August 21, 2017 • Amanda McKeon
In this episode we take a closer look at Russia. Here in the United States, there’s been no shortage of news about Russia, its alleged interference in our presidential election, and its greater role in the global cybersecurity ecosystem.
But how did we get here? What’s the historical context for Russia’s cybersecurity strategy and posture, how does it compare to other players around the world, and what are our options for dealing with it? How do Russia’s relationships with its neighbors inform its approach to online warfare, and how do Russian citizens perceive their place in the world?
On today’s podcast we’re joined by Peter Debbins, an instructor at the Academy for Defense Intelligence, where he teaches on a wide range of Russian-related topics. His background includes service in the U.S. Army as an officer, experience in the private sector, and as a Russian-area analyst.
For those of you who’d prefer to read, here’s the transcript:
This is Recorded Future, inside threat intelligence for cybersecurity.
Hello, everyone. Thanks for joining us for episode 20 of the Recorded Future podcast. I’m Dave Bittner from the CyberWire. Today, we’re going to take another look at Russia. Here in the United States, there’s been no shortage of news about Russia — their alleged interference in our presidential elections, and their greater role in the global cybersecurity ecosystem. But how did we get here? What’s the historical context for Russia’s cybersecurity strategy and posture, and how does it compare to other players around the world? And what are our options for dealing with it?
On today’s podcast, we’re joined by Peter Debbins, an instructor at the Academy for Defense Intelligence, where he teaches on a wide range of Russian-related topics. His background includes service in the U.S. Army as an officer, commercial business, and Russian-area analysis. Stay with us.
I got involved in all things Russian, mainly because my background is from that area. My mother was Russian, and during World War II, they were slave laborers in a camp in Germany. So, when I was growing up as a kid, I got fed lots of stories that made me very interested in this topic. I lived in Russia for three years during the ’90s, and during the OTS, I traveled there regularly.
The last time I was there was six years ago. I served in the Army for seven and a half years as an officer. I got out, I worked in commercial business for five years and came out here, and I worked as a Russian analyst for four years. Then, because the guy who runs the cyber division down at the Academy for Defense Intelligence knew me from Fort Meade, he grabbed me to be an instructor, so I started getting into the cyber realm for the past year and a half.
Russia is in the news with all their cyber operations, all their activities, and the big thing that people don’t ask, you know, we always see what they’re doing … what we don’t ask is, what is their motivation? What’s their objective?
Can you sort of set the table for us first? What’s the history that leads us up to this moment?
The way I look at it is: what is Russia’s worldview? This is really looking at, what is the story that they are telling themselves? I want to take this into context because I want to look at, for us to better understand the Russian … what the story the Russians are telling themselves … because really the point is … their grand strategy is to use all their means available to achieve their goal, their national goal.
And what is their national goal or the national objective? To better understand that, I actually want to step back and look at the other major players in the world, and look at what is the story that they tell themselves, what is their goals as well? And I’d like to start off with China, because this actually gives some enlightenment as to what motivates the Chinese in their cyber operations.
But, the Chinese … the Han, specifically the Han people, look at their country as what they call the “zhong dao.” What their idea is, is that we are the middle kingdom. And as long as there is stability within China itself, naturally, because it is such a huge country, the rest of the world will revolve around it. Sort of, like, China will be this great gravitational body.
But, the big emphasis for them is trying to maintain internal stability as much as possible, and this comes from their 6,000-year history. That every time that China had internal stability, they were strong — other nations deferred to them. And when they were divided and weak internally, that’s when their enemies came and took them over.
Their cyber strategy is … we see this with their great wall of … their great firewall of China. Where they try to, you know, they have heavy censorship, they control what is placed on the internet that they have within their country. It also tells about why they really try to acquire technology from foreign countries, through their cyber means, because it ensures their internal prosperity.
If we look at China … I just want to touch briefly on China and Russia. And I think there’s a lot of misunderstanding with their relationship. And this has happened in … for the longest time, for several decades, is, they view the populace of China as teeming with people and wanting to flood north. And the reality is, it hasn’t happened, and it won’t happen. Mainly because … first of all, I’m from Minnesota, and cold water is … absolutely, compared to warm weather, cold water really sucks.
