Internet - Atlantic Council

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Recent steps to limit access to YouTube are seen as somewhat risky due to the video sharing platform’s status as the most popular social media site in Russia. Indeed, it came as no surprise when the apparent shutdown of YouTube sparked significant alarm and anger on Russian social media. Notably, no genuine alternative currently exists in Russia. The Kremlin has promoted similar domestic platforms such as VK Video and RuTube, but these options have not been able to rival the popularity or audience reach of YouTube itself.

There are additional indications that the Kremlin may now be seeking to strengthen its control over the information space and further cut Russia off from the outside world. On August 9, Roskomnadzor blocked access to Signal, a messaging app that allows for end-to-end encrypted communications. Reports also continue to circulate that the Kremlin is preparing to take similar steps against messenger platform WhatsApp.

Recent measures to prevent Russians from accessing YouTube represent the latest escalation in the Kremlin’s campaign to dominate the domestic information space and eliminate all independent media in today’s Russia. Over the past twenty-four years, Vladimir Putin has created a powerful propaganda machine that has proved instrumental in legitimizing his own increasingly dictatorial rule and mobilizing public support for the invasion of Ukraine. Popular social media platforms like YouTube remain outside of Moscow’s control and therefore pose a significant threat to the Kremlin censors. With Ukrainian troops now advancing inside Russia itself, it would seem that this threat can no longer be tolerated.

Mercedes Sapuppo is a program assistant at the Atlantic Council’s Eurasia Center.

What is digital public infrastructure?

DPI, while an evolving concept, is broadly defined by the United Nations (UN) as a combination of “networked open technology standards built for public interest, [which] enables governance and [serves] a community of innovative and competitive market players working to drive innovation, especially across public programmes.” This definition refers to DPI as essential digital systems that support critical societal functions, like how physical infrastructure—including roads, bridges, and power grids—are essential for everyday activities.

Microsoft Windows, which runs CrowdStrike’s Falcon Sensor software, is a form of DPI. And other examples of DPI within the UN definition include digital health systems, payment systems, and e-governance portals.

As the world scrambles to fix their Windows systems, policymakers need to pay particular attention to the core DPI issues that underpin the outage.

The problem of invisibility

DPI, such as Microsoft Windows, is ubiquitous but also largely invisible, which is a significant challenge when it comes to managing risks associated with it. Unlike physical infrastructure, which is tangible and visible, DPI powers essential digital services without drawing public awareness. Consequently, the potential risks posed by DPI failures—whether stemming from software bugs or cybersecurity breaches—tend to be underappreciated and underestimated by the public.

The lack of a clear definition of DPI exacerbates the issue of its invisibility. Not all digital technologies are public infrastructure: Companies build technology to generate revenue, but many of them do not directly offer critical services for the public. For instance, Fitbit, a tech company that creates fitness and health tracking devices, is not a provider of DPI. Though it utilizes technology and data services to enhance user experience, it does not provide essential infrastructure such as internet services, cloud computing platforms, or large-scale data centers that support public and business digital needs. That said, Fitbit’s new owner, Google, known for its widely used browser, popular cloud computing services, and efforts to expand digital connectivity, can be considered a provider of DPI.

Other companies that do not start out as DPI may become integral to public infrastructure by dint of becoming indispensable. Facebook, for example, started out as a social network, but it and other social media platforms have become a crucial aspect of civil discourse surrounding many elections. Regulating social media platforms as a simple technology product could potentially ignore their role as public infrastructure, which often deserve extra scrutiny to mitigate potential detrimental effects on the public.

The recent Microsoft outage, from which airlines, hospitals, and other companies are still recovering, should now sharpen the focus on the company as a provider of DPI. However, the invisibility of DPI and the absence of appropriate policy guidelines for measuring and managing its risks result in two complications. First, most users who interact with DPI often do not recognize it as a form of DPI. Second, this invisibility leads to a misplaced trust in major technology companies, as users fail to recognize how high the collective stakes of a failure in this DPI might be. Market dominance and effective advertising have helped major technology companies publicize their systems as benchmarks of reliability and resiliency. As a result, the public often perceives these systems as infallible, assuming they are more secure than they are—until a failure occurs. At the same time, an overabundance of public trust and comfort with familiar systems can foster complacency within organizations, which can lead to inadequate internal scrutiny and security audits.

How to prevent future disruptions

The Great IT Outage of 2024 revealed just how essential DPI is to societies across the globe. In many ways, the outage serves as a symbolic outcry for solution-oriented policies and accountability to stave off future disruptions.

To address DPI invisibility and misplaced trust in technology companies, US policymakers should first define DPI clearly and holistically while accounting for its status as an evolving concept. It is equally crucial to distinguish which companies are currently providers of DPI, and to educate leaders, policymakers, and the public about what that means. Such an initiative should provide a clear definition of DPI, its technical characteristics, and its various forms, while highlighting how commonly used software such as Microsoft Windows is a form of DPI. A silver lining of the recent Microsoft/CrowdStrike outage is that it offers a practical, recent case study to present to the public as real-world context for understanding the risks when DPI fails.

Finally, Microsoft has outlined technical next steps to prevent another outage, including extensive testing frameworks and backup systems to prevent the same kind of outage from happening again. However, while industry-driven self-regulation is crucial, regulation that enforces and standardizes backup systems, not just with Microsoft, but also for other technology companies that may also become providers of DPI, is also necessary. Doing so will help prevent future outages, ensuring the reliability of infrastructure which, just like roads and bridges, props up the world.

Saba Weatherspoon is a young global professional with the Atlantic Council’s Geotech Center.

Zhenwei Gao is a young global professional with the Cyber Statecraft Initiative, part of the Atlantic Council Technology Programs.

The post The Great IT Outage of 2024 is a wake-up call about digital public infrastructure appeared first on Atlantic Council.

Zaaimi in Leadership Connect: Tribal Spotlight Interview

Atlantic Council — Tue, 18 Jun 2024 18:57:35 +0000

Original Source

The post Zaaimi in Leadership Connect: Tribal Spotlight Interview appeared first on Atlantic Council.

Designing a blueprint for open, free and trustworthy digital economies

Carole House — Fri, 14 Jun 2024 21:21:25 +0000

More than half a century into the information age, it is clear how policy has shaped the digital world. The internet has enabled world-changing innovation, commercial developments, and economic growth through a global and interoperable infrastructure. However, the internet is also home to rampant fraud, misinformation, and criminal exploitation. To shape policy and technology to address these challenges in the next generation of digital infrastructure, policymakers must confront two complex issues: the difficulty of massively scaling technologies and the growing fragmentation across technological and economic systems.

How today’s policymakers decide to balance freedom and security in the digital landscape will have massive consequences for the future. US digital policy must be aimed at improving national security, defending human freedom, dignity, and economic growth while ensuring necessary accountability for the integrity of the technological bedrock.

Digital economy building blocks and the need for strategic alignment

Digital policymakers face a host of complex issues, such as regulating and securing artificial intelligence, banning or transitioning ownership of TikTok, combating pervasive fraud, addressing malign influence and interference in democratic processes, considering updates to Section 230 and impacts on tech platforms, and implementing zero-trust security architectures. When addressing these issues, policymakers must keep these core building blocks of the digital economy front and center:

Infrastructure: How to provide the structure, rails, processes, standards, and technologies for critical societal functions;
Data: How to protect, manage, own, use, share, and destroy open and sensitive data; and
Identity: How to represent and facilitate trust and interactions across people, entities, data, and devices.

How to approach accountability—who is responsible for what—in each of these pillars sets the stage for how future digital systems will or will not be secure, competitive, and equitable.

Achieving the right balance between openness and security is not easy, and the stakes for both personal liberty and national security amid geostrategic competition are high. The open accessibility of information, infrastructure, and markets enabled by the internet all bring knowledge diffusion, data flows, and higher order economic developments, which are critical for international trade and investment.

However, vulnerabilities in existing digital ecosystems contribute significantly to economic losses, such as the estimated $600 billion per year lost to intellectual property theft and the $8 trillion in global costs last year from cybercrime. Apart from direct economic costs, growing digital authoritarianism threatens undesirable censorship, surveillance, and manipulation of foreign and domestic societies that could not only undermine democracy but also reverse the economic benefits wrought from democratization.

