WASHINGTON, D.C. — Ukraine has long been the testing ground for Russian cyber and information attacks, and before long the Kremlin and others will be deploying such weapons against their foes in the West, speakers said at a two-day conference in Washington D.C.
The use of the internet by hostile states to undermine societies using disinformation, or by hacking into critical infrastructure such as electrical grids, nuclear power plants and airports, is no longer a possibility, but a very real threat, speakers told the internet and computer experts, politicians, intelligence operatives and academics who gathered on Oct. 2-3 for the Global Forum on Strategic Communications and Digital Disinformation.
Several speakers at the forum, which was held by the Atlantic Council think tank at the Swedish embassy in the U.S. capital, said that the United States and the West in general had been slow to notice the early warning signs about Russia’s weaponization of the internet.
For instance, a massive 2007 cyber attack by Moscow to punish Estonia for removing a Soviet war memorial from its capital, Tallinn, was largely viewed as an isolated instance.
Alina Polyakova, an expert on Ukraine and Russia from the D.C.-based Brookings Institution, said: “When (the conflict in) Ukraine happened in 2014 and the kind of propagandist information we saw about the revolution in Ukraine was unbelievable, nobody cared. Now everybody cares and now we are seeing a ramping up of government, civil society and private sector efforts to combat it.”
Many conference speakers said interest in Russia’s hybrid disinformation war activities only received serious attention following revelations about Moscow’s interference in the 2016 U.S. presidential elections.
Digital aggression
One of the conference’s aims was to suggest solutions for tackling the various ways that Russia and others that were dubbed malicious actors – such as China, Iran and North Korea – conduct aggression via cyberspace.
The form of cyber aggression most people are likely to experience is the use of social media such as Facebook, YouTube and Twitter to spread disinformation to deform reality, undermine trust and values, and to sow division in societies.
It is usually governments and important companies that are the targets for theft of information by large-scale hacking, from say intelligence agencies, banks, health, defense and other ministries or to interfere with computers controlling vital systems such as transport and energy.
Disinformation has been used by the Kremlin in its official media sources such as Russia Today and Sputnik or by using “trolls” – real people adopting fake identities, or “bots” – software programs pretending to be humans, to spread distorted or completely mendacious narratives about Ukraine.
Conference participants said a major problem is that there are so many different types of disinformation techniques being used that nobody has put the jigsaw puzzle together or been able to devise a way of measuring the impact of disinformation.
Tristan Harris, who worked in a senior position for Google and is the co-founder of the Center for Humane Technology, compared trying to shut down disinformation sites to Whackamole, a children’s game where a toy mole pops up in one place and is hit with a bat, only to repeatedly resurface elsewhere. He said there is disinformation at “scales that are so large and unmanageable and so unheard of” that it’s impossible to close down the sites individually. Instead the way social media platforms are designed should be changed to prevent them becoming “digital Frankensteins that are out of control.”
No quick solutions
Many speakers said there were no quick solutions and that 20 years of education for children and professionals such as teachers and librarians would be needed to equip people with an understanding of how to detect what is fake news and what is real, and how to separate inauthentic, malicious or “bot” actors from genuine users.
Arnoldas Pikzirnis, a policy adviser to the Lithuanian prime minister, said not enough had been done to deter the Kremlin, and all Western countries needed to coordinate an adequate reaction.
“Putin is testing where the red line is and we don’t respond in a way that is painful enough for Russia,” he said. Pikzirnis believes punishing Moscow by inflicting financial penalties is an effective way to counter Putin.
Another tactic is to limit the spread of false information: Norway, for instance, is introducing a law that will make it punishable to knowingly repeat disinformation.
But former U.S. Ambassador to Ukraine John Herbst, the director of the Atlantic Council’s Eurasia Center, said that while Moscow is seeking to rebuild an empire in the former Soviet Union and perhaps beyond, and was using disinformation as part of its “established goals of weakening the EU, weakening NATO, weakening the trans-Atlantic relationship and Europe,” he was wary of trying to counter Russian disinformation by the government imposing any kind of regulations on speech.
“My preference would be for transparency to be the answer,” he said. “Let (the Russians) keep the site up, but let there be a big red caption saying ‘this is brought to you courtesy of the Kremlin’. And the same for Russia Today. I wouldn’t shut it down, I’d put signs on it like we have (health warning) signs on cigarette packs.”
Cyberbombs
Polyakova, however, believes that labels alone are not enough, and that people didn’t stop smoking because of warning signs. She said contrasted the situation to the Cold War when deterrence depended on a clear understanding there would be a nuclear response if one side launched an attack.
Polyakova said the same malware Russia used to cause electrical grid outages in Ukraine had been detected on critical U.S. electrical, waterway and nuclear infrastructure systems.
“The Russians had basically planted cyberbombs…. this was quite shocking,” she said.
“How do we transfer this notion of serious deterrence into the cyber age? Right now we just have tactics, we don’t have a strategic view, a bigger picture of how we want to manage Russia.”
Another speaker, Laura Galante, led the intelligence team at a Silicon Valley company called Mandiant, later incorporated into Fire Eye. The team made world news in 2014 by exposing Chinese and Russian hacking of U.S. security secrets. They identified a unit within Russia’s GRU military intelligence designated APT 28.
British and Dutch intelligence on Oct. 4 revealed that seven Russian GRU agents, at least four from APT 28, had tried to meddle with investigations into the downing of the MH-17 airliner over Ukraine in 2014 and the use of a nerve agent in an assassination attempt against a former Russian spy in Britain.
Galante said countries can fight back against Kremlin cyber aggression in a variety of ways. She has worked for Ukraine’s State Service for Special Communications and Information Protection, which operates under the auspices of the National Security Council of Ukraine.
She helped design the government’s security operations center, launched in April 2017, which encompasses Ukraine’s Computer Emergency Response Team and other bodies defending the country’s critical infrastructure by monitoring internet traffic on the networks controlling electrical grids, nuclear power plants, airports and so on to spot anomalies indicating an attack and warn other government agencies.
Galante said that because Ukraine is involved in a conflict people are more aware about cyber or information attacks, and that “goes a long way in helping populations and people understand what the threat is and then take action and not to fall for some of these propaganda messages…”
“A hot war, for better or for worse, does help people understand that Russia is very interested in undermining Ukraine as a successful state,” she said.
“If Russia can’t get Ukraine back, it wants Ukraine to be a failed state.”
