Glenn Gerstell, a senior advisor at the Center for Strategic and International Studies and former general counsel of the National Security Agency, was interviewed at a Wall Street Journal event in San Francisco in front of a live audience. The discussion focused on Russian cyberattacks against Ukraine and Russia’s use of disinformation. Highlights of the discussion follow.
Why Cyberattacks Fail to Produce Strategic or Enduring Effects
Mr. Gerstell said it is very hard to use cyberattacks to produce “a strategic or enduring effect.” Generally, attacks result in transient effects such as stopping a server from working properly or stealing information, which can be damaging, but victims can recover from these setbacks relatively quickly. Using cyberattacks in certain circumstances can however achieve a more strategic effect. Attacks on operational technology to knock out electricity grids or telephone and internet infrastructure can be highly damaging, for example, but such attacks take a lot of planning and are difficult to execute at scale.
Another way to achieve a strategic impact is to couple cyberattacks with disinformation. According to Mr. Gerstell, alongside the attacks on Ukrainian banks and ATMs, Russia sent text messages to citizens in some of the eastern cities, telling them they wouldn’t be able to withdraw money. “What else do you need to do to cause panic?” he said.
Among the reasons cyber attacks do not appear to have played a more prominent role in the conflict, Mr. Gerstell suggested some or all of the following may have been a factor:
- There was a lack of coordination between the three Russian agencies that have a cyber capability – the SVR–Russia’s foreign intelligence service, the FSB–a security service that succeeded the KGB and the GRU–Russia’s military intelligence directorate – reflecting the lack of coordination between other parts of Russia’s military.
- The planned invasion of Ukraine was not widely and fully disclosed to all parts of the intelligence apparatus.
- Russia’s leadership expected to be victorious in days and did not want to take over an economy with no electricity grid or communications infrastructure.
Disinformation Hits and Misses
Mr. Gerstell shared a mixed assessment of Russia’s disinformation operations that targeted three key audiences: the Russian population; the Ukrainian population; and the U.S. and other western governments.
“The Russian misinformation and disinformation machine has been really successful internally in selling the Russian population on the validity of this war.” He added that as a means of governing, disinformation is rooted deeply in Russian history. But the Russian government has been less successful in reaching the Ukrainian people and far less effective against the U.S. and other countries belonging to the North Atlantic Treaty Organization. Russia sought initially “to make sure Europe didn’t come together on sanctions, which of course was a total failure,“ he said.
More broadly, Mr. Gerstell sees disinformation as the number one threat to U.S. national security. “Russia, and to a lesser extent, China, are very adept at exploiting and fermenting and amplifying [domestic] disinformation,” he said.
Russia’s Offensive Cyber Campaign Against Ukraine
Mr. Gerstell shared a brief history of cyberattacks against Ukraine, including the December 2015 attacks against the company’s electricity grid resulting in around quarter of a million people losing access to power, and the destructive 2017 NotPetya attack that caused billions of dollars of damage worldwide. Both attacks were attributed by the U.S. and other governments to Russia’s GRU military intelligence agency.
More recently and even before the conflict started, Mr. Gerstell noted the attacks against Ukraine attributed by U.S. and U.K. governments to the GRU: immediately before the invasion, around 70 government websites were defaced including the websites of the Ukrainian Ministries of Defense and Foreign Affairs. Multiple denial of service attacks made many services, including online banking, inaccessible. Additionally, wiper software destroyed data on hundreds of computers in Ukraine, Latvia and Lithuania, according to cybersecurity company ESET and satellite communications company
was disrupted. Mr. Gerstell commented that the intent was to disrupt Ukrainian military communications, but the attack affected satellite terminals throughout Europe.
WSJ Pro Research is a premium membership that supports executive decision making on critical business issues by supplementing the news with timely, in-depth research and data.
All WSJ Pro Cybersecurity research reports, webinars, events and data are available at wsj.com/pro/cybersecurity/research
Meet the Author
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8