As the United States pursues its commitment with partner nations toward an open, free, secure internet, Washington must operationalize that commitment into specific policy and technological implementations coordinated across the digital economy building blocks. It is critical to shape them to strengthen their integrity while preventing undesired fragmentation, which could hinder objectives for openness and innovation.

Infrastructure

The underlying infrastructure and technologies that define how consumers and businesses get access to and can use information are featured in ongoing debates and policymaking, which has led to heightened bipartisan calls for accountability across platform operators. Further complicating the landscape of accountability in infrastructure are the growing decentralization and aggregation of historically siloed functions and systems. As demonstrated by calls for decentralizing the banking system or blockchain-based decentralized networks underlying cryptocurrencies, there is an increasing interest from policymakers and industry leaders to drive away from concentration risks and inequity that can be at risk in overly centralized systems.

However, increasing decentralization can lead to a lack of clear lines of responsibility and accountability in the system. Accountability and neutrality policy are also impacted by increasing digital interconnectedness and the commingling of functions. The Bank of the International Settlement recently coined a term, “finternet,” to describe the vision of an exciting but complexly interconnected digital financial system that must navigate international authorities, sovereignty, and regulatory applicability in systems that operate around the world.

With this tech and policy landscape in mind, infrastructure policy should focus on two aspects:

Ensuring infrastructure security, integrity, and openness. Policymakers and civil society need to articulate and test a clear vision for stakeholders to coordinate on what openness and security across digital infrastructure for cross-economic purposes should look like based on impacts to national security, economic security, and democratic objectives. This would outline elements such as infrastructure ecosystem participants, the degree of openness, and where points for responsibility of controls should be, whether through voluntary or enforceable means. This vision would build on ongoing Biden administration efforts and provide a north star for strategic coordination with legislators, regulators, industry, civil society, and international partners to move in a common direction.
Addressing decentralization and the commingling of infrastructure. Technologists must come together with policymakers to ensure that features for governance and security are fit for purpose and integrated early in decentralized systems, as well as able to oversee and ensure compliance for any regulated, high-risk activity.

Data

Data has been called the new oil, the new gold, and the new oxygen. Perhaps overstated, each description nonetheless captures what is already the case: Data is incredibly valuable in digital economies. US policymakers should focus on how to surround how to address the privacy, control, and integrity of data, the fundamental assets of value in information economies.

Privacy is a critical area to get right in the collection and management of information. The US privacy framework is fragmented and generally use-specific, framed for high risk sectors like finance and healthcare. In the absence of a federal-government-wide consumer data privacy law, some states are implementing their own approaches. In light of existing international data privacy laws, US policy also has to account for issues surrounding harmonization and potential economic hindrances brought by data localization.

Beyond just control of privacy and disclosure, many tech entrepreneurs, legislators, and federal agencies are aimed at placing greater ownership of data and subsequent use in the hands of consumers. Other efforts supporting privacy and other national and economic security concerns are geared toward protecting against the control and ownership of sensitive data by adversarial nations or anti-competitive actors, including regulations on data brokers and the recent divest-or-ban legislation targeted at TikTok.

There is also significant policy interest surrounding the integrity of information and the systems reliant on it, such as in combating the manipulation of data underlying AI systems and protecting electoral processes that could be vulnerable to disinformation. Standards and research are rising, focused on data provenance and integrity techniques. But there remain barriers to getting the issue of data integrity right in the digital age.

While there is some momentum for combating data integrity compromise, doing so is rife with challenges of implementation and preserving freedom of expression that have to be addressed to achieve the needed balance of security and freedom:

Balancing data security, discoverability, and privacy. Stakeholders across various key functions of law enforcement, regulation, civil society, and industry must together define what type of information should be discoverable by whom and under what conditions, guided by democratic principles, privacy frameworks, the rule of law, and consumer and national security interests. This would shape the technical standards and requirements for privacy tech and governance models that government and industry can put into effect.
Preserving consumer and democratic control and ownership of data. Placing greater control and localization protections around consumer data could bring great benefits to user privacy but must also be done in consideration of the economic impacts and higher order innovations enabled from the free flow and aggregation of data. Policy efforts could pursue research and experimentation for assessing the value of data
Combating manipulation and protecting information integrity. Governments must work hand in hand with civil society and, where appropriate, media organizations to pursue policies and technical developments that could contribute to promoting trust in democratic public institutions and help identify misinformation across platforms, especially in high-risk areas to societies and democracies such as election messaging, financial services and markets, and healthcare.

Identity

Talk about “identity” can trigger concerns of social credit scores and Black Mirror episodes. It may, for example, evoke a sense of state surveillance, criminal anonymity, fraud, voter and political dissident suppression, disenfranchisement of marginalized populations, or even the mundane experience of waiting in line at a department of motor vehicles. As a force for good, identity enables critical access to goods and services for consumers, helps provide recourse for victims of fraud and those seeking public benefits, and protects sensitive information while providing necessary insights to authorities and regulated institutions to hold bad actors accountable. With increasing reliance on digital infrastructure, government and industry will have to partner to create the technical and policy fabric for secure, trustworthy, and interoperable digital identity.

Digital identity is a critical element of digital public infrastructure (DPI). The United States joined the Group of Twenty (G20) leaders in committing to pursue work on secure, interoperable digital identity tools and emphasized its importance in international fora to combat illicit finance. However, while many international efforts have taken root to establish digital identity systems abroad, progress by the United States on holistic domestic or cross-border digital identity frameworks has been limited. Identity security is crucial to establish trust in US systems, including the US financial sector and US public institutions. While the Biden administration has been driving some efforts to strengthen identity, the democratized access to sophisticatedAI tools increased the threat environment significantly by making it easy to create fraudulent credentials and deepfakes that circumvent many current counter-fraud measures.

The government is well-positioned to be the key driver of investments in identity that would create the underlying fabric for trust in digital communications and commerce:

Investing in identity as digital public infrastructure. Digital identity development and expansion can unlock massive societal and economic benefits, including driving value up to 13 percent of a nation’s gross domestic product and providing access to critical goods and services, as well as the ability to vote, engage in the financial sector, and own land. Identity itself can serve as infrastructure for higher-order e-commerce applications that rely on trust. The United States should invest in secure, interoperable digital identity infrastructure domestically and overseas, to include the provision of secure verifiable credentials and privacy-preserving attribute validation services.
Managing security, privacy, and equity in Identity. Policymakers must work with industry to ensure that identity systems, processes, and regulatory requirements implement appropriate controls in full view of all desired outcomes across security, privacy, and equity, consistent with National Institute of Science and Technology standards. Policies should ensure that saving resources by implementing digital identity systems also help to improve services for those not able to use them.

Technology by itself is not inherently good or evil—its benefits and risks are specific to the technological, operational, and governance implementations driven by people and businesses. This outline of emerging policy efforts affecting digital economy building blocks may help policymakers and industry leaders consider efforts needed to drive alignment to preserve the benefits of a global, interoperable, secure and free internet while addressing the key shortfalls present in the current digital landscape.

Carole House is a nonresident senior fellow at the Atlantic Council GeoEconomics Center and the Executive in Residence at Terranet Ventures, Inc. She formerly served as the director for cybersecurity and secure digital innovation for the White House National Security Council, where Carole will soon be returning as the Special Advisor for Cybersecurity and Critical Infrastructure Policy. This article reflects views expressed by the author in her personal capacity.

The post Designing a blueprint for open, free and trustworthy digital economies appeared first on Atlantic Council.

Intentionally vague: How Saudi Arabia and Egypt abuse legal systems to suppress online speech

Dina Sadek, Layla Mashkoor, Iain Robertson, Andy Carvin — Wed, 12 Jun 2024 11:00:00 +0000

DOWNLOAD PDF

Egypt and Saudi Arabia are weaponizing vaguely written domestic media, cybercrime, and counterterrorism laws to target and suppress dissent, opposition, and vulnerable groups. Political leaders in Egypt and Saudi Arabia often claim that their countries’ judicial systems enjoy independence and a lack of interference, a narrative intended to distance the states from the real and overzealous targeting and prosecution of critics. Such claims can be debunked and dismissed, as the Egyptian and Saudi governments have had direct involvement in establishing and implementing laws that are utilized to target journalists and human rights defenders.

