he markedly poor performance of Russia’s military in Ukraine prompted endless speculation as to why and how Moscow seemed to get it so wrong. The facts that President Putin appears to have played the decision close to the chest, Russia’s intelligence and security services spun a markedly false tale of inevitable success, years of institutional and endemic corruption, and force structure and design choices made well before the invasion all undoubtedly contributed to the failure of Russian forces to achieve their goals. Equally as important has been Ukraine’s far better-than-expected performance and national will that has been buttressed by sustained Western support—both of which Moscow clearly underestimated.
A question that nonetheless remains largely unanswered is what are the cyber elements of the Russian invasion? At first glance, the much-vaunted Advanced Persistent Threats (APTs) leveraged with great effect against the West seems to be missing from the battlefield. To be sure there are likely reasons for this—it is easier to destroy a target by dropping a 500lb bomb on it than attempting to hack it out of operation. It is also—and indeed more likely the case—that it could well be too early to know what happened prior to and during the conflict. It is also, perhaps, the case that the West’s understanding of Russian information warfare is incomplete and preliminary assessments are likely mirror-images of what the West likely would do in a similar conflict.
Dr. Bilyana Lilly offers a much more nuanced view of Russia’s understanding of information warfare—both in theory and practice—in her new book “Russian Information Warfare: Assault on Democracies in the Cyber Wild West” a copy of which was provided by U.S. Naval Institute Press for review. Lilly’s book makes for a fascinating and indeed timely read. Her contextualization of Russian information warfare as a segment of Russia’s broader approach to contemporary conflict is deeply insightful and a useful correction to much of the West’s misunderstanding of Moscow’s capabilities and intent—the critical elements components of a threat’s manifestation.
Drawing from primary source documents and interviews, Lilly demonstrates how Moscow sees cyber and information operations as integrated into its overall strategic campaign effort, even before a conflict. This, then, manifests itself as a robust campaign to attack an adversary in complex and dynamic ways—often trying one approach, finding it unsuccessful and proceeding down another path. It is interesting to note that Russia’s concerns of adversarial capabilities are often presentations of its own capabilities—mirror-imaging, but this time from Moscow. The West—particularly the United States—understands information operations in a very siloed manner. To be sure doctrinally psychological operations or cyber activities should be integrated, but in practice it is often the case that they are after thoughts to kinetic efforts and segmented from the overall campaign.
“Russian Information Warfare” is a complex and multilayered book that both demands and rewards close reading as the case studies are brimming with detail and nuance. At a macro level, Lilly specifically looks at Russian cyber operations targeting national political infrastructure. She also explores the attendant Russian media coverage of crisis scenarios to determine whether or not a spike in coverage precedes an attack, seeking to identify this as a potential indicator of a forthcoming digital assault. Lilly then applies these models to seven case studies including the 2007 cyber assault against Estonia, operations against the 2016 U.S. presidential election, and efforts to influence the 2017 French presidential election.
Were this the only approach of her book it would have made for interesting reading in and of itself. Yet, where Lilly shines is her creation and use of the CHAOS model as stalking horses for exploring the broader panoply of Moscow’s tools. Her “CHAOS” model—Cyber, Hype, and Associated OperationS—is a novel way to look at how Moscow uses cyber elements of information warfare alongside other tools in its arsenal. This presents a new framework for understanding not just Russia’s actions, but their timing as well. As Lilly outlines and demonstrates, information and cyber operations are far more integrated into Russia’s efforts to destabilize or influence the behavior of other states than in the West’s doctrine.
In Lilly’s assessment, Russia’s cyber operations have only been partially successful in the long-term. While hacks may have been successful in stealing information or denying users certain services, they did not achieve the immediately assessed or inferred goals based on available evidence. To be sure, there are plenty who still assume that Russian hacking or social media campaigns led to the election of Donald Trump, but this is not supported by the available evidence and discounts the genuine support the Republican candidate enjoyed.
It is also likely the case long-term failures were not as negatively impactful as Western analysis may suspect. For Russia, the information operations contributed to the perception that Russia’s intelligence officers, hackers, trolls, and ne’er-do-wells were hiding behind every tree and responsible for every bit of skullduggery across the European continent. In this, the success was simply—albeit counterintuitively—that a failure still serves as a signal. How many operations went undetected? Where else could the Russians be hiding and what else could they be up to?
