CYBER INFLUENCE OPERATIONS: A BATTLE OF WITS AND BITS
Strategies and Capabilities of Major Players (Part I)Sections
Introduction
Russia: Dramatic Successes in CIO
United States: Pioneers in IO
References
Introduction
Influence operations in cyberspace have received significant attention over the last decade, during which the strategic ramifications of Cyber Influence Operations (CIO) have been felt with increasing impact in various global conflict scenarios. The most significant trigger for this focus has arguably been the alleged interference by Russia in the US presidential elections of 2016 [1]. Other notable examples of power projection in the cognitive domain through cyberspace include the cyber operations conducted against Estonia (2007), Georgia (2008) and Ukraine (2015 onwards), all these purportedly at the behest of Russia [2, 3]. The United States and China, amongst other countries, have also developed strategies and doctrines and operationalized their CIO capabilities for achieving strategic cognitive effects.
The previous articles in this series on CIO have dwelt on conceptual aspects, bringing out that the emerging notion of CIO lies at the confluence of Cyber Operations (CO) and Influence Operations, and is essentially a manifestation of Information Operations (IO) in cyberspace. This work has also highlighted that it was important to make a distinction between Technical and Cognitive facets of CIO, termed respectively as Cyber-enabled Technical Influence Operations (CeTIO) and Cyber-enabled Social Influence Operations (CeSIO), as making such a distinction facilitates the understanding and implementation of operational, organizational and training issues related to CIO. The vast armory of tools and techniques which are available for conduct of CeSIO and CeTIO, and the way these may be synergistically employed to execute a multitude of creative influence stratagems in cyberspace, have also been covered.
This article (in two parts) provides an insight into the strategic employment of CIO by major players, primarily Russia, US and China, by giving an overview of their doctrinal approach and operational employment of CIO, as also organizational capabilities to support these operations. To a lesser extent, Pakistan’s efforts to employ CIO stratagems against India are also touched upon. Towards the end, a brief look is taken on how the differing political ideologies of democratic and autocratic regimes could play a role in influencing their CIO strategies.
It merits mention here that while the thrust of this series is to study the emergence of influence operations as a potent weapon in cyberspace, CIO would in most scenarios be conducted as part of a larger influence campaign adopting multiple means, such as public diplomacy, influence campaigns over broadcast media, and other forms of strategic communication.
Russia: Dramatic Successes in CIO
Doctrinal Moorings
There is a deep conviction amongst Russian strategists that the NATO countries, with the US and UK in the lead, have deliberately engaged in psychological warfare campaigns aimed at undermining the Russian sphere of influence in Europe and Asia. In Russian terminology, information psychological attacks against Russia by the West have reaped immense strategic successes, including the collapse of the USSR. For instance, from the Russian perspective, the Color Revolutions were not spontaneous uprisings of the masses but the result of a carefully crafted strategy for overthrowing established regimes, executed in the information and cognitive realms via a free and open Internet [4].
Recognizing its inability to match the combined military power of NATO countries, Russia has evolved strategies which rely on the use of information, political and economic measures for achieving political objectives while operating below the threshold of armed conflict. In Russian strategic thought, Active Measures is a term used to capture the notion of influence operations, with two key differences compared to the US or NATO approaches: the boundary between peace and war time operations is blurred, and domestic audiences may also be targeted. Maskirovka is another term used in the context of influence activities. It covers all types of deception, is an essential tool of combat, and is stated to have been successfully employed in the recent operations in Ukraine and Crimea [5].
The often-quoted Gerasimov Doctrine (the usage of ‘doctrine’ here being a misnomer) states that “the role of non-military means of achieving political and strategic goals has grown, and, in many cases, … exceeded the power of weapons in their effectiveness” [6, 7]. The Russian Military Doctrine of 2014 lists “the integrated use of military force, political, economic, informational and other non-military measures implemented with widespread use of the protest potential of the population and special operations forces”, as the first characteristic of modern military conflicts.
Russian IO doctrine focuses on Information as the central theme and does not have Cyberspace specifically in its IO lexicon. Its IO philosophy includes the concept of Reflexive Control, which is a term used to describe the practice of pre-determining an adversary’s decision in Russia’s favour, by altering key factors in the adversary’s perception of the world. Russian IO doctrine shows a preference for classifying IO disciplines under the two major subdivisions of Information-Technical Warfare (ITO) and Information-Psychological Warfare (IPO), which in the cyberspace domain manifest as CeTIO and CeSIO respectively [8].
