Russia under the regime of Vladimir Putin is a rogue state but not an especially capable one. That’s the ineluctable conclusion to be drawn from the attempts of Russian spies to target the cyber operations of the Foreign Office, the Porton Down research facility and the Organisation for the Prohibition of Chemical Weapons (OPCW).
These bungled operations were exposed today by British and Dutch authorities. The threat from Russian aggression in various forms is intense, but the methods of deterrence and containment that worked to defeat communism in the Cold War have not lost their relevance in the age of cyber warfare.
Theresa May told the House of Commons last month that the attempt to murder Sergei and Yulia Skripal in Salisbury with a nerve agent was not a rogue attack but an action of the Russian state. There has never been reason to doubt this disturbing inference. It fits with a pattern of lethal violence deployed over many years by the Putin regime, within Russian borders and beyond, against its opponents and critics.
Conspiracy theorists immediately and predictably cited the case of false intelligence 15 years ago about Iraqi WMDs but the Salisbury poisoning is a very different case. Forensic analysis demonstrates that a nerve agent was deployed in Salisbury and a British citizen now lies dead as a result of this outrage.
The British government rightly sought to cooperate immediately with the OPCW, the chemical weapons watchdog, whereas the Russian state has consistently denounced this body. Why wouldn’t it? The OPCW’s meticulous conclusions about the use of chemical weapons in Syria levelled blame at the Assad regime, which is Russia’s client. Yet the smears, disinformation and outright lies by the Kremlin and its propaganda organs have been exposed by evidence.
At a news conference this morning, Dutch authorities showed passport photographs of four agents of Russian intelligence, the GRU, arriving at Amsterdam Schiphol airport from Moscow on 10 April. The agents travelled to the headquarters of the OPCW on a reconnaissance mission. It was a fantastically inept operation. The Russian agents used wifi hotspots, so their login details were easily obtainable; they had gone direct to Moscow airport from GRU barracks, with no intervening stop; and their passports had consecutive numbers. They hired a car, which was intercepted by the Dutch authorities with incriminating equipment in the boot. One of the agents had also engaged in clandestine activity in Malaysia, to try and gain information about the investigation into the downing of Malaysia Airlines Flight MH-17 above Ukraine in 2014.
It’s always tempting, with an adversarial state, to assume that some apparently hopeless gaffe is part of a broader master plan. This need not necessarily be true. The pathetic case of Michael Bettaney, a spy who died a few weeks ago, demonstrates the point.
Bettaney worked for British intelligence, MI5, and was desperate to show his willingness to spy for the Soviet Union. He hence in 1983 posted stolen intelligence material through the letter box of the KGB chief in London — who suspected a trap and therefore did nothing. Bettaney was later apprehended and sentenced to 23 years in prison.
The plot to kill the Skripals and spy on the OPCW, which tested the nerve agent used in the attack, appears to come out of the same hapless copybook. The Russian scheme has had horrifying consequences but it was essentially incompetent owing to human failings.
That realisation should guide Western policy. Russia has long pursued cyber warfare. In 2007, Estonia suffered a wave of cyber attacks. This was probably a precursor to a similar campaign against Georgia’s government and economy in 2008 when Russia mounted a military incursion. And in 2009, the US and South Korea were targeted in a cyber warfare campaign that seems to have originated in North Korea.
The problem for Western democracies dealing with cyber attacks is that, almost by definition, the culprit in this type of aggression is not easy to track down. There are very low barriers to entry in attacking a nation-state’s cyber infrastructure. Hackers can do it with not much more than a lot of intellectual capital. Cyber warfare targets not just the obvious computer systems but essential infrastructure such as nuclear power plants.
How, then, is it possible to deter cyber warfare, which would have devastating consequences? The only plausible way as things stand is to expose regimes that are known to conduct it. That means Russia, right now, after attempting to disrupt investigations into the MH-17 attack and the Salisbury poisoning.
The Putin regime needs to know it’s been caught out. Its purported diplomats should be expelled from Western capitals. Its propaganda apparatus, such as the notorious fake news outlets RT and Sputnik, should be shunned by democratic politicians and indeed anyone with a conscience. Containment is not a glamorous course but collective security is as essential in the age of cyber warfare as it was in the era of the Soviet Union.