In the cases presented by Lilly, the information warfare campaigns not surprisingly prompted responses that led to more resilient systems in targeted countries. America’s experience in 2016 provided France a case study on how to prepare for a possible information campaign against Emmanuel Macron in 2017. French political parties created watering holes and dead-ends within their networks to draw would be hackers away from real campaign information. In Germany, also a case study Lilly explores, parties reached an agreement not to use leaked information in their campaign.
It is interesting to reflect, as Lilly does, that Russia seemed far more aggressive in its near-abroad, for example targeting Estonia, with denial of service attacks or operations designed to affect “accessibility” in the “CIA triad” of information security. By contrast, its efforts against Europe and the United States were more restrained—restricted to “confidentiality” attacks, or breaching networks and leaking information. In Lilly’s case studies, there did not appear to be any “integrity” hacks, which would compromise the validity or trustworthiness of stored information.
It is worth noting that “Russian Information Warfare” very much reads as a doctoral dissertation with the attendant explanations of models, variables, hypotheses, and evidence. This is both a strength and a drawback. In the case of the latter, the systematized approach can, at times, make for very dense reading—especially in the methodology section. Here again, close reading and due attention to the models she presents are well rewarded, but one suspects that it may limit the readership when it should be widely read. When Lilly proceeds with her narrative and analysis, it is a supremely fluid and compelling reading.
This drawback is offset by the fact that this systemized approach provides a solid structural approach to evaluating that which is known about Russian information warfare as well as what is unknown or merely speculated. This is a critical strength. In an environment that is dominated by hyperbole, admitting what is known, unknown, or something else entirely is vital to establishing a solid policy foundation. Lilly does something surprisingly rare (and certainly welcome) in many books on Russian political warfare and information operations—she admits when she does not know something or when the evidence does not support a supposition.
Rather than craft a forest in which a Russian SVR or GRU officer is hiding behind every tree, she carefully trims back the overgrowth of myths surrounding Russia’s information warfare campaign, allowing readers and policymakers alike to see both the trees and the forest.
a global affairs media network
Russian Black Hats in the Wild
Photo by Markus Spiske via Unsplash.
September 17, 2022
The West’s understanding of Russian information warfare is incomplete. In his review of Dr. Bilyana Lilly’s “Russian Information Warfare,” Joshua Huminski explores how Lilly offers a much more nuanced view of Russia’s cyber operations.
T
he markedly poor performance of Russia’s military in Ukraine prompted endless speculation as to why and how Moscow seemed to get it so wrong. The facts that President Putin appears to have played the decision close to the chest, Russia’s intelligence and security services spun a markedly false tale of inevitable success, years of institutional and endemic corruption, and force structure and design choices made well before the invasion all undoubtedly contributed to the failure of Russian forces to achieve their goals. Equally as important has been Ukraine’s far better-than-expected performance and national will that has been buttressed by sustained Western support—both of which Moscow clearly underestimated.
A question that nonetheless remains largely unanswered is what are the cyber elements of the Russian invasion? At first glance, the much-vaunted Advanced Persistent Threats (APTs) leveraged with great effect against the West seems to be missing from the battlefield. To be sure there are likely reasons for this—it is easier to destroy a target by dropping a 500lb bomb on it than attempting to hack it out of operation. It is also—and indeed more likely the case—that it could well be too early to know what happened prior to and during the conflict. It is also, perhaps, the case that the West’s understanding of Russian information warfare is incomplete and preliminary assessments are likely mirror-images of what the West likely would do in a similar conflict.
Dr. Bilyana Lilly offers a much more nuanced view of Russia’s understanding of information warfare—both in theory and practice—in her new book “Russian Information Warfare: Assault on Democracies in the Cyber Wild West” a copy of which was provided by U.S. Naval Institute Press for review. Lilly’s book makes for a fascinating and indeed timely read. Her contextualization of Russian information warfare as a segment of Russia’s broader approach to contemporary conflict is deeply insightful and a useful correction to much of the West’s misunderstanding of Moscow’s capabilities and intent—the critical elements components of a threat’s manifestation.