In Russian strategic thought, great reliance is placed in the effectiveness of IO, using information-psychological and information-technological tools and techniques to achieve strategic objectives. CeSIO and CeTIO are important components of this overall strategy, which Russia has been able to employ very effectively.
Operational Employment
A brief overview of Russian CIO operations in Estonia, Georgia and Ukraine, which yielded noteworthy strategic dividends, is given out in succeeding paragraphs [9].
- Estonian War. In Apr 2007, the Estonian Government decided to move a Soviet-era war memorial to a location outside Talinn, its capital. Estonia is considered as one of the most technologically advanced nations, with an advanced Internet-dependent e-governance status. On 20 Apr, this tiny Country was swamped with cyber-attacks, wherein its banks, newspapers, news agencies and all government sites were attacked and brought down. The Distributed Denial of Service (DDoS) attacks using ping floods and botnets, spamming of news portals and defacing of government websites, left the Country crippled for the next three weeks or so. In a strategic sense, the impact of the attacks was significant. They demonstrated the utility of CIO as a means of coercion, especially when employed in concert with other political, economic, and information tools. They also served as a wake-up call for NATO, which established the Cooperative Cyber Defense Centre for Excellence (CCDCOE) in Tallinn in order to develop counterstrategies.
- Georgian War. The Russo-Georgian War of Aug 2008 was a four day long armed conflict between Georgia and the Russian Federation, resulting in the breakaway of South Ossetia and Abkhazia from Georgia. CIO were employed weeks before the physical attacks on Georgia, and degraded Georgia’s ability to counter the military invasion by blocking communications between the Government and the Georgian people, disrupting financial transactions, and creating widespread confusion through coordinated DDoS attacks that overloaded and effectively shut down Georgian servers. Although the Russian Government denied the allegations, it was established that the Saint Petersburg-based group known as the Russian Business Network (RBN) was behind many of these cyber-attacks. While the overall impact of the cyberattacks was minimal – Georgia was eventually able to reroute most of its traffic through servers in the US, Estonia, and Poland – it was the first known instance of wide-scale offensive cyber operations being mounted in conjunction with conventional military operations. CeTIO were employed against command & control and weapons systems on the one hand, and on the other information-psychological attacks including CeSIO were carried out against media and other communication platforms, targeting public perceptions.
- Ukraine. In 2015, Russia initially employed CIO for compromising the Ukrainian government and military’s ability to communicate and operate, thereby undermining the legitimacy and authority of Ukrainian political and military institutions. In late Dec 2015, however, Russia intensified its offensive cyber operations using the more intrusive CeTIO to achieve kinetic effects by damaging Ukrainian critical infrastructure. Pro-Russian cyber actors perpetrated what is believed to be the first cyber-attack on another country’s electric power grid. Coordinated and synchronized cyber-attacks targeted three separate power distribution centres using remote access to control and operate breakers, causing power outages that affected more than 220,000 Ukrainian residents. These attacks are a notable example of CeTIO being employed for creating cognitive effects. The Internet Research Agency (IRA), which is an organization with alleged links to the Kremlin, pro-Russian hacker groups (CyberBerkut, suspected to be the Russian cyber-espionage group APT28), and military units are all suspected to be involved in these attacks.
Organisations
Russia’s capabilities to carry out CIO is distributed primarily amongst three agencies: the Federal Security Service (FSB), the Russian Main Intelligence Directorate (GRU) and a spectrum of non-state actors. However, the relative importance of these agencies in the conduct of CIO has varied considerably over time [10].
FSB. In post-Soviet Russia, for a brief period in the 1990s Russia had a separate information security agency, the Federal Agency for Government Communications and Information (FAPSI), which may be considered as an analog to the US National Security Agency (NSA). FAPSI was disbanded in 2003, and its components were absorbed largely into the FSB, but also into the Ministry for Internal Affairs of the Russian Federation (MVD RF), the Federal Protective Service of the Russian Federation (FSO RF), and Russia’s foreign intelligence service (SVR). The FSB, along with the Kvant Scientific Research Institute which assisted the FSB in technological research, was the primary agency engaged in developing Russia’s offensive cyber capabilities. The FSB is believed to have coordinated the cyber-attacks conducted against Estonia and Georgia, with the GRU taking a backseat. At that juncture, the strategy of FSB sponsoring cyber-attacks to be carried out by non-state actors, wherein attributability could be denied, served Russia’s interests.
