Page 53 - Cyber Terrorism and Extremism as Threat to Critical Infrastructure Protection
P. 53

3 Russian Cyber Operations:

               The Relationship between the State

               and Cybercriminals






            Mark Grzegorzewski













            1  Introduction

            In a world of “Great Power Competition” (GPC), foreign policy analysis tends to focus on
            state-centric actors. This foreign policy frame of reference is flawed, because GPC analysis
            focuses on traditional metrics of state power projection, including hard power, such as the
            quality and quantity of tanks, aircraft carriers, and advanced aircraft. While this certainly is
            one component in evaluating GPC, it misses many other capabilities of power projection,
            which include covert operations, influence operations, and cyber activities. While difficult
            to operationalize due to their often clandestine or covert nature, cyber activities are one of
            the leading capabilities of states in GPC. In particular, the Russian state specializes in each
            of these non-traditional capabilities, especially cyberspace activities. Moreover, the Russian
            state specializes in hybrid warfare, wherein it leverages cybercriminal networks to pursue its
            interests abroad.

            The Russian state is one of the most effective actors in the cyber domain. The Russian state’s
            most potent cyber operators include the Federal Security Service of the Russian Federation
            (FSB), the Main Directorate of the General Staff of the Armed Forces of the Russian Federa-
            tion (GRU), and the Foreign Intelligence Service of the Russian Federation (SVR) (Connell
            and Vogler, 2017). The FSB collects political intelligence and primarily serves as a domestic
            security service (i.e. “Cozy Bear”). The GRU is the military intelligence service and collects
            information on foreign military capabilities, activities, and plans (i.e. “Fancy Bear”). The
            SVR serves to collect external intelligence on foreign governments. Each of these organi-
            zations has wide-ranging cyberspace capabilities that can conduct espionage and/or exploit
            information systems.

            The cyber capabilities of these organizations do not take into account Russia’s non-state capa-
            bilities, including “patriotic hackers” and Russian cybercriminals who work with the Russian



                                                                                     53
   48   49   50   51   52   53   54   55   56   57   58