and Russian militaries had set up a “hot line” to handle any crisis or emergency, the Turkish side never bothered to contact the Russians.

Supposedly, the Russian aircraft flew into Turkish air space, but inspection of the radar outputs published by Turkey indicate that the amount of time flying inside Turkey could not have been more than a minute, possibly only half a minute or less.

When the aircraft was shot down, it was already back in Syrian air space, which means that the Turks shot their missiles from Turkey into Syria.

The Turks said that they had warned the Russian pilots for at least ten times over a period of 5 minutes. At those speeds, this means that the Russian pilots were warned about Turkish air space when they were still in Syria, and heading towards Turkish territory.

The Russian pilot who survived the attack reported that no communication from the Turks had been received.

Originally there were two pilots in the SU-24. Shortly after the aircraft was hit, they pushed the emergency escape buttons, to eject in their seats and parachute to safety. On their way down, at a time when they could not possibly do any harm to anyone, Turkomen persons started firing on them with machine guns, killing one of the Russian pilots.

To add insult to injury, when two rescue helicopters were dispatched from nearby Russian ships to rescue the pilots, one was shot down, and yet another soldier or more were killed.

After the incident, the Turks rather than contacting Russia, instead went directly to NATO with a complaint, demanding support as part of the mutual defense treaty. Military analysts in the United States are saying that this was an ambush by Turkey against the Russians.

Some are worried that this may lead to a third world war. It is a horrible situation. Fascinating as it may be, this blog is no place to examine the complex realities of the Middle East, Syria, Iraq, Iran, Turkey, Russia, the United States, and all the other players there.

Cyber War in the Middle East Now

The list of cyber weapons that are being used now in the Middle East and across the world is very large. We can name only a few, and without doubt could not list them all, even if there were inclination or time.

Electronic Battlefield. The United States is operating a gigantic information battlefield in which soldiers or special forces on the ground in Syria and Iraq are receiving more or less real time information from a variety of intelligence sources, including real time information from drones and satellites. For every American soldier in the battlefield hell of ISIS, there are satellites overhead looking out for them. These in effect are teams of persons at various US dark sites around the world. Constantly on duty, they monitor US troop movements are look ahead so as to be able to warn of danger.

Social Media War. ISIS has mastered the use of social media to recruit “sleeper” agents inside Western countries. The recruits go through three phases: First, there is general curiosity about propaganda available online. Second, they make an initial contact with a recruiter for the Islamic State. Sometimes this recruitment period goes on for a long time. Some persons in the United States have even received gifts of candy and books. In the third phase, the recruited agent goes over to the dark web, which means that all of their communications are encrypted, and this makes it impossible for the intelligence communities around the world to read what they are doing. It is during this phase that the sleeper agent is given specific instructions regarding what they are next to do.

Hacking War. Every day the United States receives more than 100,000 attacks from overseas. These attacks are aimed at either destroying or stealing important information. Most attacks come from Russia, China, North Korea, and Iran. These attacks are monitored by the NSA Cyber Command, but it is difficult to keep up with all of the attacks, as many of them are automated.

It often is noted that even now adversaries have the ability to shut down or disrupt the US transportation system, the electricity grid, and financial institutions. This merely compliments the constant virus and denial-of-service attacks that constantly flood the Internet.

The Internet is one of the greatest advantages of the US economy, but also it is a great factor of weakness.

Prospects for Arms Control

For the time being, the prospects for cyber arms control are not good. Countries are too busy engaging in the growing war against ISIS, and in defending their own national interests. Second, the cyber arms race is a time in which countries are working very hard to develop their capabilities. Countries would rather develop their capabilities, than cut these efforts short by working on a treaty.

For the time being, the US is a global intelligence and cyber superpower, but no one knows how long that situation can last.