Russian Political Interference Through Cyber: Tackling a Key Winning Component of the Gerasimov Doctrine

“The biggest problem in cyber remains deterrence. We have been talking about the need to deal with it within NATO for years now.”
- Toomas Ilves, Former President of Estonia

Russia has become very successful at weaponising different cyber methods to interfere in the domestic politics of target states, such as influencing elections, manipulating public opinion, and disrupting democratic institutions.

Most of the examples of such Russian interference have come from known operations by the Russian military intelligence (GRU), which for the past decade or so been tasked as part of the so-called Gerasimov doctrine's concealed adaptive military approach.

Also known as "active measures", they encompass a range of activities, including disinformation campaigns, political influence operations, such as political funding through proxies of specific campaigns, cyberattacks, and various support for political extremist groups sawing division across democratic societies. From nudging, incrementally, the public opinion during US presidential elections (Almond et al 2022) , covertly funding much of the Brexit campaign (Intelligence and Security Committee 2020), to sabotage across Europe (McCallum, n.d), Russian active measures have proved extremely successful.

This briefing paper delves into some of the tactics, approaches, objectives, and consequences of Russian cyber interference, examining in particular the notable case of the 2016 US Presidential Election, and looking into possible broad policy approaches to enable deterrence in the future.

The Rise of Cyber Warfare
Today EU policymakers consider cyberspace as the fifth domain of warfare alongside the traditional, sea, land, air and space. It includes information and telecommunication networks, infrastructure, and the data they support, as well as computer systems, processors and controllers (Latici 2020). Cyber warfare is an evolving domain of conflict with traditional methods of warfare no longer the sole means through which nations achieve political objectives.

Cyberspace is also considered the most significant emergent issue for the international relations field so far this century, "because new information and communications technologies (ICTs) broadly and systematically affect the contours of human interactions and institutions" (Kremer and Müller 2014, 36). The rise of cyber methods of accessing general public directly, as well as hacking various computer systems, opened different ways for Russia to influence politics of target states, their social dynamics, and economic systems without resorting to open military confrontation. The main advantage of using such tools is that they can be used in covert, deniable ways for espionage, sabotage, propaganda, and disinformation campaigns that target both government institutions and ordinary citizens. Cyber operations can often be masked to look like independent actions by non-state actors, thereby allowing Russia to avoid direct accountability.

The Long-Term Strategic Goals of Russian Cyber Interference
Russia's grand strategy aims to reassert its influence on the global stage, counter Western dominance, and secure its perceived sphere of influence. Active measures serve as a cost-effective means to achieve these objectives without direct military confrontation. By leveraging covert funding of political campaigns, academic research, control of media outlets across Europe, disinformation and cyber operations, Russia can project power, sow discord among adversaries, and weaken NATO (Applebaum 2024). These tactics exploit political corruption and greed, as well as the open and democratic nature of Western societies, turning their strengths into vulnerabilities.

Elements of the Gerasimov Doctrine
Russia has embraced cyber as an integral part of its grand strategy, as what has become known as the Gerasimov doctrine. It is named after the Chief of the Russian General Staff, General (Marshal) Valery Gerasimov, who is also Deputy Minister of Defence. In his now famous article published in 2013, the year before the annexation of Crimea and drafted before the Orange Revolution in Ukraine, he wrote:

"The very 'rules of war' have changed. The role of nonmilitary means of achieving political and strategic goals has grown, and, in many cases, they have exceeded the power of force of weapons in their effectiveness. … All this is supplemented by military means of a concealed character" (Gerasimov 2013).

The GRU has played a central role in managing the use of social media for disinformation and voter manipulation, as well as covert funding of political parties in Europe, much of which was covered up by various governments for political reasons (Sergei & the Westminster Spy Ring 2024, ep.8).

 While the role of the GRU in the dissemination of information through the social media has been well covered in public, governments have been reluctant to share with their electorates the details of how Russian money influences politics (DiResta et al. 2019). However, to confront Russian cyber operations effectively, they must be tackled as part of wider Russian active measures operations, which include other elements, such as covert political funding.

A Case in Point: the 2016 US Presidential Election
This was a very sophisticated cyber campaign on the part of the Russian government. According to Daniel Moore, an "elaborate multi-pronged campaign" which "featured numerous moving parts, including a network breach of the Democratic National Convention, a large-scale disinformation effort against the US public, and several leaks targeting politicians perceived to be hawkish and anti-Russian, such as Hillary Clinton and Victoria Nuland".