So, the Chinese are not going to go to Russia. And, actually, the Chinese who do move to Russia generally have settled in the European parts of Russia. Most of them live in the major cities in the west. And they’re there for business purposes. I would see … you know, Russia playing the junior partner role to China, which suits China’s grand strategy, where they see, again, we’ve established internal stability. Russia is now within our orbit. And so, as a result, if we think that, “Hey, we can talk the Chinese into taking on the Russians, it won’t happen,” and vice versa. Because the Russians do not view the Chinese as a threat. They haven’t historically, and nor do they now.
For Europe … if you look at Europe, there’s something like over 200 different nationalities on the European continent. And the big European objective is: how do we maintain unity of over 200 people in over 200 different nationalities in this area, on this continent? And what they’ve always been doing since Roman times is having a binding ideology to hold them together, whether it be the Roman laws enforced by the Roman legions, whether it be the Catholic Church during the Middle Ages, or if we more recently look at France — you know, under Napoleon — with their French Revolutionary ideals, they tried to unify Europe. And a more darker period was during the Nazi area, where Hitler, under the ideology of Eugenics, tried to unify Europe under a racial hierarchy.
And right now, the current ideology we see throughout the European Union is an emphasis on humanism. Where … try to make things as comfortable for the human condition as possible. So, you see a rather generous welfare state. But you also see it in their cyber policy, where there’s a strong emphasis on privacy because they don’t want … you know, the human condition cannot be comfortable if you’re always embarrassed by what you do online. So, they’re very strict on their privacy laws.
And if you look at U.S. national objectives … this came out, actually, since 1775, when we had a revolution. Our big thing when we look at the world is, we do not like it when a hegemon dominates other countries. And our experience was that the British tried to dominate our interaction with other countries by regulating our trade, and that’s why we had our Revolutionary War against them. And we’ve had the Monroe Doctrine, which was a case. We had the Open Door Policy towards China where we stopped European powers from trying to colonize China. And we’ve set up these international bodies, whether they be the League of Nations, or the United Nations, to allow nations to freely interact with each other, where no one nation dominates another nation.
In the cyber … where we see this in the U.S., and our cyber strategy is, we helped establish and promote ICAN. We try to ensure an open cyberspace through Tor. So, you see the three main players in the world, and you see what their national objectives are, what their national goals are, and how it influences their cyber operations.
So, let’s get to Russia. How do the Russians see the world? They see two things. They see that they’ve always been invaded. They’ve been in a state of constant war with the nationalities from the south. From the Steppe … primarily from the Steppe. So you look at the Tatars, you look at the Mongolians. Since the rise to the Turks, they’ve been in constant state of war with the Ottoman Empire, basically, from the 1500s to 1918, when they finally signed a peace treaty. And then, at that point, the Ottoman Empire was abolished when World War I ended.
And their big concern is, when they look at Europe, they’re very concerned about one nation becoming a powerful nation and forming alliance with a bunch of smaller nations to invade them. So, they’ve had experience where the Swedes invaded them, in alliance with a bunch of smaller nations. They had experience with the Poles invading them, again, in alliance with smaller nations. And then France, and then Germany. And so, what happens is, they look at their nation and say, “We are constantly under attack, and we’ve always been in a state of war.” And so this is very important to understand what they do in the cyberspace, that, if they sit here and say, “We’ve always been in a state of war, and in the cyberspace, we are constantly at a state of war.”
But when they look at their overall grand strategy to ensure their safety and their survival, they said, “Okay, this is what we need to have. We need to have neutral states to our west. So, any neighboring states on our western flank, basically in Europe, should be neutral and not allied to another power, and that way they can ensure safety on the western side.” On the eastern side, they’ve never had a concern, because the one thing that’s very interesting is China and Russia have never been historic enemies. They’ve never had a war or really put a conflict with a geopolitical conflict with each other.
But, their big concern is, of course, to the south, and what they look at the south is, they look and say, “Okay, Georgia and Armenia are buffer states to keep us safe from the attacks from the south, and because they’re also Orthodox Christian as well.” But then they look at the Balkans and say, “Okay, those are Orthodox. That should be an area under our influence. An area, sort of how we view the western hemisphere as … this is a neutral area that outsiders should not be involved in. We should be dominant in this area.”
