Russia’s Strategy For Information Warfare

Russia recently released its new National Security Strategy, or NSS, a significant official document in which the word “cyber” is conspicuously absent. The omission is not a matter of translation, it’s strategic and this offers a clear signal for Western policymakers about what Russia’s curious word choice reveals about its cyber strategy .

Russia’s goals for digital conflict are much broader than shutting down pipelines and stealing data. Kremlin officials also want to influence the minds and ultimately the behaviour of their adversaries. Indeed, Russian Minister of Defense Sergey Shoigu recently said that “information has become a weapon” while accusing the West of establishing propaganda centers in Eastern Europe.

Instead of the term “cyber security,” (кибербезопасность) the NSS speaks of “information security.” (информационная безопасность) This may seem like a semantic difference, but it is intentional and consequential in the language used by the Kremlin. With a full section in the 2021 NSS devoted to information security, unlike its  2015 predecessor, there is no doubt that the Kremlin is taking the topic very seriously. 

According to Russian military doctrine, information security falls into two complementary categories: 

  • One component is on the technical side. These activities involve operations like shutting down pipelines, stealing data, and surveilling personal devices. Most Americans know this as “cyber security.” 
  • The other element of information security is the much more subtle and downright stealthy. Rather than infrastructure and networks, this psychological side of Russian operations targets the cognitive processes of the adversary’s leaders and population. It focuses on psychological manipulation. 

Russian military strategists Chekinov and Bogdanov said, “In the ongoing revolution in information technologies, information and psychological warfare will largely lay the groundwork for victory.” The chief of staff of the Russian military, Valery Gerasimov, values nonmilitary to military measures as 4 to 1.

Western policymakers need to recognise that one of the Kremlin’s goals include being a cyber superpower. The failure to credibly deter Russia’s information operations will also have detrimental effects on the ability of the US and the West to deter Chinese information operations. 

Its not just about hacking computer systems, Russia  also wants to  disrupt democracy, polarise society and spread doubt and confusion. 

As the Biden administration continues to negotiate with Russia on ending cyber attacks, it is imperative that the US also adopt a holistic approach to information security in which both the Russian technical and cognitive components need to be addressed. Now is the time for a realistic and comprehensive approach to Russian information tactics and capabilities. 

DefenseOne:        AEI:             Industry-Update:       Daily Advent:      Albitross:      Image: Unsplash

You Might Also Read: 

Cyber Warfare Creates Ghosts In Our Machines:

 

« The Cyber Security Market Is Booming
Securing Hybrid Workplaces From Attack »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CircleCI

CircleCI

CircleCI’s platform allows developers to rapidly release code (for web and mobile apps) they trust by automating the build, test, and deploy process.

Centripetal Networks

Centripetal Networks

Centripetal Networks was founded with one vision - to protect networks from advanced threats by simplifying intelligence-driven security.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

Red Canary

Red Canary

Red Canary continuously monitors and analyzes your endpoints, users, and network activity in search of threatening behaviors, patterns, and signatures.

FarrPoint

FarrPoint

FarrPoint is a specialist telecoms consultancy providing a range of services including cyber security assessments and technical assurance to safeguard your data.

V-Key

V-Key

V-Key is a global leader in software based digital security, providing solutions for mobile identity, authentication, authorization, and mobile payments for major banks.

Kivu Consulting

Kivu Consulting

Kivu Consulting combines technical and legal expertise to deliver data breach response, investigative, discovery and forensic solutions worldwide.

Polyrize

Polyrize

The Polyrize continuous authorization platform for SaaS and IaaS stops tomorrow's public cloud cyber threats, today.

Romanian Accreditation Association (RENAR)

Romanian Accreditation Association (RENAR)

RENAR is the national accreditation body for Romania. The directory of members provides details of organisations offering certification services for ISO 27001.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

Onward Security

Onward Security

Onward Security provides security solutions including network & application assessment, product security testing and security consulting services.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

Kaavalan

Kaavalan

Kaavalan was founded with a mission and a vision to protect you against cyber threats in the connected world.

SurePath AI

SurePath AI

SurePath AI is a SaaS platform that governs any GenAI solutions you build, adopt, or buy - even Shadow AI.

Sariya Information Technology

Sariya Information Technology

Sariya Co. Ltd. is a leading provider of value-added digital services and solutions, founded in 2002 in Saudi Arabia as a part of Al Kuhaimi Group.