Attributing the Blame - Espionage, Expulsions and the future of British Diplomacy

 

This has been a busy week for international relations, with the United States Government taking decisive action against Russia, for what it perceives to be numerous activities of concern.

The US expelled a number of Russian diplomats for activities incompatible with their status, formally attributed the Solar Winds cyber attack to Russian linked groups, and placed a range of sanctions on Russian linked individuals and groups. This was further supported by similar attributions and expulsions by other Western nations, helping put more pressure on the Russian regime.

While many people who follow defence and security matters are interested in the ‘heavy metal’ side of the debate, e.g. how many tanks, ships or jets a nation possesses, there is often far less interest in the softer side of international security. For example the intangibles around why expel or attribute an attack – yet these moves are often more significant than many military actions, and have a longer term impact.

To that end, its worth understanding why states like the US and UK use these methods, and why, particularly in the post Integrated Review landscape, they will represent a significant tool in the British diplomatic arsenal.

The purpose of an attribution is the opportunity to allow a state to formally declare that it holds another nation culpable for conducting an act of espionage against it. In the case of cyber attributions, this requires the ability to determine where the breach came from, and forensically analyse the way that it was conducted, and work out who may have been behind it.

This is not an easy task, and requires very capable intelligence services capable of understanding the intrusion, and working out where it may have come from, or similarities it may have with other previous cyber-attacks. There needs to be absolute certainty that the attribution is correct, and that when calling a country out for this activity, that you are certain that they did do it.

To deliver an effective attribution requires two things – firstly, highly capable intelligence services able to identify the attacker, and secondly, strong diplomatic relationships able to be used to put across a compelling and sensitive case and persuade other nations to share their views, and see if they agree with the findings.

There is relatively little point in doing a solo attribution, as it lacks both the certainty that others agree with you, and you’ve not had anyone check your own findings to confirm they make sense. Bringing nation states with you is essential to successfully deliver an attribution effort.

The very act of formally attributing an attack is a powerful diplomatic blow – when properly co-ordinated, the impact of hearing half a dozen or more leading nations state publicly and irrevocably that they hold Russia to be accountable for conducting cyber espionage is extremely powerful. It carries a weight of credibility, and it isolates Russia for their activities, reducing their trustworthiness, and making them pariahs in the international community.

By declaring the attribution, it also raises a clear statement that the West has shown it can do its homework, identify Russian methods of attack and spot them. This reduces the value to Russia of these penetration methods in future, because they know that the West knows about them, and has offered advice on how to patch and protect them from occurring.

This means significant money and time has been wasted on securing a way of access that is blown and probably no longer usable. The Russians will also know that the West has indicated that it can track and follow this sort of activity, which in turn raises questions internally about whether other similar exploit methods still make sense.

For Russian cyber operators, the question is whether they can continue to assume it is possible to gain access via similar means, or if the West has identified them, and in turn is using them to track, monitor and exploit the Russians in turn. In other words, its not just that method of exploitation that is gone, but potentially many more too. The impact is likely to cause disruption across a range of Russian cyber operations as a result.



More widely the moves by the West to sanction Russian technology firms as a result helps hinder Russian economic development, and puts them further behind in the digital arms race. By making it harder to do business with the West, and by exposing that the West understands the Russian supply chain, a message has been sent that it is increasingly difficult to get away with sourcing technology that isn’t going to be stopped or business disrupted.

The loss of jobs and economic growth, and the fact that companies and countries are now more likely to steer clear of Russian firms for fear that their technology may be compromised, or that they will be caught up in sanction related problems demonstrates that there is a clear price to be paid for this sort of activity being conducted. This sort of punishment forces Russian policy makers into deciding whether the cost and outcome if detected outweighs the potential intelligence gains that they may gain from this activity.

When these sanctions are imposed by multiple nations, who also share in the attribution, then this only increases the pain on the Russian economy. The result is growing international isolation, and a denial of access to key markets of value. The longer-term impact of this activity will only serve to further isolate Russia as a pariah state.

The expulsion of 10 diplomats serves as a good practical tool to make life harder for Russian intelligence services. The Russians are well known for maintaining a significant espionage related presence in their diplomatic staff in most countries, and for using every possible opportunity to acquire intelligence.

By reducing the number of posts in the Washington embassy, the US has made life difficult in two ways – firstly, its reduced the ceiling for Russians to operate in the US – e,g if there were 100 diplomats before, there will soon be 90 – which in turn reduces Russian effectiveness in country, and makes their work harder.

As a practical tool, it offers a good incentive to Russia to seek ways to restore these posts, for example by building relations back up or trying to restore their diplomatic links to the US in a way that makes it more likely the headcount will be increased again. The US has made the calculation that Russia will value having more staff in the embassy, and created a problem that will either force Russia to find ways to improve relations, or to continue operating under these constraints. Either way, its made life more difficult for the Russian regime.

The wider blow is that many of the people being expelled will doubtless be linked to the Russian intelligence services. This will disrupt in country work, and make it harder for Russian intelligence to operate in the US with the pretext of diplomatic cover. It forces Russia to consider between whether it reduces its efforts in country via the embassy, or if it deploys deep cover individuals (e.g. ‘illegals’) who may be sent to the US and compromised and then face a lengthy prison sentence.

The challenge facing the intelligence spymasters is whether to risk sending in more intelligence offices undercover, or should they assume that part of their system has been compromised, which in turn would blow their officers cover? They will want to conduct a through damage control exercise as a result of these expulsions to work out what operations may have been compromised, whether agents they were running the field were ‘double agents’ and whether the intelligence they’ve been fed is actually genuine or possibly fake.

