Information warfare allows Russia to have asymmetric benefits against the Western world
Historically, Russia has been an expansionist power—the state of the Russian Federation following the end of the Cold War in the 1990s is not the norm. Following post-Cold War marginalisation, Russia’s military strategic culture has returned to a position of importance and influence in its political system, and with it the Russian focus on protecting its information space and developing its cyber capabilities. However, Russia’s current strategic competition with the West and its need to seek advantage and to counter anticipated surprise with surprises of its own has led to Russian use of offensive measures under the justification of defensive efforts, which follows Soviet tradition. Russian president Vladimir Putin has increasingly referenced the security of the country’s information domain as a vital priority, with cyber an integral part. These concerns are further highlighted, to a greater or lesser extent, in the 2014 Russian Military Doctrine, the 2015 Russian Federation’s National Security Strategy (NSS), and in the 2016 Information Security Doctrine.
This article will emphasise the argument that the cyber domain has enabled a shift in Russian doctrine—cyber serving as a means to obtain asymmetric advantage that is potentially coupled with armed conflict through the cross-over of different domains. It will explore the so-called Gerasimov Doctrine and then delve into the official aforementioned doctrines.
The “Gerasimov Doctrine”
There has been, and continues to be, a shift and modernisation in Russian doctrine and capabilities, which to a large extent could be attributed to the cyber domain. A good indicator of this shift is the Chief of the General Staff Valeri Gerasimov, who in early 2013 wrote an article and delivered a speech containing what is commonly referred to as the “Gerasimov Doctrine”. The contents were first seen in an article titled “The Value of Science is in the Foresight”1 and later in a speech given to a general meeting of the Academy of Military Sciences. As an overarching concept, Gerasimov stated that, in the 21st century, Russia has witnessed a tendency towards blurring the lines between war and peace and that, in recent conflicts, methods of conducting military operations that cannot be considered purely military have emerged.2 Although not an official doctrine, it serves as an indication of the direction of Russian military thinking. It should be noted that through his article and speech Gerasimov is explaining his view of modern and future war and not proposing a new Russian way of warfare or military doctrine.3 A more recent reference to this concept was made in 2017 in another Gerasimov article titled “A World on the Brink of War”.4
According to his 2013 speech, Gerasimov studied US actions and referenced prior military conflicts, particularly the “colour revolutions”5 of North Africa and the Middle East, to confirm the changing nature of war. He added that the role of non-military means in achieving political and strategic goals had grown, and in many cases exceeded the power of force of weapons in their effectiveness. This element is particularly telling as he recognises that traditional forces are increasingly becoming irrelevant, and that in modern reality Russia must look to non-military instruments.6 This, coupled with asymmetrical actions that have come into widespread use, is enabling the nullification of an enemy’s advantage in armed conflict through the cross-over of different domains. Essentially, long-distance, contactless actions against an enemy through the use of cyber elements7 is being combined with the use of special operations forces, internal opposition and informational action to achieve combat and operational goals.
Indeed, according to a statement by Putin in 2006, Russia’s approaches to conflict “are to be based on intellectual superiority. They will be asymmetrical, and less costly.”8 He then told the defence ministry collegium on 27 February 2013 that the Armed Forces must reach a “new level” of capability within five years due to the “dynamics of the geopolitical situation”, again emphasising the need to develop capabilities.9 An article by Gerasimov in March 2017 reaffirms these elements of warfare in relation to the crisis in Syria and further concludes that the combination of traditional and “hybrid” methods is already a feature of any armed conflict.10 More tellingly, he describes this military shift as something that Western powers have engaged in for some time and that Russia is merely reacting to their “hybrid” approaches. In his 2013 speech, Gerasimov also acknowledged that Russia has lagged in developing these “new” elements of warfare and has a superficial understanding of what asymmetric forms and means are—urging the Academy of Military Science to create a comprehensive theory and conduct research for their development.
Russia’s current 2014 Military Doctrine, signed by Putin on 26 December that year, came amid Russian–Western tensions over Ukraine. It is a revision of Russia’s previous doctrine, published in February 2010, and repeats much of the language from the old one. Although many of the specifics remain the same, the tone of the overall document represents a shift.11 In particular, many of the dangers highlighted in the 2010 doctrine have grown in immediacy in the 2014 version. For example, the 2010 doctrine spoke of NATO’s illegal—as Moscow sees it—intention to develop its capabilities, deploy military infrastructure near Russia’s borders and continue expansion. However, the current doctrine describes these things as actions already happening. Similarly, where the Kremlin previously worried about efforts to destabilise countries and regions, today it is concerned about the reality of destabilisation.12 Another clear difference is a fear of unnamed actors using information warfare and political subversion, as well as potential force, to destabilise and overthrow regimes.
