COVID-19 Vaccine Hacks Part Of Hybrid Strategy

AT29, a group tied to the Russian FSB intelligence service, has targeted and attacked academic and pharmaceutical vaccine research centers in three countries: Canada, the U.K., and the U.S. The group, known as Cozy Bear, was also implicated in the hacking of the Democratic National Committee’s email accounts during the 2016 U.S. presidential election. “It was unclear if any useful information was stolen,” the AP reported.

This was not a one-off hacking attempt, but is rather an ongoing campaign designed to undermine faith in democratic institutions and further displace the U.S. as a global leader. Furthermore, the first nation to develop a vaccine for SARS-CoV-2 stands to gain a distinct economic advantage as they can fully restart their economy before other countries. The vaccine holder could also use it to gain international favor by dispensing it based on political interests. China was also accused on Thursday of the same type of hacking attempt.

The British Foreign Secretary, Dominic Raab, said in a press release “it is completely unacceptable that the Russian intelligence services are targeting those working to control the coronavirus pandemic.” A spokesman for Russian President Vladimir Putin, Dmitry Peskov, told Tass, the Russian state news agency that “we don’t know who tried to carry out the hacking attacks in the United Kingdom, but Russia certainly has nothing to do with it. … We strongly reject these groundless accusations against us.” “COVID-19 is an existential threat to every government in the world, so it’s no surprise that cyber-espionage capabilities are being used to gather intelligence on a cure,” said John Hultquist, Senior Intelligence Director at the cyber firm Mandiant.

Since a vaccine is the best hope of getting back to normal, fierce competition to be the first to develop it is to be expected. However, these attacks are about more than being first to the vaccine. They are just one segment of a larger strategy Russia and China have been using to advance their strategic interests for decades (a strategy the U.S. and Western allies have only recently caught on to). According to Ross Babbage, Senior Fellow at the Center for Strategic and Budgetary Assessments (CSBA), until recently “these operations were often viewed by Western leaders to be unconnected, mildly irritating, and of limited consequence, falling below the threshold of warranting direct confrontations with the authoritarian regimes or escalation to major conventional conflict.”

Some experts believe cyberattacks should not be misconstrued as war. However, it is exactly this strict – mostly Western – distinction between war and peace that weakens the response to these attacks. 

CSBA’s Babbage said that “strategic culture in the United States and its Western allies is characterized by a sharp distinction between “peace” and “war,” with very little scope for active conflict in between.” That doesn’t mean the U.S. should respond with force. Instead, the U.S.’ inability to recognize the significance of the cyber attacks, disinformation campaigns and election interference, and to connect them to a grand strategy, has allowed the attacks to continue without much consequence for their perpetrators. By viewing the attacks within a broader idea of what constitutes war, the necessary urgency is produced to defend against and prevent these types of attacks.

Russia’s history of using non-military operations to advance national interests goes back to the late 19th century, when Vladimir Lenin became interested in the work of military theorist Carl von Clausewitz, who theorized that“war is merely the continuation of politics with other means.” Lenin logically concluded the inverse must also be true, politics then must be the continuation of war by other means. Through this way of thinking, Lenin used his New Economic Policy as “a tactical device to restore the national economy and regain peasant support in the face of armed uprisings.”

It wasn’t until 1996 when Yevgeny Primakov became Russia’s foreign minister that the U.S. “felt a major shift in Russian foreign policy.” Primakov rejected a unipolar world dominated by the U.S., committing instead to creating a multipolar world, with Russia as a major power. His ideas became known as the Primakov Doctrine. The way Russia currently enacts that doctrine has evolved towards what is often called “hybrid warfare.” It is a more holistic vision that doesn’t delineate between war and peace but rather incorporates non-combat strategies like disinformation and influencing campaigns in order to reduce an enemy’s combat potential. 

On Friday, the U.K. government released a report detailing Russia’s involvement in Scotland’s 2014 bid to secede. The report describes ongoing hacking and disinformation campaigns that went unopposed and may have continued through the Brexit vote in 2016. In the U.S., the Mueller report detailed Russia’s meddling in the 2016 presidential election. President Obama and President Trump signed legislation sanctioning Russia, but the benefits far outweighed the costs. Consequently, these hybrid strategies continue to play a part in Russia and China’s political warfare.

Cyber attacks and other non-military operations, which stay below the threshold for violent retaliation, are an inexpensive way for states to further their political interests. These campaigns are made more attractive when the target(s), such as the U.S. and U.K., don’t deter them. The U.S. needs a coherent strategy to prevent and deter these campaigns.

According to Defense One, “once the social, political, and economic conditions exist to allow hybrid tactics to be effective, it is probably too late to stop it.” Prevention and deterrence then are the only options and achievable by three main goals which everyone should follow. First, countries must maintain strong democratic institutions. Corruption and political polarization invite interference. Second, a strong economy provides opportunities that keep people immune to hybrid tactics. Lastly, people need to be able to trust their government and law enforcement, as these are the “first line of defense” against these tactics.

Adam Ragozzino
Follow me
Latest posts by Adam Ragozzino (see all)

Leave a Reply