The CSS Blog Network

Marketing to Extremists: Waging War in Cyberspace

This article was originally published by the Small Wars Journal on 9 July 2017.

Online, the Islamic State is a technologically savvy, sophisticated, and nimble organization that learns from its mistakes and from the actions of the Western intelligence services and NGOs that have sought to counter it. It is no secret that past and current efforts to reach potential terrorists before they can become radicalized and committed to a path of jihad and terrorism have proved inadequate. To use the language of online marketers, countering ISIS’s online activities will require quality content disseminated on a massive scale, with careful product placement. Placing counter-messaging products into platforms and forums that extremists frequent will increase the chances of potential terrorist recruits coming into contact with narratives outside of ISIS’ control.

ISIS’s cyber efforts have paid off; the FBI told Congress in July 2016 that “the message of radicalization spreads faster than we imagined just a few years ago.”[i] The number of foreigners who have been inspired by the Islamic State’s online propaganda to travel to Syria and Iraq (or elsewhere) and participate in the fighting is unclear, but most estimates place the tally at more than 20,000. Others have been set on the path of radicalization by ISIS’s online propaganda and have become “lone wolf” attackers in the United States or in Europe.[ii] Demographically speaking, the people who ISIS is most interested in targeting for recruitment came of age in the twenty-first century as “digital natives”; they have lived their entire lives surrounded by ubiquitous online communications and have embraced it in technologically sophisticated ways.[iii] ISIS knows how to appeal to these potential jihadis. Reaching them with counter-messages will require a sophisticated and multi-faceted approach.

» More

Russia’s New Information Security Doctrine: Guarding a Besieged Cyber Fortress

Victory, Plate 2

Courtesy of Thomas Hawk/Flickr. CC BY-NC 2.0

This article was originally published by the Finnish Institute of International Affairs (FIIA) on 20 December 2016.

Russia´s new Information Security Doctrine follows the line adopted in previous strategic documents whereby Russia is perceived as a besieged fortress. The doctrine identifies a number of external threats to Russia’s information space and calls for intensified monitoring of the Russian segment of the internet, Runet.

On 5 December 2016, President Vladimir Putin signed a new Information Security Doctrine of the Russian Federation, replacing the Information Security Doctrine published in 2000. The Doctrine is one of the strategic planning documents and, as such, it expresses the official view about the management of national security in the information sphere. Rhetorically, the text resembles the National Security Strategy, adopted in December 2015, which signalled a heightened sense of threat towards Russia, and underlined the importance of maintaining strategic stability. Consequently, the spirit of the new Doctrine is sharper, almost bellicose in tone, and the threats are described in more concrete terms.

The information sphere is defined in a broader sense than in the previous doctrine. The key term in this regard is “informatization”, which refers to social, economic and technical processes for adopting and expanding information technology in society and the country as a whole, and for securing access to information resources. This change indicates recognition of the role of the information sphere in technological development but, most importantly, regards it as a tool to change the fabric of society. The Doctrine describes how this tool is used in the interests of Russia’s national security, and calls for an increased role for internet and information security management and the domestic production of information technology.

» More

8 Foreign Policy Questions Trump Needs to Ask

Question mark

Courtesy Bilal Kamoon/Flickr. CC BY 2.0

This article was originally published by the Foreign Policy Research institute (FPRI) on 21 November 2016.

President-elect Donald Trump is in the midst of selecting his national security team. He not only needs to decide the “who,” but also the “how” of national security decision-making. It is unclear whether he will adopt Ronald Reagan’s model of entrusting empowered Cabinet secretaries to handle such matters; follow in Richard Nixon’s footsteps of retaining close control over foreign policy within the White House through the National Security Advisor; or emulate George H.W. Bush’s hybrid “gang” blending both White House staff and senior officials.

Beyond his staffing choices, the president-elect and his counselors must also be prepared to tackle a series of questions about U.S. foreign policy and defense strategy, both to inform his continuing selection of personnel to serve in his administration and to shape his conversations with foreign leaders who are anxious to take the temperature of the new Chief Executive. In addition, his answers will be critical if he wants to link his campaign promises with actual policies.

» More

Whodunnit? Russia and Coercion through Cyberspace

Blue Circuit

Courtesy of Yusuke Umezawa / Flickr

This article was originally published by War on the Rocks on 19 October 2016.

Late in May 2014, a group calling itself CyberBerkut leaked a map of the Ukrainian Dnipropetrovsk Oblast administration’s IT resources, information on the Central Election Commission of Ukraine’s servers, and the correspondence of its staff. In the following days, which included the country’s presidential election, CyberBerkut claimed they had again compromised the election commission’s servers, leaked more confidential information, conducted a distributed denial of service (DDoS) attack the commission’s website (which instructed potential voters how and where to vote), and blocked the phones of election organizers. The group also released documents implying that the recently appointed governor of the Dnipropetrovsk Oblast, Igor Kolomoisky, was complicit in pro-European Ukrainian plans to promote the “correct” candidate for president of Ukraine.

Despite the best effort of the Russian group behind CyberBerkut, the center-right, pro-European Petro Poroshenko won the Ukrainian presidency. But CyberBerkut wasn’t finished. Almost exactly five months later, the group used similar tactics in the days preceding the Ukrainian parliamentary elections. The results were largely the same: Pro-European candidates won the majority of seats. An uninitiated observer might be keen to discard these events as failed electioneering. After all, Moscow did not succeed in getting its men elected. But to label the operation a failure is to assume that the primary goal was to get pro-Russia officials elected. Over the course of the past four months, we have seen similar operations unfold in the United States, and — as was the case in Ukraine — there are reasons to believe that swaying the election is not the primary objective. Just as in the case of the CyberBerkut incidents, among the key observers of these operations in the United States have been cyber-security firms like FireEye. The manager of their information operations analysis team recently shared some of their findings with me, which informs the analysis below.

» More

The Changing Face of Deadly Conflict

Anti-Violence art

This article was originally published as part of the Crisis Group’s The Future of Conflict project on 21 December, 2015.

Policymakers trying to prevent and resolve deadly conflict — and those, like the International Crisis Group, seeking to influence them — are all too unhappily familiar with that corollary to Murphy’s Law which tells us: “If you’re feeling good, don’t worry: you’ll get over it”. The continuing decline in the reality and prospect of war between states gives us much to be pleased about, as does the reduction — more than most people think — in the number and intensity of wars and incidents of mass violence within states, at least those driven by the familiar forces of greed for territory or government power, or the fears or grievances of particular groups.

But we have all been deeply sobered by the re-emergence, within and across state boundaries, and on a scale not seen for centuries, of a new breed of conflict: extreme violence driven by non-state actors motivated by religious ideology. Starting with al-Qaeda and its offshoots and imitators in Africa and Asia, this has been now given most alarming expression with the emergence of the Islamic State (IS), or Da’esh — its leadership now focused on Syria and Iraq, but rapidly finding supporters elsewhere, like Boko Haram in West Africa and a number of jihadi groups in North Africa and South East Asia. The strategies and tools that have been working elsewhere to date have had little or no traction in this context, and all of us need to go back to the drawing board.

» More