While neither Moscow’s overall goals nor the threats and dangers it faces have drastically changed, it seems the Kremlin has grown more nervous of others looking for ways to harm it, militarily and otherwise, and hence is preparing to grow its capabilities and rally its resources. Through the 2014 Military Doctrine, Russia has also formally merged internal and external threats into one framework that allows it to drive external military actions by both internal political threat perceptions and external military ones.13 These perceived threats to Russian security may justify offensive information operations and the use of information campaigns for influence against the West as a subset to its defence. Unlike previous doctrines, this one refers to other organs within the Russian government (i.e. the interagency community), in addition to players in the defence sector. Although efforts will, as usual, likely be handled in a top-down manner, there are broadly defined roles for the other ministries. Principally, Russian military thought will likely continue to evolve in both theory and practice.14
In late December 2015, Russia signed off its new NSS, listing a broad range of threats. This (current) strategy primarily focuses on Russia’s own development and only tangentially relates to foreign policy and cyber-security, which is referred to as “information security”. This is coupled with a renewed emphasis on traditional values and the need to protect them from foreign influences and reinforce them—seen in part as a way to strengthen national unity. Although broad and not particularly new in content, the strategy highlights the external threat that has intensified since the Ukrainian crisis, and touches on the urgency of being ready for other belligerent action by the West. Like the 2009 NSS, the Russians’ current implementation plans remain ambiguous and their goals lofty. However, this level of vagueness can be assumed to provide them with both flexibility and leverage when explaining their actions to the international community.
In January 2014, there was a draft concept covering Russia’s Cyber Security Strategy.15 This was drafted in close correlation with the NSS and elaborated on possible aggression from outside actors trying to influence Russia’s internal affairs. Compared to the current NSS, it is more technical and internally focused. The draft concept centres on information influence from outside sources and the need to preserve the domestic information space, which promotes Russian values and traditions. “Internet sovereignty”, defined as the ability of the state to have control over its information space, remains a fundamental concept both within Russia and in its position in international forums.16 As of December 2016 and amid Western and former Soviet-sphere countries accusing Moscow of waging informational warfare campaigns, the Kremlin released its new—and, as expected, wide-ranging—Information and Security Doctrine.17 Among the main threats highlighted are the need to counter propaganda, informational-psychological influence by foreign intelligence services and recruitment efforts by terrorist organisations, and to secure computers from cyber-espionage and cyber-crime. Of concern is the call for a system to manage the Russian internet, which was initiated following the protests organised by social media during the parliamentary elections of December 2011. Given that the draft concept and now the 2016 Information Security Doctrine stresses the threat of influence from outside sources and the need to preserve the domestic information space, this justifies measures that could restrict internet freedoms.18 In fact, in ongoing cyber-collaboration between Russia and China that started in 2016, Russia is looking to incorporate elements of China’s Great Firewall into the country’s system of internet filtering and control.19
It is common practice from the Soviet era to look towards the West and seek out activities to justify Russia’s current and proposed activity. In this case, Russia’s assessment of technological inferiority and its lagging behind in the development of these “new” elements of warfare has reinforced perceptions of strategic vulnerability in traditional Russian culture, impacting its approach to war and the need to invest in these capabilities.20 This is seen again in the 2016 Information and Security Doctrine, which calls for efforts to “neutralise informational-psychological activities aimed at disrupting the historical foundations and patriotic traditions associated with the defence of Russia,”21 as means to develop more capabilities, expand control over its citizenry, highlight the Western threat and fuel nationalism among its population. This tactic serves as a method of vindicating and convincing the Russian population of new initiatives and acting on these efforts. Coupled with Gerasimov’s claim of the erosion of the lines between war and peace, the vagueness and broadness of these doctrines allow the flexibility to conduct what may be offensive operations under the justification of defence of Russia’s long-term interest. This was alarmingly witnessed in Estonia in 2007, Georgia in 2008 and Ukraine in 2014, and more recently in Russia’s contested interference in the US presidential elections in 2016.22 As Jüri Luik, former Director of the International Centre for Defence and Security (ICDS), says: “Putin seeks to isolate Russia from democratic ideas. For him offence is the best defence”.23
The cyber domain has enabled a shift in Russian doctrine, both in how Russia perceives threats and in its need to develop its capabilities. Particularly with the threat to its information space, the Russian leadership itself feels the asymmetry of capabilities between Russia and Western actors acutely, and strives to level this by its ongoing shift towards immediacy in its doctrines—stressing the need for a new approach. This new approach allows for the combined use of cyber elements, which are continuously being employed and perfected for strategic influence and gain. Particularly relating to Russia’s current strategic competition with the West, its need to seek advantage and counter anticipated surprise with surprises of its own is most alarming, as this creates space for the potential use of offensive measures under the guise of defensive motives, likely leading to unwelcome escalation.
