Far-Ranging Cyber Attack Reflects New Russian Geopolitical Strategy?

The drama surrounding the SolarWinds breach – mentioned in a CyberProof post last week – is still unfolding. Thus far, here’s what we’ve learned:

Hackers allegedly affiliated with Russia gained control of management software from SolarWinds to obtain unauthorized access to numerous networks. The result: The hackers are suspected of compromising important US government networks in addition to thousands of networks belonging to large, international companies – and in some cases, they managed to take full control of these networks. They succeeded in maintaining access to breached networks without detection for more than half a year – in some cases, since March.

Victims of the SolarWinds hack include US Departments of State, Homeland Security, Commerce, the Treasury, and the National Institutes of Health, on the governmental front – and names like Microsoft, Credit Suisse, Ford, and Visa, on the corporate front. The scope of the attack begs the question: Why are the Russians conducting such intense and dangerous cyber activity against the US? And why now?

Russian Activity on the Global Cyber Scene

Perhaps the decision to “up the ante” with cyber attacks of this scope and at this time was taken by the Russian government to enhance their statecraft weapons and boost their geopolitical standing using new strategies. Perhaps it was an attempt to undermine confidence in US institutions – not just in the US, but on the international arena.

In recent years, the Russians displayed increasing interest in intervening internationally using cyber war tactics to achieve their political and economic aims. Take, for example, the attack on the Ukrainian power grid in 2015, which disrupted the supply of electricity to about 230,000 citizens for several hours. Because the attack took place in the middle of the winter, and affected the light and heat in people’s homes, it had the additional effect of undermining people’s confidence in their government authorities.

However, the SolarWinds hack – assuming it was conducted by Russia, as claimed – is their boldest cyber move yet. And we keep learning more about the extent of the damage; for example, just a few days ago Microsoft disclosed that some of its internal source code had been viewed using an illicit account associated with the hack.

This is a widespread breach that involves both the government and the private sector. It is just the latest in a series of cyber attacks that highlight the complete lack of international agreement on cyber warfare and its rules of engagement.

Russia’s Old Ways: Worldwide Meddling in Military & Economic Arenas

The Russian government has a long tradition of flexing its military and economic muscles to maintain and extend its power internationally. Take, for example, Russia’s military intervention in Georgia in 2008, and its invasion and annexation of Crimea in 2014.

In the Middle East there also has been significant Russian engagement in the military and political spheres. Russian involvement in Syria, with a brutal air campaign in 2015, saved President Bashar al-Assad’s regime.

There have been other areas, too, where the Russians have created instability. In 2018, for example, Russia was accused by Britain of poisoning former Russian spy Sergei Skripal and his daughter Yulia on UK territory. And last July, a report was released in the UK about Russia’s sophisticated campaign to undermine British democracy – with their alleged activities including everything from interference in British elections and spreading disinformation, to employing members of the House of Lords.

Russia’s Newer Approach: A “Lighter” Touch

Recently, we’ve been seeing a new approach taken by President Putin – less use of military strength, and greater integration of other strategies to achieve his aims.

As reported in the New York Times, in the recent Belorussian uprising (2020), Russia refrained from direct military intervention – offering very “lukewarm” support for President Lukashenko.

In a similarly unusual move, Russia took on a peacekeeping role and successfully prevented a military escalation in the southern Caucasus, using a threat of its military power to force concessions from both Azerbaijan and Armenia. And the decision not to deploy troops to achieve its geopolitical ends in the Caucasus seems to have paid off. To date, nearly 2,000 Russian troops continue to be stationed on Azerbaijani territory as peacekeepers, which gives Russia the advantage of having a military foothold just north of Iran – and keeps Armenia more firmly positioned within the Russian orbit.

The SolarWinds Hack Is One of Many US-Russian Clashes – But It Is Unique in Scope

We can’t discuss the SolarWinds attack without taking a look at the relationship between the US and Russia.

At this point, their relationship seems to be primarily adversarial. From Moscow’s interference in the 2016 American elections, to the protracted conflict in Ukraine that began in 2014 – the two superpowers have been at loggerheads on a number of large-scale issues.

These points of contention have spread into the nuclear realm, as we’ve watched decades-long bilateral disarmament agreements not being extended or renegotiated. As a case in point: The only U.S.-Russia arms control pact that is still in effect, the New Strategic Arms Reduction Treaty, is set to expire on February 5, 2021.

The Russian government is at odds with the US because of perceived grievances over many years, and it is leveraging its cyber success around the 2016 US elections to gain greater strength and power on the international stage – whether in the cyber, military, or economic sphere. Moreover, the polarization of American society has enabled Russia to become increasingly emboldened, while being able to draw a cloak of deniability around its actions – with very little negative fallout.

Russia’s New Geopolitical Strategy

The SolarWinds hack can be viewed against this context. It’s not the fact of alleged Russian cyber activity per se but the breadth of activity and the amount of data that was compromised – and, particularly, the fact that the breach was first detected by private cyber-security company FireEye and not by the cyber agencies that have invested billions of dollars in cyber defenses – that makes the SolarWinds hack stand out.

Perhaps more significantly, the attack may be reflective of Putin’s new methods of shifting geopolitical realities in Russia’s favor: not by deploying forces, but by using more subtle means like cyber warfare to achieve similar ends.

Furthermore, there’s a concern that the Russians may have gained access to delicate information that will allow them to achieve various strategic objectives. One example of this kind of information is Black Start, the technical blueprints describing how the US could restore power in the event of a cataclysmic blackout. It is possible that this data was stolen from the Federal Energy Regulatory Commission, which is one of the SolarWinds victims. If this is the case, the plans would have given Russia the all-important list of which systems it needs to target, in order to keep power from being restored.

Moscow also may be trying to gain leverage over the new administration in the US. The Russians may want to shake up Washington’s confidence in how secure its communications are and to show off their capabilities in the cybersphere in order to position themselves better in advance of any future talks with President-elect Biden.

And as pointed out by Tamir Pardo, former Director of the Mossad and currently President of XM Cyber, in CyberProof’s Smarter SOC Virtual Summit, cyber warfare is much cheaper than military warfare – both in terms of the financial and the human cost. These advantages also may be part of what’s behind Putin’s shift.