Egypt and Saudi Arabia were selected as case studies for this report because of their status as among the most frequently documented offenders in the region when it comes to exploiting ambiguously written laws to target and prosecute journalists, critics, activists, human rights defenders, and even apolitical citizens. The two countries have consolidated power domestically, permitting them to utilize and bend their domestic legal systems to exert control over the online information space. Punishments for those targeted can involve draconian prison sentences, travel bans, and fines, which result in a chilling effect that consequently stifles online speech and activities, preventing citizens from discussing political, social, and economic issues.

Both Egypt and Saudi Arabia enacted media, cybercrime, and counterterrorism laws with ambiguous language and unclear definitions of legal terms, allowing for flexible interpretations of phrases such as “false information,” “morality,” or “family values and principles.” The laws in both countries also loosely define critical terms like “terrorism,” thereby facilitating expansive interpretations of what constitutes a terrorist crime. Further, anti-terror laws now include articles that connect the “dissemination of false information” with terrorist acts. This vague and elastic legal language has enabled the Egyptian and Saudi regimes to prosecute peaceful citizens on arbitrary grounds, sometimes handing out long prison sentences or even death sentences, undermining respect for the rule of law in the two countries.

This report explores the development of media, cybercrime, and counterterrorism laws in both countries, and demonstrates through case studies how Saudi Arabia and Egypt weaponize the laws to prosecute opposition figures and control narratives online. This report examines the relationship between criminal charges tied to one’s professional activities or online speech and how those charges can trigger online smear campaigns and harassment. In cases that involve women, gender-based violence is often used to harm a woman’s reputation. Though a direct correlation between judicial charges and online harassment cannot be ascertained, these case studies suggest that dissidents are likely to face online harm following legal persecution, even after they are released.

What to do about ransomware payments

Carole House — Tue, 14 May 2024 16:57:36 +0000

Ransomware is a destabilizing form of cybercrime with over a million attacks targeting businesses and critical infrastructure every day. Its status as a national security threat, even above that of other pervasive cybercrime, is driven by a variety of factors like its scale, disruptive nature, and potential destabilizing impact on critical infrastructure and services—as well as the sophistication and innovation in ransomware ecosystems and cybercriminals, who are often Russian actors or proxies.

The ransomware problem is multi-dimensional. Ransomware is both a cyber and a financial crime, exploiting vulnerabilities not only in the security of digital infrastructure but also in the financial system that have enabled the rise of sophisticated Ransomware-as-a-Service (RaaS) economies. It is also inherently international, involving transnational crime groups operating in highly distributed networks that are targeting victims, leveraging infrastructure, and laundering proceeds without regard for borders. As with other asymmetric threats, non-state actors can achieve state-level consequences in disruption of critical infrastructure.

With at least $1 billion reported in ransomware payments in 2021 and with incidents targeting critical infrastructure like hospitals, it is not surprising that the debate on ransomware payments is rising again. Ransomware payments themselves are problematic—they are the primary motive for these criminal acts, serving to fuel and incentivize this ecosystem. Many are also inherently already banned in that payments to sanctioned actors are prohibited. However, taking a hardline position on ransomware payments is also challenging because of its potential impact on victims, visibility and cooperation, and limited resources.

Cryptocurrency’s role in enabling ransomware’s rise

While ransomware has existed in some form since 1989, the emergence of cryptocurrencies as an easy means for nearly-instantaneous, peer-to-peer, cross-border value transfer contributed to the rise of sophisticated RaaS economies. Cryptocurrencies use largely public, traceable ledgers which can certainly benefit investigations and disruption efforts. However, in practice those disruption efforts are hindered by weaknesses in cryptocurrency ecosystems like lagging international and industry compliance with anti-money laundering and countering financing of terrorism (AML/CFT) standards; growth of increasingly sophisticated methods of obfuscation leveraging mixers, anonymity-enhanced cryptocurrencies, chain-hopping, and intermixing with off-chain and traditional finance methods; and insufficient steps taken to enable real-time, scaled detection and timely interdictionof illicit cryptocurrency proceeds.

Despite remarks by some industry and policymaker advocates, RaaS economies would not work at the same level of scale and success without cryptocurrency, at least in its current state of compliance and exploitable features. Massively scaled ransomware campaigns targeting thousands of devices could not work by asking victims to pay using wire transfers and gift cards pointing to common accounts at regulated banks or widely publishing a physical address. Reliance on traditional finance methods would require major, and likely significantly less profitable, evolution in ransomware models.

The attraction of banning ransomware payments

Any strategy to deal with ransomware needs to have multiple elements, and one key aspect is the approach to ransomware payments. The Biden Administration’s multi-pronged counter-ransomware efforts have driven unprecedented coordination of actions combating ransomware, seen in actions like disrupting the ransomware variant infrastructure and actors, OFAC and FinCEN designations of actors and financial institutions facilitating ransomware, pre-ransomware notifications to affected companies by CISA, and a fifty-member International Counter-Ransomware Initiative.

However, ransomware remains a significant threat and is still affecting critical infrastructure. As policymakers in the administration and in Congress consider every tool available, they will have to consider the effectiveness of the existing policy approach to ransomware payments. Some view payment bans as a necessary action to address the risks ransomware presents to Americans and to critical infrastructure. Set against the backdrop of the moral, national security, and economic imperatives to end this destabilizing activity, bans could be the quickest way to diminish incentives for targeting Americans and the significant amounts of money making it into the hands of criminals.

Additionally, banning ransomware payments promotes other Administration policy objectives like driving a greater focus on cybersecurity and resilience. Poor cyber hygiene, and especially often poor identity and access management, are frequently exploited in ransomware. Removing payments as a potential “escape hatch” is seen by some as a way to leverage market forces to incentivize better cyber hygiene, especially in a space where the government has limited and fragmented regulatory authority.

Those who promote bans typically do not come to that position lightly but instead see them as a last resort to try to deter ransomware. The reality is that we have not yet been able to sufficiently scale disruption to the extent needed to diminish this threat below a national security concern—driven by insufficient resourcing, limits on information sharing and collaboration, timeliness issues for use of certain authorities, and insufficient international capacity and coordination on combating cyber and crypto crime. When policymakers are in search of high-impact initiatives to reduce the high-impact threat of ransomware, many understandably view bans as attractive.

Challenges with banning ransomware payments

However, taking a hardline position on ransomware payments can also present practical and political challenges:

Messaging and optics of punishing victims:A ban inherently places the focus of the policy burden and messaging on the victims, potentially not stopping them from using this tool but instead raising the costs for them to do so. Blaming victims that decide to pay in order to keep their company intact presents moral and political challenges.

Limited resources that need to be prioritized against the Bad Guys: For a ban to be meaningful, it would have to be enforced. Spending enforcement resources against victims to enforce a ban—resources which could have been spent on scaling disruption of the actual perpetrators—could divert critically limited resources from efforts against the ransomware actors.

Likelihood that payments will still happen as companies weigh the costs against the benefits: Many feel that companies, if faced between certain demise and the costs of likely discovery and legal or regulatory action by the government, will still end up making ransomware payments.

Disincentivizing reporting and visibility: A ban would also make companies less likely to report that they have been hit with ransomware, as they will aim to keep all options open as they decide how to proceed. This disincentivizes transparency and cooperation from companies needed to drive effective implementation of the cyber incident and ransomware payment reporting requirements under the Cybersecurity Incident Reporting for Critical Infrastructure Act (CIRCIA) regulations to the Cybersecurity and Infrastructure Security Agency (CISA). Diminished cooperation and transparency could have a devastating effect on investigations and disruption efforts that rely on timely visibility.

