This special report captures insights into the capabilities and intent of the Russian Threat, with a special focus on the cyber domain. Our objective: provide insights that are actionable for business and government leaders seeking to mitigate risks through informed decisions. This report will be dynamically updated so we encourage you to bookmark it for future reference.
For operational insights more relevant to the ongoing response to Russia’s invasion of Ukraine, be sure to see our daily reporting and extensive references like The Russian Invasion of Ukraine: Perspectives for the C-Suite Decision-Maker. The report below is more foundational, designed to prepare decision-makers with an understanding of the Russian threat.
Russia should be considered a kleptocracy, where the rule of law exists as long as it supports the objectives of the state and the ruling oligarchs, especially Putin himself. All U.S. businesses should exercise extreme caution before doing business in or with Russia.
In regards to Russia’s ability to inflict harm on the U.S., it remains a nuclear power with a large arsenal of weapons capable of destroying any nation in the world, including ours. Deterrence should keep us off an escalation ladder and mitigate that threat. The other major threat to the U.S. and our interests are those of information warfare.
Russia’s information warfare attacks include cyber attacks but also coordinated media campaigns and diplomatic efforts which can be combined with extensive espionage activities to achieve Russian objectives.
Russia is intent on weakening Western institutions and has resorted to cyber operations to facilitate this goal. The most significant examples are the coordinated social media and cyber attacks targeting Western elections. But other smaller scale attacks are also motivated by this goal, including cyber attacks against the website and systems of the International Olympic Committee or other western institutions. Many cyber attacks have been conducted to further more specific objectives like in conjunction with heightened tensions in Ukraine and in preparations for the 24 February ground offensive against Ukraine.
The Russian Economy:
Russia has undergone significant changes since the collapse of the Soviet Union, moving from a centrally planned economy towards a more market-based system. Both economic growth and reform have stalled in recent years, however, and Russia remains a predominantly statist economy with a high concentration of wealth in oligarchs’ hands. Economic reforms in the 1990s privatized most industry, with notable exceptions in the energy, transportation, banking, and defense-related sectors. The protection of property rights is still weak, and the state continues to interfere in the free operation of the private sector.
Russia is one of the world’s leading producers of oil and natural gas, and is also a top exporter of metals such as steel and primary aluminum. Russia is heavily dependent on the movement of world commodity prices as reliance on commodity exports makes it vulnerable to boom and bust cycles that follow the volatile swings in global prices. The economy, which had averaged 7% growth during the 1998-2008 period as oil prices rose rapidly, has seen diminishing growth rates since then due to the exhaustion of Russia’s commodity-based growth model.
A combination of falling oil prices, international sanctions, and structural limitations pushed Russia into a deep recession in 2015, with GDP falling by 2.8%. The downturn continued through 2016, with GDP contracting another 0.2%, but was reversed in 2017 as world demand picked up. Government support for import substitution has increased recently in an effort to diversify the economy away from extractive industries. Oil prices have also risen of late allowing Russia to built up coffers.
Economically, Russia is much weaker than most imagine. Although they are the largest nation in terms of land mass size and are rich in natural resources, their GDP is one tenth the size of China. However, Russia uses its position as a petrolium superpower plus its military and intelligence strengths and information warfare capabilities to punch far beyond their weight.
Russian Geopolitical Objectives and Actions:
All indications are that Russian President Vladimir Putin will rely on an assertive and opportunistic foreign policy to shape influence beyond Russia’s borders and enable Russia disproportionately influence global affairs. Internally he will resort to increasingly authoritarian tactics to maintain control of the Russian populace including extreme censorship and internal psychological operations.
Although Moscow may seek cooperation with the U.S. in some areas that advance their interests, we do not see many of those opportunities emerging in the near-term. At this point their geopolitical objectives are focused on destablization and attacks against Western institutions. We expect Russia will continue to use a variety of aggressive tactics to bolster their standing as a strategic player on the world stage. They will seek to undermine any actions of the U.S. and do the same for the Euro-Atlantic relationships.
Putin’s range of options are expanded because of the nature of the Russian legal system. The legal system exists but is under the control of Putin and the Oligarchs. The highly personalized nature of the Russian political system enables Putin to act decisively to defend Russian interests and to pursue opportunities he views as enhancing Russian prestige and power abroad.
Expect Russia to compete with the U.S. most aggressively in Europe and Eurasia, while applying less intense pressure in other areas where they can take advantage of opportunities as they arise.