More widely they will want to determine how the US knew that the people they expelled were linked to Russian intelligence. If the embassy staff were sent under a level of deep cover, masquerading as a normal diplomat and using an alias and identity that had been crafted over many years to suggest that the individual was not linked to intelligence, then this implies something has gone badly wrong.

Was it poor tradecraft that tripped them up, were they betrayed by a particularly effective US counter intelligence investigation, or were  they betrayed from within, either by a mole inside the Embassy or by a very effective US operation? The fact is that the Russians will now need to work out what the damage is from this incident and how they recover from it, and the shockwaves will be felt throughout the system for some time to come.



Coming on the back of multiple expulsions across the world in 2019 as a result of the widespread international revulsion to the use of Novichok in Salisbury, and wider expulsions linked to other incidents (for example the Czech government decision to expel large numbers of Russian staff as a result of an alleged arms depot explosion) and Russian intelligence is rapidly being disrupted.

The effects of these co-ordinated expulsions will be felt for years to come and send shockwaves through the Russian intelligence community, causing significant disruption and internal recriminations, as well as making their job far harder – what a lovely thought.

For the UK the lessons we should draw from all of this is that soft power tools matter just as much as hard power. The ability to invest in highly capable intelligence services able to conduct independent scrutiny of cyber attacks, and provide the means to attribute is key – it provides the Government with a way of holding nations to account for their actions in the so-called ‘grey zone’.

It also shows that a significant diplomatic presence is required abroad to maintain links with foreign governments and build the trust and access needed to be able to coalition build. Persuading others to join us in calling out a third party for acts incompatible with accepted norms is difficult – particularly if you have no access or credibility in the state.

Global co-operation is needed to make cyber attribution work  properly, and it requires proper investment in soft power to do it well. By using an extensive diplomatic footprint, and lobbying hard with trusted counterparts, the chances increase significantly of these nations joining in the attribution and holding Russia to account.

There is also a key lesson that the UK must maintain the links into the 5-EYES alliance and invest in it properly. This ensures that the UK not only has the credibility to speak as a nation that has independently carried out an investigation, and shares others views, but is also able to ensure privileged access in Washington and elsewhere to help plan and shape how attribution campaigns will work.

While these events may not be as high profile as the massing of troops on the border of Ukraine, or as of deep interest to those who want to know how many CIWS the Type 32 will have, they are far mor important. They show how statecraft will increasingly be conducted in the 21st Century – via informal networks of likeminded states sharing a common position on calling out others for inappropriate behaviour, and in turn helping achieve foreign policy and security success by diplomatic, and not kinetic means.

 

 

Comments

Post a Comment

Popular posts from this blog

OP WILMOT - The Secret SBS Mission to Protect the QE2

Image
  In April 1973 the iconic Cunard cruise liner ‘Queen Elizabeth 2’ (QE2) steamed out of Southampton docks on a private chartered cruise. Her voyage would take her through the Mediterranean Sea to Israel to mark the 25 th anniversary of the founding of the Israeli state. The risks were high though, with an increase in terrorism around the world, particularly targeting Israelis, and there was considerable hostility from other regional states. There was a clear concern about the security of passengers onboard, which is why when the QE2 sailed, she was carry 29 heavily armed Royal Marine members of the Special Boat Section (SBS) as both overt and covert passengers onboard to deal with any threat. This is the story of that operation, known as OP WILMOT. UK MOD © Crown copyright The QE2 was chartered to sail on 15 April from Southampton with around 700 passengers onboard, many of whom were believed to be American. The plan for the cruise involve calls at Lisbon, call at the ports of A...
Read more

"One of our nuclear warheads is missing" - The 1971 THROSK Incident

Image
On a dark February day in early 1971 off the coast of Plymouth, there was rising concern about the fact that the unthinkable had happened. The small elderly Naval Armaments Vessel (NAV) THROSK, on passage to the Royal Navy Armaments Depot Coulport, in Scotland, and carrying Polaris nuclear warhead sub-assemblies, had vanished. Warships put to sea, and helicopters from RNAS Culdrose were launched in a desperate search operation to find her. Despite this, no sign could be found. At 0824 that morning, Flag Officer Plymouth sent a SECRET signal initiating the procedures for a possible ‘Nuclear Weapon Accident’ and the Royal Navy prepared for the previously unthinkable reality that one its strategic nuclear warheads was missing… This sounds the stuff of good Cold War fiction, or a scenario from a disaster planning exercise. In fact it is completely true and represents an all but forgotten story of the early days of the Polaris force and the challenges faced by the Royal Navy as it set up ...
Read more

"The Bomber Will Always Get Through" - The Prime Minister and Nuclear Retaliation.

Image
  The 2024 UK General Election has been held, and a new Government returned. For only the 4 th time in 45 years, there has been a handover of power, on this occasion between the Conservative and Labour party. The new Prime Minister, Sir Keir Starmer MP had, within hours of his election victory assumed office in a peaceful and smooth transition of power, the sort of moment that makes you realise how truly fortunate the UK is to enjoy an election where the outcome is accepted without question or debate. Now that the Prime Minister is settled in No 10 Downing Street, the detailed business of the transition of power has begun. If you believe various media accounts, practically the first thing that happens is that the newly appointed Prime Minister is given a briefing on the nuclear deterrent, a pad of paper and a pen, and ask to discreetly write down their views on what the end of the world should look like. Known as the ‘Letters of Last Resort’ these documents have assumed a near myt...
Read more