And then, finally, the final objective is that the Bosphorus strait would be open, and there would be a restored Byzantine control over Constantinople. So this is where … this is their view that they developed in the 1800s. Of course, during the Communist times, that whole worldview was turned upside down when Russia basically became the promoter of establishing world Communism. And now that, you know, Communism … after Communism fell, Russia is steadily defaulting back to its original position.
One other thing that I forgot to add in was, if you look at where they see Central Asia, was they look at Central Asia as an area where they would eventually settle with ethnic Russians and form what they call a “krayina,” a border land. And this is where the term Ukraine comes from. It also means border land, where you would basically have a state, but it would defer its foreign policy and defense policy towards Russia.
They have this thing called Gerasimov Doctrine. So, General Valery Gerasimov is the Chief of the General Staff. In 2014, he wrote an article in which he said, basically, in the 21st century, we see a blurred line between war and peace. Again, this goes back to their traditional mindset that Russia is in a constant state of war. When it goes back to their worldview, they see themselves in a constant state of war with potential rivals. So, if we look at how they view the United States, they view us as a potential rival, or even an actual rival right now.
In 2003, the general staff of the Russian military came up with what they called the defense white paper. It’s actually called the “2003 Defense White Paper,” in Russian. And you can go online and read it yourself, it’s actually a really interesting paper. And it was actually written in a very unique time because what happened in 2003? You saw the U.S. invasion of Iraq, you saw the U.S. already involved in Afghanistan. And they looked, basically, at the landscape, and … they saw, for example, what was going on in the Middle East, they saw the first Gulf War, and they came to some very interesting conclusions. And what ended up happening was … it was almost clairvoyant, where it saw the emerging of the cyberspace. But this … let me read through this.
So, they looked at a significant part of all conflict that has asymmetrical nature. Things are not equal on all sides. You don’t have 1,000 tanks on the American side, you don’t have 1,000 tanks on the Russian side. You don’t have 1,000 cruise missiles on the Russian side, you don’t have 1,000 cruise missiles on the American side. Asymmetrical is saying we only have maybe 10 cruise missiles, but there’s other weapons we can use. So, for example, guerrilla warfare, or we use terrorists to promote our strategy.
So, the view that, hey, don’t look at warfare that things have to be equal in some way. That you’re gonna have to be equal to your opponent. That every warfare is asymmetrical. And this comes from their strategic thinking … that came out from the Soviet content, called it correlation of forces, which means that you could have disadvantage in one or several areas, but it doesn’t prevent you from implementing your strategy or achieving your goals. And, you know, they did this during the Soviet time. For example, the Soviets had no way of projecting their military power into Latin America or Africa, but they could use indigenous leaders, use indigenous guerrilla forces as a bridge head, and then they would use labor unions and anti-war protesters in Europe and the United States to stop the Europeans or the Americans from stopping the Soviets. So this is where they looked at the correlation of forces saying, “We’re militarily weak and have inferior forces, but we have these other resources that we can use.”
So, that’s the first point of the Defense White Paper. The second part is the outcome of all conflicts is determined by initial phase, and the party that takes initiative has the advantage. Now, they’re looking at, at this point, as if you look in the cyber realm, they said, “We have to establish the initiative during the initial phase.” So, this explains why they’re constantly trying to shape the cyberspace, right now, even though we’re not in actual conflict with them right now in other areas. They look at the cyberspace and say, “We have to establish the dominance in this area.”
So, the second point of the Defense White Paper is not only military, but political and military command and control systems, economic infrastructure, and populations are the primary targets. Then, the fourth point is, information and electronic warfare have a great impact. The fifth point is, unified command and joint cooperations are essential. Going onto the sixth point, is going onto … they had viewed the world during 2003 that everything was going to be decided by precision weapons. Because at that time, that was the generation of warfare we were in. Precision weapons, and I said, once established, is the modes to fight war.
Well, if you look at what they’re doing, they’re not focusing on the precision weapons. I mean, we see how they’re fighting in Syria where they’re just dropping dumb bombs. They’re looking and saying our precision weapons systems that we have is now our cyber tools. Their seventh point is, conventional forces are important after the precision war is decided. Now, this is bringing 2003, when they were looking at precision weapon systems. Now, if you translate 2017, conventional forces are important after the cyberwar is decided.
