In 1999, former CIA director James Woolsey, characterized dealing with Russian threat networks as a major challenge due to the inter-relationship between Russian business, intelligence, and organized crime.[i] Since Director Woolsey made this assertion, Russia has become hyper-enabled with new technology, allowing it to re-structure its state run subversion activities into a robust mix of public and private global entities. Undermining democratic systems and developing crises to allow Russia’s geo-political advances, this network conducts Information Warfare (INFOWAR) on behalf of the Russian government. Undeterred by cyber operations and financial sanctions, to truly disrupt this type of malign network, the US and its allies need to adopt an approach that can goes beyond simply playing whack-a-mole. Instead it requires a partnered approach which leverages the whole of civil society to reject cancerous information activities developed to undermine it.
During the Cold War, the Soviet Union created multiple departments aimed at conducting “active measures” to subvert western society.[ii] A key tactic of these departments was using disinformation spread via international news outlets to discredit global adversaries and diminish its allied support.[iii] Today, in the digital age, Russian disinformation can be spread easily and cheaply through social media platforms and online forums aiming to obfuscate the truth and create a web of uncertainty around events and actions conducted by governments. To accomplish this, the Russian Federation employs state, state-sponsored, and non-state entities to create a broad information warfare (INFOWAR) apparatus with global reach to support Russian strategic objectives.
In 2007, Russian based hacktivists targeted Estonia’s online economic infrastructure while Russian media framed the Estonian government as fascist and oppressive for the removal of a Soviet monument from the capital city of Tallinn.[iv] In Georgia during 2008 and Ukraine in early 2014, Russia employed cyber and misinformation to sow unrest and confusion in direct support to military invasions of both countries.[v] In 2016 the Internet Research Agency, in conjunction with Russian state media and intelligence activities, conducted social media operations to drive wedges in American society in an attempt to influence the US presidential elections and discredit the democratic processes of the United States and its allies.[vi] Even amid the COVID-19 global pandemic, Russia’s INFOWAR networks still operate to undermine Western public health responses by stoking political unrest.[vii] With exponentially increasing digital connection across the globe, Russia’s information strategy has adopted capabilities to challenge their adversaries in a renewed era of great power competition.
Strategies to Disrupt Russia’s INFOWAR Network
With a deliberate mixture of private and public entities within our network, the problem sets posed by this dark Russian network is challenging but not impossible to overcome. In their 2011 paper “Strategies for Combating Dark Networks”, Nancy Roberts and Sean Everton provide an overview of the kinetic and non-kinetic options available to those aiming to disrupt a dark network like the Russian INFOWAR network.[viii] Since the United States and Russia are major geopolitical rivals, the likelihood of conducting kinetic kill or capture missions against entities within the Russian INFOWAR apparatus is extremely low. From their non-kinetic options, Everton and Roberts recommend four major courses of action practitioners can employ to disrupt a dark network: institution building, psychological operations, information operations and rehabilitation of network members.[ix] Currently, the four main efforts to disrupt Russian INFOWAR efforts are:
(1) Cyber Denial - reducing INFOWAR operational capacity through offensive cyber attacks. During the 2018 mid-term elections in the United States, United States Cyber Command executed a major operation to deny the infamous Internet Research Agency the ability to disrupt election day activities with their infamous digital trolling.[x] Despite the immediate and visible effects on the Russian INFOWAR network on that particular day, these cyber attacks did little to disrupt the network over the long term since new IP addresses were quickly acquired almost the same day. Additionally, during the election the other elements of the INFOWAR network (intelligence collection, state media) continued to operate unaffected. Today’s cyber activities are similar to mowing weeds that grow on your lawn; the activities failed to address the underlying root structure that helps the weeds to flourish.
(2) Financial Disruption- degrading the INFOWAR network’s financial support by freezing key assets of indicted companies. To conduct INFOWAR activities, Russia requires a way to move money between their web of public and private entities. Freezing the monetary assets of these actors and organizations limits their ability to move funds from the Russian government to shell companies to the network’s operational elements. Since the start of the “US Special Investigation Into Russian Interference in the 2016 Presidential Election”, the United States Treasury Department Office of Foreign Asset Control (OFAC) has sanctioned more than 272 individuals and companies associated with Russian malign activities.[xi] While this list is effective in preventing the transfer of funds across US and allied banking institutions, money laundering through shell companies remains a viable alternative to supporting INFOWAR activities.
