The Baltics: Veterans of Russian Cyber Operations
European countries are becoming increasingly wary of foreign disinformation and subversion operations in their own internal politics following Russian interference in last year’s U.S. elections. The small Baltic states of Estonia, Latvia, and Lithuania, however, understand the threat of Russian hybrid warfare – a coordinated mix of conventional military action, covert influence, and cyberattacks – more than most.
What threat does Russia pose to the Baltic states? Would they have their land borders and airspace violated, as did Ukraine and Georgia, or would Russian involvement walk the line between war and peace? What steps are the Baltic countries taking to counteract Russian operations, and can other countries, particularly the United States, learn from these?
Given their close proximity and EU and NATO membership, the Baltics, particularly Estonia, have become the frontline of the standoff between the West and Russia. Piret Pernik, the former advisor to National Defence Committee of the Estonia Parliament and a Research Fellow at the International Centre for Defence and Security in Tallinn, Estonia, argues “a successful large-scale cyberattack during peace time, or prior to or in concert with a conventional attack – which could disrupt interdependent financial systems or communications or electricity networks, or affect fuel and water supplies – would likely trigger huge economic loss or even chaos.”
However, unlike the situation in Ukraine and Georgia – which are not NATO members – a physical attack on the Baltics could draw the West into a direct military confrontation with Russia, so many NATO officials regard an outright Russian invasion of the Baltics as highly unlikely.
Kenneth Geers, a Senior Research Scientist at Comodo and an Ambassador at the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, notes that “Russia has thousands of quick-strike forces just across the border but is unlikely to challenge NATO directly. A far better option is to chip away at the alliance’s integrity and credibility and hope it dissolves of its own accord.” Similarly, high-end attacks targeting military assets and critical infrastructure causing physical consequences – such as the attacks on the Ukrainian power grid early last year – could also potentially trigger NATO collective defense measures.
“While the West understands cyberspace capabilities as mostly technical, the Russian understanding of the information domain includes,” according to Pernik, “electronic warfare and intelligence capabilities, as well as measures such as disinformation, propaganda, psychological pressure, destabilization of society, and influence of foreign media.”
Therefore, the nonconventional tactics of hybrid warfare, such as information operations and cyberattacks, would be deployed by Russia to achieve its strategic objectives in the region, against NATO, and the around the world more broadly. The general aim is to sow confusion that fosters politically divided, strategically vulnerable and economically weak societies to elevate Russia’s standing so that it can project power to affect change in other countries’ decision-making.
In Estonia – one of the most digitally advanced countries on the planet – state security agencies have concluded that “in cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO.” Estonia intelligence expects an uptick in Russian cyber activity in 2017 largely due to recent NATO deployments in the region, Estonia’s coming presidency of the EU, local elections in October, and planned Russian military exercises. Geers also notes that “with the 2018 Russian election around the corner, former Soviet states are nervous. Foreign adventures are the quickest way for a politician to get a bump in the polls.”
Past Russian cyber operations can provide an idea of what these cyberattacks would look like. In 2007, in apparent reprisal for the relocation of a Soviet-era statue, a barrage of cyberattacks hit financial, media, and government websites in Estonia, briefly knocking them offline. However, Russian cyberattacks have since evolved from basic sabotage into complex, multifaceted operations with impacts beyond simply downing websites – such as the onslaught of cyberattacks and information operations in the run up to the annexation of Crimea in 2014.
Russia has been developing its offensive cyber and strategic communication capacity for years and often employs informal relationships among criminals and hacktivists while also supporting local and foreign NGOs and broadcasting state-sponsored media to amplify disinformation. Pernik argues that “Russia engages people from top layers of society such as senior politicans and executives to the grassroots level such as internet trolls, petty cybercrime groups, marginal political activists and hacktivists, to exploit the potential for protest.”
Furthermore, Russian hackers who often facilitate information campaigns act anonymously, using encrypted services, pseudonyms, and remote servers. Beyond virtual safe havens, Russia provides sanctuary against legal reprisal. While certainty in attribution is hard, when compiled, the plethora of incidents show a clear portrait of Russia’s broader strategic objectives. As Geers notes, “we shouldn’t miss the forest for the trees.”
So what are the Baltics doing to mitigate the impacts of Russian cyberattacks and subversive tactics? Countermeasures could include deterrence and risk mitigation strategies through diplomacy and the establishment of norms against potentially destructive cyber attacks on critical infrastructure and military assets. In the incident of a major attack, or even a physical incursion, Estonia has sought to back up its crucial government data on servers in embassies all over the world. There is even talk of a complete copy of Estonia’s e-government files – as well as everything from birth records, electoral tallies, property deeds, and bank credentials – to be held in the United Kingdom.
However, such destructive attacks are less likely given the direct consequences retaliation could impose on Russia. Instead, lower-threshold cyber operations are likely to occur daily. To create cyber resilience, Pernik notes that “Estonia and Latvia use civilian volunteers in cyber defense units of their national guards to help defend against cyberattacks.” In the battle of narratives, Pernik says “Estonia and Lithuania use volunteers to help assess Russian disinformation campaigns and offer advice in countering it,” adding that Estonia has also “established a Russian-language TV station to increase resistance to disinformation. It has also undertaken research into the sentiments of Russian-speakers and expanded a program to integrate them into Estonian society.”
The United States and Europe could learn from the Baltics on how to increase their resilience against cyberattacks and information operations emanating from Russia. The three countries are well-versed in Russian subversion, whereas the West is just now waking to its affects.
Ultimately, cyberattacks and subversion are the here to stay, but as Geers points out, “The difference between the Cold War and Cold War 2.0 is internet IT. In the long run, the internet will sweep all dictators aside, but in the short run, it provides autocracies with Orwellian surveillance capabilities and gives them endless opportunities for espionage and provocation.”
Levi Maxey is a cyber and technology producer at The Cipher Brief. Follow him on Twitter @lemax13.