Skip to content
Search

Latest Stories

Welcome! Log in to stay connected and make the most of your experience.

Input clean

History's Lesson Regarding Russian Cyber Warfare

Ten years ago this month, war erupted between Russia and Georgia after Georgian troops attacked South Ossetia and shelled the town of Tskhinvali, in response to alleged Russian provocations.

Russia justified its military action based on countering Georgia's aggression- President Medvedev's called the attack an attempted "genocide" against innocent civilians.  Seeking to discredit Georgia's national sovereignty, Russia also portrayed the conflict as a proxy war against the U.S., the first of its kind since the end of the Cold War.


Russia blockaded the Georgian coast with its Black Sea Fleet, dispatched combat troops to Abkhazia to deter a Georgian attack, and conducted combat air missions against Georgian targets.  Using a justification which would be repeated when Russia annexed Crimea, Medvedev claimed there were regions where Russia has "privileged interests" to defend the rights of Russians wherever they might be located.  South Ossetia and Abkhazia declared their independence, and Russia created a "frozen conflict”, which would serve Russia’s national security strategy by indefinitely delaying Georgia’s NATO membership.

Russia's application of hybrid warfare - a concurrent use of battlefield and cyber operations - was precedent setting.  Russia enhanced and enabled its extensive land, air, and sea attacks with sophisticated and synchronized cyberspace operations.   Russia’s cyber attacks against Georgia reflected a new level of complexity, which built on the massive DDoS attacks against Estonia the year before.

Three weeks before the war began, alleged Russian hackers attacked Georgia's websites.  After first targeting the Georgian hacking community in an attempt to disable any potential counterattack, the hackers gained access to over fifty Georgian military and government networks, which were highly vulnerable.

The hackers shut down official sites in Gori, including some news sites, with denial of service attacks just prior to launching air combat operations.   Hackers hindered the Georgian Government's ability to communicate, which coupled with Russia's air, land and sea operations, degraded Georgia's defenses considerably.    DDoS attacks against the Georgian government, including the President's website, were well orchestrated.   On the day combat began, a website called "stopgeorgia.ru" went on line with a list of sites to attack, instructions on how to do so, and post-attack damage assessments.

The hackers' target audience extended beyond Georgia's domestic population.  The attackers also wanted to degrade Georgia’s ability to rally international support.  Attacks targeted Georgian media, communications companies, and transportation.  The National Bank of Georgia web site was replaced with pictures of twentieth century dictators.  Revisiting a modus operandi deployed effectively against Estonia in 2007, hackers used streams of botnets to shut down Georgian computers.

But while well-orchestrated, the attacks were far from perfect. The hackers revealed a detectable signature based on their presence in chat rooms prior to the attacks.  Following the same modus operandi as terrorists who plan attacks before executing them, the hackers mounted a surveillance operation against targets and conducted mock exercises before launching the actual attacks.

The attack was a gold mine for those who were closely studying Russian methods of attack and the lessons learned from Russia’s hybrid war against Georgia have implications for current U.S. strategy.

First, cyber operations cannot begin from a "cold start."  Good cyber defense therefore, requires active collection in the networks where the attacks are being planned.  Keep in mind that the U.S. has detected massive Russian cyber intrusions into our social media and networking sites, energy infrastructure, political party committees, and voting installations.

Second, the lines between the public and private sectors are blurred and opaque in cyberspace. Malicious state and non-state actors maintain symbiotic, sometimes proxy relationships with hacker communities that conduct non-attributable cyber operations targeting an enemy state's critical infrastructure, defense industry, and private sector writ large, sometimes on behalf of powerful benefactors or those with whom they shared an ideological affinity.

Third, effective cyber defense requires a holistic approach, a recognition that cyberspace is intertwined with other geographic domains where conflict can occur.

The U.S. needs a strategy to deter, defend, and counter Russia.  With less than 100 days before mid-term elections in the U.S., deterring another Kremlin cyber onslaught on our democratic process may not be fully possible.  State and local governments therefore need to harden voting installations and build a ‘right of boom’ incident response plan to shine the truth spotlight on any of Russia’s false narratives, which continue to penetrate our social media platforms.

Special Counsel Robert Mueller’s investigation has led to the successful indictment of a number of Russian intelligence officers and organizations, including an infamous, Kremlin-connected, “troll farm.”  In addition to sanctions and another round of diplomatic expulsions, President Donald Trump might also consider directing Cyber Command to target Russia’s hackers with an eye towards rendering their capability inert, but not before he takes the opportunity he missed during the Helsinki summit, to clearly warn Putin about the U.S.’ red line and his promise to enforce it.

Related Articles

Brothers in Arms: Americans Fighting in Ukraine

Brothers in Arms: Americans Fighting in Ukraine

Join Lt. General Frank Helmick (Ret.), Senior Vice President of SOSi and Gary Corn, Director of the Technology, Law, and Security Program at American [...] More

The Numbers Suggest Ukraine Can Sustain the Fight

OPINION — According to recent U.S. government estimates, approximately 315,000 Russian soldiers have either been killed or wounded in the ongoing war [...] More

Washington Needs to Focus on Multiple Border Issues for Stronger U.S. National Security

OPINION — The Ukrainian Armed Forces are starting the new year running critically low on supplies. Efforts by Congressional leaders and the Biden [...] More

Want to Know if Putin will ever give up Ukraine? History offers clues.

REVIEWS / BOOKS — Two books appeared this year that offer helpful and enlightening insights into the importance of history and its perception - or [...] More

Conflict is One Part History, One Part Petraeus Memoir

OPINION — David Petraeus and Andrew Roberts are getting lots of attention for their outstanding new book, Conflict: The Evolution of Warfare from [...] More

History Makes the Case for Helping Ukraine

EXPERT PERSPECTIVE / OPINION — Prior to the horrific events of 7 October 2023, the issue of providing Ukraine with military assistance was likely the [...] More