As we enter the full rigor of Presidential debate and election season in the United States, the topic of Russian disinformation, misinformation, and alleged interference in America’s electoral process are bound to be leading headlines through November.
Dr. Bilyana Lilly, an expert on geopolitics and Russia’s codification of information warfare as a strategy, says that the war in Ukraine has only temporarily delayed Russia’s activity against the West in cyberspace. On the latest Nexus podcast, she reinforces the idea that despite the fact that Russia is operating under severe resource constraints, CISOs should be preparing for the inevitable.
“I think it’s important to identify the conditions and the constraints that currently the Russian government is currently experiencing. Because once these constraints are lifted then I think we’ll see an increase in cyber activity, which gives us some time to prepare,” Lilly said. “That’s what I think we should be doing right now. I think we shouldn’t be letting our guard down because I think those attacks are coming.”
Lilly says the gap in Russian operations targeting U.S. critical infrastructure is clearly because its attention is on the Ukrainian theater, and most of its cyber capabilities and resources of its APTs such as Sandworm are pointed in that direction.
She also points out that Russia’s human and technical cyber capabilities have been significantly impacted since the February 2022 invasion. Between 500,000 and 1 million Russians fled the country, Lilly said, for a number of reasons ranging from not wanting to be mobilized into armed conflict, to the West’s harsh economic sanctions and its impact on Russia’s financial wellbeing.
“Among those were about 10% of Russia’s IT force. If we think about it, who are the most likely people to leave a country so fast and uproot their lives and move? Usually it would be the educated people who speak a foreign language and have connections abroad,” Lilly explained. “Which means they are likely the creme de la creme of the Russian IT sector.”
Lilly also said that Russia is facing a technology shortage with most Western companies closing up shop once the invasion began, leaving a dearth of software and hardware resources making it difficult to replenish its offensive tools. Lilly said Russia is rebuilding by pushing offensive tactics in secondary schools and universities that would ultimately be used against adversaries.
Information warfare is a codified strategy and part of Russia foreign policy, Lilly said, adding that confrontation in cyberspace is key to that strategy whether it’s misinformation and disinformation campaigns, or disruptive attacks by its APT groups. The Russian government, meanwhile, has repeatedly stated it will retaliate against the U.S. in one of those ways.
CISOs, therefore, must leverage this downtime to understand the threats and risks. Disinformation campaigns, Lilly said, can, for example, radicalize certain groups within a populus. By sewing chaos, the Russians could influence these groups to damage or disrupt critical infrastructure or services in the name of taking down a government and/or policies they don’t align with.
CISOs, she said, must understand the potential disruptive impacts to brand reputation, operations, and the financial losses caused by these campaigns. They must raise awareness among employees about who or what to trust as a source of information, and also be proactive about messaging targeting their companies or sectors.
“Catch them early before there is brand and financial damage,” she said.
Michael Mimoso is Director of Influencer Marketing at Claroty and Editorial Director of Nexus.