Russian cyber espionage campaign
According to one cybersecurity expert Russia is playing the long game in it cyber warfare campaign holding its most powerful cyber-weapons close to its chest (Reuters)

The recently published US intelligence community's annual threat assessment promotes cyberattacks the most serious threat to US national security.

This is nothing new, since "cyber threat" replaced terrorism as the main threat a few years ago. What is new however is that where the emphasis was previously on the threat from Chinese, it is now changed to put the emphasis on Russia's cyber-capabilities.

Russia has been developing its cyber-capabilities with big resources for the last 30 years, but it has been fairly restrained in its use so far. At least most of the experts estimate this to be the case.

For example, Russia has not been forced to use its more sophisticated capabilities in Ukraine since it has achieved its political goals without it. But if the war in Ukraine gets worse, so will the related cyber-activities.

At the moment is seems rather unlikely that Russia would launch a severe cyberattack against any Western country, even if the sanctions against them are elevated. Instead, Western countries should focus more on Russia's less destructive cyber-activities which can turn out even more effective in the long run. This will however require new countermeasures.

The most cyber-capable

"While I can't go into detail here, the Russian cyber threat is more severe than we had previously assessed," said James Clapper, the director of national intelligence. The United States is also concerned about converged cyber-cooperation between Russia and China.

The US, China and Russia can be assessed as the world's three most cyber-capable countries. However, defensive, intelligence or offensive cyber-capabilities are difficult to assess, because governments are holding their abilities very close to their chests, and cyber-capabilities cannot be calculated in the same way as tanks or fighter planes.

The United States has for years been referring to a "Cyber ​​9/11" or "Cyber ​​Pearl Harbour" - a catastrophic cyber-event where people will die. The report from the US Department of Defense declares that the United States, China and Russia possess at the moment abilities for such cyberattacks, meaning that these countries can invest large amounts of money (billions of pounds) and time (years) to create vulnerabilities in systems, including systems that are otherwise strongly protected.

At worst, digitally-networked European societies can be destabilised in very harmful ways via these kind of attacks. The most common targets of such attacks are thought to be energy distribution, telecoms companies, financial services and logistics management.

Preparations well under-way

It should also be noted that the preparations for these theoretical cyberattacks are made well in advance during peace time with, among other things, information gathering and installing malicious malware on computer networks.

This malware can later be activated if the will to do so arises. Such preparations can be expected to be underway in many countries.

Instead of focusing on destructive cyberattacks on critical infrastructure, the United States and many other Western countries have in their recent assessments focused more on the low and moderate level cyberattacks.

These consist primarily of cyber-espionage, information operations, denial of service type attacks and degradation of information integrity. These are not sudden and dramatic attacks, but longer-term plans with the aim of influencing the target country's economic competitiveness and deteriorating the social mood.

Large-scale political espionage

We have learned a lot about the ability and activity of US cyber espionage from Edward Snowden's revelations. The United States itself has accused China of economic cyber-espionage, in particular stealing intellectual property.

Russia seems to be acting differently in the cyber-espionage arena, concentrating on large-scale political espionage towards governments, research institutes, as well as the armed forces. There have been several examples of Russian political cyber-espionage revealed and the level of these activities is rising. The trend is also towards the Russian government outsourcing these activities to non-state actors, such as "patriotic hackers".

Our lives and businesses are strongly linked to the digital domain and at the same time we are strongly the target of information influencing through it. Propaganda in digital social media is another form of cyber weapon, and the Russians have certainly uncorked that. Facts and fiction, as well as the knowledge and feeling are being mixed deliberately.

It has become clear to everyone during the last year that Russia possesses both the capabilities and the willingness to use the digital domain to conduct information operations and propaganda in very powerful way. Currently, there are no indications that the Russian information operations are declining, but rather the opposite.

Digital disorder

Long-term and systematic information operations are intended to create confusion and uncertainty in the social climate. Cyber-propaganda is effective, if we let it influence us. It has to be remembered that Russia holds a broad range of cyber-weapons it can deploy in information warfare, which includes disinformation, debilitation of communications, psychological pressure, degradation of information systems and propaganda.

Denial of service attacks need to be understood as part of a larger context.

Different types of digital disorder weaken people's confidence in digital services, but also in the companies and the authorities. Western societies are being digitalised at a high rate, which means that confidence is more strongly related to the digital domain and its security. Mental resilience to confront these digital disorders is weakening and even rather simple cyber-attacks can produce serious effects.

Information today is more than 99% in digital form, and we rely heavily on this information. Data reliability may be affected for example by changing the data in the networks over time, little-by-little to be incorrect, in which case all verifications and backups will be contaminated.

Activities over a long period will mean that both usable, and especially stored information, will slowly be contaminated and in the long run, information assets will be worthless.


Jarno Limnéll is a professor of cyber security at Aalto University in Finland