Читать книгу Russian Cyber Operations - Scott Jasper - Страница 14

Joel Brenner, a former counterintelligence leader for the US director of national intelligence, has noted that “cyber is one of the ways adversaries can attack us and retaliate in effective and nasty ways that are well below the threshold of an armed attack or laws of war.”¹ The term cyberattack is used in a colloquial sense in discussing cyber operations that refer to various types of “hostile or malicious cyber activities, such as the defacement of websites, network intrusions, the theft of private information, or the disruption of the provision of internet services.”² Therefore, cyber operations described as a “cyberattack” are not necessarily an “armed attack” or an “act of war.” They might qualify under thresholds and conditions for less severe classifications such as a “use of force” or an “internationally wrongful act.” The classification matters, for it determines under international law to what extent injured states can respond to a cyberattack—either with force in self-defense or by lesser means, known as countermeasures. Even though various legal conditions must be met, in any case, attribution to the responsible state under international law is a required condition for appropriate action.

Russian cyber operations exploit legal regimes to avoid thresholds and classifications that prompt or justify meaningful responses. They also use technical means to avoid attribution that is necessary for injured-state responses to an internationally wrongful act or any other type of unlawful attack under international law. The term attribution is defined simply as “determining the identity or location of an attacker.”³ Technical attribution is associated with indicators, such as tradecraft, code styles, domain registration, Internet Protocol (IP) ownership, resource language, and time zone information. Political attribution is more declaratory, usually based on cumulative or circumstantial evidence. For malicious actors, the goal is not only to avoid attribution but also to maintain anonymity for as long as possible during a cyber operation. Thus, in the cyber realm, anonymity infers not only the inability to identify an individual, group, or state actor but also the “inability to recognize an attack is occurring, and the inability to isolate the target or objective of the attack.”⁴ In order to thoroughly analyze and evaluate Russian cyber operations, this chapter will provide a technical (means used for intrusion, evasion, and deception) and legal (regimes for classification as an armed attack, a use of force, or an internationally wrongful act) framework. It will then demonstrate an application of the analytical framework to a case study of destructive Russian cyber operations against the energy sector in Ukraine.