GRU. The cyber successes of Russia in Estonia and Georgia, however, prompted the US to shore up its efforts to militarize its cyber capabilities, notably with the formation of its Cyber Command in 2009. This in turn triggered the GRU, in 2013, to set-up new military science units for carrying out R&D with focus on cyber operations. Also, the conflict in Georgia exposed serious operational and organizational deficiencies, including in the area of information operations, for the Russian armed forces. As a follow up, in 2014 Russia’s Ministry of Defence announced the establishment of an “information operations force”, and the 2014 Military Doctrine listed the “development of forces and means of information confrontation” as a main task for modernizing Russia’s armed forces. By 2017, it is estimated that the GRU was able to recruit considerable talent and became a leader in offensive cyber operations. An overview of the GRU resources which possess CIO capabilities is as under:-
- Information available in the open domain indicates that the GRU organized its psychological operations specialists into eight “operational groups” at around the time of the first Chenchen War in the mid-1990s, and the nucleus of GRU’s psychological warfare apparatus in the 72nd Special Service Center (Unit 54777).
- Further, the 85th Main Special Service Center (Unit 26165), which was responsible for GRU’s cryptography during the Cold War, has perhaps now been re-focused towards offensive cyber operations.
- Another unit tasked for offensive cyber operations is the Main Center for Special Technologies (Unit 74455), which was presumably involved in the effort to influence the US presidential election in 2016, the NotPetya attack of 2017, as well as cyber operations in Ukraine, amongst others.
- As is evidenced by many reports, Russia continues to invest in and develop its CIO capabilities, using a combination of CeTIO and CeSIO to achieve strategic cognitive effects in and through cyberspace.
Non-State Actors. Some of the more prominent non-state actors being exploited by Russia for CIO are as under [11]:-
- The Internet Research Agency (also referred to as TEKA), a Russian company owned by the oligarch Yevgeny Prigozhin who is known to be closely associated with the Kremlin, is the primary non-state agency being used by Russia to push its agenda. It is estimated to have about 1000 operatives tasked with daily targets allocated in terms of the number of comments, shares, likes, etc on social media platforms.
- APT 28 (also known as “Fancy Bears”, “Pawn Storm”, etc), is generally understood to be a non-state actor. However, as per claims of cyber-security companies such as FireEye, SecureWorks and Microsoft, it may actually be an FSB/ SVR/ GRU unit(s). The main targets of APT28 are the Caucasian (primarily Georgian) and Eastern European countries.
- APT29 (also known as “Dukes”) is another non-state actor linked to the Russian hierarchy, which is known to be working with the Russian Federation since 2008.
United States: Pioneers in IO
Doctrinal Moorings
As stated earlier, the US was the first nation to come out with extensive doctrinal literature on IO. Building up from earlier doctrines, the US DOD IO Doctrine of 2006 designated EW, Psychological Operations (PSYOP), Computer Network Operations (CNO)/ CO, Military Deception (MILDEC) and Operational Security (OPSEC) as Core Capabilities, in addition to several others as Supporting and Related Capabilities [12], while its IO Doctrine of 2012/14 enunciates the concept of Information Related Capabilities (IRCs), encompassing all IO capabilities into this single category [13].
Interestingly, there is a RAND study which recommends that better conceptual clarity and functional effectiveness may be achieved if IO is split into two functional areas, namely, Information Technical Operations (ITO) and Inform and Influence Operations (IIO), with the former focussing on the information domain with machines as targets (CO and EW), and the latter on the psychological/ cognitive domain with people as targets [14]. The US DOD has also promulgated a doctrine on CO [15], as also on several other IO capabilities. It formally declared Cyberspace as an operational domain of warfare as early as the year 2011. The US DOD does not have a separate doctrine either for Influence Operations or for CIO. The US Army has a manual on Inform and Influence Activities (IIA), of which CIO may be considered as a subset [16].
As brought out in an earlier article in this series, CIO lie at the confluence of CO and Influence Operations. From US DOD doctrinal perspective, it would be accurate to state that CeTIO are CO conducted with the intention of having cognitive effects. CeSIO, unlike CO, are non-intrusive in nature, and may be viewed as a combination of IRCs such as MISO, public affairs and military deception, executed in a non-intrusive manner in and through cyberspace.
