Russian Cyber Operations
eBook - ePub

Russian Cyber Operations

Coding the Boundaries of Conflict

  1. 224 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Russian Cyber Operations

Coding the Boundaries of Conflict

About this book

Russia has deployed cyber operations to interfere in foreign elections, launch disinformation campaigns, and cripple neighboring states—all while maintaining a thin veneer of deniability and avoiding strikes that cross the line into acts of war. How should a targeted nation respond? In Russian Cyber Operations, Scott Jasper dives into the legal and technical maneuvers of Russian cyber strategies, proposing that nations develop solutions for resilience to withstand future attacks.

Jasper examines the place of cyber operations within Russia’s asymmetric arsenal and its use of hybrid and information warfare, considering examples from French and US presidential elections and the 2017 NotPetya mock ransomware attack, among others. A new preface to the paperback edition puts events since 2020 into context. Jasper shows that the international effort to counter these operations through sanctions and indictments has done little to alter Moscow’s behavior. Jasper instead proposes that nations use data correlation technologies in an integrated security platform to establish a more resilient defense.

Russian Cyber Operations provides a critical framework for determining whether Russian cyber campaigns and incidents rise to the level of armed conflict or operate at a lower level as a component of competition. Jasper’s work offers the national security community a robust plan of action critical to effectively mounting a durable defense against Russian cyber campaigns.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Russian Cyber Operations by Scott Jasper in PDF and/or ePUB format, as well as other popular books in Politics & International Relations & National Security. We have over one million books available in our catalogue for you to explore.

CHAPTER 1

Analytical Framework

Joel Brenner, a former counterintelligence leader for the US director of national intelligence, has noted that “cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war.”1 The term cyberattack is used in a colloquial sense in discussing cyber operations that refer to various types of “hostile or malicious cyber activities, such as the defacement of websites, network intrusions, the theft of private information, or the disruption of the provision of internet services.”2 Therefore, cyber operations described as a “cyberattack” are not necessarily an “armed attack” or an “act of war.” They might qualify under thresholds and conditions for less severe classifications such as a “use of force” or an “internationally wrongful act.” The classification matters, for it determines under international law to what extent injured states can respond to a cyberattack—either with force in self-defense or by lesser means, known as countermeasures. Even though various legal conditions must be met, in any case, attribution to the responsible state under international law is a required condition for appropriate action.
Russian cyber operations exploit legal regimes to avoid thresholds and classifications that prompt or justify meaningful responses. They also use technical means to avoid attribution that is necessary for injured-state responses to an internationally wrongful act or any other type of unlawful attack under international law. The term attribution is defined simply as “determining the identity or location of an attacker.”3 Technical attribution is associated with indicators, such as tradecraft, code styles, domain registration, Internet Protocol (IP) ownership, resource language, and time zone information. Political attribution is more declaratory, usually based on cumulative or circumstantial evidence. For malicious actors, the goal is not only to avoid attribution but also to maintain anonymity for as long as possible during a cyber operation. Thus, in the cyber realm, anonymity infers not only the inability to identify an individual, group, or state actor but also the “inability to recognize an attack is occurring, and the inability to isolate the target or objective of the attack.”4 In order to thoroughly analyze and evaluate Russian cyber operations, this chapter will provide a technical (means used for intrusion, evasion, and deception) and legal (regimes for classification as an armed attack, a use of force, or an internationally wrongful act) framework. It will then demonstrate an application of the analytical framework to a case study of destructive Russian cyber operations against the energy sector in Ukraine.

Act of War

No clear legal definition exists for when exactly a cyberattack would constitute an act of war.5 US Code defines the term act of war to mean “any act occurring in the course of (A) declared war; (B) armed conflict, whether or not war has been declared, between two or more nations; or (C) armed conflict between military forces of any origin.”6 The term armed conflict infers an armed exchange. A more informal interpretation for an act of war is “a hostile interaction between two or more states.”7 The challenge is defining what cyber operations could prompt an initiation of armed conflict or a political declaration of war. In the physical domains, the answer might be more obvious. Take, for instance, the devastating attack on the American fleet at Pearl Harbor in 1941 that resulted in the US declaration of war against Japan.8 While metrics exist for what counts as a physical act of war, they do not exist for a cyber act of war.9
In May 2016, Sen. Mike Rounds introduced the Cyber Act of War Act of 2016, which is a bill “to require the President to develop a policy for determining when an action carried out in cyberspace constitutes an act of war against the United States.”10 A few months later, in September 2016, Marcel Lettre, undersecretary of defense for intelligence, declared at a Senate hearing that cyberattacks which “proximately result in a significant loss of life, injury, destruction of critical infrastructure, or serious economic impact should be closely assessed as to whether or not they would be considered an unlawful attack or an act of war.”11 His statement affirms the reality that an assessment of what amounts to an act of war is “more a political judgement than a military or legal one.”12 Professor Michael Schmitt and Liis Vihul, the chief executive officer of Cyber Law International, state that war is a “historical term that no longer enjoys the normative meaning associated with it for centuries, when the fact that states were ‘at war’ or had engaged in ‘an act of war’ meant that certain bodies of law, such as the law of war and neutrality law, applied.”13 Instead, “the traditional understanding of war has fallen into desuetude, replaced by a complex admixture of legal concepts.”14
After World War II, a normative scheme in the form of the Charter of the United Nations (UN) was crafted by the international community. The charter, combined with customary international law norms, dictates how and when states may employ force.15 The rules applicable during warfare were also reexamined by the international community, which abandoned the need for a declaration of war as the threshold for the application of the law of war.16 Instead, this body of law was relabeled the “law of armed conflict,” commonly referred to as “international humanitarian law,” which applies whenever armed conflict occurs. The United States has interpreted “armed conflict” according to Common Article 2 of the 1949 Geneva Convention to include “any situation in which there is hostile action between the armed forces of two parties, regardless of the duration, intensity or scope of the fighting.”17 Therefore, by these standards, “the concept of armed conflict implies forceful acts at whatever level.”18 For cyber operations to satisfy the armed criteria of armed conflict, they would have to result in injury or death of persons or damage or destruction of property. A host of legal regimes provide the basis for the further interpretation of how international law is applicable to cyber operations.

Legal Regimes

Article 2(4) of the UN Charter prohibits the use of force “against the territorial integrity or political independence of any state.”19 Unlike the charter, no similar international convention exists today for cyber operations. The closest consensus treatise is the Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations (hereafter Tallinn Manual 2.0), written by lawyers, practitioners, and researchers, albeit primarily through Western perceptions, who called themselves the International Group of Experts. The aim of the Tallinn Manual 2.0 is to place existing international law, known as lex lata (the law as it exist...

Table of contents

  1. Cover
  2. Half title
  3. Title
  4. Copyright
  5. Contents
  6. List of Illustrations
  7. Foreword
  8. Acknowledgments
  9. List of Abbreviations
  10. Introduction. Below the Threshold
  11. 1 Analytical Framework
  12. Part I. Cyber Operations
  13. Part II. Security Dynamics
  14. Part III. Defensive Solutions
  15. Conclusion. A Different Approach
  16. Index
  17. About the Author