Russia’s Shift to Cybercrime Sparks Concerns of Escalation in Warfare
The Federal Intelligence Service (FIS) of Switzerland recently released its 2023 security assessment, shedding light on Russia’s increasing reliance on cybercrime as a means to carry out oppositional activities against Ukraine and other Western nations. With Russia’s diminishing physical options on the world stage, including kinetic attacks and traditional spycraft, cyberattacks on critical infrastructure have become a central component of the country’s war strategy.
The FIS predicts that Russia will continue to launch cyberattacks not only in Ukraine but also against NATO member states. This marks a significant shift in Russia’s approach as its human spy apparatus dwindles, giving way to an uptick in cyber activity. The report emphasizes the potential consequences of these cyberattacks, particularly the triggering of Article 5 of the North American Treaty, which commits NATO member states to join in war against any nation that attacks a fellow member state. The FIS highlights the possibility that a cyberattack on critical infrastructure could be deemed a trigger for a third world war.
Evidence leaked in late March by Russian contractor NTC Vulkan revealed how Russian intelligence agencies utilize private companies to launch cyber threat campaigns worldwide. These agencies have even developed materials to train individuals in taking over railroads and power plants. The FIS report categorizes cyber threats to critical infrastructure into direct cyber attacks and ransomware attacks that could disrupt supply chains. Both types of attacks have wide-ranging impacts, from economic stress to life-threatening consequences.
Furthermore, the FIS warns that many ransomware attacks against infrastructure in the ongoing Russian war against Ukraine are carried out by non-state actor threat groups. This unpredictability increases the risk of miscalculations in attributing cyberattacks, potentially leading to unnecessary escalation of hostilities. The report emphasizes that the threat and unpredictability of non-state actors should not be underestimated.
Protecting critical infrastructure across multiple nations faces challenges due to a lack of common rules and varying degrees of cybersecurity defenses. The inclusion of both private and public sector organizations in overseeing critical infrastructure further contributes to the complexity of cybersecurity efforts and coordination.
The FIS report also sheds light on Russia’s shift towards cyber espionage over human operatives. This shift has been observed since the attempted murder of Sergei Skripal in 2018, after which many Russian diplomats and intelligence officers were expelled from multiple countries. The FIS believes that the mistrust and expulsion of Russian diplomats will impact their ability to recruit and develop new sources for years to come. Consequently, cyber espionage and advanced persistent threats have become crucial tools for gathering intelligence.
While there is no direct evidence linking the expulsion of spies to an increase in digital espionage, experts suggest that countries compensate for lost physical assets by enhancing their cyber intelligence efforts. The correlation between expelling spies and increased cyber espionage appears plausible and poses significant threats to vital infrastructure, national security, and international stability.
Furthermore, the FIS warns that the increasing digitization of information, coupled with the capabilities of artificial intelligence and machine learning, makes organizations storing vast amounts of sensitive data lucrative targets for cyberattacks. Russia, along with China and Iran, is investing in AI and ML cyber threat intelligence capabilities to access this valuable data. This stolen data can be used for various purposes, including harassing opposition activists, interfering in elections, and circumventing sanctions.
To counter these threats, the FIS urges democracies to regulate the implementation of espionage AI and ML tools by Russia, Iran, and China. Legislators and supervisory bodies should analyze the use of these capabilities and devise strategies to protect against their misuse.
As the FIS assessment underscores, the cybersecurity community must remain vigilant in monitoring emerging cybersecurity tools used in warfare. The convergence of cyber and traditional warfare tactics presents a new challenge for national and international security. Prioritizing cybersecurity is essential in the digital age to mitigate the risks posed by cyberattacks and ensure the overall stability of nations.