Operational Employment
As most of the literature in this area is based on the work of Western authors, CIO by the US are documented in the open domain only in the context of legitimate operations, such as war. Operations against the ISIS, therefore, have been reported extensively. CIO have also been employed by the US in Ukraine, Iraq and Afghanistan, although not as effectively. A brief overview of these operations is as under [17]:-
- Operations against ISIS. The extensive exploitation of social media by Russia, China and other competing nations for propaganda, recruiting and raising funds, etc, spurred the US into taking countermeasures using CIO tools and techniques. Social messaging is being resorted to for dissuading potential recruits from joining the ISIS, countering ISIS propaganda by exposing their crimes through the use of defectors as also to mobilize groups adversarial to the ISIS.
- Operation Glowing Symphony. The US Cyber Command was given the clearance to conduct Operation Glowing Symphony for carrying out offensive cyber operations against ISIS, in support of Operation Inherent Resolve, the overall military operation against ISIS. The Operation targeted ISIS’s battlefield communications, intelligence collection mechanisms and social media networks. It was global in scale, required international coordination and de-confliction as also coordination with kinetic operations against ISIS. It is thought to be arguably the largest operation conducted by the US Cyber Command and represents a watershed moment for the DOD’s cyber-warfighting capability. This and other operations served multiple purposes from destroying propaganda to instilling insecurity, using a mix of CO and CIO.
- Other Operations. The US has reportedly been resorting to CeSIO such as Potemkin news, messaging over social media and sockpuppets amplified by bots in various conflict scenarios, for instance, in Ukraine and Afghanistan, although possibly on a lesser scale as compared to Russia. However, influence operations in cyberspace were not considered to be effective in Iraq and Afghanistan because of the low Internet penetration in these countries. Nonetheless, strategies are continuously being evaluated for adopting CIO whenever the opportunity presents itself.
Organisations
Existing organisations within the US armed forces capable of executing CIO are the US Cyber Command (USCYBERCOM) and the US Special Operations Command (USSOCOM). An overview of these two organisations is as under [18]:-
- Cyber Operations. USCYBERCOM is one of the eleven unified commands of the DOD. It unifies the direction of cyberspace operations, strengthens DOD cyberspace capabilities, and integrates and bolsters DOD’s cyber expertise. Each of the four Services have their own cyber components, namely, the Army Cyber Command, the Fleet Cyber Command (10th Fleet), the 16th Air Force and the Marine Corps Cyberspace Command. The US Cyber Command achieved initial operational capability in 2010. It comprises of 133 Cyber Mission Teams with a total strength of 6200 personnel. A good proportion of these teams are distributed amongst the geographical commands to be deployed at operational and tactical levels. In Aug 2018, the Cyber Command was upgraded to the status of a unified combatant command.
- Cognitive/ Psychological Operations. The DOD active components mandated to carry out psychological operations are placed under the USSOCOM. These components are the 4th & 8th Psychological Operations Groups, each comprising of 3-4 psychological operations battalions. There are several reserve components tasked to carry out psychological operations, which are part of the Army, Air Force and Navy. The Marine Corps does not possess any units related to psychological operations, either as active or reserve components.
As discussed above and in previous articles in this series, successful employment of CIO requires the integrated employment of cyber as well as cognitive operations capabilities. Execution of CeTIO would be best tasked to the USCYBERCOM. This was clearly demonstrated by the successful execution of Operations Glowing Symphony, essentially a CeTIO mission, wherein a joint task force, JTF-Ares, was set up by the USCYBERCOM by drawing upon Cyber Mission Force (CMF) teams from the three Services. The dual-hatted nature of the appointments of Commander USCYBERCOM and Director NSA was also a factor which contributed to the success of the Operation. On the other hand, expertise for cognitive operations is traditionally the domain of USSOCOM.
However, for conducting CeTIO and CeSIO together as part of a larger CIO campaign, optimum organisational structures do not seem to exist in the DOD at this juncture. At the Pentagon, the top civilian post tasked to handle Influence Operations is the assistant secretary of defense for special operations/ low-intensity conflict ASD (SO/LIC). There is a proposal for upgrading this post to that of Under Secretary of Defence, in order to keep up with the aggressiveness and capabilities being evidenced from Russia and China [19].
