During the 12-day conflict with Georgia in 2008 over the annexation of South Ossetia, information warfare techniques were employed by Russian authorities both during and after the conflict.
During the 2014 conflict with Ukraine over the annexation of Crimea, Russian military-backed forces employed extensive cyber attacks, electronic warfare and uninhabited aerial systems to quickly overwhelm defending forces.
Cyber and information warfare is inherent in the Russian view of conflict and contest. Indeed, it was written into its military doctrine.
As recently as last week, there were reports of cyber attacks being directed at government departments and banks in Ukraine.
Cyber and information warfare is inherent in the Russian view of conflict and contest. Indeed, it was written into its doctrine by Russia’s chief of the general staff, Valery Gerasimov. The Russian capabilities are well known, and they have demonstrated their willingness to use them.
These activities, sometimes called “hybrid warfare”, “political warfare”, “operations short of war” or, as labelled in Australia’s 2020 Defence Strategic Update, “grey-zone operations”, are central to Russian thinking and considerations of international norms of behaviour.
These operations involve coercion, deception and influence activities and objectives considered below the traditional thresholds of military conflict that can achieve strategic goals without resort to conventional state-on-state conflict. Such techniques have come to be known as disinformation or “fake news”.
Deception operations can now go viral
None of these activities or techniques is new. In the military vernacular, techniques such as psychological operations, information operations and deception operations have been used for centuries.
However, it is the conduct of these activities in and through the relatively new domain of cyberspace that enables information effects to be delivered at a speed and scale not previously imagined.
Importantly, cyber capabilities are not bounded by geography. That is why the Prime Minister issued a public warning for Australian government agencies and businesses to be prepared for any potential cyber attacks in retaliation for Australia’s imposition of sanctions on Russia.
And even if Russia decides not to retaliate against Australia directly, there is always the potential for Australian organisations to be targeted as intermediaries as a way of gaining indirect access to US, British or other foreign entities.
The threat of a cyber attack is real, active, and can cause irreparable damage to a business, and the reputations of those within it.
Prepare now, before it’s too late
It is the responsibility of every Australian business and government department to heed Scott Morrison’s warning before it’s too late. The time for preparations is before, not during, an attack or incident.
Businesses need to continually patch their systems to ensure the latest security updates are installed and to close the gap on any security vulnerabilities.
With so much importance in the Australian economy on third-party providers, businesses and government departments also need to think about their supply chains, and where both international and domestic vulnerabilities might exist.
Now is certainly the time to dust off business continuity plans and incident management procedures so that decision makers have a starting point in knowing how to respond and recover in the event of a cyber attack.
Take the time to review the security culture within your organisation so that your workforce is on the lookout for any suspicious activity, such as phishing emails, that might provide an easy entry point for a cyber attack.
And finally, stay in touch with the Australian Cyber Security Centre, and follow its threat warnings and advice.
Given the nature and intensity of the response from Western nations to the Russian invasion of Ukraine, some form of pushback from Russia is a distinct likelihood. The Prime Minister was right to warn the nation about the possibility of retaliatory cyber attacks.
Marcus Thompson is a retired Australian Army major general, whose final appointment was as inaugural head of information warfare for the Australian Defence Force. His current appointments include chief strategy adviser at cyber security company ParaFlare.
George is Digismak’s reported cum editor with 13 years of experience in Journalism