The Russian government's goal in the 2016 election was not simply to boost Trump's chances, but to weaken the legitimacy of the democratic process itself. By exploiting societal divisions and sowing doubts around the integrity of elections, Russia sought to undermine public trust in American political institutions and support the narrative of a "broken society"(Moore 2022).

In 2016, President Obama was informed by his intelligence agencies that the Russians were actively exploiting the vulnerabilities of the US electoral IT infrastructure (White House 2016). In a country where the election result depends on the vote of a few swing states, each of whom has its own voting IT infrastructure, one hack into the voting system can make all the difference. Apparently, the Russians have not yet deployed their knowledge of those weaknesses but perhaps the next US presidential election may present them with an interesting opportunity.

This was certainly not the first time that GRU used offensive cyber operations to interfere in an election of a foreign state. Moore's research revealed that the countries that have been historically affected by Russian offensive cyber operations have been those that used to be part of the Soviet Union and the Warsaw Pact, what the Kremlin considers as part of its "legitimate" sphere of influence (Moore 2022, 145–174). The success of those operations, and the weakness of the Western response, have all emboldened Moscow as it started to increasingly take its tried, tested, and improved methodology to bigger players, such as the EU, the UK and the US.

The most widely discussed and high-profile example of Russian political interference through cyber is the 2016 US Presidential Election. American intelligence agencies concluded that Russia actively interfered in the country's election process, aiming to undermine Hillary Clinton's candidacy and promote Donald Trump. The operation, as outlined in the US Senate Intelligence Committee's report, involved multiple tactics including hacking, data theft, disinformation, and social media manipulation (Select Committee on Intelligence 2020).

The report comprised five volumes and over 1,300 pages and was the result of more than three years work based on over a million documents and about 200 witness interviews. It concluded that Moscow's interference efforts were aggressive and multifaceted, and that the Trump campaign's interactions with Russian actors amounted to significant counterintelligence breaches.

One of the most notable elements of this Russian political interference operation was the cyber attack on the Democratic National Committee (DNC). GRU hackers stole tens of thousands of emails from DNS servers that were later released through WikiLeaks, with the objective to divide the Democratic Party and damage Clinton's public image just before the Democratic National Convention.

As with the Brexit campaign, Russia has supported Trump's divisive narrative with a powerful social media campaign based on fake accounts, bots and trolls. These posts, often targeting specific voter groups, sought to sway public opinion and fuel polarisation. The Internet Research Agency, a Russian troll farm linked to the GRU, was at the centre of the US campaign, as well as those in France and Germany, demonstrating a global reach of Russian offensive cyber operations (Bastos and Farkas 2019).

The analysis of this disinformation campaign led to an interesting discovery. The messaging was not using a shutter-gun approach, but instead was highly focussed, tailoring content to ideological vulnerabilities of different social groups. For example, pro-Trump messages went to conservative voters, while African American voters were targeted with messages that discouraged them from voting or encouraged support for third-party candidates who were unlikely to win. This could indicate that the Russians may have privileged access to datapoints about the online activity of recipients, as was in the case with the illegally harvested Facebook data used by Cambridge Analytica during the Brexit campaign.

The International Response and Challenges
There have been some efforts to develop cyber defence mechanisms, such as those within NATO, there is still no universal framework for addressing cyber threats.

The Organization for Security and Co-operation in Europe (OSCE) has adopted a framework of 16 guiding measures. While the EU has expressed support for these voluntary measures, some countries continue to oppose the idea of a "central global regulatory body for security in cyberspace" with concerns about loss of national sovereignty (Laţici 2020).

On the disinformation side, the EU has produced a range of initiatives, including EU policy response to Russian disinformation (Digital Services Act (DSA), EU Code of Practice on Disinformation, Action Plan Against Disinformation, EU East StratCom Task Force), and the virtual absence of policy response to Russian covert political funding.

Coordinated by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) of the North Atlantic Treaty publishes the Tallinn Manual, which is based on consultations between international law scholars and practitioners. The most comprehensive analysis of its kind, the manual addresses the applicability of existing international law to cyber warfare, with a particular focus on attacks falling below the armed conflict threshold (Laţici 2020).