Drawing from primary source documents and interviews, Lilly demonstrates how Moscow sees cyber and information operations as integrated into its overall strategic campaign effort, even before a conflict. This, then, manifests itself as a robust campaign to attack an adversary in complex and dynamic ways—often trying one approach, finding it unsuccessful and proceeding down another path. It is interesting to note that Russia’s concerns of adversarial capabilities are often presentations of its own capabilities—mirror-imaging, but this time from Moscow. The West—particularly the United States—understands information operations in a very siloed manner. To be sure doctrinally psychological operations or cyber activities should be integrated, but in practice it is often the case that they are after thoughts to kinetic efforts and segmented from the overall campaign.
“Russian Information Warfare” is a complex and multilayered book that both demands and rewards close reading as the case studies are brimming with detail and nuance. At a macro level, Lilly specifically looks at Russian cyber operations targeting national political infrastructure. She also explores the attendant Russian media coverage of crisis scenarios to determine whether or not a spike in coverage precedes an attack, seeking to identify this as a potential indicator of a forthcoming digital assault. Lilly then applies these models to seven case studies including the 2007 cyber assault against Estonia, operations against the 2016 U.S. presidential election, and efforts to influence the 2017 French presidential election.
Were this the only approach of her book it would have made for interesting reading in and of itself. Yet, where Lilly shines is her creation and use of the CHAOS model as stalking horses for exploring the broader panoply of Moscow’s tools. Her “CHAOS” model—Cyber, Hype, and Associated OperationS—is a novel way to look at how Moscow uses cyber elements of information warfare alongside other tools in its arsenal. This presents a new framework for understanding not just Russia’s actions, but their timing as well. As Lilly outlines and demonstrates, information and cyber operations are far more integrated into Russia’s efforts to destabilize or influence the behavior of other states than in the West’s doctrine.
In Lilly’s assessment, Russia’s cyber operations have only been partially successful in the long-term. While hacks may have been successful in stealing information or denying users certain services, they did not achieve the immediately assessed or inferred goals based on available evidence. To be sure, there are plenty who still assume that Russian hacking or social media campaigns led to the election of Donald Trump, but this is not supported by the available evidence and discounts the genuine support the Republican candidate enjoyed.
It is also likely the case long-term failures were not as negatively impactful as Western analysis may suspect. For Russia, the information operations contributed to the perception that Russia’s intelligence officers, hackers, trolls, and ne’er-do-wells were hiding behind every tree and responsible for every bit of skullduggery across the European continent. In this, the success was simply—albeit counterintuitively—that a failure still serves as a signal. How many operations went undetected? Where else could the Russians be hiding and what else could they be up to?
In the cases presented by Lilly, the information warfare campaigns not surprisingly prompted responses that led to more resilient systems in targeted countries. America’s experience in 2016 provided France a case study on how to prepare for a possible information campaign against Emmanuel Macron in 2017. French political parties created watering holes and dead-ends within their networks to draw would be hackers away from real campaign information. In Germany, also a case study Lilly explores, parties reached an agreement not to use leaked information in their campaign.
It is interesting to reflect, as Lilly does, that Russia seemed far more aggressive in its near-abroad, for example targeting Estonia, with denial of service attacks or operations designed to affect “accessibility” in the “CIA triad” of information security. By contrast, its efforts against Europe and the United States were more restrained—restricted to “confidentiality” attacks, or breaching networks and leaking information. In Lilly’s case studies, there did not appear to be any “integrity” hacks, which would compromise the validity or trustworthiness of stored information.
It is worth noting that “Russian Information Warfare” very much reads as a doctoral dissertation with the attendant explanations of models, variables, hypotheses, and evidence. This is both a strength and a drawback. In the case of the latter, the systematized approach can, at times, make for very dense reading—especially in the methodology section. Here again, close reading and due attention to the models she presents are well rewarded, but one suspects that it may limit the readership when it should be widely read. When Lilly proceeds with her narrative and analysis, it is a supremely fluid and compelling reading.
This drawback is offset by the fact that this systemized approach provides a solid structural approach to evaluating that which is known about Russian information warfare as well as what is unknown or merely speculated. This is a critical strength. In an environment that is dominated by hyperbole, admitting what is known, unknown, or something else entirely is vital to establishing a solid policy foundation. Lilly does something surprisingly rare (and certainly welcome) in many books on Russian political warfare and information operations—she admits when she does not know something or when the evidence does not support a supposition.
Rather than craft a forest in which a Russian SVR or GRU officer is hiding behind every tree, she carefully trims back the overgrowth of myths surrounding Russia’s information warfare campaign, allowing readers and policymakers alike to see both the trees and the forest.