So, and we’ll see … you know, we see this, for example, in Crimea or the Ukraine. Then, their last point is, the dominance of air power requires a robust electronic warfare resistant anti-aircraft system. Again, this is … they saw the world as, back in 2003, as, you know, air power’s dominant, precision weapons are dominant. Now, they actually have a lot more flexibility because they say, “Hey, we have actually a lot of dominance in the cyberspace.” And, again, going back to their second point: the outcome of conflict is determined by its initial phase, and the party that takes initiative has the advantage.
So, this explains why they’re in the cyberspace right now and why they feel that they have to be at war with us or their rivals in the cyberspace, even though we’re … for example, we may have cultural exchanges, we may have economic relationships, we may even be doing joint military exercises together. Or joint military operations, you know, for example, in the Middle East. But they say at some point, we may be at war, and they better establish dominance right away in the cyberspace.
And how much of this is that they have leeway, because the lines in the sand when it comes to cyber are clearly drawn as they would be in a traditional, you know, kinetic warfare?
Right, and this goes back to Gerasimov Doctrine. But then, again, it goes to their historical outlook. That, there is no definition between a state of war and a state of peace. So, and as I said, if you look at, for example, their history since the 1200s to 1918, when World War I ended, they were in a constant state of war with their southern neighbors. And some periods they may have peace, but again, going back to it is, they look at the cyberspace as, “Hey, this is the place where we can continually maintain our state of warfare. Because that’s what we’re in, anyway.”
So, when we look back at the Cold War, and I think it was pretty common for people to make comparisons between, for example, the United States and the Soviet Union, and you could say, you know, we have this many nuclear warheads, we have this many aircraft carriers, they have this many submarines. How do we make those comparisons in the cyber realm in terms of capabilities?
Well, the Russians have a unique situation in which they have a really … a very good public education system at the elementary and the secondary level. Plus, they have a very good university system. So, they produce all these programmers and all these people with a high level of technical skills, but they don’t have an industry to support it. This is why they are very much involved in criminal activity in the cyber realm, but again, you can easily translate their criminal activity into promoting their national objectives.
And so, I would say at least on a correlation of forces, they have a superiority. And then, second is, not only in numerical terms — in skill terms — but second is, they have a different mindset. Third point is, they have a different mindset. And this actually is a rather sad product of their 70 years of communism, and what communism taught was, the human being has no soul, the human being is a material being. And as a result, they look at relationships as mercantile. That as long as whatever supports the objectives of the party, it’s perfectly acceptable.
So, the Russians will cross moral boundaries that we in the West, even in China, probably would not. Well … I have to hold on what I’d say about China, because, again, China has that strong communist influence. But, the Chinese and Russians will cross moral boundaries that we won’t. Now, again, the Chinese … they have a different national objective, which explains their cyber strategies much more subtle, less blatant. The Russians are very blatant, and they’re willing to tolerate not only a lot of … I’d say, destruction on their target, but also, they’re willing to tolerate blow back on their part. They’re willing to cross more moral boundaries than we are.
And so, in the cyber realm, does that give them a certain advantage?
And how does that play out?
You look at, for example, in Ukraine, when they hacked the power grids. They shut it down. And you don’t know … fortunately for Ukraine is, they had a lot of legacy infrastructure still in place, which meant that their equipment was still very old, so they could send out their workers to … with cell phones and, you know, restore the power. But, just think about the effects that would have had if somebody was on a dialysis or respirator, and you would have had a bunch of fatalities as a result. You know?
In the United States we would say we wouldn’t be willing to tolerate that.
Looking at the Russian interference with the U.S. election this past cycle, how does that play into this historical framework that you describe?
They look at the United States as their major rival. The hacking actually served … you know, serves them very well. Because what does it do? What do we see right now going on in the news? We’ve broken the bond of trust between the leadership of the country and their people. And it makes the nation less effective to project its power. And in this case, the Russians say it makes America less able to protect its power against Russian interest.
Because right now there’s … half the country does not believe that the president is legitimately elected, and as a result, the country doesn’t have full support to support the president’s national objectives. Before the election, because we knew that the Russians were constantly involved in our electoral process … you knew they were hacking the voting machines, and then of course, the Podesta email leaks that were going on.
