Trump may be listening to Putin’s complaints about sanctions with a sympathetic ear, but he probably won’t be able to deliver meaningful relief. Strong majorities in the U.S. Congress, as well as other Western politicians, for now seem more interested in ratcheting up the financial pain on Moscow due to such well-documented bad behavior as the confirmed use of a sophisticated Russian chemical agent to try to murder a former Russian spy in England in March 2018 and the publication of further details about Russian interference in the 2016 U.S. election. Proposals have ranged from publicizing the details of the billions of dollars Putin is believed to have stashed in overseas accounts, to removing Russian banks from the SWIFT system, which allows banks worldwide to share information on transactions—a step that would impose an effective financial embargo on Moscow.
William Brooke Stallsmith, Former Member, Senior Analytic Service, CIA
"Should Putin ask for sanctions relief and be thwarted, he may use less diplomatic moves to call attention to the issue. That is, Moscow could retaliate against U.S. and other Western financial systems with measures drawing on the cyber expertise and operational boldness the Russians continue to flaunt."
Why Worry?
Putin and his regime might perceive continued obstacles to their access to international capital—whether caused by U.S. actions or the vagaries of financial markets—as the same sort of threat to their hold on power as post-Cold War efforts to promote democracy and good governance. To put the issue in Chinese terms, Moscow could see interference with its access to Western capital, not to mention to regime insiders’ ability to park their wealth in safe havens, as a “color revolution with financial characteristics.” Just as paranoia about Western democracy promotion has led to Russian retaliation in the form of cyber-based interference in U.S., French, German, UK, and other elections, so might resentment over the financial vise on Moscow, lead to retribution in the financial sphere.
Manipulating or disrupting international financial markets would, of course, be a risky move. But Putin’s Russia has shown remarkable risk tolerance and could feel further emboldened by its ability, until now, to weather Western reaction—or lack thereof—to brazen moves such as murdering enemies in Britain or tilting the U.S. electoral field. Moreover, visibly standing up to Western pressure and wrong-footing the “main enemy” (aka, the United States) remains a key element of Putin’s popular appeal and elite support.
The Russian intelligence and security services have already demonstrated their ability and willingness to disrupt other countries’ financial systems, as well as interest in collecting on—at least—U.S. banks and other economic actors. Kremlin-orchestrated cyber operations have disrupted the financial systems of Estonia (2007), Georgia (2008), and Ukraine (2017) with impunity—reflecting in part, the continuing difficulty of establishing unambiguous attribution for on-line operations. Meanwhile, deep-cover agents of the SVR, Russia’s foreign intelligence service, have been tasked to collect on topics ranging from high-speed trading tactics on the New York Stock Exchange to the gold market.
What Are Some Vulnerabilities and Scenarios?
I suggest there are at least three potential areas of vulnerability in U.S. and other Western financial systems that Russian actors could exploit.
First, in what I consider the least malign area, Putin-linked actors could steal proprietary information from financial or other firms to move securities markets. The Russians could use existing hacking efforts such as Fancy Bear—a cyber espionage group reportedly linked to the GRU military intelligence service—to collect such data, and they may be able to recruit insider help from the many Russian and other post-Soviet émigrés who help create trading algorithms and run other IT functions for U.S., UK, and other financial firms. The GRU or SVR could use this information to conduct trades for the regime’s profit or, more deviously, try to undermine the share prices or creditworthiness of firms seen as enemies of Moscow’s interests, such as manufacturers of weapons systems sold to Ukraine or energy companies whose innovative technologies have undercut Russia’s own oil and gas exports.
Second, and moving up the scale of malignancy, the Russians could exploit financial markets’ vulnerability to ‘flash crashes.’ In 2010, glitches in trading algorithms apparently caused the Dow Jones Industrial Average to drop 9 percent in five minutes, while a fake tweet in 2013 about a bomb explosion at the White House caused the S&P 500 Index to lose $136 billion in market value within five minutes. The accelerating speed and growing complexity of trading systems and markets would make it tough to attribute responsibility or even to understand what happened—especially if the markets were being disrupted by some other, unrelated event, such as war fears on the Korean Peninsula.
Finally, the most serious scenario could see Russian actors undermining the integrity of the IT systems where corporate, exchange, government, and personal financial records now reside. Moscow could view such a drastic step as a proportionate response to future Western efforts to block Russia’s—or Putin’s personal—access to global financial markets. Russia’s intelligence services are world leaders in the sophistication and reach of their cyber operations.
Are We Ready?
As one of Putin’s predecessors in the Kremlin, Vladimir Lenin, might ask at this juncture, what is to be done? The overarching themes for protecting our financial markets should be the same ones the United States and our allies have used against terrorism since 9/11:
- If you see something, say something;
- Share threat information as much as possible.
William Brooke Stallsmith, Former Member, Senior Analytic Service, CIA
"At the same time, information must be shared with leading financial players. Banks’ and securities exchanges’ efforts to protect critical data will be incomplete if these are based on incomplete information."
Sharing of threat information—involving both public- and private-sector actors—should, moreover, be done across national borders and draw on the resources and expertise of all democratic Western governments. Financial markets and institutions are globally linked; the response and preparation for a threat to them must be global as well.
Finally, public- and private-sector actors need to prepare now for how they would respond to and remediate a Russian—or other—attack on the functioning and integrity of our financial infrastructure. The speed of financial transactions is constantly accelerating; banks and markets are growing ever more dependent on open cyber systems; and relations among states and non-state actors risk veering toward chaos. All of this may make “when” rather than “whether” the right question to ask with regard to a systemic Russian—or other—effort to hamstring the Western financial markets and institutions.
William Brooke Stallsmith is an intelligence analyst who has worked in the U.S. Intelligence Community on economic espionage, counterintelligence, regional stability in Africa and the Near East, and international economic issues. He retired from the Central Intelligence Agency in 2007 as a member of the Senior Analytic Service. He earned an MBA from Columbia University and a BA from the University of Virginia.
This brief was originally published in April, 2018 and has been updated.