(3) Sowing Discord & Distrust- leveraging key actors to spread misinformation and distrust throughout the INFOWAR network. Multiple elements within the Russian INFOWAR network operate in a competitive manner with their peers, from oligarch owned media corporations to Russian state intelligence services. Similar to fly-fishing, the manipulation and disruption of the Russian INFOWAR requires time and patience to identify nodes, understand their roles and responsibilities, and turn them against other elements in the network. In a Western society demanding immediate results, this strategy is highly effective, but politically unpalatable due to the length of time it takes to develop and cultivate a network for this type of operation.
(4) Inoculating Target Audiences- identifying target audiences for INFOWAR activities and educating them to diminish the network’s effects. Out of all four disruption strategies, this strategy is the longest to take effect and the hardest to implement. Despite these shortcomings, the ability to inform a target audience and prepare them for INFOWAR efforts has been an ongoing effort in countries physically bordering Russia for years.[xii] From the Baltics to Poland to Ukraine, citizens are taught from a young school age how INFOWAR networks operate and how they attempt to undermine state sovereignty.[xiii] Unfortunately, for countries like the United States, the successful implementation of a similar strategy would require a paradigm shift in how the population views itself in terms of security.
Table 1- Russian INFOWAR Disruption Strategy Matrix. When weighted, the Hybrid Strategy provides the most flexible and impactful response to disrupt the Russian INFOWAR network.
"While some may consider this to be an information fight or a cyber fight, at its most fundamental level, disrupting INFOWAR networks is an effort that falls directly into the docket of the US Army Civil Affairs community. "
To evaluate which strategy provides the best option for policy makers to disrupt Russia’s INFOWAR network, each of the four US strategies were ranked for their immediacy, lasting impact, and flexibility (see Table 1 above). After weighing each strategy, a hybrid combination emphasizing network discord and target inoculation yielded optimal and lasting results.
Under the current Western approach to dealing with Russian INFOWAR, multiple entities attempt to counter Russian INFOWAR using their own unilateral activities with minimal coordination. By employing a hybrid strategy, current unilateral efforts would be minimally effected save for coordination between the wide variety of state and non-state actors involved in disruption efforts. When all the above-mentioned activities are conducted in concert, their effects become mutually supporting, without coordination, the US and its allies are simply mowing weeds without attacking the societal roots of these networks. With proper coordination the effects of degrading and disrupting malign INFOWAR networks exponentially increases.
Societal Resilience- Civil Affairs Efforts to Disrupt INFOWAR
Orchestrating its network to remain below the US and NATO’s threshold for direct and declared war, Russia can achieve its geopolitical goals cheaply and effectively by exploiting weakness within Western society and its allies. From highlighting weak and corrupt governance to undermining democratic electoral systems, Russian President Putin aims to create a ladder of chaos and division from which Russia can ascend back to greatness. Across the globe, numerous countries are unstable and weakened through a combination of bad governance, conflict, and corruption; all are targets of Russian INFOWAR efforts. Each nation signifies its own tangled web of history, culture, politics, and violence. Mitigating chaos within these networks requires coordination from multiple actors, synchronization of resources, and shared understanding of small-scale events that can have strategic effects in an inter-connected world. While some may consider this to be an information fight or a cyber fight, at its most fundamental level, disrupting INFOWAR networks is an effort that falls directly into the docket of the US Army Civil Affairs community.
At the tactical level, CA Teams (CATs) collect raw data on the civil environment and influence the local population through their actions. CATs are responsible for conducting two simple tasks: Civil Reconnaissance (also known as Civil Recce or CR) and Civil Engagement (CE). Civil Recce is a targeted, planned, and coordinated observation and evaluation of specific civil aspects of the environment.[xiv] Just like conducting regular reconnaissance, civil recce has deliberate objectives that Civil Affairs teams focus on or around to develop an understanding of the human domain and a deliberate reporting process to send that information to key stakeholders. With the proper identification of civil vulnerabilities, CATs can play a vital role identifying and mitigating societal fissures that INFOWAR networks exploit for their malign influence, implement efforts that counter malign actors’ activities within the area of operations, protect a vulnerable population, and strengthen the supported governance institution.[xv]
With a firm understanding of the issues at hand in their AO, CATs can then effectively implement efforts to counter malign actors’ activities and strengthen governance and societal institutions. Working by, with, and through their local partners and institutions, CA elements develop and build resiliency from the lowest levels of society on up. By taking a lead to coordinate disruption efforts to counter Russian and other state sponsored INFOWAR networks, Civil Affairs leaders can leverage their global access and placement to identify where these dark networks operate and effectively coordinate with partners to disrupt these activities.
