Abstract
This article analyzes the similarities and differences between the EU's and Russia's cyber preparedness, management structures, governmental security controls and cyber strategies. In comparing the cyber capabilities of the EU and Russia, we use military tactics and criteria as a basis for evaluating tactical, operational and strategic maturity. Russia has implemented cyberwar part of military strategic movements and certain taxonomy can be recognized in Russian based cyberattacks. Furthermore this study evaluates the following criteria: what are the EU's and Russia's procedures to prevent cyberwar, how their situational awareness is gathered and shared and is cyber used alongside with other military weaponry and tactics. This study claims that Russia has a better cyber war fighting capability than the EU countries. Based on the findings and recommendations in our article information can be used to create new threat models, to detect cyberattacks and finally point towards action to develop governmental cybersecurity in the EU.
TopIntroduction
Since the collapse of Soviet Union, scientific and political communities have doubted Russia’s war fighting capability, ability to form situational awareness and their capacity to conduct large scale warfare. However in its latest conflicts Russia has proved that cyber has maximized the power of strike when used alongside the traditional war fighting methods. Even though the idea of common defence policy for the EU started in the end of the Cold War, issues such as forming a multinational preparedness level and the ability to lead military based cyber operations are not yet been implemented. Both EU and Russia have history of weakening their critical level preparedness. Russia had to re-create itself without its strategically important Soviet era military bases and telecommunication networks which were left to Eastern Europe after the independence of the post-Soviet states. Furthermore most EU countries preparedness level was systematically reduced after World War II.
The EU is an interesting benchmark for Russia since it has developed itself by becoming more like a state and is enhancing its defence capabilities. The EU via its institutions and bodies speaks on behalf of all its member states, representing and upholding the interests of the EU as a whole. Furthermore the EU provides an integral part of the legal system of its member states. By comparing EU and Russia we obtain important information on their abilities to use cyber as an extension of policy and how it is implemented as part of governmental management structures. Russia has no official military strategy at the moment except a nuclear strategy (Lieutenant colonel Forsström, P., personal communication, September 23, 2014), but cyberwar methods, new weaponry and Russia’s recent conflicts are re-creating a strategic baseline. Even though political tension between the EU and Russia has risen in recent years, the EU has not proceeded with a creation of power structures for managing its member states cybersecurity. The actions taken have rather been legal frameworks and policies which limit its ability for intelligence based operations in telecommunication networks. The EU’s sanctions against Russia based on the Ukraine conflict might escalate new conflicts in near future, which is why it is crucial to understand how capable the EU countries are of defending their values and sovereignty against cyberwar actions. Moreover, each EU member state is responsible for developing its own cyber strategies. This creates a major contrast to Russia which developed without any publicity its cyber capability; which weakens predictability. Russia’s policy in conflicts is to react via the military when political consensus cannot be created. Russia has taken many necessary actions in political conflicts whether they were accepted or not by international norms and laws, which naturally gives them the opportunity to use all needed methods, such as cyberattacks.
Key Terms in this Chapter
Cybersecurity: Focuses on protecting computers, networks, programs and data from unintended or unauthorized access, change or destruction.
Attack Taxonomy: Means identification and classification of network based attack types.
Military Tactics: Means military forces techniques for combining and using weapons and military units to engage and defeat an enemy in battle.
Military Strategy: A set of ideas implemented by military organizations to pursue desired strategic goals.
Cyberwarfare: Include the actions by a state, individual or organization to attack and attempt to destroy, or other way violate target’s communication lines, systems or networks.
Cyber Preparedness: The process of ensuring that an agency, organization, or jurisdiction has developed, tested, and validated its capability to protect against, prevent, mitigate, respond to, and recover from a significant cyber incident, such as a cyber event with physical consequences to critical infrastructure.
Command and Control System: Forms situation awareness and collects information e.g. from the computer systems and networks, equipments, communications and procedures to a commander for planning, directing, and controlling operations of assigned forces pursuant to the missions assigned.
Cyberattack: Any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.