edited by Ranissa Adityavarman
This past August, Swedish defense officials found themselves overrun with public concern over a potential Swedish membership bid to the North Atlantic Treaty Organization (NATO). Interestingly, the vast majority of public concern was grounded in completely untrue speculations: ranging from the immunity of NATO soldiers to be prosecuted under Swedish law to secret stockpiles of NATO nuclear weapons on Swedish land and the ability of the organization to launch attacks from Sweden without the host-nation’s consent. As government officials campaigned to counter this disinformation, defense and security officials reached a consensus that blame for the alarming claims rested with a complex network of Russian-sponsored news organizations and cyber-related information capabilities.
Building on a legacy of propaganda and information warfare, Russia has displayed a unique ability to selectively obscure truth, seed doubt, and spread disinformation on a global scale. With Russia’s gaze set on the United States as a rival in an increasingly multipolar world, the United States has already felt the impact of these types of information operations (IO) through the hacking and selective releasing of emails relating to Hillary Clinton and the Democratic National Committee. These information warfare operations have sown considerable contention in U.S. domestic matters, leading to an air of haziness, suspicion, and distrust with the U.S. election process—in effect damaging one of the United States’ most important institutions from the inside out. The United States needs a serious reevaluation of its capabilities and policies relating to IO.
In publically available Russian military and national security doctrine, IO is characterized by two terms. The first is “maskirovka,” or military deception. The second is “dezinformatsiya,” meaning disinformation, manifested by the manipulation of information in such a manner as to obscure the truth and to advance foreign policy objectives. These policies have inspired new actions that constitute a new dimension of information warfare, taking classic propaganda (like the film propaganda of the Cold War) to more sophisticated and pervasive levels.
What is threatening here is not that Russia is conducting operations of this kind—the United States itself has a long history of covert international operations. Rather, the threat rests in the aftermath of Russian IO when the lack of a clear and direct U.S. response creates a power imbalance that erodes U.S. national security and emboldens more aggressive Russian foreign policy pursuits. In the aftermath of a high profile IO intrusion, an overt U.S. response is critical to develop deterrence and maintain global norms on information security. Cyber warfare and IO like those carried out by Russia during the run-up to the U.S. presidential elections embody a type of warfare that is just beginning to be meaningfully understood in terms of addressing vulnerabilities and developing the hard-skill capabilities to respond. Given the United States’ vulnerabilities in cyber infrastructure networks, officials should make these intrusions a priority.
Russia is in the midst of an effort to revamp and upgrade its military, but a stagnant economy is severely dampening Putin’s efforts to drive this modernization. As a result, IO presents an attractive accompaniment to Russian attempts to build up their military. Following the annexation of Crimea, Putin commented that Russia would not withstand what he views as continued international encroachments on Russia’s ability to carry out its foreign policy, stating: “If you press the spring it will release at some point. That is something you should remember.”
Recent Russian statements on the potential of re-opening military bases in Cuba and Vietnam, Russian withdrawal in October from a joint-U.S. plutonium disposal agreement, and the recent heavily increased presence of Russian naval vessels in the Baltics set the stage for continued Russian IO. These IO are meant to be a means to make up for traditional military strength as Russia’s military undergoes this massive, yet currently struggling, modernization effort.
In fact, in a Presidential Decree on national security signed December 31, 2015, Putin explicitly referenced the role of information in opposing U.S.-led world dominance and the use of “informational pressure” to advance Russian security objectives, both domestic and foreign. This context sets the scene for increasingly aggressive Russian IO campaigns, especially as U.S.-Russian relations potentially continue to deteriorate. However, in the wake of international coverage this week on Russian nuclear drills and new nuclear devices, there is a lack of attention on U.S. options when it comes to information security and ability to resist Russia’s increasingly large-scaled and impactful IO attacks. Russian nuclear developments are concerning, although the U.S. maintains a military and nuclear capability advantage over Russia. Still, the important discussion surrounding the strategic, comparative disadvantage for the United States is IO policy and capabilities, is ironically flying under the radar.
U.S. policy on the subject of IO is present, but lacking clarity. Primarily referenced and defined in several joint publications (guidance and principles on common objectives approved by the Chairman of the Joint Chiefs of Staff) and Department of Defense directives, U.S. IO is defined as “the integrated employment during military operations of information-related capabilities (IRCs), in concert with other lines of operation, to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.” Further documentation from the Department of Defense’s cyber strategy and U.S. Cyber Command elaborate on this definition to create a largely defensive doctrinal picture. This is in stark contrast with the more offensively oriented Russian policy.
Again, publically available doctrine does not clue one into the classified procedures that lie at the heart of this issue. The disparity in stance between the unclassified information here from Russia and the United States creates an offense-defense balance that is not in the U.S.’ favor. A means of more forcefully deterring Russian IO is in high demand.
Further documents, including the Joint Publication 3-13 “Information Operations,” are consistent in their mandate that IO should be conducted in accordance with military operations. While Vice President Biden stated in mid-October that the United States would hit back against Russia’s DNC intrusions and information warfare campaign, his phrasing implied the U.S. response would be covert. Without a timely and proportional response that is explicitly billed as retort to Russian IO infringements, no clear message is conveyed to Russia (or other actors interested in carrying out similar IO attacks) about U.S. resolve on the subject. The United States needs a clear standard of zero tolerance and immediate concrete response, not vague statements and remote threats.
Continually being on the defensive without any determent capability in these encounters (or similarly, appearing to be on the defensive by keeping all information operations classified) creates a dynamic that is unlikely to prevent further actions from an increasingly confident Russia. Individuals as high up as the Executive Director of U.S. Cyber Command have advocated for just the kind of more public approach advocated above. Additionally, given the nature of IO effective states the targeting of their civilians, classified responses do little to increase awareness of the foreign interference of these operations or reduce any damage that has already been done.
To alleviate these concerns, U.S. policy revisions should embody both deterrence and defensive aspects. As a blend of these two dynamics, current unclassified IO and cyber doctrine should be updated and publicized to authorize in-kind responses to any documented instances of foreign interference. Importantly, the United States should respond to the Russian DNC hacks and issue statements after-the-fact clearly establishing a precedent of firm U.S. response to information-based transgressions. Additionally, the U.S. government should establish frameworks for economic sanctions or other diplomatic penalties to be enacted as a guaranteed response, with or without additional in-kind measures. Policy of this kind would establish clear penalties while allowing the United States the flexibility to respond more aggressively if necessary. Overall, if the United States wishes to have the same kind of command in the cyber-information realm that it does with its conventional military forces, there needs to be clarifications and additions to current policy.
As the United States enters into operations under a Trump administration, clear standards for U.S. response to IO infringements from Russia are even more pressing. With the president-elect’s more lenient attitude towards Russian foreign policy objectives, all signs point to an emboldening of Russian ambition. With Trump’s stated goals of reducing the U.S.’ role in NATO and military commitments worldwide, Russia likely sees an opportunity to increasingly project power through IO, both at the expense of the United States and our global partners. The United States must enact clear and direct policy options, either in the remaining time of the Obama administration or through a tempering of president-elect Trump’s attitudes, to counter this concerning trend.