November 6, 2017

Cyber Threats and Their Consequences: The Examples of Georgia and Ukraine

On Monday November 6 2017, the International Centre for Defence and Security (ICDS) and Estonian Center of Eastern Partnership (ECEAP) hosted a public discussion entitled “Cyber Threats and Their Consequences: The Examples of Georgia and Ukraine” with Scott Borg, Director and Chief Economist, U.S. Cyber Consequences Unit, a research institution that investigates the strategic and economic consequences of cyberattacks.

ECAEP Senior Research Fellow and ICDS Non-Resident Research Fellow, Emmet Tuohy offered welcoming remarks and ICDS Research Fellow Piret Pernik introduced the speaker and moderated the discussion.

Mr. Borg’s remarks began by introducing the concept of strategic cyberattacks – emphasizing that far too often an aggregate picture is obscured in the field dominated by highly technical analysis.

He started with an example focusing on Chinese efforts to acquire business information. At a strategic level, networked actors are directed to collect data that reduces the competitiveness of American business. Other types of strategic cyberattacks include Chinese efforts to control global supply chains, Russian attempts to maintain control over neighbor states and attempts to support politicians who seek to undermine the institutions like the EU and NATO.

In characterizing strategic cyber actions, Mr. Borg offered several characteristics: first, they are typically long in duration; second, they involve a large number of computers; third they bypass traditional business or governmental practices; fourth, they are run by multiple proxies, and fifth, they utilize multiple domains.

Mr. Borg stressed that the types of entities responsible for strategic cyberattacks do not need to be traditional actors, e.g. state-governments; rather they are increasingly coordinated groups of non-state actors and even rogue elements of state-governments. Mr. Borg also addressed variations in the taxonomy of strategic cyber action and common methods of implementation.

In reference to the 2008 Russian-Georgian war, Mr. Borg stated that, while there were clear signs that cyberattacks had been coordinated by a governmental authority, nearly all first cyber instances can be attributed to criminal organizations in Russia. Additionally, he stated that attack toolkits were widely distributed to the Russian public via social media platforms, resulting in even children being able to participate in cyberattacks on Georgia as Russian tanks began to cross the border. The speaker also highlighted how incentives for active or passive participation in strategic cyberattacks were used by Russia during the annexation of Crimea.

In his concluding remarks, Mr. Borg reiterated the need for framing cyber actions within a strategic context and also provided his insights into probable areas of future strategic cyber exploitation.