One of the most iconic images of the 20th century is that of U.S. Army troops wading ashore onto Omaha Beach from their landing craft on June 6, 1944 under Nazi machine gun fire to create a beachhead for the Allies. The beachheads of the future, however, are being established today in cyber space. In military strategy, creating a beachhead means concentrating efforts on one area which can become a jumping-off point for a bigger operation. For America’s adversaries, penetrating our technology sector is a smart and cost-effective beachhead strategy – whether the end goal is economic warfare, influence operations, or support for kinetic military operations. It is through the technology sector that America’s adversaries can infiltrate the supply chains of the national security industrial base and establish backdoors into government and private networks.
Hostile cyber actions against a nation’s private industry are an increasingly dangerous and effective component of modern-day economic warfare, or “cyber-enabled economic warfare (CEEW),” as my colleague Dr. Samantha Ravich described it. “Both states and non-state actors are increasingly able to contemplate and deploy pernicious cyber attacks against the critical economic assets and systems of their adversaries, targeting their national security and military capabilities,” Ravich and another colleague, Annie Fixler, explain.
In 2016 alone, malicious cyber activity cost the U.S. economy as much as $100 billion, and analyses of the direct cost of cyber crime estimate that the total will reach $6 trillion by 2021. China and Russia constitute two of the biggest nation-state threats in the cyber domain. These countries use their technology sectors to conduct CEEW and to create the beachheads of the 21st century. As a 2017 report from the U.S. director of national intelligence made clear, “Russia is a fullscope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure. Moscow has a highly advanced offensive cyber program, and in recent years, the Kremlin has assumed a more aggressive cyber posture.”
Much of the analysis of Russia’s use of asymmetric tools has focused on its efforts to undermine democratic institutions through information warfare. In the case of Russia’s election interference – in the United States and across Europe – the intentions are clear: “[S]ow chaos and cynicism through exploiting divisions in society as a means of undermining democracy.”
This is very much the case, yet an emphasis on the propaganda value of cyber attacks should not obscure their significance as a form of CEEW. For example, Russia’s 2007 attacks on Estonia may be one of the earliest cases of cyber-enabled economic warfare. When Russian hackers crippled the Ukrainian electric grid nearly a decade later, some experts continued to focus only on the propaganda value and the impact on public confidence in Kiev’s government – a government which cannot reliably deliver electricity to the people loses public trust and “create[s] the perception of a failed state” – rather than also assessing the adverse economic effects and the ways they undermine Ukraine’s national security.
While more analysis and intelligence gathering is necessary to fully understand how Russia’s military cyber doctrine seeks to weaken a nation’s economy and thereby its ability to deploy military power, the United States and its allies are already feeling the effects.
Kaspersky Lab, the Russian antivirus company built by Eugene and Natalya Kaspersky, provides one of the best examples of how technical knowhow, market foresight, and government cooperation can produce not only a global tech giant but also a serious national security threat. But while Kaspersky Lab has gotten public scrutiny, other Russian tech companies, including those that are direct outgrowths of Kaspersky, have received less attention. These technology companies provide Russian authorities beachheads for other strategic initiatives.
Read the complete report here.