The U.S. Intelligence Community annual threat assessment underscored that Russia is more frequently collaborating with China, saying “China and Russia are more aligned than at any point since the mid-1950s, and the relationship is likely to strengthen in the coming year as some of their interests and threat perceptions converge, particularly regarding perceived US unilateralism and interventionism and Western promotion of democratic values and human rights.” The 2022 update of this assessment underscored that:
Russia probably will continue to expand its global military, intelligence, security, commercial, and energy footprint and build partnerships aimed at undermining U.S. influence and boosting its own.
- In the Middle East and North Africa, Moscow is using its involvement in Syria, Libya, and Sudan to increase its clout, undercut U.S. leadership, present itself as an indispensable mediator, and gain military access rights and economic opportunities.
- In the Western Hemisphere, Russia has expanded its engagement with Venezuela, supported Cuba, and used arms sales and energy agreements to try to expand access to markets and natural resources in Latin America, in part to offset some of the effects of sanctions.
- In the former Soviet republics, Moscow is well positioned to increase its role in the Caucasus and, if it deems necessary, intervene in Belarus and Central Asia to halt instability after widespread anti- government protests, as it did in Belarus after the fraudulent 2020 election and early this year in Kazakhstan.
- We expect Russia to continue to use energy as a foreign policy tool to coerce cooperation and force states to the negotiating table, as it recently did in 2021, when Russia stopped coal and electricity exports to Ukraine. Russia also uses its capabilities in COVID-19 vaccine development and civilian nuclear reactor construction as a soft-power tool in its foreign policy.
Russia will use a range of relatively low-cost tools to advance foreign policy objectives, including influence campaigns, economic coercion, cyber operations, multilateral forums, and measured military force. Russia’s slow economic growth is unlikely to constrain Russian foreign policy or by itself trigger concessions from Moscow in Ukraine, Syria, or elsewhere in the next year.
Economic sanctions are unlikely to influence Russian military operations in the Ukraine at all.
The Russian Military includes the Armed Forces plus the Federal Security Service (FSB)’s Border Troops, The National Guard, The Ministry of Internal Affairs (MVD), the Federal Protective Service (FSO) the Foreign Intelligence Service (SVR), the military Intelligence (GRU) and many civil defense organizations.
The Federal Security Service (FSB) is a descendent of the old KGB and reports to President Putin. It is a military service just like the armed forces.
In 2018, Russia accelerated their plans to modernize, develop, and field a wide range of advanced nuclear, conventional, and asymmetric capabilities to balance its perception of a strategic military inferiority vis-a-vis the U.S.
We expect that the Russian Military will continue to use its resources (including the GRU) to support and sometimes lead cyber operations. The same is true of the FSB, which operates independently but is very capable of cyber espionage and attack.
The Russian Cyber Threat:
The Russian Cyber Threat is best considered as an element of overall political objectives, since it is most powerful when executed in a coordinated way with military and diplomatic moves as part of a strategic information warfare campaign. But independent cyber operations coming from Russia, including from Russian criminal groups, are also significant risks to be mitigated.
Russian criminal syndicates, the most famous of which was known as the Russian Business Network, invest hundreds of millions of dollars in conducting research and development to enable criminal cyber attacks. Why? Because it pays off. We can expect criminals operating in places unreachable by western law enforcement to continue to attack U.S. business interests to gain unauthorized access to systems and to seek any way possible to defraud for their gain.
These same criminals have been shown to work in conjunction with the government when required. For example, during Russian state sanctioned attacks against Estonia in 2007, non-state actors played key roles. This was seen again during the 2008 Russo-Georgian war. Of note for U.S. businesses, in both cases many companies and organizations were impacted proving the correlation of cyber with military operations would pose new risks to business interests.
This new risk to businesses from Russia’s cyber operations was noted in the Petya Ransomware and NotPetya Malware attacks of 2016 and 2017. These attacks were designed to target a particular foe of Russia, the Ukraine. However, the sloppy code did not restrict itself to the intended target, resulting in global economic damage considered to be over $1.2 billion dollars.
The U.S. Intelligence Community’s Worldwide Threat Assessment for 2018 predicted that Russia will conduct bolder and more disruptive cyber operations during the coming years, most likely using new capabilities against Ukraine. Expect the Russian government to keep building on their current capabilities and to continue to aim them against Ukrainian energy distribution networks. They will also continue hack-and-leak influence operations, distributed denial of service attacks and false flag operations. In 2019 this assessment underscored even more growth in cyber espionage. The 2022 assessment put it this way:
We assess that Russia will remain a top cyber threat as it refines and employs its espionage, influence, and attack capabilities. We assess that Russia views cyber disruptions as a foreign policy lever to shape other countries’ decisions, as well as a deterrence and military tool.