Asking for permission means the government deciding which companies survive: Some advocates for bans propose exceptions, such as supplementing a presumptive ban with a licensing or waiver authority, where the government is the arbiter of deciding which companies get to pay or not. This could enable certain entities like hospitals to use the payment “escape hatch.” However, placing the government in a position to decide which companies live and die is extremely complicated and presents uncomfortable questions. It is unclear what government body could be capable, or should be endowed with the authority of making that call at all, especially in as timely a fashion as would be required. Granting approval could also place the government in the uncomfortable position of essentially approving payments to criminals.

Additional policy options that can strike a balance for practical implementation

In light of the large-scale, disruptive threat to critical infrastructure from ransomware, policymakers will have to consider other initiatives along with its ransomware payment approach to strike a balance on enhancing disruption and incentivizing security measures:

Resource agencies and prioritize counter-ransomware efforts: Government leadership must properly resource through appropriations and prioritize disruption efforts domestically and internationally as part of a sustained pressure campaign against prioritized ransomware networks.

International cyber and cryptocurrency capacity building and pressure campaign: Agencies should prioritize targeted international engagement, such as capacity building where capability lags and diplomatic pressure where political will lags, toward defined priority jurisdictions. Capacity building and pressure should drive both cybersecurity and cryptocurrency capacity, such as critical infrastructure controls, regulatory, and law enforcement capabilities. Jurisdictional prioritization could account for elements like top nations where RaaS actors and infrastructure operate and where funds are primarily laundered and cashed out.

Enhance targeting authorities for use against ransomware actors: Congress should address limitations in existing authorities to enable greater disruptive action against the cyber and financial elements of ransomware networks. For example, Congress could consider fixes to AML/CFT authorities (e.g., 311 and 9714 Bank Secrecy Act designations) for better use against ransomware financial enablers, as well as potential fixes that the defense, national security, and law enforcement communities may need.

Ensure government and industry visibility for timely interdiction and disruption of ransomware flows: Congressional, law enforcement, and regulatory agencies should work with industry to ensure critical visibility across key ecosystem participants to enable disruption efforts, such as through: Enforcing reporting requirements of ransomware payments under CIRCIA and US Treasury suspicious activity reporting (SAR) requirements; Mandating through law that entities (such as digital forensic and incident response [DFIR] firms) that negotiate or make payments to ransomware criminals on behalf of victims, including in providing decryption services for victims, must be regulated as financial institutions with SAR reporting requirements; Driving the evolution of standards, like those for cyber indicators, to enable real-time information sharing and ingestion of cryptocurrency illicit finance indicators for responsible ecosystem participants to disrupt illicit finance flows.

Prioritize and scale outcome-driven public-private partnerships (PPPs): Policymakers should prioritize, fund, and scale timely efforts for PPPs across key infrastructure and threat analysis actors (e.g., internet service providers [ISPs], managed service providers [MSPs], cyber threat firms, digital forensic and incident response [DFIR] and negotiation firms, cryptocurrency threat firms, cryptocurrency exchanges, and major crypto administrators and network-layer players [e.g., mining pools and validators]) focused on disruption of key ransomware activities and networks.

Incentivize and promote better security while making it less attractive to pay ransoms: Policymakers could leverage market and regulatory incentives to drive better security measures adoption to deter ransomware and make it less attractive to pay. For example, legislation could prohibit cyber insurance reimbursement of ransomware payments. Regulatory action and legislative authority expansion could also drive implementation of high-impact defensive measures against ransomware across critical infrastructure and coordination of international standards on cyber defense.

While attractive for many reasons, banning ransomware payments presents challenges for limiting attacks that demand a broader strategy to address. Only this kind of multi-pronged, whole-of-nation approach will be sufficient to reduce the systemic threats presented by disruptive cybercrime that often targets our most vulnerable.

Carole House is a nonresident senior fellow at the Atlantic Council GeoEconomics Center and the Executive in Residence at Terranet Ventures, Inc. She formerly served as the director for cybersecurity and secure digital innovation for the White House National Security Council.

The post What to do about ransomware payments appeared first on Atlantic Council.

Tehran cooked up a conspiracy theory blaming Israel for US TikTok ban

Khosro Sayeh Isfahani — Fri, 05 Apr 2024 14:35:00 +0000

“We really have a TikTok problem, a Gen Z problem,” Anti-Defamation League (ADL) director Jonathan Greenblatt said in a recording. He notes that Israel is facing a “major generational problem” in the United States and that “the numbers of young people who think that Hamas’, you know, massacre was justified is shockingly and terrifyingly high.”

After the US House of Representatives overwhelmingly passed a bill on March 13 that could lead to a nationwide ban against the Chinese social media platform TikTok, old conspiracy theories sprouted back to life, with one using Greenblatt’s comments to explicitly pin the blame for the possible ban on Israel. Not surprisingly, the Islamic Republic reveled in the story involving its archenemies, the United States and Israel, along with its strategic ally, China.

It appears that the primary source of the recording is an article titled “American Youth Break Free from Zionist Yokes,” posted in November 2023 by the Tehran Times, an English daily published in Tehran by Mehr News Agency, an arm of the Islamic Propagation Organization (IPO), whose director is directly appointed by Supreme Leader Ayatollah Ali Khamenei. The organization is a key element of the Islamic Republic’s foreign-facing propaganda machine.

On March 20, the ADL issued a statement confirming the authenticity of the recording. The statement adds that the comments were made “during a public Zoom call.” The ADL and Greenblatt himself have previously called on social media platforms to introduce more robust mechanisms for countering hate and harassment. The recent statement from the organization concludes, “These calls-to-action have not included an outright ban of the platform.”

After the recording went viral in March, Tehran Times editor in chief Mohammad Sarfi boasted on X (formerly Twitter) that it was released “exclusively by Tehran Times” in November 2023, arguing that it shows that his daily is “ahead of world developments.”

SIGN UP FOR THIS WEEK IN THE MIDEAST NEWSLETTER

The conspiracy theory blaming Israel for the proposed TikTok ban has been repeated by the state media in Iran. Hassan Abedini, the top presenter of the state broadcaster, the Islamic Republic of Iran Broadcasting (IRIB), also alleged that the ADL was behind the TikTok ban and wrote on X, “Zionists control freedom of speech in the West.”

Iran’s Young Journalists Club News Agency, run by the state broadcaster, called the possible ban an “assault on freedom of speech.” Ultraconservative Raja News called the 2023 TikTok hearing an “outright inquisition.” Still, it continued using the possible TikTok ban to justify online censorship in Iran, arguing that access to “cyberspace is a security matter.”

China and Iran, bastions of free speech

With the possible US TikTok ban generating buzz around the globe, the United States’ free-speech credentials have come under fire from states infamous for their oppression of domestic free speech, Iran and China.

The Chinese Foreign Ministry has released a 3,600-word statement that “expose[s] what ‘free speech’ is according to the United States” and concludes by accusing the US of “[relying] on lies to weave ‘the emperor’s new clothes,’ and how it smears others to maintain its hegemony.”

Unsurprisingly, the statement fails to mention that Beijing has imposed draconian restrictions on the country’s 900 million internet users, pervasive state surveillance, and other abhorrent human rights violations, from suppressing freedom of speech and assembly to committing genocide against the Muslim-majority Uyghur ethnic group.

The statement also doesn’t mention China’s record on upholding freedom of expression at home. Through the Golden Shield Project—launched in 1998 and often called the “great firewall of China”—the regime’s Ministry of Public Security has restricted what content people can access in the country. The regime currently blocks almost all major online platforms, including Google, YouTube, X, Instagram, WhatsApp, and Facebook.

The Tehran Times has also been very concerned about “violations” of free speech in the United States. It has celebrated the “myth of online freedom in [the] US” fading and has accused the United States of waging “social media warfare” and a “propaganda war” against the Islamic Republic.

However, the same outlet has vehemently justified Iran’s weeks-long state-imposed internet shutdown in 2019, which came in response to nationwide protests that were used as cover for security forces to kill 1,500 protesters. It has argued that the government was left with no option but to fully cut people in Iran off from the world to prevent “misuse of the Internet by the outside agencies who [sought] instability in the country” and were “engineering a crisis in Iran.”