The Joint Staff J-3 Directorate, in conjunction with the USSOCOM’s Joint MISO WebOps Centre, coordinates operations across combatant commands. It is also reported that there is competition amongst the Services for control over influence operations. The US Army has announced that it is considering transforming the Army Cyber Command into an IW Command. There is, perhaps a need to consider a similar integration of all IW capabilities under a US IW Command, on the lines of China’s PLA Strategic Support Force.
[Continued in “Strategies and Capabilities of Major Players – Part II”]
References
(1) Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, Centre for Security Studies, ETH Zurich, 2019, pp. 5, Accessed 30 Nov 2020.
(2) Michael Connell and Sarah Vogel, Russia’s Approach to Cyber Warfare, CNA Occasional Paper, Mar 2017, pp. 13, 17, 19, Accessed 30 Nov 2020.
(3) Lt Gen (Dr) R S Panwar, Cyberspace: The Fifth Dimension of Warfare – Part II (Section: Cyberwar – No Longer Hype), Future Wars, 08 Jan 2018, Accessed 30 Nov 2020.
(4) Piret Pernik, Hacking for Influence: Foreign Influence Activities and Cyber-attacks, International Centre for Defence and Security, Feb 2018, pp. 8-11, Accessed 01 Dec 2020.
(5) Aurelian Stoica, From Social Influence to Cyber Influence: The Role of New Technologies in the Influence Operations Conducted in the Digital Environment, International Journal of Cyber Diplomacy / 2020, Volume 1, Issue 1, pp. 29, Accessed 01 Dec 2020.
(6) Pascal Brangetto and Matthijs A. Veenendaal, Influence Cyber Operations: The Use of Cyberattacks in Support of Influence Operations, 8th International Conference on Cyber Conflict/ 2016, NATO CCD COE Publications, Tallinn, pp. 118, Accessed 30 Nov 2020.
(7) Valery Gerasimov, The Value of Science Is in the Foresight, Military Review Jan-Feb 2016, pp. 23-29, Accessed 30 Nov 2020.
(8) Keir Giles, Handbook of Russian Information Warfare, NATO Defense College, Nov 2016, pp. 7-11, 19-21, Accessed 01 Dec 2020.
(9) Lt Gen (Dr) R S Panwar, Cyberspace: The Fifth Dimension of Warfare – Part II (Section: Cyberwar – No Longer Hype), ….., Accessed 01 Dec 2020.
(10) Bilyana Lilly and Joe Cheravitch, The Past, Present, and Future of Russia’s Cyber Strategy and Forces, 12th International Conference on Cyber Conflict/ 2020, NATO CCDCOE Publications, Tallinn, pp. 139-146, Accessed 01 Dec 2020.
(11) Aurelian Stoica, From Social Influence to Cyber Influence: The Role of New Technologies in the Influence Operations Conducted in the Digital Environment, …, pp. 31-33, Accessed 01 Dec 2020.
(12) US DoD Joint Publication 3-13, Information Operations, Feb 2006, pp. II-1., Accessed 01 Dec 2020.
(13) US DoD Joint Publication 3-13, Information Operations, Nov 2014, Accessed 01 Dec 2020.
(14) Isaac R. Porche III et al, Redefining Information Warfare Boundaries for an Army in a Wireless World, 2013, RAND Corporation, Santa Monica, CA, pp. 42, 59, Accessed 01 Dec 2020.
(15) US DoD Joint Publication 3-12 (R), Cyberspace Operations, Feb 2013, Accessed 01 Dec 2020.
(16) Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part III: Organisational Structures for Other Defense Forces (Section: IW Structures – United States), Future Wars, 14 Apr 2020, Accessed 01 Dec 2020.
(17) Sean Cordey, Cyber Influence Operations: An Overview and Comparative Analysis, …., pp. 21-24, Accessed 30 Nov 2020.
(18) Lt Gen (Dr) R S Panwar, IW Structures for the Indian Armed Forces – Part III: Organisational Structures for Other Defense Forces (Section: IW Structure – United States), …, Accessed 01 Dec 2020
(19) Patrick Tucker, Should the US Have a Secretary for Influence Operations? Defense One, 22 Feb 2020, Accessed 01 Dec 2020.
0 Comments