Synopsis

1.  Despite many diplomatic efforts to prevent invasion, Russia invaded Ukraine and has sustained that invasion across two weeks. It is evident from the sustained military action and President Putin’s speeches that he intends to claim Ukraine or at least major portions of the country. President Putin has repeatedly said, “he would invoke ‘consequences’ against any country that attempted to interfere.” Western countries are interfering by supplying weapons and deploying sanctions against Russia. The question is: ‘what consequences’ is Putin talking about, what could happen next?

2.  Russia is assessed as having three Courses of Action (COA) for its cyber forces:

COA 1. Best Case Scenario: Russian cyber forces will continue to lack coordination and will remain ineffective. 

COA 2. Most Likely Scenario: Russian cyber forces will launch global cyber attacks as ‘consequences’ for nations that opposed Russia’s invasion of Ukraine.

COA 3. Worst Case Scenario: President Putin decides to select one country to focus Russia’s cyber attacks on. Canada would be an obvious choice of a country to target.

3.  For a summary of the context behind this Alert, read our Cyber Intelligence Reports 220218 and 220304. They are available from RUSI(NS), or by request at DSC.Ops.Vulcan@gmail.com 

Russian Cyber Courses of Action (COA)

Assumption: The Russian invasion of Ukraine will continue for a prolonged period of time. 

COA 1. Best Case Scenario: Russian cyber forces will continue to lack coordination and will remain ineffective. 

Assumption: This COA assumes that Putin’s hierarchy, including cyber leadership, is focused elsewhere and will remain focused elsewhere. 

Narrative: A number of criminal cyber gangs have declared their support for Russia, which was quickly followed by their Ukrainian members compromising the group. It is possible that similarly, the Russian government did not check for Ukrainians or other disaffected persons in their cyber forces. Some Ukrainian supporters have publicly separated themselves from cyber gangs while others appear to have decided to remain hidden while compromising cyber attacks. It is likely that something similar is occurring within Russian government cyber organizations. 

This Russian COA is assessed as the LEAST LIKELY. It would be out of character for Russians to overlook a successful set of weapons UNLESS Russian leadership remains distracted from cyber and focused on the ground war.  

COA 2. Most Likely Scenario: Russian cyber forces will launch global cyber attacks as ‘consequences’ for nations that opposed Russia’s invasion of Ukraine.

Assumption: 1. Russia will regain control of its cyber forces. This includes: reestablishing leadership and direction of government cyber forces, as well as criminal cyber gangs supporting the government. 

2. President Putin will decide to use cyber attacks to inflict ‘consequences’ on countries that ‘interfered’ with the Russian invasion of Ukraine. 

Narrative: 1. Russia has used cyber espionage and other cyber attacks without repercussions for years. From a Russian perspective, this would suggest that the best weapon they have for ‘inflicting consequences’ without repercussion are cyber attacks. 

2. President Putin is a former KGB Intelligence Officer who is unlikely to overlook resources/weapons that have been effective in the past. As military presence (or bullying tactics) become more visibly ineffective, we should expect him to look for alternative weapons and tactics. Leveraging his cyber forces is an obvious choice (for him).

3. The criminal cyber gangs resident in Russia have access to corporate logins and vulnerabilities around the globe. These resources could readily be made available to Russia as options for an expanded cyber target list. This would also fit with President Putin’s threat to any country that ‘interfered’ with the invasion of Ukraine. 

This Russian COA is assessed as the MOST LIKELY. It would be remarkably out of character for Russians to overlook their cyber forces which have been successful in the past. It also matches President Putin’s rhetoric/threats. 

COA 3. Worst Case Scenario: President Putin selects on a country to focus cyber attacks on. Canada would be the most likely target of the G7 countries. 

Assumption: 1. Russia will regain control of its cyber forces, re-establishing leadership and direction of government cyber forces, as well as criminal cyber gangs operating in support. 

2. President Putin will decide to use cyber attacks to inflict ‘consequences’ on countries that ‘interfered’ with the Russian invasion of Ukraine. 

3. President Putin will again attempt a ‘divide and conquer tactic, selecting a target where his cyber forces will have maximum impact but the victim will have limited ability to retaliate. 

Narrative: 1. As suggested above, it would be extraordinary if Russia did NOT  re-establish control of its cyber forces and did NOT use them. That would be contrary to Russian planning, doctrine and recent history. 

2. Canada has made itself a target. At the time of writing, Canada has imposed the second-highest number of sanctions on Russia with over 400 individual sanctions. Prime Minister Trudeau and several cabinet members are currently touring Europe, which increases Canada’s visibility to President Putin. 

3. Canada has poor cyber defences with minimal support for commercial/business organizations. Worse, we have a poor track record of corporate cyber security.

4. Canada is at the bottom of the G7 countries for cyber defences.

    The G7 consists of: Canada, France, Germany, Italy, Japan, the United Kingdom, and the United States.

      Italy would receive assistance from the EU if cyber attacked. 

 Further, of the G7 countries, if Canada was cyber attacked, that would provide the ‘highest visibility to the global audience and almost certainly the fewest repercussions for Russia. 

5. Canada has been miserly in its recent contributions to NATO, contributing less in terms of percentage Gross National Product, and less than combat ready forces.

Canada’s fighter aircraft are forty years old. Our best ships are thirty years old. Our Army is described as ‘hollowed out’ with token deployments to NATO and U.N. missions. 

 Already reluctant to take on Russia directly, NATO members may not be keen to support Canada. 

Although this is not assessed as the MOST LIKELY decision for President Putin, it is clearly an interesting option – for him.  

Recommendations

4.  A surge in Russian cyber attacks is HIGHLY LIKELY. President Putin may be looking for a country to make an example of. Prime Minister Trudeau is giving him plenty of reasons to pick Canada. In either case, cyber attacks are coming.