Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.
One of the great open secrets of the cybersecurity domain is how much mischief is done by Russia and its government-sponsored hackers. Countering Russian cyber activity takes a lot of effort on the part of the U.S. government and U.S. companies. The Federal Drive with Tom Temin spoke with someone who has studied Russia’s cyberwar activities in detail and says the more you know about Russia’s motivations, the better you can counteract it. Nate Beach-Westmoreland is head of strategic cyber threat intelligence at Booz Allen Hamilton.
Tom Temin: Mr. Beach-Westmoreland, good to have you on.
Nate Beach-Westmoreland: Hi, Tom, nice to meet you.
Tom Temin: Tell us the object of the study, and what was your methodology and trying to learn what’s in the minds of Russian hackers?
Nate Beach-Westmoreland: So the study basically starts with the concept that we knew that Russia’s military intelligence agency, GRU, is a government agency, and government agencies have a mission, and they have sort of a vision of how they do things. So it was a matter of determining has the Russia’s military intelligence agency put out something that says, this is our mission and how we’re going to do things. We identified that in a public document called the Russian military doctrine, and then use that as a lens through which we could look at 15 years of Russian cyber operations.
Tom Temin: And that’s one of the biggest surprises of all is that it’s not even a secret that they just as we publish a military doctrine in the Quadrennial Defense Review, and so on, publicly for anyone to read. I was really surprised to learn that Russia doesn’t make any bones about what their plans and aims and strategies are militarily.
Nate Beach-Westmoreland: Oh, yeah, that’s really important from a military standpoint, that you want to reduce the amount of uncertainty entered in international relations. So it’s at least on a high level, it’s important that other countries understand what are your intentions. And how are you going to act in the world. So there just isn’t surprise, at least in the big picture.
Tom Temin: The idea is, if people know exactly what we can do, and what will do, the potential enemies won’t try anything.
Nate Beach-Westmoreland: Precisely. You want to communicate, what are your red lines, and what sort of costs you may impose upon someone if they crossed those red lines.
Tom Temin: We’ve seen Russia impose costs on Crimea, and I guess it’s been happening to some degree in the whole Ukraine situation. And, frankly, in the United States, even though we’re not, you know, at war or in threat of invasion by Russia, or vice versa. So tell us more of what you learned by connecting activities with this published doctrine.
Nate Beach-Westmoreland: So the doctrine at a very high level explains what is the GRU’s mission. It is to track national security challenges and where necessary to mitigate them. Those national security challenges are enumerated as a bunch of conditions that may create a conflict such as the expansion of NATO, the establishment of hostile states near Russia, undermining of Russia’s historical values. And then it talks about sort of circumstances that may lead directly to a conflict, deterioration of interstate relations and so forth. So a problem exists and the GRU therefore has to respond to it. It needs to at a minimum track that situation, and if it rises to the occasion, respond to it.
Tom Temin: All right, given the activity that has been say, directed at the United States, it doesn’t seem like the United States meets any of those criteria for action. And yet there has been hacking directed this way sourced in Russia.
Nate Beach-Westmoreland: Well, with the United States, the sorts of attacks that we’ve seen have not been, say, turning off the lights in the United States. What it’s been has, we’ve seen, for example, in the political arena, we had the 2016 election, which was actually a very similar situation, what happened in France in their 2017 election where there was a candidate that Russia perceived as being perhaps incompatible with its worldview. And therefore there was a need to mitigate that threat, even if not by say, changing the election outcome, but say, weakening the credibility of that candidate.
Tom Temin: And so now that we have a little bit more of a potential situation with Russia going on now, and we have troops moving, again, not next to Russia, but kind of one country offset. But it’s clear to them and it’s overtly stated by us that there will be consequences to whatever actions they decide to take in Ukraine. So what can we expect based on this analysis? What might Russia’s likely response be to the United States, let’s say?
Nate Beach-Westmoreland: Yeah, so it really I think will depend on the precise nature of the U.S. response to whatever may unfold in Ukraine in the coming weeks or months. So for example, if there were sanctions to appear, based on what we’ve seen in Russia, it would be sort of a tit for tat sort of situation most likely, where Ukraine breached an energy deal with Russia, and therefore Russia came after the energy and financial sectors of Ukraine.
Tom Temin: We’re speaking with Nate Beach-Westmoreland. He’s head of strategic cyber threat intelligence at Booz Allen Hamilton. In the case of the United States, we have a cyber command. And they’re kind of cagey about what offensive capabilities they have or the doctrine under which they would use them. And they talk about their defenses. It sounds like Russia is more overt about using cyber as a non-lethal type of offensive part of their arsenal. Fair way to put it?
Nate Beach-Westmoreland: Yes, the Russians have published doctrine going back 20 years, if not doctrine, always, but at least strategic writings talking about what is the importance of cyber and information operations more generally to national security. So in Russia for the past 20 years, they’ve talked about cyber as being part of an information confrontation. The control of the information environment, where, in the United States, we totally talk about will Russia do something in cyber, will there be a cyber attack? It’s often in the sense of turning off the lights. But that’s much more of a tactical measure, whereas Russia, at least in its strategy is more concerned about how does it impact the information environment, the psychological environment.
Tom Temin: Right, so the information environment to them is more than the cyber digital information technology systems, but what they can produce in terms of maybe fear and anxiety in the target population.
Nate Beach-Westmoreland: Creating that sort of situation, but also simply creating an information environment more conducive to Russian interests. So that would be like we’re talking about the election examples, it’s the decreasing confidence in democratic systems, decreasing the legitimacy of elections, makes it harder for those heads of state to say mount a unified response to a Russian national security policy.
Tom Temin: And you outlined several conditions, several case studies, rather, of actual events in the world, and tied them with cyber. So it’s fair to say, for example, when Montenegro joined NATO in 2016, 2017, airstrikes against ISIL in 2014, back then, here’s Poland seeks local construction of new foreign led military bases, again, 14 through 18 time period, these were all accompanied by cyber activities from Russia in reaction.
Nate Beach-Westmoreland: Yes, absolutely. There’s a great degree of reactionary nature to Russian cyber operations. We have this great quote in our report where Vladimir Putin says to a group of onlookers, and this is what I can say about the attack of words, the about cyber attacks or the war of words in the press and other issues. Action always causes reaction, always. And so, so many of these operations that we see are highly reactionary, they may be set up in advance, but actually pulling the trigger waits for some precipitating event.
Tom Temin: Sounds like they’re better chess players than maybe some of the other Western nations, including us.
Nate Beach-Westmoreland: Well, who knows? What the, you know, being able to see what’s actually going on on the U.S. side. As you know, of course, I just track what’s going on in Russia.
Tom Temin: Right. Would it be fair to say, though, that the ability to counter what Russia does in cyberspace is more than just a function of our cyber operators. But it really takes intelligence and policy in the whole of government to counteract this.
Nate Beach-Westmoreland: Absolutely. It’s a much more holistic threat that we are facing, I suppose you could call it that. And so therefore, you need a much more holistic response to that threat.
Tom Temin: Interesting report. Nate Beach-Westmoreland is head of strategic cyber threat intelligence at Booz Allen Hamilton. Thanks so much for joining me.