Rustici Previously Served as a Technical Lead, Intrusion Analyst and East Asia Cyber Lead at the Department of Defense
Cyber as a Strategic Capability: How do we get there?
By Ross Rustici
We are watching you
Times, they are a regressing. The opening shot from America in what has been a long-awaited return to the information operations battlefield is tantamount to a Cold War practical joke. The implications the first publicized operation conducted under the new defend forward paradigm is an alarmingly mild rebuke that speaks to the broader subtext of the U.S. military’s planning and capacity in this domain.
During the cold war, the military churned out Russian linguists from the Defense Language Program in Monterey California. Upon graduation, in addition to new assignments and goodbyes, it was common for the individuals of the graduating class to receive greeting cards congratulating them on their successful completion of the program, from the Russian military. This sort of gamesmanship was common during the cold war. Monitoring the military organizations that were aligned against you was the presumed baseline of activity. If the U.S. military has forgotten this history because of fighting non-traditional adversaries for the last three decades, it puts our planning and capabilities at a significant disadvantage.
The Russian military generally operates under the assumption of international scrutiny. The declassified history of American surveillance efforts against the Soviet Union alone would be enough to give any government pause about their ability to operate in a clandestine manner. Combine this with the leaked information regarding allied surveillance through CCTV cameras in the facilities where hacking in 2016 was taking place and the unsealed Mueller indictments, and there is a convincing case to be made that it would be more shocking to the troll farms that they weren’t being watched.
Some argue that the implicit threat of sanctions and indictments will have a tempering effect on Russian information warfare efforts. It is also possible that the combination of direct action and the continued systematic take down of social media bots will blunt this method enough that it forces an evolution in how Russia carries out these types of operations. However, there is a substantial risk that this emboldens the adversary. If the units conducting the information operations know they are being watched and yet still deem their actions as being successful, this turns what was meant to be a deterrent into a demonstration of inept power.
The most effective way to interrupt a covert influence campaign is not by telling those responsible that you know they are doing it, but rather by telling the intended consumer of the propaganda where the data is coming from. If every message the troll farm created was tagged with an “authored by the Russian military” byline, the impact of the operation drops considerably. Also, depending on where the U.S. military has its access by not revealing that access and simply doing data manipulation, it would force the Russians to cycle through assets and reveal more of their capabilities. Assuming that the U.S. military has access to the facilities where the Russians work from, keeping up with the changes would be trivial and incredibly frustrating for the Russians.
Information warfare is about subtly, subterfuge, and aspects of truth. Unlike terrorist networks or counter intelligence, simply showing force and demonstrating knowledge is not enough to deter. In general, information operations work the best when one side is demonstrating overly threatening and outsized military responses. The Military’s first public use of its new-found authorities to defend forward appear to be as ineffectual as the previous regime of active defense. Until Americans remember the power of the narrative and the playbooks run throughout the cold war to great effect, this is a conflict we are bound to be constantly fighting shadows in.
— Stay Tuned for more CYBER MAVEN Columns —
Ross Rustici – A Warrior Maven Columnist and Senior Contributor –
He Currently Serves as Senior Director, Intelligence Services, Cybereason.Cybereason
Ross previously served as Technical Lead – DoD, East Asia Cyber Lead – DoD, and Intrusion Analyst – DoD.
More Weapons and Technology –WARRIOR MAVEN (CLICK HERE“>WARRIOR MAVEN (CLICK HERE)–