The paper’s parent agency, Mehr News, has also actively defended online censorship in Iran, arguing that “online spaces are controlled in developed countries,” has cheered on security forces for cracking down on “networks promoting corruption” (referring to content on modeling or modern lifestyles), and also justified the too-common mass arrest of citizens for defying sharia laws and exercising their basic rights.

The news agency has also been on the frontline of promoting propaganda from the Islamic Revolutionary Guard Corps (IRGC), calling social media the “primary venue of infiltration by the enemies,” presumably the United States and its allies. Furthermore, Mehr has celebrated the Islamic Republic’s troll farms and social media influence campaigns operating in conjunction with IRGC digital operations and hacking campaigns by the likes of Charming Kitten and the IRGC’s Cyber Army.

Iron veil and enlightenment jihad

While the Islamic Republic’s propaganda machine criticizes the United States for its “violations” of free speech online, the clerical establishment has shown time and again that the Internet has no place in Khamenei’s vision for the country. The regime’s response to the age of information has been an iron veil.

The eighty-four-year-old ayatollah has repeatedly described social media as a “weapon” and consistently voiced opposition to Iranians having “unbridled” access to the Internet. Over the years, his regime has also repeatedly used internet shutdowns to quell protests. Currently, all major social media platforms are banned in Iran, including YouTube, X, Instagram, WhatsApp, Facebook, Telegram, and TikTok.

Freedom of press and freedom of expression receive similar treatment, as the regime is one of the world’s leading jailers of journalists. During the 2022 Woman, Life, Freedom uprising, the regime arrested at least eighty journalists and twenty-two thousand protesters.

The clerical establishment’s war on freedom of speech has intensified since February 2022, months before the nationwide protests that shook the foundations of the Islamic Republic. At that time, Khamenei declared “enlightenment jihad” against the “enemy”—presumably the United States and its allies. He argued that the adversaries are waging “hybrid warfare” against “Islam and the Islamic Republic,” deploying their “media empire” and social media in an “onslaught to distort and destroy” the clerical establishment in Iran. He argued that the Islamic Republic must take the war to the “enemy” through “enlightenment jihad.” Heeding Khamenei’s direct order, the regime has flooded the internet with bots, trolls, and sock puppets, targeting dissenting voices and taking its colorful influence campaigns at home and abroad to another level.

Interestingly, TikTok has been one of the platforms of choice for the Iranian clerical establishment to export its poison. An account named jahadtabiin2 (“enlightenment jihad” in Persian) with twenty-one thousand followers posts tacky videos promoting the Islamic Republic’s ideology, speeches by the supreme leader, and propaganda against Iranian dissidents. The regime has also recruited TikTokers glorifying the clerical establishment and its top men, including IRGC Quds Force Commander Qasem Soleimani, who was killed four years earlier via a US drone strike in Iraq.

While it imposes an iron veil separating people in Iran from the rest of the world, the regime is quick to cry wolf when its top officials face the slightest setback on social media for violating platform guidelines.

In February, Meta banned Khamenei from Instagram and Facebook over his repeated violations of Meta’s “dangerous organizations and individuals policy,” which includes promoting organizations backlisted by the United States, including the terrorist group Hamas.

In response, Abbas-Ali Kadkhodaei, a member of the powerful Guardian Council, which is controlled by the supreme leader and has veto power over the parliament, wrote on X that the move “reveals [the] true face of so-called advocates of freedom of expression,” a right that, according to him, “has been taken hostage by [the] West.”

Ironically, all three leading social media platforms—Facebook, Instagram, and X—are banned in Iran for everyone except regime supporters and officials, who have been given access to an uncensored Internet.

Khamenei maintains an active presence on X, sharing Holocaust denial to his one million followers on the platform and calling for a “final solution” against Israel.

Ayatollah’s TikTok solution

Iran bans the use of all internationally popular social media platforms. However, the ban against TikTok was presumably enforced with help from the Chinese-owned service, at least until September 2023.

Unlike other social media platforms, people in Iran could not access TikTok even using censorship-circumvention tools (like virtual private networks) as long as they had an Iranian SIM card in their phones. This restriction has apparently been removed.

This implies that TikTok actively identified Iranian SIM cards and banned users. Both the restriction and its apparent end do not bode well for people’s rights to freedom of speech and privacy in sight of the Islamic Republic’s preexisting collaboration with China in fields of surveillance and censorship, which is opaquely listed as part of the twenty-five-year Iran-China deal signed in 2021.

However, people in Iran, especially Generation Z, are tech savvy and resourceful when circumventing restrictions. That is why there have always been TikTokers inside the country. To use the service, some removed their SIM cards before opening the app or had a second device (a smartphone or tablet) without a SIM. They then masked their Internet Protocol (IP) address and location with circumvention tools to get on TikTok.

The second group used unofficial TikTok “forks,” modified versions of the original app released by unknown programmers. The TikTok forks used in Iran are suspiciously named TikToker_IR, a naming style popular with state-affiliated tech companies. In the past, Iranian security forces have developed and published forks of popular banned applications like Telegram, embedding surveillance capabilities in the apps and breaching users’ privacy.

However, in September 2023, TikTokers in Iran observed a change in the enforcement of the ban. Since then, users have been able to access the app without removing their SIM, and only need to use a VPN. This can also be part of the regime’s recent shift to introducing more alternatives to “Western” social media platforms by either curbing limits on apps owned by Tehran’s allies or—as was proposed by the powerful Supreme Council of Cyberspace, controlled by Khamenei—introducing forks for popular banned apps like Instagram with embedded surveillance and censorship capabilities.

From behind the digital iron veil in Iran and the great firewall of China, the two regimes have joined forces, weaving a web of propaganda and conspiracy theories to fight against TikTok regulation in the United States. But for now, with other Western powers such as Canada and the United Kingdom possibly following suit, the fate of the app is in balance around the globe.

Khosro Sayeh Isfahani is an advocate, journalist, and Internet researcher with years of experience working in Iran, including work related to the LGBTQI community.

The post Tehran cooked up a conspiracy theory blaming Israel for US TikTok ban appeared first on Atlantic Council.

Vladimir Putin’s history obsession is a threat to world peace

Nicholas Chkhaidze — Tue, 19 Mar 2024 20:29:14 +0000

History has always served as an ideological battlefield, but few rulers in the modern era have weaponized the past quite as ruthlessly as Vladimir Putin. For more than two years, the Russian dictator has sought to justify Europe’s largest invasion since World War II by portraying it as a sacred mission to reclaim “historically Russian lands.”

Putin’s preoccupation with history has become increasingly evident as his reign has progressed, and is closely linked to his deep-seated resentment over the perceived historical injustice of the 1991 Soviet collapse. As early as 2005, Putin was lamenting the breakup of the USSR as “the greatest geopolitical catastrophe of the century.”

This sense of injustice has helped fuel Putin’s obsession with Ukraine, a neighboring country that many Russians still regard as a core part of their own nation’s historical heartlands. The existence of an independent Ukraine has long been resented by Putin as a symbol of modern Russia’s retreat from empire. Since the early years of his reign, he has made the subjugation of Ukraine one of his foreign policy priorities.

During the initial stages of the Kremlin campaign to reassert Russian authority over independent Ukraine, considerable effort was made to undermine the historical legitimacy of the Ukrainian state among Russian audiences and inside Ukraine itself. As Russian aggression against Ukraine escalated, the Kremlin’s war on Ukrainian history also expanded, with Ukrainians demonized as “Nazis” and dismissed as an “artificial nation.”

Years of increasingly hostile rhetoric paved the way for military aggression. When Putin launched the invasion of Ukraine in spring 2014 with the seizure of Crimea, he began referring to southern and eastern Ukraine as “Novorossiya” (“New Russia”). His decision to revive long-forgotten imperial terminology from the Czarist era was the clearest indication yet that Putin intended to extinguish Ukrainian statehood and reverse more than a century of European history.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Putin formalized his denial of Ukrainian statehood in a controversial history essay published in July 2021. Entitled “On the Historical Unity of Russians and Ukrainians,” this remarkable document laid out Putin’s rejection of Ukraine’s right to exist, while arguing at length that Ukrainians are actually Russians (“one people”). Putin’s essay laid the ideological groundwork for the full-scale invasion that commenced months later.

