Cyberwars

WHAT A U.S. OPERATION AGAINST RUSSIAN TROLLS PREDICTS ABOUT ESCALATION IN CYBERSPACE

The Washington Post recently reported that U.S. Cyber Command conducted an offensive cyber operation in the fall to block the Internet Research Agency, a Russian troll farm, from carrying out a cyber-enabled influence operation against the 2018 U.S. midterm elections. This appeared to build on a previous cyber operation in which Cyber Command directly targeted Russian operations to warn them against meddling in the upcoming midterms. Senior U.S. leaders billed Cyber Command’s efforts as an example of the Department of Defense’s new “defend forward” strategy for cyberspace in action.

Since the public launch of that strategy, analysts have expressed concern about the risk that a more proactive and engaged U.S. cyber force will provoke dangerous escalation dynamics with rivals. What can this recent demonstration of the defend forward strategy tell us about the escalation risks of offensive cyber operations? To understand why concerns about cyber escalation may be less worrisome than many commentaries suggest, it’s important to put the operation in context. Notably, the United States does not appear to have targeted the much bigger fish here: the Main Intelligence Directorate of the General Staff (GRU), Russia’s military intelligence agency. Instead, the operation targeted the IRA, a Kremlin-affiliated company that conducts social media-based influence campaigns to sow public distrust in U.S. institutions. Why was this? Operational requirements and calculations about intelligence tradeoffs seem to have informed Cyber Command’s decision-making. A closer examination of likely U.S. motives suggests that offensive cyber operations are subject to many, if not more, of the same constraints that other military operations are: Planners may choose less ambitious targets because they’re easier to attack, to avoid revealing what they know, or because they want to prevent an escalatory spiral.