Learn how our analysts' keen insights and Deep & Dark Web discoveries produce Business Risk Intelligence (BRI) to empower organizations to make informed decisions.

Blog > BRI > U.S. Sanctions Against Russia Raise Questions Over National Security Policy

U.S. Sanctions Against Russia Raise Questions Over National Security Policy

emerging threats

On December 29, 2016, United States President Barack Obama formally enacted measures targeting the Russian Federation in response to a campaign of Russian state-sponsored interference in the 2016 U.S. Presidential Election. The President approved an amendment to Executive Order 13964, updating a previous executive order that gave the Federal government expanded authority to respond to cyber threats from malicious actors outside the reach of existing authorities. The result of these actions will have a significant effect on U.S. national security policy.

The President has used the new authority to sanction nine Russian organizations and individuals, including government intelligence services, officers, and three companies that provided material support to the operation. The strategy has been previously used to counter Chinese and Iranian cyber adversaries. However, members of the Obama administration have hinted at covert actions, which is likely to have a resounding impact on the future of cyber warfare and international norms in this domain.

The Executive Order is a fulfillment of an earlier promise from the Obama administration that a response for Russian interference was forthcoming. The U.S. Director of National Intelligence (DNI) statement on October 7, 2016, alleged that the Russian Government was responsible for the compromise and disclosure of hacked emails via sites like DCLeaks and WikiLeaks, as well as supporting several online hacktivist personas like “Guccifer 2.0.” The statement was based on a preponderance of evidence provided by the Intelligence Community and a consensus from both the Central Intelligence Agency and Federal Bureau of Investigation alleging that Russian proxies hacked the DNC, DCCC, and the email of the former chairman of the Hillary Clinton presidential campaign, John Podesta. According to media reports, Russian President Vladimir Putin was alleged to be personally involved in the influence campaign.

President Obama’s new sanctions are a renewed escalation in a series of diplomatic disagreements and conflicts between the United States and Russia that began with the conflict in Ukraine and have subsequently spilled into the cyber domain. The Executive Order adds to a growing list of diplomatic, economic, and financial sanctions against the Russian Federation in response to the Russian annexation of Crimea in 2014. Russian interference with the 2016 Presidential Election has been the most visible and recent element of ongoing U.S.-Russian tensions.

It is noteworthy that these sanctions come on the heels of a proposed Russian ceasefire in Syria. It is assessed that the U.S. has previously abstained from directly confronting Russia for cyber activities during the 2016 presidential election for fear that it may undermine efforts to stabilize the conflict in Syria. Previous ceasefires brokered by the United Nations or with the U.S. and Russia quickly collapsed. While there is no guarantee this ceasefire will have longevity, the U.S. announcement was possibly timed in the interest of preserving balance in a fragile Middle East. The conflict in Syria has resulted in the deaths of hundreds of thousands of civilians and the displacement of millions, prompting a humanitarian crisis in the country and a refugee crisis in Europe.

The amendment to the Executive Order was preceded by President Vladimir Putin’s Information Security Doctrine of the Russian Federation, signed on December 5, 2016. This document outlines Russia’s national security strategy in the information age; namely how Russia will respond to threats posed by the expansion of information technology in society. It does not treat “cyber” as a standalone concept, but rather as an aspect of the social, economic and technological processes affecting society or “informatization.”

Russia is strategically seeking to balance its lack of domestically-produced information technology with its role as an international power. To compensate for its dependence on foreign information technology, Russia will likely have to reconsider its role in driving international legal norms within the information domain, balancing security concerns with offensive use of information warfare. The cyber activity during the 2016 U.S. election is the clearest and most brazen example of this influence warfare.

There are serious concerns that this conflict may continue to escalate and perhaps even spill into the physical domain. Previous diplomatic conflicts over cyber espionage and hacking have been limited to the cyber domain. Threats of sanctions against China for commercial cyber espionage were enough to force a rapprochement between Chinese President Xi Jinping and President Obama, and a resultant pact has lowered instances of Chinese hacking. It’s not clear if these measures will be sufficient to force Russia to deescalate or will prompt more conflict. Cyber experts have long been concerned over the potential of cyber conflict to spill over into more dangerous and destructive armed conflict.

Based on statements from the Russian Foreign Ministry, a response is likely forthcoming; however it is unclear if Russian intends to respond with kinetic or cyber attacks.

Russia and the U.S. are at a pivotal moment in a relationship fraught with distrust. The U.S. considers Russian interference in its elections to be a grave violation of its core democratic institutions. President Putin’s legitimacy in Russia and status in the world relt on his projection of strength and resolve in the face of a declining economy, international opposition, and political instability in its periphery. Given these facts, it is difficult to judge both the U.S. and Russian resolve as this political standoff continues; and for the foreseeable future, the outcome of this dispute is far from certain.

Flashpoint will continue to monitor the situation.



About the author: Ian W. Gray

Ian W. Gray is a Senior Intelligence Analyst at Flashpoint, where he focuses on producing strategic and business risk intelligence reports on emerging cybercrime and hacktivist threats. Ian is a military reservist with extensive knowledge of the maritime domain and regional expertise on the Middle East, Europe, and South America. As a Veteran Volunteer, Ian supports The Homefront Foundation, a non-profit that helps veterans and first responders share their experiences through focused story-telling workshops. His insights and commentary have been featured in publications including Wired, Christian Science Monitor Passcode, ThreatPost, TechTarget, The Washington Examiner, Cyberscoop, The Diplomat, and others. He holds a bachelor’s degree in Middle Eastern Studies from Fordham University and a Master of International Affairs degree from Columbia University.

About the author: Vitali Kremez

Vitali Kremez is a Director of Research at Flashpoint. He oversees analyst collection efforts and leads a technical team that specializes in researching and investigating complex cyber attacks, network intrusions, data breaches, and hacking incidents. Vitali is a strong believer in responsible disclosure and has helped enterprises and government agencies deliver indictments of many high-profile investigations involving data breaches, network intrusions, ransomware, computer hacking, intellectual property theft, credit card fraud, money laundering, and identity theft. Previously, Vitali enjoyed a rewarding career as a Cybercrime Investigative Analyst for the New York County District Attorney's Office.

He has earned the majority of certifications available in the information technology, information security, digital forensics, and fraud intelligence fields. A renowned expert, speaker, blogger, and columnist, Vitali has contributed articles to Dark Reading, BusinessReview, and Infosecurity Magazine and is a frequent commentator on cybercrime, hacking incidents, policy, and security.