Читать книгу Russian Cyber Operations - Scott Jasper - Страница 12

This introduction has provided the context and basis for an evaluation of Russian cyber operations as a facet of conflict or a component of competition. Chapter 1 will describe the technical (means used for intrusion, evasion, and deception) and legal (regimes for classification as an armed attack, a use of force, or an internationally wrongful act) framework to analyze and evaluate Russian cyber operations, known henceforth as the analytical framework. It will then depict the application of the analytical framework in a case study of Russian cyber operations against critical infrastructure in Ukraine. Each chapter will then present one or two case studies of the full range of Russian cyber operations (for theft, espionage, denial, and destruction) for analysis and evaluation by the analytical framework. Each case study will examine Russian exploitation of evolving technical means and disparate legal regimes. The book is organized into three parts to describe the role of Russian cyber operations, their rationality to use them, and cost-imposition options or defensive-solution choices to counter them.

Part I, “Cyber Operations,” explains the use of Russian cyber operations in the setting of strategic competition. Chapter 2 begins with a theoretical review of asymmetry and how cyber operations fit into the Russian asymmetric arsenal. It then applies the technical and legal framework to analyze the 2007 cyber assault by Russian “patriotic hackers” (ordinary citizens expressing nationalistic/political views through cyberspace) on Estonia. It compares similar usage in the 2008 conflict with Georgia but introduces the role of cyber operations as a component of warfare. Chapter 3 discusses the Western theory of hybrid warfare in comparison to Russian doctrine. Next, the chapter applies the analytical framework to Russian cyber operations during the 2014 annexation of Crimea. After a review of the Russian model for new-generation warfare, it analyzes Russian cyber operations in the ongoing Eastern Ukraine separatist conflict. Chapter 4 explains the Russian concept of IW, arguing that the current Russian practice is a reinvigorated aspect of the subversion campaigns seen in the Cold War but adapted to the Internet age. Next, the chapter uses the technical and legal framework to analyze Russian cyber-enabled interference in the 2016 US presidential election.

Part II, “Security Dynamics,” frames the difficulties and deficiencies in the use of cost-imposition options to counter Russian cyber operations. Chapter 5 begins with a review of the theory of rationality and why the use of cyber operations by Russia is considered to be rational. It then uses the analytical framework to demonstrate how Russia circumvented norms of responsible state behavior in the 2017 NotPetya mock ransomware attack. Chapter 6 commences with a review of deterrence theories and methods to impose cost. The chapter explains why US responses to wrongful acts in the cyber domain have failed to alter the undesired behavior of Russia, as seen in subsequent hacks of the 2017 French presidential election.

Part III, “Defensive Solutions,” offers and reviews a range of defensive choices to counter Russian cyber operations. Chapter 7 examines cybersecurity risk management and by what degree current strategies improve the security of networks and systems. It then analyzes how Russian cyber operations defeated defenses to penetrate critical infrastructure in the US energy sector. It concludes by examining security measures suggested by the United States Computer Emergency Response Team (US-CERT) to prevent similar attacks and deny the Russians any benefit from irresponsible behavior in cyberspace. Chapter 8 starts with a theoretical review of resilience and how automation in cyber defense reduces the time needed to detect, analyze, and remediate cyber threats. Next, the chapter analyzes the 2017 Bad Rabbit ransomware attack, demonstrating the utility of automated cyber defenses that operate at network scale and attack tempo against sophisticated techniques. Chapter 9 explores the employment of technical offsets to counter Russian cyber operations. It illuminates how continued manipulation of international norms, for instance in the Kerch Strait confrontation, hampers forceful responses. It argues that similar to Russian pursuit of technical offsets in military innovations, the West must respond in cyberspace with data-correlation advances.

The conclusion reiterates how the Kremlin uses legal ambiguity and technical complexity to maintain anonymity and uncertainty in its cyber operations. It examines the application of a more aggressive approach to defend forward through the strategy of persistent engagement. It concludes that risk in deterrence through this aggressive cost-imposition method mandates the use of resilience solutions to withstand attacks and continue operations.