For the past eighteen years, the Civil Affairs Regiment has mapped vulnerabilities and built influence networks to disrupt numerous violent extremist organizations (VEOs) threatening the United States. Today, the threat of global INFOWAR networks present an even more complex challenge to contend with since their main goal is to disrupt and erode Western societies and their partners from within. Using the same methodologies used to disrupt VEOs, the Civil Affairs Regiment is ideally suited to take on today’s INFOWAR challenges and create order from chaos. If not, the Regiment very well might be left to clean up the aftermath of Russia’s INFOWAR campaigns.
About the Author
MAJ Matthew Radman is a Civil Affairs Officer currently studying at the Naval Postgraduate School. He has served and deployed with the 10th Mountain Division and the 95th Civil Affairs Brigade in the SOUTHCOM and CENTCOM AORs. He holds a BA in History from Norwich University and was a Strategic Studies Fellow at UNC Chapel Hill in 2017.
The views, ideas, and opinions in this article are those of the author and do not represent any entity of the US government or CA Association.
[i]Lucas, Edward. Deception- The Untold Story of East-West Espionage Today. Bloomsbury Press. 2012. p.316 [ii]Ellick, A; Westbrook, A; & Kessel, J. Operation Infektion Documentary. NY Times Opinion. 12 November 2018. Retrieved at: https://www.nytimes.com/video/what-is-disinformation-fake-news-playlist [iii]Ibid [iv]Miniats, Madelena. War of Nerves: Russia’s Use of Cyber Warfare in Estonia, Georgia, and Ukraine. Bard College Senior Projects, Spring 2019. p35. Retrieved at: https://digitalcommons.bard.edu/senproj_s2019/116 [v]Ibid [vi]United States Department of Justice. The United States v. Internet Research Agency. 16 February 2018. Retrieved at: https://www.justice.gov/file/1035477/download; The United States v. Elena Khusyaynova. 28 September 2018. Retrieved from: https://www.justice.gov/usao-edva/press-release/file/1102591/download; The United States v. Morenets, et. al. 04 October 2018. Retrieved at: https://www.justice.gov/opa/page/file/1098481/download; and The United States v. Netyshko, et. al. 13 July 2018. Retrieved at: https://www.justice.gov/file/1080281/download. [vii]Broad, W. Putin’s Long War Against American Science. The New York Times. 13 April 2020. Retrieved at: https://www.nytimes.com/2020/04/13/science/putin-russia-disinformation-health-coronavirus.html [viii]Sean F. Everton and Nancy Roberts, “Strategies for Combating Dark Networks,” Journal of Social Structure. 2011. p.32. Retrieved at: http://www.cmu.edu/joss/content/articles/volume12/RobertsEverton.pdf. [ix]Ibid [x]Nakashima, Ellen. “US CYBERCOM Operation Disrupted Internet Access of Russian Troll Factory”. The Washington Post. 27 February 2019. Retrieved at: https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html [xi]United States Department of Treasury. “Treasury Designates Russian Oligarchs, Officials, and Entities in Response to Worldwide Malign Activity”. 06 April 2018. Retrieved at: https://home.treasury.gov/news/press-releases/sm0338 [xii]Sarlo, Alexandra. “Fighting Disinformation in the Baltic States”. Foreign Policy Research Institute. 06 July 2017. Retrieved at: https://www.fpri.org/article/2017/07/fighting-disinformation-baltic-states/ [xiii]Ibid [xiv] Craig, O; Melendez, C; Oh, A; Hurt, W. Reconnaissance Found: Redefining Army Special Operations Forces Integration. Military Intelligence Professional Bulletin. April-June 2019. p38 [xv] Ibid p40