- Russia is particularly focused on improving its ability to target critical infrastructure, including underwater cables and industrial control systems, in the United States as well as in allied and partner countries, because compromising such infrastructure improves and demonstrates its ability to damage infrastructure during a crisis.
- Russia is also using cyber operations to attack entities it sees as working to undermine its interests or threaten the stability of the Russian Government. Russia attempts to hack journalists and organizations worldwide that investigate Russian Government activity and in several instances, has leaked their information.
Russia is also expected to continue operations against U.S. business and government interests inside the U.S. Over the next year Russia can be expected to continue to probe U.S. critical infrastructures both to gain intelligence and to pre-position for future attacks.
Russia figured prominently in the report of the Cyberspace Solarium Commission. They described the cyber threat from Russia in this way:Russia, a revanchist power, turns to cyber operations to undermine U.S. and allied interests. A mix of spies and criminal networks often masks Moscow’s role. Across multiple operations, from elections to public referendums, the Kremlin has combined cyber intrusions and propaganda to distort democratic processes, weaken trust in institutions, and sow chaos in liberal democratic societies. Leading into the 2016 and 2018 elections, Russian online trolls whipped into a digital frenzy the factions the Federalist Papers cautioned against more than 230 years ago. The resulting breakdown in political will and social cohesion limits the ability of Western nations to check Russia’s advances in states that formerly belonged to the Soviet Union.
During recent armed conflicts, Russia used cyber capabilities both to enhance military operations and to conduct information operations campaigns designed to isolate their opponents. In peacetime competition, Russian operators signal the risk of escalation by probing critical infrastructure across NATO member states. The openness, connectivity, and commitment to shared international norms of liberal democracies are a threat to Russia’s interests. By subverting these ideas, exploiting cracks in international alliance networks, and subtly encouraging domestic instability, the Kremlin hopes to achieve its strategic objectives without risking all-out war.
Left unchecked, Russian cyber operations will continue to increase in sophistication and frequency. Moscow will target democratic institutions, military assets, and critical infrastructure in the United States and its liberal democratic allies, as well as the smaller neighbors Russia views as modern-day tributary states (its near abroad). Russian interference in U.S. elections in 2016 and 2018, as well as in elections in Europe, was part of a longer, larger campaign to undermine democracy and its institutions. It was also an indicator of future operations that will target voting systems and the broader information environment in new and dangerous ways.41 A key priority of Russian cyber operations will be to degrade the strategic cohesion of Western alliance and security cooperation networks, especially NATO. And if these structures decline, Russia’s neighbors will be increasingly vulnerable to sophisticated cyber and influence operations, resulting in a network of central and eastern European states subservient to Moscow. Unencumbered by international norms and empowered by new technologies, the Kremlin will further refine its use of cyber operations to advance its strategic objectives at the expense of the United States and its allies and partners.
Russian cyber operations in conjunction with the military campaigns in Ukraine were conducted but their operational impact has yet to be assessed.
Russian Influence Campaigns:
As mentioned above, cyber is just one element of Russian information operations. When Russia conducts influence campaigns they use cyber, but also traditional espionage, military operations, diplomatic, press and media operations including ad buys and extensive use of social media.
Russian influence campaigns will remain a significant threat to U.S. interests including business interests as they are low-cost, relatively low-risk, and usually offer enough plausible deniability to make it hard to bring key players to justice for the actions. These operations enable Russian leaders to retaliate against adversaries, silence dissidents at home and abroad, shape foreign perceptions, and influence their own internal population.
Russian intelligence services will continue efforts to disseminate false information via Russian state-controlled media and covert online personas about U.S. activities to encourage anti-U.S. political views. Russia seeks to create wedges that reduce trust and confidence in Western institutions and processes and weaken U.S. partnerships with other countries, especially those in NATO. Specific objectives also include a role back of sanctions placed on Russia after the annexation of the Crimea.
Expect that Russia will continue to use propaganda, social media, false-flag personas, sympathetic spokespeople, and other means of influence to try to exacerbate social and political fissures in the U.S.
Economic and Industrial Espionage Threat against the US and US Companies:
Russia was singled out by the National Counterintelligence and Security Center as one of the top three most capable nations at conducting cyber espionage (the other two being China and Iran, and DPRK being a close forth). Russia maintains a very well resourced capability and will continue to target sensitive U.S. economic information and technologies through cyberspace.
