PUTIN’S CYBERWAR Taken together, these developments suggest that the West – and the UK in particular – is moving in the right direction in combatting the threat posed by Russia’s cyberwarfare. Nevertheless, more could be done. 7. Conclusions and Policy Recommendations Russia is not alone in using cyberwarfare against the West. In China in 2013, the now infamous Unit 61398 of the People’s Liberation Army – more formally known as the General Staff Department, Third Department, Second Bureau – was discovered to have been running an almost constant cyber-offensive against Western companies and governments for seven years, from a 12- 59 storey building in Shanghai. Hackers in North Korea, meanwhile, were responsible for an attack on Sony Pictures in late 2014, in which its systems were crippled and terabytes of data were leaked online. Russia poses a specific threat, however, as it is the only country to date to have combined cyberwarfare with conventional warfare. And it has done so twice in the last decade – in Georgia in 2008, and in Ukraine since 2014 – with some success. Given recent events in Eastern Europe and Middle East, there can be little question about the aggressiveness of Russia’s foreign policy. And cyberwarfare is increasingly playing a greater role in this. Faced with such a situation, the West needs to develop more effective ways to deal with Russia’s cyberwarfare.60 In an ideal world, these would be tools that reduce the threat facing Western capitals and maximise the cost to Moscow. There are a number of policy recommendations that arise from the findings of this paper: x Zero tolerance for cyberattacks. Deterrence in cyberwarfare is more uncertain than, say, in nuclear strategy. There is no ‘mutually-assured destruction’, the dividing line between peace and war is blurred, and identifying those conducting the war, let alone whom they report to, is difficult. Nevertheless, where there is evidence that individuals or countries are behind cyberattacks, they should feel the full force of the law. After the Kremlin-orchestrated murder of Alexander Litvinenko, Britain expelled Russian diplomats, limited visas for Russian officials, and stopped intelligence sharing and police cooperation. After Russia hacked US banks in 2014, Washington did nothing but call for investigations and 61 encourage financial institutions to take cybersecurity more seriously. If there were zero tolerance for Russia’s cyberattacks, this would not only send a political message – the Kremlin currently sees the West as being rather ‘soft’ – but would also deliver a blow to these activities. x Adopt an integrated approach to cybersecurity. While the concept of cyberwarfare appears to be well understood by Western governments, the various aspects of what constitutes ‘cyberwarfare’ are not being address together. In the US, for example, the head of country’s 59 Jourdan, A., ‘China–U.S. cyber spying row turns spotlight back on shadowy Unit 61398’, Reuters, 20 May 2014, available at: http://www.reuters.com/article/us-cybercrime-usa-china-unit-idUSBREA4J08M20140520, last visited: 6 May 2016. 60 Galeotti, M., ‘Who Needs Assassins When You’ve Got Hackers?’, The New York Times, 22 January 2016, available at: http://www.nytimes.com/2016/01/23/opinion/who-needs-assassins-when-youve-got-hackers.html, last visited: 6 May 2016. 61 Riley, M. and Jordan Robertson, ‘FBI Said to Examine Whether Russia Tied to JPMorgan Hacking’, Bloomberg, 27 August 2014, available at: http://www.bloomberg.com/news/articles/2014-08-27/fbi-said-to-be-probing-whether-russia-tied-to-jpmorgan-hacking, last visited: 6 May 2016. 13
Putin's Cyberwar Page 15 Page 17