Prof. Colin Talbot, Research Associate, University of Cambridge
Sir David Omand, former Director of GCHQ and former Security and Intelligence Co-ordinator for the Government, is to issue a strongly worded warning about threats of external subversion and internal sedition being enhanced by cyber-warfare techniques.
In a lengthy article published in the Journal of Cyber Policy,* Omand warns that the Russian government is continuing in the tradition of the Soviet Union in engaging in ‘hybrid warfare’ and ‘active measures’ (aktivinyye meropriatia) to subvert European and American governments.
(*Which I was given pre-publication access to by Sir David, for which thanks).
These can include highly targeted propaganda and misinformation; attacks on ‘critical national infrastructure’ and increasingly extending into the ‘Internet of Things’ (IoT) – all assisted or enabled by cyber-space.
His analysis will undoubtedly further fuel the debates about how far Russia constitutes a threat to the UK sparked by recent comments by the new Defence Secretary Gavin Williamson (who has also been accused of misusing secret intelligence to distract from his own problems).
Omand also says President Trump has fallen into the trap of ‘false equivalence’ between Russia and democratic countries, and fascists and anti-fascists in Charlottesville.
He goes quotes approvingly John Podesta (former chair of Hillary Clinton’s campaign): “He [Trump] seeks nothing less than to undermine the public’s belief that any news can be trusted, that any news is true, that there isn’t any fixed reality. Trump is attempting to build a hall of mirrors … [he] is emulating the successful strategy of Vladimir Putin.”
Omand takes it as a given that Russia tried to influence the 2016 US Presidential race.
Omand points out in his paper that the use of propaganda, ‘active measures’ and hybrid warfare is not anything new. The Catholic powers did it against Elizabeth the First; the UK did it against both the Nazis and the Soviet Union. What has changed, he argues, is that cyber-capabilities have massively increased the ability of Governments (and non-state actors like ISIS) to use these techniques.
So-called ‘hybrid warfare’ – which has long been established Russian military doctrine – is a combination of propaganda, misinformation, sabotage, military threats and military actions aimed at weakening or overpowering an enemy.
Importantly hybrid warfare and ‘active measures’ are not necessarily aimed at military defeat or even regime change, they can also be used simply to influence policy and weaken an opponent.
These tactics have been turbo-boosted by the advent of the internet and social media. They allow, for example, for highly targeted misinformation campaigns aimed at individuals made more vulnerable by the ‘echo-chambers’ and the immersive effects of social media.
So serious have these threats become that in 2016 NATO declared cyberspace a ‘domain of warfare’ alongside air, sea, land and space. Cyber attacks could be considered ‘an armed attack’ as far as NATO is concerned.
One of the problems, says Omand, is deciding when a threshold has been reached and if it is what the reaction should be? Both the USA and the UK have openly said they are developing offensive cyber capabilities so the question is when would they move from simple protective counter-measures – already a daily occurrence – to offensive operations to punish an attacking state?
This also raises serious ethical issues for western Governments. How far can and should they go in supressing ‘active measures’ when they take the form of mis and dis-information campaigns on the social media, for example? How far are counter-attacks be ethical? How does ‘just war’ doctrine apply to cyberwarfare?
The emergence of subversive cyberwarfare also poses important challenges for Governments. Traditionally in the UK, for example, national security organisation has been split between international and domestic threats – the Foreign Office and Home Office, MI6 and MI5. But cyber-subversion crosses these traditional boundaries – especially when it links up with internal forces also seeking to undermine the state. Cyberspace massively changes the boundaries.
Similarly, Government is split between defence organisations who manage the risks of war (the armed forces, MOD, etc) and internal organisations that manage the ordinary risks of peacetime. Cyberwarfare lies somewhere in a grey area between the extremes of war and peace.
Omand therefore recommends much more ‘joined-up government’ (although he doesn’t call it that) to co-ordinate against the threats, mainly through better joined-up working across the security and intelligence communities and led by a National Security Council or equivalent.
He also argues strongly for strengthening and protecting the institutions that protect citizens from subversion and sedition – the free press, promoting liberal values, fact-checking, free-speech, and good public education – especially in schools – about how to deal with the modern cyber world and social media.
Omand quote’s Sun Tzu’s famous dictum “the supreme art of war is to subdue the enemy without fighting”. Cyber warfare is making such an aim that much easier.