The threat to U.S. technology from Russia will continue over the coming years as Moscow attempts to bolster an economy struggling with endemic corruption, state control, and a loss of talent departing for jobs abroad. Moscow’s military modernization efforts will also likely be a motivating factor for Russia to steal U.S. intellectual property. An aggressive and capable collector of sensitive U.S. technologies, Russia uses cyberspace as one of many methods for obtaining the necessary know-how and technology to grow and modernize its economy. Other methods include the following:
- Use of Russian commercial and academic enterprises that interact with the West;
- Recruitment of Russian immigrants with advanced technical skills by the Russian intelligence services; and
- Russian intelligence penetration of public and private enterprises, which enable the government to obtain sensitive technical information from industry.
Russia uses cyber operations as an instrument of intelligence collection to inform its decision- making and benefit its economic interests. Experts contend that Russia needs to enact structural reforms, including economic diversification into sectors such as technology, to achieve the higher rate of gross domestic product growth publicly called for by Russian President Putin. In support of that goal, Russian intelligence services have conducted sophisticated and large-scale hacking operations to collect sensitive U.S. business and technology information. In addition, Moscow uses a range of other intelligence collection operations to steal valuable economic data:
- In 2016, the hacker “Eas7” confided to Western press that she had collaborated with the Russian Federal Security Service (FSB) on economic espionage missions. She estimated that “among the good hackers, at least half works (sic) for government structures,” suggesting Moscow employs cyber criminals as a way to make such operations plausibly deniable.
- Moscow has used cyber operations to collect intellectual property data from U.S. energy, healthcare, and technology companies. For example, Russian Government hackers last year compromised dozens of U.S. energy firms, including their operational networks. This activity could be driven by multiple objectives, including collecting intelligence, developing accesses for disruptive purposes, and providing sensitive U.S. intellectual property to Russian companies.
- Since at least 2007, the Russian state- sponsored cyber program APT28 has routinely collected intelligence on defense and geopolitical issues, including those relating to the United States and Western Europe. Obtaining sensitive U.S. defense industry data could provide Moscow with economic (e.g. in foreign military sales) and security advantages as Russia continues to strengthen and modernize its military forces.
We believe that Russia will continue to conduct aggressive cyber operations during the next year against the United States and its allies as part of a global intelligence collection program focused on furthering its security interests. Although cyber operations are just one element of Russia’s multi-pronged approach to information collection, they give Russia’s intelligence services a more agile and cost-efficient tool to accomplish Moscow’s objectives. Indeed, Russian cyber actors are continuing to develop their cyber tradecraft—such as using open-source hacking tools that minimize forensic connections to Russia.
As a recent example of how Russia operates: In March 2017, the United States Department of Justice indicted two FSB officials and their Russian cybercriminal conspirators on computer hacking and conspiracy charges related to the collection of emails of U.S. and European employees of transportation and financial services firms. The charges included conspiring to engage in economic espionage and theft of trade secrets.
Russia is a formidable competitor to U.S. interests and will continue to punch above its weight and will leverage cyber espionage to gain insights into those they want to exert pressure on, including U.S. corporate leaders. Cyber attacks will be done in coordination with diplomatic and military operations and U.S. businesses can easily be collateral damage to these attacks as demonstrated by the NotPetya attacks. Cyber attacks against U.S. infrastructure and corporations are a threat as well and critical infrastructure targeting is likely part of Russia’s cyber deterrence strategy.
Strategies to counter the Russian threat are highly nuanced. We encourage OODA Loop members to arrange a private call with members of the OODA Network Experts to privately discuss your specific concerns and risk profile.
All companies should raise their defenses against moderately skilled cyber criminals originating from the region. There are many things that businesses can do that make it harder to have secrets stolen, including many low cost strategies.
Kick start your actions with our list of best practices, available here:
Additionally, U.S. businesses should exercise extreme caution in entering into business relationships with Russia.
For more on the growing threat that Russia poses to space systems see our special report on: The Challenges of Security of Space Systems
For other special reports and country studies see the OODA Network Resources page.
Russia continues to seek leverage in a wide range of technological areas, including Artificial Intelligence. For insights into what this means for your business see our series on AI which includes:
- A Decision-Maker’s Guide to Artificial Intelligence
- When Artificial Intelligence Goes Wrong
- Artificial Intelligence for Business Advantage
- Securing AI – Four Areas to Focus on Right Now
Resources for the C-Suite and Crisis Management Team:
Twitter List For Tactical Information: This Twitter list of vetted resources that have reported accurately on tactical moves in the Ukrainian theater can be used to quickly capture the gist of a dynamic military situation.