And my hunch was, is … you know, I had this one prediction, and this is why we should never get into prediction. But I said, “Oh, imagine a case in scenario where Hillary was to win the election with a majority of electoral votes. Let’s say she won more than 270. But, Trump would have gotten more popular votes.” You know, and whether it had been through manipulation of the voting machines, or what may have been the case, what would have been Hillary’s situation that she would deal with? She would be, again, in the same situation as Trump, where, she would not be regarded by half of the country as legitimate leader of the country.
Let’s talk about influence operations. Again, with the election, we hear that a lot of what was done was sort of targeting … let’s call it, propaganda toward specific voters. Is that a … that’s a standard part of the Russian playbook, yes?
Yes, it is. And they did this throughout the Cold War. At that time, during the Soviet times, they were trying to … their target audience was people of left-wing orientation. And now, Russia really sees this opportunity where people of, let’s say, more traditional, what you call, right-wing, conservative orientations, are an untapped market for Russian influence operations. And so, you’ll see, for example, in Russia today, or even in their cyber operations, if you look at their bots, their trolls … what agendas are they trying to promote?
Again, they try to portray European, Western society as decadent, and Russia’s as reviving moral authority in the world.
What’s on the table in terms of the spectrum of possible responses from the West?
So, can we do a counter operation against the Russians? And I’m talking about a counter-influence operation against the Russians. Well, here’s what’s very interesting. You know, the Russians have this huge cyber capability. Generally externally oriented. And yet, if you look at them internally, you know, unlike the Chinese, the Russian government is actually fairly relaxed about internal opposition.
And why is that? Mainly because they, first of all, have … most Russians — well, I say about 70%, you know, the figure’s at least two thirds — basically get all their news from official sources. You know, whether it be from TV … and primarily from TV and radio, because if you look at Russia, a lot of people really don’t have regular access to the internet.
And second is, they actually have a very effective internal counter-propaganda campaign. Because all they gotta do is, they tell stories about, you know, adopted children being adopted by LGBT parents, and the parents are abusing these children, or, for example, in Belgium, they’re euthanizing children. So, they have a very effective internal counter-propaganda campaign with their population, which is very effective.
And third is, they actually do allow the opposition to voice their opinion, both on media and on the internet. But, the reason they allow them to do it is because they can say, “Look, you can voice your opinion, but it has no impact on the Russian psyche. You’re not going to change things.” So, in a sense, it … the opposition gets demoralized because it said we can put out all this salacious information about the Russian government. We can put out all this information about how they’re abusing their own people, but it really has no impact. And the Russian government can tell the opposition, it says, “Look, you guys have no impact at all.”
And so, how can we counter it? There’s a few things to look at. And we can look at missed opportunities. One of which is, can we integrate Russia into the Atlantic Alliance? And we tried that during the 90s. We actually made an approach to Russia to Boris Yeltsin, and said, “Look, join NATO.” There was actually two forces in the Russian government that stopped it. One was the Russian military saying, “Look, we’re a great power, we should have a right to determine our own policy.” And second was, the internal security forces which says, “Well, just because of our culture and our equipment, we won’t be able to integrate into the Atlantic Alliance.”
And actually, I look at it more cynically, they didn’t want to be integrated into the Atlantic Alliance because they would have had to reduce the level of corruption in their society. Like, for example, Romania gets integrated into NATO, or Bulgaria, or Croatia. They’ve had to reduce their corruption to become a more civil society.
As in terms to the response … that’s actually deeper. I think, you know, we’re extremely … more focusing on the cyber realm. Counter-information campaigns within Russia are going to have limited effects. I would say, what we should do is, if the Russians are going to use traditionalism, conservatism, nationalism, as their message, let’s see how we can exploit that. And, in a sense where they’re throwing nationalism, traditional values, and conservatism towards us, when their information operations are in the West, how can we do that in return?
And if you look at, for example, the case of Navalny, you know, the opposition leader. He’s actually tied himself as a nationalist in Russia. That would really be the … that would be one of the ways. But, again, is … what message do we have to offer? Do we say, “Hey, the Russian government isn’t conservative enough because they talk about traditional family values, yet everyone in the Putin administration all has mistresses or divorced their wives?” And they’ll just come back and say, “Okay, well, you guys promote the LGBT agenda in the West.”
