CYBERWARFARECenter for European Policy Analysis AND CRITICAL INFRASTRUCTURE w . c e p a o r g Assessing the New Threat Facing the Baltic States and the NATO Alliance Sebastiano Dina September 2019 2 Center for European Policy Analysis All opinions are those of the author(s) and do not necessarily represent the position or views of the institutions they represent or the Center for European Policy Analysis. About CEPA The Center for European Policy Analysis (CEPA) is a 501(c)(3), non-profit, non-partisan, public policy research institute. Our mission is to promote an economically vibrant, strategically secure, and politically free Europe with close and enduring ties to the United States. Our analytical team consists of the world’s leading experts on Central-East Europe, Russia, and its neighbors. Through cutting- edge research, analysis, and programs we provide fresh insight on energy, security, and defense to government officials and agencies; we help transatlantic businesses navigate changing strategic landscapes; and we build networks of future Atlanticist leaders. © 2019 by the Center for European Policy Analysis, Washington, DC. All rights reserved. No part of this publication may be used or reproduced in any manner whatsoever without permission in writing from the Center for European Policy Analysis, except in the case of brief quotations embodied in news articles, critical articles, or reviews. Center for European Policy Analysis 1275 Pennsylvania Ave NW, Suite 400 Washington, DC 20004 E-mail: [email protected] www.cepa.org Cover image: “The port of Klaipėda handled more than 46 million tons of cargo in 2018” by Lettered under CC BY-SA 4.0. 2 Center for European Policy Analysis CYBERWARFARE AND CRITICAL INFRASTRUCTURE Assessing the New Threat Facing the Baltic States and the NATO Alliance Sebastiano Dina 2019 Title VIII CEE Area Studies Fellow September 2019 2 Center for European Policy Analysis The Issue From the Editor: In Russian military thinking it is often difficult to discern a formalized doctrine of cyber warfare, but the totality of writing on the subject suggests that for Moscow, cyber is not an independent domain of operations but a subordinate part of the wider concept of information warfare. The term “cyber” as used in the West to denote computer network operations is alien to Russian thinking. For the Kremlin the key objective is information, and cyber is merely a tool to achieve that objective. In this brief, Title VIII Fellow Sebastiano Dina explores the threat of Russian CI cyberwarfare, as well as its implications for Baltic energy security and NATO’s deterrence posture. ussia is engaging in unrelenting cyberwarfare against the critical infrastructure of the United R States and its allies. As the United States moves to secure its domestic infrastructure, it must also coordinate efforts with NATO to protect vital Allied infrastructure and curtail Russian cyber-enabled influence operations. Due to their strategic position on NATO’s frontline, cooperation must begin with the three Baltic states: Estonia, Latvia, and Lithuania. Cyberwarfare and Critical2 Infrastructure, 1 Center for European Policy Analysis INTRODUCTION and others like them, highlight an inescapable fact: the CI of allies is inextricably tied to the Modern states depend on reliable infrastructure security and prosperity of the United States. to function. From roads and power stations, to oil pipelines and railways, infrastructure is Prime targets of Russian cyberwarfare—and inextricably tied to the economic prosperity U.S. allies whose critical infrastructure is of and national security of states. Among these paramount importance to the United States— infrastructure assets, some are considered so are the Baltic states. Due to their strategic vital to national interests that their destruction or position on or close to Russia’s border and incapacitation would have severe, debilitating effects on state function. These vital assets are commonly referred to as Critical Infrastructure (CI) and include the chemical, communications, energy, financial, transportation, nuclear, and wastewater sectors, among others.1 Since at least Since at least 2013, Russia has launched a 2013, Russia ceaseless cyberwarfare campaign to gain “ entry, survey, and take control of the CI of the has launched United States and its allies.2 To the Russian regime, the mere appearance of launching a a ceaseless cyberattack is a cost-effective, high-impact, and difficult-to-attribute tool to influence, cyberwarfare intimidate, and blackmail its opponents. In the campaign to gain event of a military confrontation, Russia could use full-fledged cyberattacks to temporarily entry, survey, and incapacitate the vital infrastructure of its adversaries.3 And left unchecked, Russia