C-Suite Guide: Improving Cybersecurity Posture Before Russia Invades Ukraine: The capabilities of Russia to conduct cyber espionage and cyber attack have been battle tested and are hard to thwart even during daily “peacetime” operations. They include well resourced capabilities of the military and intelligence services and also deep technical expertise in the Russian business ecosystem and in organized crime which operates as part of Russian national power. Proof points of Russian capabilities include the massive and sophisticated Solar Winds attacks which leveraged low and slow, well thought out plans to achieve access to multiple well-protected targets. Ransomware successes by Russian based criminal networks are also instructive as to the capability of Russian cyber threat actors. The use of malicious self replicating code (worms/virus/trojan) to spread malicious code into infrastructure is also well proven with decades of practice including fielding software that replicates from unclassified to classified systems in the military and spreads throughout critical infrastructure. This post goes beyond an articulation of the threat into recommendations leaders seeking to mitigate cyber threats from Russia including threats before, during and after a Ukraine invasion.
What The C-Suite Needs To Know About The Threat To Space Based Systems (and what to do about it): OODA recently updated the analysis below on threats to space based assets (with a focus on what the C-Suite needs to know) because of tensions with Russia and continued testing of satellite destruction capabilities the most recent of which (Nov 2021) caused significant increases in dangerous space debris. We recommend this be read in conjunction with our report on what the C-Suite needs to know about the cybersecurity threats due to the coming Russian invasion of Ukraine, see links in the document for more.
Will China Replicate Russia’s Cyber Offensives in a Taiwan Reunification?: The current situation in the Ukraine has garnered the world’s attention with stakeholders watching attentively as the crisis unfolds. Such regional hotspots have the potential of spilling over into neighboring countries and pulling in governments from all over the world in some capacity. The threat of armed conflict escalating into a major global engagement is always a possibility. China and Taiwan are eagerly watching the crisis as well, but largely for different reasons. While Taiwan is interested to see how friendly governments come to Ukraine’s aid, China is observing how Russia may go about reclaiming territory of the former Soviet Union, in the attempts of gaining insight into how such an act can be accomplished successfully, should Moscow do just that.
A Warning for the U.S. Chip Industry: Russian Retaliation Could Hit Supply of Key Materials: Russia may retaliate against the U.S. threat of trade sanctions and export curbs by blocking access to key materials like neon and palladium. Ukraine supplies over 90% of U.S. semiconductor-grade neon. This type of supply chain-based retaliation has become a priority concern for the White House, which is encouraging a broad diversification of the supply chain in the event Russia limits access to these key materials.
In 2022, the Strategic Impact of Global Intermodal Supply Chain Gridlock on IT Supply Chain Remains High: The OODA Loop Research Team has been tracking the impact on supply chains from the onset of the pandemic.
Russia’s Long Game, Leadership Lessons, and Learning from Failure: In February of 2021, Matt Devost spoke to Rob Richer, a highly regarded advisor to international executives and global government leaders including several heads of state. Rob has a well-informed perspective on international risks and opportunities and an ability to analyze and distill observations in a way that is meaningful for your decision-making process. In light of the conditions in Europe, this portion of their initial OODAcast conversation is timely and includes a discussion of Richer’s time as the head of CIA Russian Operations, his perspective on U.S./Russian relations (especially the role of cyber), leadership, the role of failure, and decision-making.
Charity Wright on China’s Digital Colonialism: Charity Wright is a Cyber Threat Intelligence Analyst with over 15 years of experience at the US Army and the National Security Agency, where she translated Mandarin Chinese. Charity now specializes in dark web cyber threat intelligence, counter-disinformation, and strategic intelligence at Recorded Future. Her analysis has provided deep insights into a variety of incidents, activities and strategic moves by well resourced adversaries, primarily actors operating in China.
The January 2022 OODA Network Member Meeting: Putin, Russia, Gray Zone Conflict Capabilities and The Future of Europe: To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.
CISA Insights Bulletin Urges U.S. Preparation for Data Wiping Attacks :In what felt like coordinated attacks last Friday, data-wiping malware (masquerading as ransomware) hit Ukrainian government organizations and was quickly followed by an aggressive unattributed cyber attack on Ukrainian government sites. The attacks prompted the release of a CISA Insights Bulletin urging U.S. organizations to strengthen their cybersecurity defenses.
Additional Context on OODA Reporting on Russia’s Military-Technical Maneuvers in Europe: We are conscious of our need to keep our usual variety of News Brief and OODA Analysis, but for obvious reasons, this week is top-heavy with Russian, NATO, and Ukrainian coverage. We intend on keeping our focus on providing context you need vice the blow by blow of major moves. Like in other domains we endeavor to provide the “So What?” and “What’s Next?” you need to help drive your decisions.