The "Russia Small Group" - A Step in the Right Direction or a Dangerous Game to Play With?

It has recently came clear that the U.S DoD in direct cooperation with the NSA have been busy working on the so called "Russia Small Group" which aims to analyze and properly respond to the growing threat of foreign influence operations launched and courtesy of Russia that also includes basically anything related to Russia in the world of information and cyber warfare including possibly botnet and malicious software attack campaigns including to further protect the U.S Elections from current and emerging cyber threats that also includes foreign influence operations launched or courtesy by Russia Iran or China.

Among the key factors that should be considered when establishing a proper "Russia Small Group" would eventually consist of monitoring for foreign influence operations and actually establishing the foundation for a proper proactive and active Technical Collection that also includes 4th party collection initiative for the purpose of establishing the foundations for a successful proactive and reactive response to the growing threat posed by Russia that also includes the good old fashioned cybercriminals threat that usually goes beyond the usual GRU-themed malware and cyber espionage type of campaigns.

The currently ongoing misunderstanding that Russia is actively utilizing active measures in cyberspace and the fact that information warfare operations are clearly making its way into the White House Cyberspace strategy should be considered a precedent which despite the fact that will clearly boost the funding and investment in the industrial military complex in particular cyber threat intelligence and foreign influence detection campaigns to actually boost the U.S Cyber Command and NSA's budget in an attempt to respond to the threat posed by Russia in cyberspace the use of information warfare and information operations in cyberspace that also includes foreign influence operations in the form of active measures should be considered and properly analyzed with caution as it blurs the lines between cyber warfare information warfare information operations and the newly emerged term called foreign influence operations which from the perspective of cybercrime research should be considered a basic rogue and bogus content farm which is capable of acquiring traffic and hijacking traffic using basic blackhat SEO (search engine optimization) techniques.

It used to be a moment in time when Russia and China were actively busy playing copycats from publicly obtainable and accessible U.S DoD and U.S Intelligence Community online documentation and material which basically helped them shape their modern information warfare and cyber warfare doctrines if any. The rest remains cybercrime as usual.

Stay tuned!

Image courtesy of:

Pillars of Russia’s Disinformation and Propaganda Ecosystem

DoD's Cyber Strategy for 2018 - An Analysis

Going through the latest DoD Cyber Strategy for 2018 it should be clearly noted that several key new developments are continuing to take place which are worth discussing in the broader context of real-time cyber threat intelligence cyber attack attribution and cyber attack prevention mechanism which today are taking place primarily courtesy of the U.S DoD the NSA and the U.S Cyber Command.

In this post I'll discuss a newly emerged trend which is called "forward defense" where U.S based cyber warriors will actually bother to proactively respond to and prevent current and emerging cyber attacks by scouting foreign networks including foreign influence and information operation campaigns that also includes the use of botnets and cyber espionage type of campaigns to further protect U.S critical infrastructure from current and emerging cyber threats.

While the majority of the cyber threat intelligence work in the U.S is done by the commercial sector the U.S Cyber Command continues to actively apply basic U.S DoD military methodology including near real-time information sharing initiatives for the purpose of demonstrating the key operational capability in the context of targeting the online infrastructure that also includes to actively respond to information warfare including foreign influence operations.

Key summary points to consider:

• Information Warfare is making its way into the White House official Cyberspace strategy document - I've already discussed this unique trend in a related article which you can check out here - which undoubtedly sets a unique precedent where we have the White House directly interfering with basic military concepts such as for instance information warfare and information operations that also includes the use of foreign influence operations which further empowers the U.S DoD and the NSA with unique capabilities to respond to these type of campaigns possibly directly interfering with Russia's information warfare concepts which believe it or not in another world are directly copied from publicly accessible U.S DoD and NSA publicly accessible papers throughout the years. In terms of information warfare operations that also includes foreign influence operations this is a dangerous game to play which may inevitably lead to actually catching some high-profile information warfare operations or eventually KGB or Russia's FSB operators which goes far beyond the usual duties of the U.S Cyber Command the U.S DoD and the NSA in general which has to do with far more high-profile cyber threats that also includes cyber warfare campaigns and possible direct threats against U.S critical infrastructure
• Foreign influence operations - it still remains unclear as to the extend of this basic misconception which basically relies on the use of social media or the so called rogue and bogus content farms which are pretty similar to high-profile and relevant cybercrime-friendly blackhat SEO (search engine optimization) campaigns in the context of traffic acquisition and traffic hijacking which basically has nothing to do with Russia's active measures in Cyberspace which is a dangerous word to play with in particular in the context of having the U.S Cyber Command the U.S DoD and the NSA hunt down and track down foreign influence operations. It should be also clearly noted that a direct response should be issues on a systematic and persistent basis which basically represents the U.S Cyber Command and the U.S DoD including the NSA's basic principles and mode of operation where the virtual assets of a specific foreign influence operator can either can directly exposed or shut down or actually a direct DoS (Denial of Service) launched against them which shouldn't be surprising in the broader context of fighting cybercrime and responding to cyber warfare incidents and campaigns online
• Sock puppetry and foreign influence operations - yet another dangerous word which should be used with caution remains the use of "sock puppets" which are basically foreign influence operators positioned by the U.S Cyber Command the U.S DoD and the NSA as a possible National Security risk which should be properly monitored and actions taken against it in one form or another in particular a direct attempt to expose the operator behind the rogue and bogus content farm including to actually attempt to launch a DoS (Denial of Service) attacks against their infrastructure

Stay tuned!