take control of the CI will continue to develop this capability, endangering the U.S. homeland, economy, of the United States international interests, and global military and its allies. logistics network, as well as those of its allies. With forces deployed abroad, and wide-ranging economic and strategic interests overseas, the United States relies on the CI of its allies.4 ” American logistics lines to Europe run through allied ports like Bremerhaven in Germany.5 U.S. their significant Russian-speaking minority military aircraft in Europe fly through airspace populations, the Baltic states are a constant regulated by NATO Allies and Partners.6,7 And target of Russian influence operations and at U.S. defense manufacturing, as in the case of perennial risk of Russian incursion.10,11 From the F-35, relies on parts and spares built in the U.S. perspective, the Baltic states are NATO member states.8,9 These dependencies, valuable allies whose position on NATO’s Cyberwarfare and Critical2 Infrastructure, 2 Center for European Policy Analysis frontline makes their CI essential for the RUSSIA’S APPROACH TO sustainment and rapid deployment of Allied forces. Additionally, the Baltic states’ smaller CYBERWARFARE economies and limited cyber recruitment pool may create gaps in their future capacity It is often difficult to discern a formalized doctrine to counter Russian cyberattacks. By sharing in Russian military writing.12 But an inescapable cybersecurity expertise with the Baltic states, concept nonetheless emerges from analysis of the United States can help close these gaps, government, military, and academic sources: thwart Russian cyber-enabled influence for Moscow, cyber is not an independent operations, and deter Russian incursions into domain of operations but a subordinate Baltic territory. part of the wider concept of information warfare (informatsionaya voyna).13,14 More This policy brief explores the threat of Russian CI fundamentally, the term “cyber” as used in the cyberwarfare, its implications for Baltic energy West to denote computer network operations security, and NATO’s deterrence posture. The (CNO) is not a “Russian concept,” and terms like first section traces Russia’s unique approach “cyber warfare” are only ever used in Russian to cyberwarfare. The second offers a technical sources to describe “foreign concepts and primer on Russian CI attack methods. The third activities.”15 To Russian experts, the difference analyses the threat of Russian cyberattacks to between CNO (cyber) and any other tool to Baltic energy security. It concludes with policy collect, spread, and amplify disinformation— and technical recommendations to counter like bot networks or propaganda websites—is this emergent threat. negligible and spurious.16 The key objective is “NATO Secretary General visits Estonia” by NATO North Atlantic Treaty Organization under CC BY-NC-ND 2.0. Cyberwarfare and Critical82 Infrastructure, 3 Center for European Policy Analysis information. Cyber is merely a tool to achieve Second, for maximum psychological effect, that objective. Russian cyberattacks are often carried out at symbolic times. For instance, cyberattacks More broadly, information warfare is the use of against Ukraine—including the 2015 attack— “informational-technical” and “informational- often correspond with national holidays like psychological” means, such as electronic Constitution Day, Independence Day, and warfare, psychological operations, and disinformation to “dominate the information landscape” and “reduce the fighting potential of the enemy.”17,18 Russian information warfare manipulates, distorts, destroys, and fabricates information which it then proliferates into the Past Russian press, academia, and social media to control international narratives, foment dissent, and cyberattacks incapacitate an adversary’s decision-making. “ Contrary to Western doctrine on information have been as much warfare, the Russian approach—which harkens back to Soviet methods—is for information about achieving the warfare to be conducted at all times and aims of information against any target, regardless of the state of hostilities.19 warfare through Past Russian cyberattacks have been as influence and much about achieving the aims of information intimidation as warfare through influence and intimidation as they have been about physical destruction. they have been A telling example was the 2015 cyberattack against Ukraine’s electrical grid.20 During this about physical operation, Russian hackers infiltrated the control systems of three Ukrainian power destruction. companies and caused a six-hour blackout that affected an estimated 225,000 customers in the Ivano-Frankivsk, Chernivtsi, and Kyiv 21 Oblasts. Christmas.23 Finally, by tauntingly”