In August, seven of the world’s major powers gathered in Biarritz, France, to discuss the topic of global stability as part of the 44th G7 summit. Though notable by its physical absence, one country in particular dominated the weekend’s discussions.
Russia, perhaps with the exception of China, has shaped global foreign policy more so than any other nation-state in recent times. The past five years have seen the Russian state embroiled in stories relating to the annexation of Crimea, an attempted assassination on British soil, a hacked election and the successful reinstating of an allied regime in Syria.
Russia has been somewhat left out in the cold politically after being disinvited from the then G8 in 2014, and the liberal powers of the G7 have shown little appetite for allowing Putin to return to a seat by the fire, despite President Trump’s calls for them to do so.
Yet, that hasn’t stopped the Kremlin playing a very active role on the global political stage. A fundamental reason why it has been able to do that, and something that appears (at least publicly) to have been under-discussed at this year’s G7 summit, is the role of cyberwarfare in its approach to international statecraft.
The most infamous example of this is the now widely-held view that Russia – popularly codenamed the ‘Bear’ by cybersecurity communities – tampered in the US presidential election of 2016. To this day, the extent of the subversion is unknown but for a foreign state to be anywhere near one of the most divisive political victories in American history is incredibly significant.
I think it’s important that we escalate the terminology here. Whilst much of the cyberactivity we’ve seen from Russia would fall under the banner of cyber-enabled espionage, its influence has been typically branded a form of sophisticated hybrid-warfare that leverages proxy nations for traditional kinetic military action.
This sophisticated blend of military posturing, diplomatic "nowse", technology, and cultural and economic strategy is known as the ‘Gerasimov doctrine’, after Russian General Valery Gerasimov.
In 2020, Trump will campaign to retain his premiership. Among the talk of walls, gun control, jobs, fake news and ‘locker room banter’, the Russian state will almost certainly take a quiet seat in the shadows, looking to leverage their blend of capabilities to gain favourable outcomes that advance Russia’s standing.
Russia has been able to insert itself right at the heart of American politics, using the very combination of techniques the Gerasimov doctrine promotes. As the United States builds probably the largest, most tech-enabled military power in the world the Russians seem to be carefully picking their battles and applying surgical effectiveness against very specific goals.
I’d argue that the G7 was right to focus on wider Russian issues during the summit, alongside Iran, climate change and a host of other big issues. But while pacts and treaties are a vital part of international diplomacy, stability will not be guaranteed until our governments start to openly acknowledge the way modern cyberespionage is being used as a weapon of war. It can quickly become kinetic, a technical interference, or propaganda and the way that affects peace and economic stability isn’t fully understood.
Influence and propaganda are nothing new, British Intelligence leveraged them successfully to really convince the USA to join the First World War, however in the good old days espionage has always been considered a necessary driver of peace because you couldn’t quickly turn a pamphlet or a publication into a large scale pivot point for a different attack. The additional knowledge from spying on each other has helped bring us back from the brink of major war on many occasions.
However, now it seems to be the first point of entry the same way it is for a cybercriminal.
While I am not suggesting that the digital battlefield is being completely overlooked, the fact that it was not a central topic of discussion – even in the context of Russia – at the world’s premier diplomatic event is a concern. It is also evident that as nation-states we’re still broadly treating this as an espionage/spying issue – when modern nation-state cyber-capability is looking to find systems that can actively bring down or control national infrastructure.
Whichever nation is considered, the role of its cyber-capability in exerting influence on the global stage is clear.
The great wall
China – often categorised as ‘Panda’ by security analysts tracking its cyberactivity – is using its cyber-strategy as a steroid injection to boost its already considerable economic muscle. With a large number of sophisticated threats broadly being attributed to Chinese actors, both criminal and potentially nation state. Their capability is very evident on the world stage.
Bill Priestap, assistant director of the FBI’s counterintelligence division, summed up China’s cyber-relationship with the West succinctly in an address to the US Congress. He claimed that American businesses operating in China are doing so on “borrowed time”. The Chinese government will, he argued, permit foreign companies to operate so long as it is advantageous to them – and from a cybersecurity perspective, China’s view is that it’s best to keep your friends close and your enemies closer.
Indeed, if a foreign company is developing technology or software that China needs but cannot yet produce domestically, then it will be allowed to stay – providing the insight and opportunity for the state to replicate or steal western IP, data and intelligence via cybercriminality. This is so widely accepted that other nations are believed to be designing vulnerabilities into weapons systems on the assumption that China won’t notice them when they clone IP, providing ‘backdoors’ into the Chinese copies.
Iran’s digital armoury
Apparently taking a steer from China, Iran’s efforts to steal sensitive data from UK public sector organisations is another example of the surge in nation-state backed cyber-espionage in recent years.
The interesting characteristic of Iran’s cyber-strategy is seeking to extract data, rather than bring down core infrastructure like attacks from other smaller nation-states have done – North Korea’s WannaCry hack, for example, brought parts of the NHS to a standstill.
The focus on infrastructure could just be a reflection of North Korea’s limited military capability. It’s far easier to train and enable a digital attack force than it is to equip a traditional kinetic army with weapons and capabilities.
The likelihood is that the data collected is being used to facilitate far more targeted espionage in the future and it wouldn’t be a stretch to imagine Iran – or ‘kitten’ if taking the alias normally used by cybersecurity professionals – and other nations doing so through western businesses in their jurisdiction.
Control, alt, defeat
Gone are the days where cyberattacks were the purview of hooded vigilantes and underground factions. It is now a mainstay of nation-states and organised crime groups who are reaping greater and greater rewards for those who use it effectively. It is essential that, come next year’s G7, the virtual elephant (Panda, Kitten or Bear) in the room is addressed head-on.
Andy Barratt, UK managing director, Coalfire