Russians are really left with no choice, and I think Navalny is actually interesting that he is trying to portray himself as a clean nationalist in Russia. But as for us, to be able to exploit it, I think we’re very limited.
As we look forward, how do you see this playing out?
Well, there are several areas. One is, if you look at the Ukraine … again, they’re closest to the Russians, to our perspective … they view Ukraine as part of this greater roof. Like Belarus, Ukraine and … you know, they were trying to get someplace in Central Asia back in the 19–1800s. The thing is, the Russians are concerned about themselves because they’re going to be running out of money themselves in about two, three years.
And they’re gonna have a lot of internal instability at the same time. But at the same time, look at western Europe. Is western Europe able to take advantage of that? No, because western Europe is also running out of money. You look at … their welfare state is going bankrupt. You know, unless you have a nationalist force rise in Russia itself, it’s just going to get darker, where the Russians are going to continue to do more operations against us because it’s a way to prevent their system from collapsing.
And I look at, you know, in the 1970s, in the Soviet Union. Very interesting that the Soviets were very aggressive in the 1970s at the point where their whole system was starting to fall apart. Because they realized, “In order for us to keep power, we have to undercut everybody else in the world.” And that’s why, for example, they went into Afghanistan, they went into Latin America, because they said, “Hey, we need to try to dominate the world before we fall apart.”
I see, especially in Europe where they’re going to make a very robust campaign, especially in information operations, in Europe, and then on top of that is, we don’t know … especially in the area, what they call the information technical effects. For example, computer network attacks and computer network defense and exploitation. You know, we don’t know how far they’ve penetrated the European critical network infrastructure.
When it comes to those incursions into critical infrastructure, how much of it is warning shots? You know, shots across the bow to say, “Hey, we have these capabilities. Don’t mess with us.”
Don’t mess with us. And then, really, they’re trying to create their own form of shock and awe. You know, we for example, we had in the early 2000s where the Middle East was in shock and awe at U.S. military capabilities. And the same thing is, you know, you look at Ukraine, it’s sort of, you know, with the case where they were taking down the power grid, was this is a shot across the bow to the West, in saying, “Look. If you cross certain lines with us, we’ll take down your critical network infrastructure.”
I don’t know how deep they are into it. I would say it’s an effective deterrent, especially with Europeans.
But, I guess then there’s always the risk that you take down one too many power grids, and suddenly you’re getting attacked with … you know, the response is to come in with traditional weapons.
Yes. But then, if you look at … you know, the Russian perspective is, they don’t have really anything to fear from European conventional weapons because militarily, Europe is weak. They would have to fear the United States, but if you, again, if half the population of the United States doesn’t believe that Trump is legitimately the president, you know, Trump’s ability to respond back would be limited as well.
They’re looking at the information operations as a correlation of force as saying, “Okay, our biggest threat is the United States, but the United States is neutralized because politically, they’re divided.”
So, what would your advice be to the leaders of the United States for how best to deal with this situation?
There’s the two options: either you would give the Russians their space, or second is, start thinking the long game, and say, “How do I get the Russian society to join us, to share our values?” And I would say, this step that you would do is, how do you foster a very strong nationalist movement within Russia itself?
Our thanks to Peter Debbins for joining us.
Don’t forget to sign up for the Recorded Future Cyber Daily email, where every day you’ll receive the top results for trending technical indicators that are crossing the web, cyber news, targeted industries, threat actors, exploited vulnerabilities, malware, suspicious IP addresses, and much more. You can find that at recordedfuture.com/intel.
And be sure to save the date for RFUN, the sixth annual threat intelligence conference coming up in October in Washington, D.C. Attendees will gain valuable insight into threat intelligence best practices by hearing from industry luminaries, peers, and Recorded Future experts. Details are at recordedfuture.com/rfun.
We hope you’ve enjoyed the show and that you’ll subscribe and help spread the word among your colleagues and online. The Recorded Future podcast team includes Coordinating Producer Amanda McKeon, Executive Producer Greg Barrette. The show is produced by Pratt Street Media, with Editor John Petrik, Executive Producer Peter Kilpe, and I’m David Bittner.
Thanks for listening.