By Dr. Khatuna Mshvidobadze and Ambassador David J. Smith
The George Washington University College of Professional Studies invited us to present Russian Information and Cyber Warfare Threats: What We Know from the Russian Attack on Ukraine. On March 14, we made a virtual presentation to current and prospective GW students. This presentation, constantly updated, has been made worldwide for over a decade. At GW, we offer the current version to our classes just about every semester. This time, regrettably, the updates were all about Russia’s attack on Ukraine.
We emphasize the importance of understanding the cultural and historical contexts to any subject. Consequently, we began with a warning not to assume that Russians see things as we do. What we are seeing today in Ukraine is the Russian emphasis on 19th Century-style geopolitics, particularly on its periphery. And information warfare is a part of any Russian conflict.
Russian cyber warfare is part of information warfare. They do not draw the distinctions that are common in the West, say, between cyber warfare and electronic warfare. They are both arrows in the quiver of information warfare. As an example, we related the story of GPS-spoofing in the Black Sea—misdirecting ships at sea. And Russians have been thinking about information warfare longer than have we. Much of their doctrinal writing is rooted in the mid-1980s work of Marshal of the Soviet Union Nikolai Ogarkov.
One reads and hears a lot about cyber-attacks coming from Russia, but who are the main players? Of course, the FSB, successor to the infamous KGB, and the SVR, Russian foreign intelligence, are front-and-center. But our research reveals the growing role of the GRU, Russian military intelligence, and of the military in general. And we must include in the lineup the various associated criminal hacker groups.
Over the past few years, a lot of the efforts of these groups have been directed at Ukraine. A group dubbed Sandworm managed to turn out the lights in the western Ukrainian city of Ivano-Frankivsk in 2015, and in Kyiv in 2016. They also aimed the now-famous Not-Petya malware at Ukrainian targets in 2017. The wiper disguised as ransomware escaped into the wild, costing worldwide business over $10 Billion.
With the on-the-ground military buildup around Ukraine, we saw a predictable uptick in cyber activity directed at Ukraine, including a new wiper called Ghostwriter. And since the invasion, emphasis has been on information operations with little effect in the west or in Ukraine, but moderate success among Russia’s own population.
We expected to see impressive cyber-attacks on critical infrastructure, coordinated with kinetic military operations. But—so far—that has been the dog that didn’t bark. We offered a few possible explanations for that, the scariest being that they are saving the most potent attacks for the United States. President Biden has repeatedly warned about this, most recently saying, “It’s coming.”
This is just a taste of what we hope was an interesting evening, and just one example of the wide range of contemporary topics offered to GW students.
Khatuna Mshvidobadze, Ph.D. is a cyber security expert and professorial lecturer. Speaker at TEDx, DefCon, RSA, and more. Presented topics on cyber threats at different venues inside and outside of the country: Office of the Secretary of Defense, FBI Headquarters and field offices, Department of Justice, Defense Intelligence Agency, U.S Healthcare Sector Coordinating Council, Mitre Corporation, Raytheon BBN Technologies, NATO and EU events. Currently, she is a professorial lecturer of cyber security at George Washington University and Champlain College. Previously, she was an Advisor to the Minister of Defense of Georgia and Deputy Director of the Information Center on NATO.
Ambassador David J. Smith, adjunct professor. He is a foreign policy professional with over 40 years of experience in the U.S. military, Pentagon, State Department, both houses of Congress, three diplomatic delegations—bilateral, inter-alliance and UN—defense industry, research institutes and democratic development. Background in NATO and former Soviet Union, Caucasus and Black Sea, arms control, missile defense and cyber security policy.