The Curious Omission in Russia’s New Security Strategy
It doesn’t mention “cyber”—and that tells us a few things.
After spending most of 2021 unleashing cyberattacks on a range of Western nations, Russia recently released its new National Security Strategy, or NSS, a consequential document in which the word “cyber” is conspicuously absent. The omission is not a matter of translation—it’s strategic. It is high time U.S. policymakers began to understand what Russia’s curious word choice reveals about its cyber schemes.
Russia’s goals for digital conflict are much broader than shutting down pipelines and stealing data. Kremlin officials also want to influence the minds and ultimately the behavior of their adversaries. Instead of the term “cyber security,” (кибербезопасность) the NSS speaks of “information security.” (информационная безопасность) This may seem like a semantic difference, but it is intentional and consequential in the language of the Kremlin.
Last week, Russian Minister of Defense Sergey Shoigu declared that “information has become a weapon” while accusing the West of establishing propaganda centers in Eastern Europe. With a full section in the 2021 NSS devoted to information security—unlike Russia’s 2015 NSS—there is no doubt that the Kremlin is taking the topic seriously.
According to Russian military doctrine, information security falls into two complementary categories:
One component is on the technical side. These activities involve operations like shutting down pipelines, stealing data, and surveilling personal devices. Most Americans know this as “cyber security.”
The other element of information security is the much more subtle and downright stealthy. Rather than infrastructure and networks, this psychological side of Russian operations targets the cognitive processes of the adversary’s leaders and population. It focuses on psychological manipulation. Russian military strategists Chekinov and Bogdanov argued, “In the ongoing revolution in information technologies, information and psychological warfare will largely lay the groundwork for victory.” The chief of staff of the Russian military, Valery Gerasimov, values nonmilitary to military measures as 4 to 1.
Of course, the NSS does not acknowledge that Russia offensively launches these forms of “information security” operations against its adversaries. Instead, the document claims that the country merely defends itself from Western efforts to use combined technical and psychological information tools to undermine the “cultural sovereignty” and “spiritual and moral values” of Russia.
Actions speak louder than words, and the conduct of Russia’s military tells a different story. The Russian Ministry of Defense defines information war as the confrontation “between two or more States in the information space with the goal of inflicting damage to information systems, processes, and resources, as well as to critically important structures; undermining political, economic, and social systems; carrying out mass psychological campaigns”…“in order to destabilize society and the government.”
Russia’s actions also undermine the NSS’ pretense of a merely defensive information security posture. For example, in 2017 officials acknowledged the establishment of a new military unit of information warfare troops, even though Shoigu recently walked back those statements, saying one would be hard pressed to “name a single center in our country that trains information attack specialists.” But in 2017 Shoigu himself explained Russia’s military modernization: “The information operations forces have been established, that are expected to be a far more effective tool than all we used before.”
Moreover, the malign nature of Moscow’s efforts will increase as information technologies evolve and proliferate. When read in conjunction with Russian military doctrine, the NSS reveals Russia’s desire to integrate advanced technologies, including artificial intelligence and quantum computing, into its information-war tactics. Russia is already investing in these new technologies, likely capitalizing on large amounts of publicly available data belonging to citizens in Western democracies.
The new NSS emphasizes cooperation with foreign powers on information security. This will likely manifest itself by an increase in cooperation between Russia and its Eastern European allies. Such alliances may lead to the creation of new branches of the Internet Research Agency, a well-known Kremlin cyber proxy that was used to interfere in U.S. elections.
The discussion of information security in Russia’s NSS also alludes to disputes over the creation of an international legal regime for digital governance. Russian diplomats have effectively used UN subcommittees to hinder U.S. efforts to regulate cyberspace. Instead, Russia has collaborated with China in an attempt to develop an international system that facilitates malign information operations abroad and provide political cover for domestic repressions of free speech.
American policymakers need to recognize that one of the Kremlin’s goals include being a cyber superpower. The failure to credibly deter Russia’s information operations will also have detrimental effects on the ability of the U.S. to deter Chinese information operations. If our resolve is perceived as insufficient, technical and psychological attacks will only continue to proliferate.
The Kremlin does not limit itself to hacking our computers—it also wants to hack our minds with the goal of disrupting our democracy, polarizing society, sowing fear and doubt. As the Biden administration continues to negotiate with Russia on ending cyber-attacks, it is imperative that the U.S. also adopt a holistic approach to information security in which both the Russian technical and cognitive components need to be addressed. The U.S. cannot afford to move forward with a strategy that only recognizes the “cyber” side of Russian malign activities. A holistic strategy by Russia calls for a holistic American response. Now is the time for a realistic and comprehensive approach to Russian information tactics and capabilities.
The views expressed in this publication are the authors’ and do not imply endorsement by the Office of the Director of National Intelligence, the Intelligence Community, or any other U.S. government agency.
David R. Shedd is a visiting fellow at the Heritage Foundation and a former acting Director of the Defense Intelligence Agency.
Ivana Stradner is a Jeane Kirkpatrick Visiting Fellow at the American Enterprise Institute.