Over the past two years, history has remained a key front in the struggle to justify the Russian invasion of Ukraine. During the first summer of the war, Putin directly compared himself to Peter the Great and likened the invasion of Ukraine to the eighteenth century Russian Czar’s wars of imperial conquest.

A year later, Putin ordered the launch of new history textbooks for Russian schoolchildren along with curriculum changes with the apparent aim of legitimizing the ongoing military campaign to destroy the Ukrainian state and nation. This was part of a broader trend within Russia to bring the country’s official historical narrative into line with Putin’s increasingly radical brand of revisionism.

Eurasia Center events

Rose Jackson: The absence of a federal US data protection law threatens national security

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Strikingly, Putin chose to use his high-profile February 2024 interview with US media personality Tucker Carlson as a platform to frame the war in Ukraine as a quest for historical justice. While Carlson clearly wanted Putin to blame NATO and the US for the invasion, Putin himself preferred to embark on a rambling half-hour history lecture explaining the ancient roots of Russia’s claim to Ukraine.

Other senior Russian officials have taken their lead from Putin’s weaponized version of history. The most prominent example of this trend is former Russian President Dmitry Medvedev, who regularly employs historical references in his frequent attacks on Ukraine and the wider Western world. “One of Ukraine’s former leaders once said Ukraine is not Russia. That concept needs to disappear forever. Ukraine is definitely Russia,” he declared in March 2024.

With the full-scale Russian invasion of Ukraine now in its third year, Putin’s historical motivations are becoming more and more apparent. He regularly declares that major Ukrainian cities such as Odesa and entire regions of Ukraine are “historically Russian,” indicating that his imperial ambitions are still far from satisfied.

Many are now asking how far Putin intends to go. He has often expressed his belief that the Soviet Union was the Russian Empire under a different name. If Putin takes his crusade to reclaim “historically Russian lands” further and expands the definition to include all of the former Czarist domains, this would place more than a dozen additional countries at risk of suffering the same fate as Ukraine.

Putin has weaponized history to justify the genocidal invasion of Ukraine and dehumanize the entire Ukrainian nation. Unless he is stopped in Ukraine, the Russian dictator will use the same bogus historical arguments to launch new imperial adventures.

Nicholas Chkhaidze is a Research Fellow at the Baku-based Topchubashov Center.

The panelists leveraged their experience working with AI to cover several areas of concern for entrepreneurs, such as risk, regulation, scalability, and equity. They identified key trends in its uses across the private sector and provided guidance for SMEs hoping to improve their workflow with AI. The speakers also emphasized the need for women to shape the future of the field.

Main Takeaways

Amnah Ajmal pushed back on skepticism that recent advances in AI are overestimated, asserting that the increasing accessibility and efficiency of computing power make the technology commercially viable. She highlighted the relevant challenge posed by AI adoption in the private sector: the burden of unlearning and relearning technologies as they evolve and integrate into new fields. Ajmal spotlighted two trends in AI usage she observed among SMEs: risk management centered on combatting scams and fraud, and personalized marketing communications. She stated that the critical edge provided by AI is best understood in terms of scalability and speed, freeing up human capital for other tasks.

Abir Habbal explained that by keeping abreast of AI advances and integration, actors can actively shape the future of policy and governance around the technology. She distinguished between “narrow AI” capable of single tasks versus “generative AI” capable of multiple tasks at once. The latter is expected to be heavily disruptive; research conducted by her firm indicated that most professions can expect 40 percent of their working hours to be affected by AI. Habbal added that financial services have particularly high potential for AI automation, but opportunities exist in every sector.

Salim Chemlal mentioned that AI innovation should be propelled forward alongside regulation, rather than waiting for regulation before research continues, as experts have proposed. However, he also advocated for stronger international coordination to ensure AI safety, with a special emphasis on adaptability given the many variables in the field. Amnah Ajmal also offered her thoughts on regulation, proposing that businesses should gather industry stakeholders and experts, define the problem they wish to solve, and build the regulation themselves rather than waiting for a regulator to act. She added that regulators perform a service to society and governments will often embrace the suggested frameworks. Ajmal concluded by noting that traditional financial institutions have failed to uplift SMEs and women entrepreneurs, with all-women teams receiving a maximum of 2.7 percent of global VC funding.

Abir Habbal turned to the risks of AI and how regulation can help mitigate them. She explained that risks in the field include both structural issues, such as systemic biases and inaccurate results, as well as intentional misuses. With fast-evolving technologies such as AI, regulation may stifle innovation, creating a need for “sandboxes” for advanced testing. The industry’s appetite for regulation stems from a desire to effectively govern AI to manage these risks— and fear of financial and reputational harm if they are not mitigated. Salim Chemlal added that different societies should have their own AI systems, arguing that AI deployed outside of the context it was trained in (such as Western products now used in the Middle East) lack context to adequately serve their current users.

Amnah Ajmal emphasized that women must challenge the status quo in the AI field. She suggested that women are sometimes apprehensive about engaging deeply with new technologies, and she consequently urges other women in the field to be confident in their abilities. AI is trained on old data, which inherently introduces biases against women. Ajmal gave the example of office thermostats, which when adopted in the 1960s were calibrated for men; women, who radiate 35 percent less body heat, are now often left—literally—in the cold. Women should feel empowered to confidently steer the future of AI to prevent further inequity. Abir Habbal highlighted the coalescence of different skillsets in the AI field, which requires expertise in data science, engineering, business, and design. AI democratization is also on the rise, allowing users from outside the field to access and experiment with AI tools. Ajmal urged novices to utilize publicly available tools to experiment and learn more about AI.

The Way Forward

There has never been a better time for entrepreneurs in the Emirates to integrate AI into their businesses, owing to the UAE’s growing role as a global hub for AI and the country’s booming SME sector. AI adoption will remain a powerful force in the national economy in the near future, with some forecasts expecting close to 14 percent of Emirati GDP to stem from AI by 2030. Meanwhile, government initiatives continue to promote the growth of small and medium enterprises, with a set target of 1 million SMEs in the country by 2030.

AI has huge transformational power across sectors, particularly in facilitating speed and scalability. Technology may best serve entrepreneurs by freeing up human input otherwise spent on labor-intensive tasks, such as customer service or targeted marketing. However, adopters should ensure that they have defined a problem that AI can solve, as not all facets of business require automation. The risks inherent to AI, such as biases, malfunctions, and privacy concerns should also be evaluated when considering integration.

Large scale adoption of AI could worsen global gaps in digital skills between men and women, creating an imperative for women to steer the future of the technology in their country and abroad. Currently only 25 percent of AI specialists and 14 percent of cloud computing specialists are women, demonstrating that much work remains to be done to create a more inclusive field. However, the democratization of AI and the UAE’s SME boom represent an opportunity for women entrepreneurs to both capitalize on the business potential of AI and gain expertise that could positively shape the field. Since AI reflects the input and biases of its maker, better systems will require both diverse architects and inclusive design principles. Women at the helm of successful AI-augmented enterprises will be well positioned to advocate for these changes, resulting in a more equitable future for all.

Explore the WIn Fellowship

Jun 14, 2023

WIn Fellowship 2023-2024 KSA

Meet our 2023-2024 WIn fellows from Saudi Arabia: a group of dynamic women entrepreneurs poised to expand their leadership and executive skills. They are on a mission to scale their startups to new heights, setting new benchmarks for success.

Jun 14, 2023

WIn Fellowship 2023-2024 UAE

Meet our 2023-2024 WIn fellows from United Arab Emirates: a group of dynamic women entrepreneurs poised to expand their leadership and executive skills. They are on a mission to scale their startups to new heights, setting new benchmarks for success.

Jun 14, 2023

WIn Fellowship 2023-2024 Bahrain

Meet our 2023-2024 WIn fellows from Bahrain: a group of dynamic women entrepreneurs poised to expand their leadership and executive skills. They are on a mission to scale their startups to new heights, setting new benchmarks for success.

