While Russian hacking has been a persistent threat for several years now, the past few days shed new light on the vast scale of Moscow’s cybercrimes directed against the U.S., NATO and nongovernmental organizations around the world.
At the top of the list was the revelation of an attempted attack on the Organization for the Prohibition of Chemical Weapons, which has led the effort to investigate the use of banned munitions by Bashar Assad, the Syrian dictator supported by the Kremlin. The plot was foiled by Dutch and British intelligence agencies, and resulted in the arrest of four men said to be members of the Russian military’s massive spy agency, the GRU.
Similarly, the U.S. Justice Department indicted seven Russian intelligence operatives for hacking international doping associations, which gained the particular ire of President Vladimir Putin for getting Russian athletes banned from the 2016 and 2018 Olympics. And last Thursday Secretary of Defense James Mattis pledged more U.S. support for NATO’s efforts to counter Russian hacking, a response to alleged Russian attacks on the alliance and its troops in recent years.
To understand the Russian cyber-apparatus, it is necessary to appreciate the degree to which it is the ultimate private-public cooperation network. Not only is there Russian offensive activity by the Kremlin via traditional military and civil structures such as the GRU, according to Western intelligence services the Kremlin uses a loosely organized network of cyber-criminals to do it dirty work for it. Think of this as the modern issuance of “letters of marque” that countries issued centuries ago to allow civilian naval “privateers” (aka pirates) to prey on their enemies. Britain’s Sir Francis Drake was a dramatic example of this strategy.
Putin, who deeply appreciates all manners of so-called asymmetrical warfare, has long sought to disrupt Western powers, undermine the NATO alliance, sow division between the U.S. and its European allies, and advance Russian interests globally. It is also a way for Putin to appeal to his support base in Russia, where his popularity is uncharacteristically dropping.
And while Americans are of course aware of the Kremlin’s efforts to undermine U.S. democracy in the 2016 presidential election, Russia has done much the same across Europe as part of a larger comprehensive strategy.
So, what can the U.S. and its allies do in response? Four key tasks: reveal, respond, rebuild and retaliate.
We must begin by revealing the extent of the damage caused not only by Russian state activity, but by those private proxies as well. This means an active, public campaign that outs Russian activity and keeps it in the news. The highly publicized Justice Department press conference announcing the indictments of Russian operatives is a good example of this. While there is justifiable hesitation concerning classified information and revealing too much of what we know and see publicly, there is still room for more aggressive effort to bring sunshine on Russian activities. And not just by the U.S.: Interpol and other international law-enforcement organizations can be very helpful.
In addition to simply revealing the extent of Russian activity, we need to respond forcefully and in concert with our allies. This must include publicly demanding Russian behavior stop through statements by international organizations from NATO to the United Nations to the nongovernmental groups that have been attacked. The West needs to articulate that there will be significant consequences if the behavior continues, demonstrate its ability to conduct offensive cyber-actions in response, and make the point that our responses may go beyond the cyber-sphere - economic sanctions, expelling diplomats and the like.
Third, we need to rebuild our defensive structures. This means Congress, the military and the intelligence agencies devoting more resources to domestic cyber-defenses; creating a dedicated Cyber Force (more necessary at this moment than the Trump administration’s new Space Force); working more closely with our allies, partners and friends to coordinate our defensive techniques; and offering U.S. cyber expertise to close allies outside Europe such as Japan and the Gulf states that face Russian hacking threats.
Finally, the U.S. and its allies may need to retaliate in a creative way. While the temptation may be to respond in kind, through cyberattacks on the Russian government, the smarter course maybe to broaden the level of action. In retaliation for the attack on the anti-doping organization, for example, more bans on Russian sports teams are in order. In response to anti-NATO efforts, we should work with the European Union to increase economic sanctions. After the attack on the chemical weapons organizations, we could retaliate by revealing in depth and detail the level of corruption of officials at the highest level of the Russian government, to include depth of their knowledge of Syrian chemical programs.
There is an old Russian maxim attributed to Lenin: “Probe with bayonets: If you encounter mush, proceed; if you encounter steel, withdraw.” Interestingly, it was President Richard Nixon who popularized that expression in the West, and he was someone who understood Russia very well. The U.S. and its allies will need a more steely approach in dealing with the new wave of Russian cyberattacks.
James Stavridis is a Bloomberg Opinion columnist. He is a retired U.S. Navy admiral and former military commander of NATO, and dean emeritus of the Fletcher School of Law and Diplomacy at Tufts University. He is also an operating executive consultant at the Carlyle Group.