1 “Ценность Науки В Предвидении | Еженедельник «Военно-Промышленный Курьер»,” accessed 22 April 2016, www.vpk-news.ru/articles/14632.
2 Andrew Futter and Jeffrey Collins, Reassessing the Revolution in Military Affairs: Transformation, Evolution and Lessons Learnt (Springer, 2015).
3 Charles K. Bartles, “Getting Gerasimov Right” (Military Review, February 2016).
4 Valery Gerasimov, “Мир На Гранях Войны | Еженедельник «Военно-Промышленный Курьер»,” 15 March 2017, www.vpk-news.ru/articles/35591.
5 The term “colour revolutions” refers to the bright colours used as symbols of rebellion by protesting groups employing generally non-violent civil disobedience as a means to overthrow a government.
6 “The ‘Gerasimov Doctrine’ and Russian Non-Linear War,” In Moscow’s Shadows, 6 July 2014, inmoscowsshadows.wordpress.com/2014/07/06/the-gera….
7 Types of cyber exploits include: cross-site scripting, denial of service (DoS), distributed denial-of-service (DDoS), logic bombs, phishing, passive wiretapping, Structured Query Language (SQL) injection, Trojan horses, viruses, war driving, worms and Zero-day exploits. Common sources of cyber-security threats include: bot-network operators, criminal groups, hackers, insiders, states, phishers, spammers, spyware or malware authors, and terrorists.
8 Vladimir Putin, “Poslaniye Federal’nomu Sobraniyu Rossiyskoy Federatsii” (Address to the Federal Assembly of the Russian Federation), as transcribed in Krasnaya Zvezda, No. 89, 11 May 2006.
9 Russian Defence Ministry, “Расширенное Заседание Коллегии Министерства Обороны,” Президент России, 27 February 2013, kremlin.ru/events/president/news/17588.
10 Valery Gerasimov, “According to the Experience of Syria”, “Military-Industrial Courier” March 2016, vpk-news.ru/articles/29579.
11 Olga Oliker, “Russia’s New Military Doctrine: Same as the Old Doctrine, Mostly”, RAND Blog, 15 January 2015, accessed 14 April 2016, www.rand.org/blog/2015/01/russias-new-military-doc….
13 Stephen R. Covington, “The Culture of Strategic Thought Behind Russia’s Modern Approaches to Warfare”, Belfer Center for Science and International Affairs, Harvard Kennedy School, October 2016, p. 24, belfercenter.ksg.harvard.edu/publication/26986/cul….
14 Ibid., p. 12.
15 “Cyber Security Strategy Documents”, NATO Cooperative Cyber Defence Centre of Excellence, 16 October 2015, www.ccdcoe.org/strategies-policies.html.
16 Keir Giles, “Russian Cyber Security: Concepts and Current Activity,” presentation to the Royal Institute of International Affairs, Chatham House, London, 6 September 2012. www.chathamhouse.org/events/view/185483#
17 Russian Government, “Указ Президента Российской Федерации От 05.12.2016 № 646,” Президент России, accessed 9 December 2016, kremlin.ru/acts/bank/41460.
18 Russia has already introduced restrictions on internet freedoms: in 2014, legislation was enforced that made it mandatory for internet companies to store Russian users’ personal data on servers in Russia. In November 2016, a Moscow court ruled that LinkedIn was not complying with the country’s data laws, and it was banned.
19 Elias Chachak, “Russia and China Are Making Their Information Security Case,” Cyber DB The Cyber Research Databank, 9 January 2017, cyberdb.co/russia-and-china-are-making-their-infor….
20 Stephen R. Covington, “The Culture of Strategic Thought Behind Russia’s Modern Approaches to Warfare”, Belfer Center for Science and International Affairs, Harvard Kennedy School, p. 22. www.belfercenter.org/sites/default/files/legacy/fi… of Strategic Thought 3.pdf
21 Russian Government, “Указ Президента Российской Федерации От 05.12.2016 № 646.”
22 Kathy Gilsinan and Krishnadev Calamur, “Did Putin Direct Russian Hacking? And Other Big Questions,” The Atlantic, 6 January 2017, www.theatlantic.com/international/archive/2017/01/….
23 Author’s interview with Jüri Luik on Russian military doctrine, 8 April 2017.