Sponsors & in-country partner

empowerME

empowerME at the Atlantic Council’s Rafik Hariri Center for the Middle East is shaping solutions to empower entrepreneurs, women, and youth and building coalitions of public and private partnerships to drive regional economic integration, prosperity, and job creation.

Explore the initiative

The post Integrating AI innovations into the SME industry in the UAE appeared first on Atlantic Council.

Experts react: What Biden’s new executive order about Americans’ sensitive data really does

Atlantic Council experts — Thu, 29 Feb 2024 19:05:56 +0000

It’s a personal matter. On Wednesday, US President Joe Biden issued an executive order restricting the large-scale transfer of personal data to “countries of concern.” The order is intended to prevent genomic, health, and geolocation data, among other types of sensitive information, from being sold in bulk to countries such as China, which could use it to track or blackmail individuals. Can Biden’s directive stop sensitive data from slipping into the wrong hands? And what are the implications for privacy and cybersecurity more broadly? Below, Atlantic Council experts share their personal insights.

Click to jump to an expert analysis:

Kenton Thibaut: The focus on data brokers targets a key vulnerability in the US information ecosystem

Graham Brookie: An essential, baseline step for shoring up US data security

Sarah Bauerle Danzman: It will be essential to sort out how new rules fit in with the current regulatory structure

Justin Sherman: Congress must get involved to tame data brokerage over the long term

Maia Hamin: A welcome step, but beware of data brokers exploiting backdoors and work-arounds

The absence of a federal US data protection law threatens national security

The United States desperately needs a federal privacy or data protection law; the absence of one threatens our national interest and national security. While we wait for Congress to take the issue seriously, the Biden administration seems to be looking to leverage its executive authorities to take action where it can. Wednesday’s executive order should be understood in that context. The order takes particular aim at what are called data brokers—a lucrative market most Americans have likely never heard of. These companies quietly buy up troves of information collected through social media and credit card companies, consumer loyalty programs, mobile phone providers, health tech services, and more, then sell the combined files to whoever wants it. That means that currently, the Chinese intelligence service doesn’t need an app like TikTok to collect data on US citizens; they can just buy it from a US company. So while this executive order won’t address all of the issues related to this unregulated and highly extractive market, it will close an obvious and glaring national security gap by barring the sale of such data to foreign adversaries.

Another significant piece of the executive order is its focus on genomic data as a particularly risky category. Genomic data are all but banned from provision to adversarial nations in any form. While this is a good step, the administration does not have the authority to ban the sale of genomic data to non-adversarial nations or domestically. This means there is a high likelihood that absent congressional or other action, the market for US genomic data will only grow. This underscores an uncomfortable reality when it comes to tech policy; there is no separating the foreign and domestic. Markets grow where there is incentive, and our continued failure in the United States to meaningfully grapple with how we want tech to be governed means we are choosing not to have input on the direction our own world-changing innovations will take.

—Rose Jackson is the director of the Democracy + Tech Initiative at the Atlantic Council’s Digital Forensic Research Lab. She previously served as the chief of staff to the Bureau of Democracy, Human Rights, and Labor at the US State Department.

The focus on data brokers targets a key vulnerability in the US information ecosystem

While further details are still being developed (including rightsizing thresholds for what constitutes “bulk data”), the executive order is a welcome development for those concerned about data security. The focus on data brokers—as opposed to targeting a single app, like TikTok—targets a key vulnerability in the US information ecosystem. Data brokers compile detailed profiles of individuals—including real-time location data—from various sources, including social media, credit card companies, and public records. This creates vulnerabilities for espionage and exploitation by foreign adversaries. That means while the national security community has raised concerns over the Chinese government’s ability to use TikTok to access data on Americans, it pales in comparison to what China already accesses through hacking and legal purchases via US data brokers.

Data security threats extend beyond individual apps to include data brokers and the broader lack of regulation in the tech industry. To protect privacy and national security, stronger regulations and transparency measures are needed, and the United States should pass comprehensive federal privacy legislation. However, in the interim, the administration has done what it can with this executive order to help stem the tide of Americans’ sensitive personal data flowing abroad.

—Kenton Thibaut is a senior resident China fellow at the Atlantic Council’s Digital Forensic Research Lab (DFRLab).

An essential, baseline step for shoring up US data security

The executive order preventing the sale of bulk data to adversarial countries may sound technical, bureaucratic, and even opaque. However, it is one of the most essential baseline steps the United States needs to take in shoring up security in an era in which technology is at the forefront of geopolitical competition. Enormous amounts of information about Americans is bought and sold on the open market every single day. This measure is intended to make it harder for specific adversarial countries to buy billions of data points about citizens legally.

As many other more challenging technical issues arise—such as how to govern the rapid development of artificial intelligence—a standard for data privacy for every single person in the United States is sorely needed. Data privacy is the foundation for establishing a rights-respecting and rights-protecting approach in an era of both rapid technological change and geopolitical competition. The executive order is an important step that can be built on. The policy is a threat-based approach to securing citizens’ data and information from the worst foreign actors. Congress can strengthen this approach and address the limitations of an executive order by passing legislation for a strong federal data privacy standard that not only protects Americans’ data from foreign adversaries, but also provides Americans protection in general.

—Graham Brookie is the vice president for technology programs and strategy, as well as senior director, of the Atlantic Council’s Digital Forensic Research Lab. He previously served in various roles over four years at the White House National Security Council.

It will be essential to sort out how new rules fit in with the current regulatory structure

With its latest executive order and related advance notice of proposed rulemaking, the Biden administration is trying to find transparent, clearly defined legal channels to address a specific set of national security challenges. These are the challenges that arise from the unmitigated and largely untracked commercial world of bulk data transfer to entities owned by, controlled by, or subject to the jurisdiction or direction of potential adversaries. The administration’s proposed rules demonstrate its seriousness of purpose in attempting to craft rules that are narrow in scope and application, while also anticipating and countering potential circumvention techniques of untrusted actors. They are also complicated. For example, they seek to stand up a new licensing line of effort with financial sanctions and export licenses based on a model from the Department of Justice and on the experiences of the Office of Foreign Assets Control and the Bureau of Industry and Security. This complexity raises questions about the feasibility and costs of compliance and enforcement.

Some parts of the proposed rules overlap significantly with existing regulatory structure, and especially with the Committee on Foreign Investment in the United States (CFIUS). In particular, the regulation will cover investments by covered persons and entities in US businesses that collect covered data, a class of transactions typically handled by the CFIUS. It will be important for the government to clearly articulate how the new rules and the different government entities involved will relate to each other, with a goal toward reducing rather than exacerbating regulatory complexity that leads to higher compliance costs and confusion. The proposed rules suggest that the CFIUS might take precedence, but the CFIUS is a costly and time-intensive case-by-case review that is supposed to be a tool of last resort. It would be more efficient and probably more effective to first apply investment restrictions based on these new rules and preserve case-by-case CFIUS review only in situations in which the new data security prohibitions and restrictions do not adequately address national security risks associated with a particular transaction. Doing so would reduce pressure on the CFIUS’s ever-growing caseload and would provide businesses with bright lines rather than black boxes.

—Sarah Bauerle Danzman is a resident senior fellow with the GeoEconomics Center’s Economic Statecraft Initiative. She is also an associate professor of international studies at Indiana University Bloomington where she specializes in the political economy of international investment and finance.

Congress must get involved to tame data brokerage over the long term

Data brokerage is a multi-billion-dollar industry comprising thousands of companies. Foreign governments such as China and Russia obviously have many ways to get sensitive data on Americans, from hacking to tapping into advertising networks—and one of those vulnerabilities lies in the data brokerage industry.

Data brokers collect and sell data on virtually every single person in the United States, and that includes data related to government employees, security clearance-holding contractors, and active-duty military personnel. My team at Duke’s Sanford School of Public Policy published a detailed study in November 2023, where we purchased sensitive, individually identified, and nonpublic information such as health conditions, financial information, and data on religion and children about active-duty US military servicemembers from US data brokers—with little to no vetting, and for as cheap as twelve cents per servicemember. It would be easy for the Chinese or Russian governments to set up a website and purchase data on select Americans to blackmail individuals or run intelligence operations. With some datasets available for cents on the dollar per person, or incredibly granular datasets available for much more, it may be considerably cheaper than the cost of espionage for foreign governments to simply tap into the unregulated data brokerage ecosystem and buy data.

