DEVELOPMENTS

In the 2008 Russia-Georgia crisis, Russian computer programmers, known as crackers, timed cyber-assaults on Georgian government websites to coincide with the Russian military’s ground invasion. The attacks, while apparently decentralized from and unsanctioned by the Russian command, were a proof-of-concept for a new form of warfare. Crackers created a program an ordinary user could download and run on his personal computer, constantly sending communications requests to websites. Web servers — overloaded trying to respond to large amounts of requests — shut down, disabling communications systems and websites throughout the country. Russia’s active underground hacking community, especially when coupled with official government programs, will prove a difficult bear to tame in the coming years, as cyber-warfare becomes more commonplace and increasingly accessible.

BACKGROUND

Since 2006, the number of cyber-attacks across the globe has grown, with the greatest increase coming last year, according to a recent Center for Strategic and International Studies (CSIS) report.  Many of these attacks are quick, decentralized, and nearly impossible to trace. This poses a great challenge for cyber-defense policy. Today a small, determined group of crackers can wield a tremendous amount of power. Programmers can create simple tools that any user can willingly download and launch their own attacks with, disseminating the power across the internet.

According to a study by the United States Cyber Consequences Unit (US-CCU), the cyber campaign waged against Georgia in 2008 presents a pattern that is a likely model for future conflicts. Along with traditional warfare, the coordinated cyber-attack on Georgian websites resulted in denials of service and defaced websites. The cyber-attacks were launched from several different countries, aided by Russian-organized crime syndicates. Social media websites were used to recruit people to their cause.

Initial targets included government websites, financial institutions, and news outlets — each would have been primary targets for the Russian Army in any physical invasion. However, with the attacks being conducted in cyberspace by third parties, the Russian Army was able to shift its resources elsewhere. Although the official Russian position remains that there was no coordination between the cyber- and ground troops,the high degree of collaboration suggests otherwise .

In addition, the Georgian cyber-attack does not appear to be an isolated incident; observers note a solely electronic attack one year earlier, directed at Estonia. Following the removal of a statue commemorating a Red Army hero, Estonian websites faced a bevy of cyber-attacks originating from Russia. The attacks had a particularly profound impact given the range of Estonian government services–from banking to parliamentary elections–which operate online. Given the risk to the nation’s economy, Estonian website administrators were forced to shut down access from international users in order to keep domestic communities online.

Here in the U.S., intelligence services detected intrusions on the electrical grid in 2008, as cyber-spies from Russia and China attempted to map the country’s electrical services. The intruders left behind small programs intended to lay dormant until a time of war, when they would be activated to destabilize our energy grid. In the 2010 Annual Threat Assessment, U.S. Director of National Intelligence Dennis C. Blair described the U.S. cyber-infrastructure as severely threatened, noting that cybercriminals demonstrate “remarkable technical innovation with an agility presently exceeding the response capability of network defenders.” Neither the public nor private sector alone has the tools to protect the cyber infrastructure. For the foreseeable future, network defenders from both will have to work together to catch up.

But there has been progress. In 2009, President Obama’s inaugurated the U.S. Cyber Command (USCYBERCOM). And most recently, a NATO Strategic Mission review last Fall highlighted the need for common cyber-defense.. But the threat also lies within the private sector. The Stuxnet worm, discovered in 2010, targeted industrial computers systems in Iran, specifically Supervisory Control and Data Acquisition (SCADA) systems. The most sophisticated piece of malware created to date, a Stuxnet-infected computer can allow intruders to manipulate manufacturing processes or control machinery, leaving a number of industries vulnerable, from chemicals to baby food. Should foreign agents — Russian or otherwise — plant a similar worm in American SCADA systems, much of the country’s manufacturing output could be compromised.

ANALYSIS

Power once wielded exclusively by the military can now be purposefully used by civilians to achieve similar ends. Aware of this reality, The Russia-Georgia crisis has shown the effectiveness of a military assault coinciding with a devastating cyber assault.

At the same time, Russia triggering a cyber-war with a NATO member is likely to play out differently than its 2008 confrontation with Georgia; to disable Georgian government websites is one feat, but to take down more fortified organizations could be a greater challenge. It is more likely that Russia will use its cyber-prowess closer to home over the next few years, as it attempts to tame former Soviet Bloc countries. As seen in Estonia, the Russian cracker community has the will and desire to advance Russian interests. With tensions escalating in the North Caucasus, Russia may very well use its proven cyber-army to disrupt any communications on militant websites in the coming weeks.

Daniel Pechtol holds a B.A. from The School of International Service at American University and is currently interning with The International Peace and Security Institute.