Author: Wiktor Sędkowski
In the past two decades, Russia has introduced major updates to its military and political doctrines on cyber operations as an addition to traditional intelligence and warlike campaigns. In a new military doctrine published on December 26, 2014, thus six months after war broke out in Donbas Russia systematized the notion of a hybrid war, claiming it is permissible to carry out information warfare campaigns to defend both the country and its allies .
Importantly, Russia does not recognize cyber space as a domain of operations, unlike the North Atlantic Alliance that puts it alongside the traditional domains of air, land, and sea. Instead of “cyber space,” Russian agencies refer to what they name as “information space,” while their ability to navigate there serves as a tool for conducting information warfare campaigns (including intelligence, counterintelligence, disinformation, and propaganda efforts), carrying out electronic warfare missions, disrupting communication, exerting psychological pressure, and compromising information resources of the adversary .
In Russia’s Information Security Doctrine, the prioritized goals can be divided into four main areas :
- to protect critical information infrastructure;
- to reduce the country’s dependence on imported technologies, including hardware and software;
- to control content;
- to promote its view of information security internationally.
Although the doctrine defines these areas to counter threats, there is enough evidence to believe that Russia is involved in offensive missions, too. The most obvious example is the increased incidence of cyber operations attributed to Russia  since 2014 when it launched a military campaign in Ukraine. The country has turned into a cyber test bed for the Kremlin while Russian-affiliated hackers have carried out a slew of successful operations, including attacks on critical energy infrastructure and meddling in Ukrainian elections. The malware—NotPetya–provided access to the computers of utility companies, banks, airports, and government agencies in Ukraine, incurring economic damages worth billions of dollars. “The NotPetya attack was the most damaging attack in history, of a scale and cost that would far exceed a missile fired from the Donbas into Kyiv,” according to U.S. Navy cyber security specialist .
Hackers have also targeted NATO’s eastern flank, notably the Baltic countries. In their reports, local special agencies place in the spotlight Moscow’s hybrid actions against the Baltic nations as being “part of a broader security and foreign strategy.” They all define the target of such operations:
- to impede NATO’s expansion toward Russia’s borders;
- to disintegrate the European Union and bring to the fore chasms between individual bloc members;
- to promote international cooperation between Russia and EU states, based on bilateral ties, and not collegial supranational bodies;
- to build Russia’s image of a “besieged fortress” among European societies by igniting Russophobic moods. 
But it is not just the Baltic states that have fallen victim to malware campaigns. In 2017, Foreign Minister Lubomir Zaoralek of the Czech Republic said that his emails and those of dozens of other ministry officials had been hacked. He added the hack had been performed by a foreign-based intelligence agency that breached an external communication system to collect open data. A private email account of a Czech minister was also compromised. A report by the Czech spy agency, or BIS, concluded that the attacks had been orchestrated by the Kremlin . Nonetheless, it said that the cyber attacks were part of the most serious wave of cyberespionage. More than 150 email accounts were hacked in an attack by the Russian state that began in early 2016 and was not discovered until 2017.
A similar incident happened in Poland a few months ago. In late June, Stanisław Żaryn, spokesman for the head of the country’s security services, informed about what the Internal Security Agency and the Military Counterintelligence Service managed to find. According to their report, “the list of targets of the social engineering attack conducted by the hacker group UNC1151 included at least 4,350 email addresses belonging to Polish citizens or operating on Polish email services.” Poland says it has evidence that shows a link between the aggressors and Russian special agencies. The emails–which also belong to the accounts of the prime minister’s top aide Michał Dworczyk and former interior minister Joachim Brudziński–were leaked to the public.
Earlier in 2020, a cyber attack was reported on the website of the War Studies Institute in Warsaw, a defense academy that trains Polish military leaders, to sow chaos and damage Polish relations with the United States and NATO. A forged letter in the name of the school’s rector, Polish Brigadier General Ryszard Parafianowicz, was put there, calling in question the U.S.-Poland military alliance and slandering the U.S. Army. Poland blamed Russia for the compromise while Żaryn said that Polish authorities believed the purpose of the attacks was to undermine the country’s defense agenda and damage the reputation of Polish senior army officers.
Countries in Eastern Europe were also exposed to the SolarWinds attack in 2020. Although it was devised to target the United States, the attackers compromised institutions and businesses across the globe. The major network breach affected both private companies and U.S. government agencies, including the Pentagon, Homeland Security Department, State Department, and Energy Department, the last of them in charge of the U.S. nuclear arsenal. The White House said that Russia’s foreign intelligence service, known as the SVR, was responsible for the compromise. The hack exposed an unprecedented level of technical development. The amount of data stolen and damage to national security is yet challenging to estimate to this day .
Russia is now advancing its capabilities and methods so NATO countries are ready to shield themselves against more technologically advanced threats and elaborated strategies. Thus the military bloc should boost pressure on the governments of its member states to create a secure digital environment, which it has been doing for some time now. The Alliance has added to its list of priorities the joint effort to devise mechanisms to protect citizens and digital infrastructure. Another step that could offer tangible results is to apply adequate deterrence mechanisms and no plan to counteract cyber attacks runs a huge risk of their escalation. One idea the bloc has is to respond to cyber attacks with tougher political measures that include economic sanctions, among others. Any state ready to target the cyber space of a NATO member should be aware of the tit-for-tat. Nonetheless, for attacks hitting citizens, their health and life (such as compromising utility services or targeting hospitals), all NATO states need to deliver a firm response while the attacker should bear in mind the bloc’s defense strategy along with its full-fledged potential. A. Madej, P. Świeżak, Informacja na temat doktryny wojennej Federacji Rosyjskiej, 2015, Bezpieczeństwo Narodowe III/2015.  A. Kozłowski, Cyberwojownicy Kremla, 2014, http://geopolityka.org/analizy/andrzej-kozlowski-cyberwojownicy-kremla/, Accessed: August 14, 2021.  Decree of the President of the Russian Federation, 2016, http://static.kremlin.ru/media/acts/files/0001201612060002.pdf, Accessed: August 14, 2021.  Intelligence and Security Committee of Parliament, Russia Report, 2020, https://isc.independent.gov.uk/wp-content/uploads/2021/03/CCS207_CCS0221966010-001_Russia-Report-v02-Web_Accessible.pdf, Accessed: August 14, 2021.  L. Cerulus, How Ukraine became a test bed for cyberweaponry, 2019 https://www.politico.eu/article/ukraine-cyber-war-frontline-russia-malware-attacks/, Accessed: August 14, 2021.  B. Fraszka, Państwa bałtyckie a rosyjskie zagrożenia hybrydowe, 2020, https://warsawinstitute.org/wp-content/uploads/2020/10/BALTIC-STATES-VERSUS-RUSSIAN-HYBRID-THREATS-Bartosz-Fraszka.pdf, Accessed: August 16, 2021.  https://www.rferl.org/a/czech-spy-agency-blames-russia-for-cyberattacks-on-foreign-ministry-diplomats/29634882.html, Accessed: August 16, 2021.  https://www.rollcall.com/2021/01/11/cleaning-up-solarwinds-hack-may-cost-as-much-as-100-billion/, Accessed: August 16, 2021.