 The Global Cyber Threat Environment, Module 5, Russian Cyber Operations Background, Objectives. Once you have completed the readings, lecture, activity, and assessment, you will be able to describe the range of cyber operations the Russians are known to have executed against the United States. Describe the historical nature of Russia's interference in U.S. computer networks. Welcome to the Global Cyber Threat Environment, Module 5. This module focuses on the background of Russian cyber operations. Russia has long been involved in computer espionage operations, with the country's hackers among the most experienced and technologically proficient in the world. One of the first unauthorized computer intrusions occurred half a century ago in 1967, when East German spies penetrated and stole sensitive data from IBM computer systems in West Germany. Given that East Germany was no more than a Soviet proxy at that time, the data would have clearly ended up in the hands of Soviet spies. Two decades later, the Soviets were added again in the Kukuz egg operation. In that operation, the Soviet Union used East German spies to steal sensitive information about President Reagan's Strategic Defense Initiative from a handful of U.S. governmental and university computers. These cyber espionage operations never seemed to wing even after the Soviet Union dissolved and Russia became a Democratic Republic. In early 1998, a hacker was detected intruding into an unclassified computer system at Wright-Patterson Air Force Base in Ohio. After obtaining stolen user names and passwords, the hacker would log into a computer system, snoop for specific files, and exit after erasing the logs recording his access. The intrusion set was named Moonlight Maze, as the hacker generally accessed the computers during the evening hours. Subsequent analyses soon revealed that the hacker, or a set of hackers, had intruded into other military installations and a few major research universities. One U.S. Air Force investigator decrypted several of the hacker's commands and determined that they were originally written in Cyrillic, concluding that Moonlight Maze was most likely a Russian operation. Today the United States and our allies are still dealing with the threat of Russian cyber operations. In May 2017, Director of National Intelligence Daniel Coates provided a worldwide threat assessment to the U.S. Senate Select Committee on Intelligence. Here was the first global threat mentioned in the report. Perhaps not surprisingly, the first threat actor mentioned was Russia, whom Coates described as a full scope cyber actor that will remain a major threat to U.S. government, military, diplomatic, commercial, and critical infrastructure. In the report, Coates noted that adversaries of the United States are gaining skills in using cyberspace to their advantage and to our disadvantage. Referring to the 2016 presidential election, Coates highlighted that cyber threats are already challenging public trust and confidence in global institutions, governance, and norms, while imposing costs on the U.S. and global economies. He noted specifically that Russia has attacked critical infrastructure networks and hidden behind false online personas to avoid being identified. Just four months before the worldwide threat assessment report, Coates office released an intelligence community assessment about the Russian hacking of the 2016 presidential election. This report stunned many in the intelligence community with its descriptions of sophisticated levels of Russian cyber operations. According to the report, Russia appears to take an integrated whole-of-government approach to executing its cyber-enabled information operations. The report noted how Russia's state-run propaganda machine, comprised of its domestic media apparatus outlets targeting global audiences such as RT and Sputnik, and a network of quasi-government trolls, contributed to the influence campaign by serving as a platform for Kremlin messaging to Russian and international audiences. Russian cyber forces have been involved in everything from stealing sensitive information about U.S. military programs to conducting information operations against our presidential election. With that in mind, what is the current approach to Russian cyber warfare? You're reading for this module an assessment from the Center for Naval Analysis titled Russia's Approach to Cyber Warfare succinctly highlights five key findings regarding Russian cyber operations. They are the following. Russian officials feel that both internal and external forces are challenging its security in the information realm. Thus, the internet and its free flow of information are considered both a threat and an opportunity. 2. Russian military theorists see cyber operations within a broad framework of information warfare, not merely as cyber or cyber warfare. 3. Moscow sees the struggle within what the country calls the information space, a constant one, so that Russia will likely use cyber in ways that we would deem problematic. 4. Conventional Russian military tactics will increase the use of offensive cyber. And 5. Russian offensive cyber operations have traditionally used crowdsourcing for anonymity and ease of mobilization, though these operations will likely become more government centralized in the future. As Russia's economy struggles and the United States continues to separate itself from Russia in innovating and gaining technological advantages, Russia will likely use its cyber capability to attack the United States asymmetrically where it is most vulnerable, our election systems. With evidence of Russian interference in the 2016 presidential election and barring the development of a viable deterrent system, such asymmetric attacks will probably continue to focus on sowing discord among our electorate and weakening our election system's integrity. In short, the Russian cyber threat is unlikely to go away anytime soon. Quiz question one, true or false, Russia has initiated cyber espionage operations against the United States only in the last 30 years, with the earliest known Russian cyber intrusion dating to the mid-1990s. A, true, B, false. The answer is B, false. Quiz question two, true or false. As a tactic, Russia prefers to use information operations similar to the one against the 2016 U.S. presidential election versus strictly focusing on the theft of digital data. A, true, B, false. The answer is B, false. Activity, write a one-page reflection considering what you think the United States could do to best deter Russia from executing cyber operations against the United States. Include what you think is Russia's primary motivation for conducting cyber operations against the United States. Do you believe that the United States and Russia can work together on an international policy to prevent nation states from engaging in cyber espionage or information operations?