Russian funded APT Groups to Unleash Hell in 2021
Russia has become adept at using cyberattacks and digital-media manipulation to influence events in other countries. We know there was Russian digital interference in the 2016 US general election and the 2017 presidential election in France: both involved fake social-media accounts and “hack-and-leak” operations to steal emails.
The UK government has not investigated whether, as must be probable, Russia had also been using its tools of covert subversion during the Scottish independence and Brexit referenda, but it has said that it is almost certain that Russian actors sought to interfere in the 2019 general election through the online dissemination of illicitly acquired government documents, thought to relate to US/UK trade negotiations.
So far, the Kremlin seems to have come out of these actions unscathed, but in 2021 all that is likely to change. Behind the scenes, the US, UK and other Nato allies have been quietly regrouping in the face of Russian provocations and acquiring the means to defend themselves and democracy in cyberspace.
The UK government has revealed that it is developing cyber weapons, and has successfully used offensive cyber techniques against the online propagandists of Isis. Joe Biden has said that, when he was vice president, he favoured developing cyber weapons, under the control of the US military’s Cyber Command, the NSA and, in some circumstances, the CIA. During his presidential campaign, Biden said that as president he would not hesitate to impose substantial and lasting costs, leveraging all appropriate instruments of national power including cyber responses, if the Kremlin does not halt its efforts to interfere in US democracy.
The allied objective will be deterrence by denial, raising the costs to the Russian attackers (including identifying the culprits by name) and reducing the value of expected gains. In 2021, we will have active cyber defences of government networks and those of critical national infrastructure to identify hostile penetration attempts. Work by major social-media platforms will enable illegal content and bogus accounts to be identified faster and taken down. The public will also be better informed about foreign interference. The task of the attackers will be complicated by the need to defend their own systems from counter-attacks and being fed cyber “poison pills”.
Russian attacks that cause collateral damage, as they did to the tune of more than $10 billion to global industrial corporations during the 2017 NotPetya attack on Ukraine (the most destructive and costly cyber attack in history) will also not go unpunished. Skirmishes in cyberspace will intensify in 2021 with pre-planned ambushes on the side of the attackers.
The hope must be that rather than protesting and admitting that their much-vaunted abilities in cyberspace are being countered, the Kremlin may tell its hacker communities to reduce their activities. But, if the Russian response is instead to escalate, what currently goes on in cyberspace in 2021 will not stay there.
Vladimir Putin must know, for example, that what would hurt would be using western digital and human intelligence to expose his links to Russia’s oligarchs and reveal financial holdings overseas. That really would be a counter-attack with a difference.
-BY David Omand is visiting professor at King’s College London, and a former UK Security and Intelligence Co-ordinator and director of GCHQ