Lukasz Olejnik is an independent cybersecurity and privacy researcher, a research associate at the University of Oxford's Centre of Technology and Global Affairs, and a former scientific adviser on cyberwarfare at the International Committee of the Red Cross. Follow him on Twitter at @lukOlejnik.
Cyber conflicts involving state actors are quickly becoming a geopolitical reality. Perhaps the most cited example, the alleged Russian interference in the 2016 U.S. election, is a continued source of conflict in U.S.-Russia relations. The story took another turn last October when the U.S. Cyber Command conducted an offensive cyber operation against the Internet Research Agency (IRA), the “Russian troll factory” linked to using disinformation campaigns during the 2016 elections, and onwards. While the operation has yet to be confirmed by the U.S. government, media reports and U.S. officials’ commentary taken together suggest the event occurred. The U.S. action, which took place during the 2018 midterm elections, has been portrayed as a defensive warning against Russia and other U.S. adversaries online. But the result of the offensive operation may, however, in the end benefit Russia and possibly contribute to escalation in the cyber domain globally.
Somewhat unexpectedly, the operation was confirmed by the apparent target. In a public announcement, the Russian Federal News Agency (FNA), which is reportedly tied to the IRA, describes a cyberattack that supposedly caused storage system malfunction, specifically destructively targeting the RAID controller and causing hard drives being formatted. While FNA’s credibility is low, the report’s claim that the offensive cyber operation resulted in a significant disruption seems undeniable.
Supporters praise the operations as a long-overdue action against Russia that additionally demonstrates the operational capabilities of the U.S. Cyber Command to the public opinion. Some may claim that the attacks have a deterrence value. Others may question whether an operation conducted on the day of elections could reasonably degrade any disinformation operations. Whatever the strategic gains the consequences of the cyber operation will not be limited to the United States—their significance is global. This action marks an unprecedented milestone in the history of cyber conflict. For the first time two major cyber powers have engaged in aggressive reciprocal cyber activity in public.
From the U.S. perspective the attack might be a warranted response to the Russian involvement in 2016, but from a policy and diplomatic standpoint Russia might stand to benefit from the attack, both internally and externally. First, it remains unclear how the United States can justify its cyber operation under international law, and whether such a response would be proportional and necessary, as required. While the United States may characterize the attack as a warranted countermeasure, the Russian state has always denied interference in the 2016 U.S. elections. Second, Russia might use the operation to portray itself as a victim. Both the Kremlin and the Russian ambassador to Washington recently expressed their concern about the perceived dangers of cyberattacks, specifically those coming from the United States. Furthermore, as the U.S. military has technically hacked a media outlet, the United States may face the optics of a military attack on a civilian entity.
Domestically, Russia is currently already in the process of isolating its networks from the outside internet. Russia’s official justification for the action is to lower the risk of external cyberattacks; however, in reality the goal is to increase control over the networks, including strict traffic filtering, reminiscent of the China’s Great Firewall. While Russia’s narrative rings hollow, U.S. reports of cyberattacks on Russia may be exploited internally to justify the changes.
There is also the danger of a retaliation. While Russia could simply limit its response to a diplomatic message, the standard previously followed by the United States, escalation in response to the November action might follow, potentially on a previously unseen scale. Intensifying cyber conflict would not only seriously impact national security, but also increase geopolitical risk for businesses. Today, most cyber attacks focus on espionage or data theft. Offensive activity elevated to the disruption of civilian systems - for example, causing utility service interruptions - would result in serious ramifications; the 2017 NotPetya wiper worm served as a pointed demonstration of potential consequences. This issue would be made more severe by the constantly evolving theater.
The number of potential cyber conflict participants continues to increase, with dozens of countries globally building military cyber capabilities. In conventional military operations, armed forces in close proximity are often at an increased risk of escalatory events, like Russian involvement in Eastern Ukraine or the recent events on the Indian and Pakistani border. The concept of borders and distance does not really exist in cyberspace; dozens of armed forces are constantly within the virtual arm’s length, creating a constant possibility of interaction and escalation. Additionally, despite the meticulous preparation and execution of cyber operations, the situation can quickly spin out of control in a manner difficult to predict. The further militarization of the internet might lead to an increased escalation risk. While today’s cyber tug-of-war happens well below the threshold of armed conflict, engaging in discussions about norms at the UN within the First Committee and the Group of Government Expert process, adopting the restraint-inducing principles enshrined by international humanitarian law and increasing the doctrinal transparency are absolutely necessary going forward.