The Expanding Reach of Russian Espionage and State-Sponsored Cybercrime

Russia’s Reliance on Cybercrime for Political Activities Raises Concerns of Global Consequences

The Diminishing Options for Traditional Spycraft and Kinetic Attacks

Russia’s diminishing position on the world stage has limited its physical options for political activities, such as kinetic attacks and traditional spycraft. As a result, Putin’s regime has increasingly turned to cybercrime as a means to carry out oppositional activities against Ukraine and the rest of the West. Switzerland’s Federal Intelligence Service (FIS) released its 2023 security assessment, warning that Russia will increasingly launch cyberattacks on critical infrastructure as part of its war strategy, not only in Ukraine but also against NATO member states.

The FIS report highlights the dwindling human spy apparatus in Russia and the lack of options for shoring it up, which has contributed to an uptick in cyber activity. The report also raises concerns about the potential consequences of cyberattacks on NATO-member state infrastructures. It suggests that such attacks could trigger the North Atlantic Treaty’s Article 5 commitments, which obligate member states to join in war against any nation that attacks a member state. NATO has previously suggested that a cyberattack on critical infrastructure could be considered a trigger under Article 5, potentially leading to a third world war.

The Role of Non-State Actor Threat Groups and the Unpredictability of Attacks

The FIS report notes that throughout the Russian war against Ukraine, many ransomware attacks on infrastructure have been carried out by non-state actor threat groups, making their actions unpredictable. This unpredictability poses challenges in attributing cyberattacks and may lead to unnecessary escalations of hostilities. The report emphasizes that the activities of non-state actors engaged in the war are still the main problem, and their threat and unpredictability should not be underestimated.

Protecting critical infrastructure across multiple nations presents challenges due to the lack of common rules and varying degrees of cyber defenses. Private and public sector organizations responsible for critical infrastructure have differing approaches to cybersecurity, with no single agency or institution providing guidance, rules, or controls. This fragmentation in cybersecurity practices increases the vulnerability of critical infrastructure to cyberattacks.

The Rise of Cyberespionage and AI-Machine Learning Threats

The FIS report highlights that Russian cyber threat actors have increasingly taken on the role of gathering intelligence instead of relying on human operatives on the ground. This shift began in 2018 with the attempted murder of Sergei Skripal, a former Russian intelligence officer acting as a double agent for the West. The ongoing expulsion of Russian diplomats and intelligence officers as a result of the invasion of Ukraine has further complicated the operations of Russian intelligence services.

The FIS warns that the increasing digitization of information, combined with the capabilities of artificial intelligence (AI) and machine learning (ML), is luring cyber attackers to massive stashes of data stored by organizations such as financial services providers, social media platforms, hotels, and critical infrastructure operators. Russia, along with China and Iran, is investing in AI and ML cyber threat intelligence capabilities to gain access to sensitive data that can be used for various purposes, including harassment of opposition activists, election interference, and circumvention of sanctions.

Efforts to regulate the use of AI and ML tools by authoritarian governments are necessary to prevent the misuse of troves of stolen sensitive data. Democracies are urged to take a proactive approach in regulating and supervising the use of these capabilities. The FIS emphasizes the need for legislators and supervisory bodies to closely examine the use of AI and ML tools to ensure the protection of democracy and the rule of law.

Editorial: The Urgent Need for International Collaboration and Regulation

The FIS assessment serves as a stark reminder of the evolving nature of cyber threats and their potential to disrupt global security and stability. Russia’s increasing reliance on cybercrime as a political tool not only poses risks to individual nations but also has the potential to escalate into a global conflict. In the digital age, the convergence of cyber and traditional warfare tactics is becoming more apparent, with threat actors using cyberattacks to support and supplement physical attacks.

To effectively address these challenges, international collaboration and regulation are crucial. The lack of common rules and standards for protecting critical infrastructure leaves vulnerabilities that can be exploited by cyber attackers. Governments, private sector organizations, and international bodies must come together to establish guidelines and best practices for cyber defense. Collaboration should extend to sharing threat intelligence and coordinating responses to cyber incidents.

Moreover, the use of AI and ML in cyber warfare raises ethical and security concerns that require international attention. Democracies must take proactive measures to regulate the use of these technologies by authoritarian governments to protect the rule of law and ensure the privacy and security of their citizens. This includes robust oversight and accountability mechanisms to prevent the misuse of sensitive data and cyber espionage.

Advice: Prioritizing Cybersecurity as National and International Security

In light of the FIS assessment, it is imperative that nations prioritize cybersecurity as a critical aspect of national and international security. The evolving nature of cyber threats requires constant vigilance and proactive measures to prevent potential disruptions and conflicts.

Governments should invest in building resilient cyber defenses and collaborate with private sector organizations to establish common rules and standards for protecting critical infrastructure. This includes regular testing and configuration of cybersecurity measures to ensure their effectiveness.

International cooperation is essential in combating cyber threats, particularly as state-sponsored cybercrime becomes more sophisticated. Sharing threat intelligence and coordinating responses can help mitigate the impact of cyberattacks and enhance global cyber resilience.

Furthermore, democracies must prioritize the regulation of AI and ML tools used in cyber warfare. Establishing clear guidelines and oversight mechanisms is crucial to prevent the misuse of these technologies and protect democratic values.

Overall, addressing the challenges posed by Russia’s reliance on cybercrime requires a multi-faceted approach that encompasses collaboration, regulation, and a steadfast commitment to cybersecurity. Failure to take proactive measures could have severe consequences not only for individual nations but also for global security and stability.