Cyber-Attack Strategy: Part of Russian Attack on Georgian Pipelines, Report Finds
John Bumgarner, a former cyber-security expert for the CIA and other U.S. intelligence agencies, is attracting much attention for his report concluding that Russia's military offensive in Georgia last year was coordinated with a pre-arranged civilian cyber-attack on the country. What appears to have gone unreported is Bumgarner's conclusion that the
The 100-page report, conducted for the U.S. Cyber-Consequences Unit, where Bumgarner is director of research, was distributed to U.S. officials and security experts. Bumgarner and I chatted by phone, and he emailed me the nine-page executive summary (thanks to Josh Foust for agreeing to post it at Registan.net. Incidentally, Foust has a good piece on the media war between Russia and Georgia at CJR).
Bumgarner says the report is the result of an examination of hundreds of public Internet forums, sharing of data with sources at home and abroad, and his own reporting on the attack from almost the instant it began. Others have reported that much of the findings were already known; but Bumgarner's findings appear to be the difference between barstool talk and authentic data. Nor is the report the kid-stuff such as carried out last week against 45 million Twitter users along with Facebook members, apparently by a Georgian blogger calling himself Syxymu (the blogger's attempt to Latinize the name of the Abkhazian capital, Sukhumi.).
Its chief takeaway is that the Russian cyberattack -- which disabled 54 Georgian websites in banking, communications and media with the apparent aim of reducing Georgia's capability of responding to the Russian offensive -- was prepared well in advance. Bumgarner writes:
Many of the cyber attacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyber attackers. When the cyber attacks began, they did not involve any reconnaissance or mapping stage, but jumped directly to the sort of packets that were best suited to jamming the websites under attack. This indicates that the necessary reconnaissance and the writing of attack scripts had to have been done in advance. Many of the actions the attackers carried out, such as registering new domain names and putting up new Web sites, were accomplished so quickly that all of the steps had to be prepared earlier.
The Russian Embassy in Washington denies any official Russian or military role in the cyber attacks. And in fact Bumgarner writes that he found no sign of official Russian participation, and concluded that no military personnel, with their distinctive fingerprints, could have carried out the attack. But he adds that there had to be complicity. "The organizers of the cyber attacks had advance notice of Russian military intentions, and they were tipped off about the timing of the Russian military operations while these operations were being carried out," Bumgarner writes.
Yet, the cyber attackers did not go in for the kill, Bumgarner told me -- they didn't attempt to cripple sites that could have caused chaos or injury, such as those linked to power stations or oil-delivery facilities, but merely those that could trigger comparative "inconvenience." "There was a political decision not to attack those critical infrastructures directly. They made the point that they could launch these attacks. They showed they have the capability to do more," Bumgarner said.
This mirrors Russian action against Georgia's paramount strategic installation -- the Baku-Ceyhan oil pipeline, by far the biggest reason why the U.S. and the West as a whole are interested in Georgia. We've discussed here how Russia bombed all around the pipeline without actually hitting it -- a clear message that it could do so if it wished, but would refrain for the moment.
Indeed the cyber attack fit into an overall Russian strategy centered on Georgia's oil infrastructure, Bumgarner concludes. It succeeded, in Bumgarner's view. "Unstable ground conditions, augmented by cyber attacks, soon made all of the Georgian pipelines seem unreliable," he writes.
Certainly that was the impact for the first weeks and months -- Russia demonstrated that the pipeline was vulnerable, not to mention dispelling the illusion that Georgia enjoyed special Western protection.
To a large degree, that remains the fact on the ground -- Georgia and the other former Soviet states of the Caucasus and Central Asia are far more deferential toward Russian wishes. Yet the oil and gas continues to flow.
As for the larger picture, most recently Russia has gotten push-back. This week, Georgia announced that it has officially withdrawn from the Commonwealth of Independent States, the grouping formed as a substitute for the Soviet Union at the same time as its 1991 collapse. (In the 1990s, Georgia's refusal to join the CIS infuriated Russia; in 1993, as Russian-backed Abkhaz troops closed in on Sukhumi, then-Georgian President Eduard Shevardnadze, standing alongside his troops, reportedly shouted, Okay, we will join the CIS! Suing for peace with Moscow, Shevardnadze did so soon after.)
And last week, it was reported that the Obama administration has decided to ignore strenuous Russian opinion and revive its training program for Georgian troops. Matthew Yglesias appears to be shocked that Washington would help Georgia through a ruse -- the U.S. claims the Georgian troops are being trained only for action in Afghanistan. Yglesias says this transparently false form of foreign policy -- obviously Georgia will use the training to rebuild its defense capability against Russia -- is "very, very, very silly."
As reasoning, Yglesias trots out the usual -- that the U.S. would blanch if China trained Mexican troops and formed a military alliance with America's southern neighbor. Therefore, Russia's furious opposition to the U.S. assistance -- and to Georgia's interest in joining NATO -- is understandable. The main weakness of this specious-but-much-used argument is that the U.S. and Mexico aren't military antagonists. More to the point, as benjamin81 comments over at The Plank, "A better analogy would be China or Russia training troops in Guatemala or Cuba. We wouldn't like it, but we probably wouldn't lose too much sleep over it either."
This summer, Russia and Georgia have resumed their usual bellicose relationship. Does this portend more war? After the drubbing he has taken since his adventurism last summer, Georgian President Mikheil Saakashvili is unlikely soon to fall for Russian bait. But Georgia will remain a flashpoint, with or without U.S. involvement.
What do you think? Leave a comment below.
Sign up for regular Resilience bulletins direct to your email.