Across the Atlantic, the US has imposed sanctions on Russia in response to its cyber activities, and several countries have expelled Russian diplomats and hackers. However, these measures are often seen as inadequate in deterring future attacks.

The biggest weakness of all these actions is that they do not address the threat as a whole, as it was planned by the Russians within the Gerasimov Doctrine's key elements. Deterrence is "dissuading someone from doing something by making them believe that the costs to them will exceed their expected benefit" (Harknett and Nye 2017). The Russians launch these complicated, multi-faceted campaigns to befit specific political players. The only way to nullify the effectiveness of their campaigns is to find the legal ways of removing the benefits of such actions from the recipient beneficiaries. For example, the Romanian High Court had done this very effectively recently, meaning that the Russians will not be able to deploy the same tactics in the country successfully (CNN 2024).

Conclusion
Russian political interference using cyber is a growing threat to political stability globally. By deploying different combinations of active measures, Russia has been able to influence elections, spread disinformation, steal sensitive data, and undermine democratic institutions. The case of the 2016 US Presidential Election illustrates the effectiveness of Russian tactics. However, the broader implications of Russia's cyber activities extend beyond any single election, as they seek to disrupt the international order and advance Russia's grand strategy.

The biggest weakness of the international response so far was not to address the Russian tactics in their combination, but instead target its various elements with varying degrees of effectiveness. By examining more carefully how Russia deploys combinations of cyber hacks, disinformation campaigns, and covert political donations, Western democratic governments would be able to find the weakest element of each campaign and weaponise existing laws to remove the benefit of these campaigns from their intended domestic political recipients.

Bibliography
Almond, Douglas, Xin Du, and Alexander Vogel. 2022. "Reduced Trolling on Russian Holidays and Daily US Presidential Election Odds." PLOS ONE 17, no. 3: e0264507.

Applebaum, Anne. 2024. Autocracy Inc. The Dictators Who Run the World. Allen Lane.

Bastos, Marco, and Johan Farkas. 2019. "Donald Trump Is My President! The Internet Research Agency Propaganda Machine." Social Media & Society 5, no. 3: 2056305119865466.

DiResta, Renée, et al. 2019. "Potemkin Pages & Personas: Assessing GRU Online Operations." Stanford Internet Observatory.

"Follow the Money (2024) Sergei and the Westminster Spy Ring." Podcast, 2024. https://shows.acast.com/7b2057dc-ae5d-49f2-a566-d6b6ab9483a0/67a9fe4ec6f97f89d8a8f7de.

Gerasimov, Valery. 2013. "The Value of Science Is in the Foresight." Military-Industrial Kurier. Moscow.

Harknett, Richard, and Joseph Nye. 2017. "Is Deterrence Possible in Cyberspace?" International Security 42, no. 2: 196–199.

Intelligence and Security Committee of (UK) Parliament. 2020. The Russia Report. https://isc.independent.gov.uk/wp-content/uploads/2021/01/20200721 HC632 CCS001 CCS1019402408-001 ISC Russia Report Web Accessible.pdf.

Kremer, Jan-Frederik, and Benedikt Müller. 2014. Cyberspace and International Relations. Springer.

Laţici, Tania. 2020. "Understanding the EU's Approach to Cyber Diplomacy and Cyber Defence." European Parliament.

McCallum, Ken. N.d. "M15 Director General Ken McCallum: Russian Spies Plotting to Cause 'Mayhem' on Streets of UK and Europe." The Independent. https://www.independent.co.uk/news/uk/europe-mi5-ukraine-vladimir-gru-b2625845.html.

Moore, Daniel. 2022. "The Russian Spectrum of Conflict." In Offensive Cyber Operations: Understanding Intangible Warfare, 145–174. Oxford: Oxford University Press.

Select Committee on Intelligence United States Senate. 2020. Russian Active Measures Campaigns and Interference in the 2016 U.S. Election. https://www.intelligence.senate.gov/sites/default/files/publications/CRPT-116srpt290.pdf.

White House. 2016. "Statement by the President on Actions in Response to Russian Malicious Cyber Activity and Harassment." December 29, 2016. https://obamawhitehouse.archives.gov/the-press-office/2016/12/29/statement-president-actions-response-russian-malicious-cyber-activity.