Shadow Brokers, digital attacks, and the escalation of geopolitical conflict

Last week’s data dump by the Shadow Brokers has left many wondering how the US will respond. This is just the latest in a series of politically motivated data breaches often attributed to Russia, including last year’s State Department and White House attacks, as well as this summer’s intrusions on the DNC and DCCC. However, these must not be viewed in isolation, but as part of the larger, on-going escalation of tensions between the US and Russia.

This interconnected web of issues extends well beyond cyberspace and includes geopolitical tensions over Syria and Ukraine as well. Despite simplistic calls for a counter-cyberattack, foreign policy is much more complex and risks expediting what is already heightened escalation between the two countries. The digital domain must be viewed within this larger geopolitical context to prevent greater escalation into another cold or, even worse, hot war.

Following the Russian annexation of Crimea in 2014, the US implemented targeted sanctions aimed at Russian President Vladimir Putin’s inner circle. The sanctions, coupled with falling oil prices and an undiversified economy, have left Russia in a deep recession for the past 18 months.

So what does this have to do with cybersecurity? Putin’s leadership rests on firm control of power, which becomes increasingly difficult with the economic downturn, not to mention upcoming parliamentary elections that were expedited to clinch Putin’s control. Russia is increasingly isolated from the world economy, which forces Putin to respond with the tools he has left at his disposal – digital statecraft and military and diplomatic influence.

In the military and diplomatic realm, Russia is building up its Army presence near the Ukrainian border, resetting relations with Turkey, and now accessing Iranian military bases for greater influence in Syria. These maneuvers exacerbate the diplomatic tensions between the US and Russia.

At the same time, Putin has been leveraging digital statecraft to tighten domestic control of the narrative. Russia is crafting its own version of the Chinese firewall and continues to enlist its army of Internet trolls to dominate social and news media. His propaganda machine has extended beyond Russian borders, attempting to influence the narrative in the region, including Ukraine and Finland. Putin appears to be using this same kind of information warfare, but now focusing on influencing the US elections.

While there has yet to be official attribution, the Clinton campaign has explicitly blamed Russia for both the DNC and DCCC hacks. If the Shadow Brokers turn out to be linked to Russia (as many claim), this is yet another example of the escalating tensions and the high stakes involved in information warfare.

Just a few weeks earlier, the White House openly expressed the possibility of increasing sanctions against Russia in response to the DNC hack. This is just one of the options available, and there remains a need for a more coherent and explicit declaratory and escalatory policy by the US.

There is the obvious counter-attack within the digital domain, but that is not the only option, and any response must consider the larger geopolitical context. The range of responses includes (but is not limited to) a démarche, indictments (although attribution is notoriously difficult), travel limitations, targeted financial or economic sanctions, and freezing of assets, as well as a military response. More simply put, there are viable options across conflict escalation that well exceed those within cyberspace.

Similarly, if the US were to respond with covert cyber operations, there is no guarantee that Russia will retaliate with a cyber response. For instance, if the Shadow Brokers are linked to Russia, this latest data dump may be a deterrent attempt to prevent the US from increasing sanctions against Russia. This would be indicative of the cross-domain, tit-for-tat behavior inherent within escalatory international relations. Moreover, these kinds of data dumps as part of information warfare are likely only to escalate as tensions in other domains escalate.

As the events in Crimea unfolded in 2014, NATO amended Article 5, the collective defence clause, to include digital attacks as potential triggers for collective security. Coupled with the targeted sanctions, Russia has in many ways been backed into a corner, leading to paranoid behavior and the potential for a “Cold War-like spiral,” according to Director of National Intelligence James Clapper.

As much as a retaliatory response may be near-term good politics, the string of breaches must be viewed within the larger geopolitical context. It is so essential to evolve beyond our current reactionary stance with each new breach, and move toward a more coherent, rigorous set of policy initiatives that detail the US’s declaratory and escalatory policies. While the recent Presidential Policy Directive 41 does a nice job laying out the incident response, it’s time to provide that level of nuance toward foreign policy responses as well.

Given the ongoing escalation of tensions across all domains, and the frequency and heightened stakes of cyberattacks, there is too much at risk to continue relying on policies and frameworks from the last Cold War with Russia and thinking they are adequate for today’s much more complex technological and geopolitical landscape.