Of course, an executive order isn’t going to fix everything. At the end of the day, the fact that data brokers gather and sell Americans’ data at scale, without their knowledge, often without controls, is a congressional problem—and has signified a major congressional failure to act. Federal and state legislation is what will ultimately best tackle the privacy, safety, civil rights, and national security risks from the data brokerage industry. But that doesn’t mean the executive branch shouldn’t act in the meantime. If the executive branch can introduce even a few additional regulations for data brokers to better vet their customers or to stop selling certain kinds of data to certain foreign actors, that’s an important improvement from the status quo.

Over the coming months, important challenges for the executive branch will be defining terms such as “data broker,” ensuring that covered data brokers are required to properly implement “know your customer” requirements, and figuring out ways to manage regulatory compliance in light of the size and operating speed of the data brokerage industry.

—Justin Sherman is a nonresident fellow at the Atlantic Council’s Cyber Statecraft Initiative and founder and CEO of Global Cyber Strategies.

A welcome step, but beware of data brokers exploiting backdoors and work-arounds

The commercial data broker ecosystem monetizes and sells Americans’ most sensitive data, often piggybacking off of invasive ad-tracking infrastructure to vacuum up and auction off specific information about Americans, such as their location history or mental health conditions. This executive order is a useful step toward making it more difficult for specific adversary countries to purchase that data, and it makes clear sense from a national security perspective.

However, while this market remains (otherwise) largely unregulated and flourishing in the United States, in the absence of a comprehensive privacy law or other restrictions on data brokering, Americans’ privacy will continue to suffer. Leaving this market intact domestically runs the risk of opening up potential backdoors and work-arounds to the limitations in the executive order. It also—perhaps not coincidentally—leaves the door open for the US government itself to continue purchasing and using commercial data in its own intelligence programs.

That’s all to say, cracking down on data brokers is always welcome, so it’s great to see this order (and recent action from the Federal Trade Commission as well). Next, let’s challenge Congress and the executive to push it further.

—Maia Hamin is an associate director with the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab.

The post Experts react: What Biden’s new executive order about Americans’ sensitive data really does appeared first on Atlantic Council.

Gulf region markets offer huge growth potential for Ukraine’s IT sector

Anatoly Motkin — Thu, 29 Feb 2024 17:23:03 +0000

Ukraine’s IT industry was the only sector of the country’s economy to grow during the first year of Russia’s full-scale invasion in 2022. Despite the unprecedented shocks of the Russian invasion, Ukrainian IT exports reached a record $7 billion by the end of the year, while local startups continued to attract investors. However, preliminary data for 2023 shows that this trend has now run its course. During the first nine months of 2023, Ukrainian IT exports fell by 9%. Annual figures are expected to confirm an 8% decline that would return the IT industry to its prewar status.

Ukrainian industry experts point to problems related to wartime conditions, including restrictions on military-age males leaving the country and challenges in meeting customer deadlines. They also acknowledge that other factors are contributing to the current market downturn, including an international IT recession that is reducing demand in the dominant US tech sector. With 42 percent of Ukrainian IT exports currently going to the United States, this downward trend is bad news for Ukraine.

For the past few decades, the Ukrainian IT sector has expanded in line with growing demand for IT services in the West. Ukrainian IT companies have focused on exporting engineering services to the US, EU, and other Western countries, while also seeking to attract investors from the same locations. This model worked well as long as demand for Ukrainian services continued to rise in the West, but the current recession in the Western tech industry along with stagnation in the US venture capital market are pushing Ukraine to look for new markets. The most obvious growth area is the Gulf region.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The combined IT market of the Gulf countries is currently estimated at $108 billion. This is less than one-tenth of the US market, but it is rapidly expanding and can accommodate new players. Securing a mere one to two percent of this Gulf region IT market would allow Ukraine’s IT industry to keep growing.

What are Gulf countries looking for? Most of all, they seek trusted suppliers of high-end IT solutions at a reasonable price, which is exactly where Ukraine excels. The Ukrainian IT industry has many offices of American IT engineering companies delivering US quality products and services for competitively low prices. Ukrainian IT companies also operate in a similar time zone to Gulf region customers, making them even more appealing.

Ukraine’s flourishing startup scene is a particularly attractive feature for Gulf region businesses. While more than 500 venture capital funds operating in the Gulf region raised about $2.5 billion in capital in 2023, the local startup pipeline is not yet sufficient to absorb these funds. An attractive Ukrainian startup could be the ideal fit for smart Gulf-based investors.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

In order to increase Ukrainian penetration of Gulf markets, Ukrainian tech companies must open regional branches. Given the prominent role played by government agencies in the development of the IT sector in the Gulf region, the Ukrainian government should be looking to prioritize the digital component in bilateral dialogue, including high-level visits by officials from the Ministry of Digital Transformation.

International financial institutions and development agencies can also play a role in this process. This would help provide much needed support for the Ukrainian economy while also boosting the Western presence at a time when China is actively increasing its footprint in the Gulf region tech sector. According to the Nature Index, China’s share of Saudi Arabia’s total international research collaborations grew to 28.3 percent by 2023, exceeding that of the United States (26 percent), Germany (10.1 percent), and the United Kingdom (10.3 percent).

Assisting the Ukrainian technology industry in penetrating Gulf region markets could form part of a much bigger digital Marshall Plan for Ukraine. The foundations of Ukraine’s postwar economy are currently being laid; it is already clear that the tech sector will be one of the key engines of the country’s future economic growth. This new model will make Ukraine more transparent, accountable, and attractive for investors. It will also make the Ukrainian economy more sustainable and integrated into the global knowledge-driven supply chain.

Despite the many challenges created by Russia’s ongoing invasion, now is the right time support the evolution of the Ukrainian tech sector. This includes backing efforts to enter new foreign markets. Helping Ukrainian IT companies expand their presence in the Gulf region should be one of the priorities of the country’s digital growth strategy. This can provide a boost for Ukraine’s wartime economy and also position the IT industry for sustained growth in the years to come.

Anatoly Motkin is president of StrategEast, a non-profit organization developing the knowledge-driven economy in the Eurasian region with offices in the United States, Ukraine, Georgia, Kazakhstan, and Kyrgyzstan.

Case study: Russia-based Facebook operation targeting Europe

Operation Doppelganger is the largest and most persistent pro-Kremlin online information influence campaign aimed at undermining Ukraine in Europe. The DFRLab, EU DisinfoLab with Qurium Media Foundation, the Institute for Strategic Dialogue, and multiple European media outlets targeted by the campaign first investigated Doppelganger in the summer of 2022. In June 2023, French media resurfaced the ongoing campaign, citing a deeper investigation by Viginum, a technical and operational service of the French government responsible for vigilance and protection against foreign digital interference. Viginum, Qurium, and EU DisinfoLab found many technical pieces of evidence linking the campaign to Russia: the use of Russian web infrastructure to host domains involved in the campaign; the use of the Russian language in video file names; the presence of three different time zones in video file metadata, specifically finding that the videos created at GMT+8 match with the Irkutsk region in Russia and connecting some to the Telegram channel War on Fakes, a Russian news service known for using fact-checking tropes to disseminate disinformation or denials of Russian atrocities.

In September 2022, Meta took down 1,633 Facebook accounts, 703 Facebook pages, twenty-nine Instagram profiles, and one Facebook group connected to the campaign. In its announcement of the takedown, Meta wrote that, though the company had blocked posts with external links to the operation’s domains from appearing on its platforms, “they attempted to set up new websites, suggesting persistence and continuous investment in this activity across the internet.” In December 2022, Meta attributed the campaign to two companies in Russia, Structura National Technology and Social Design Agency (Агентство Социального Проектирования).

The campaign started as early as May 2022. It used over fifty domains impersonating (e.g., spoofing) existing media outlets in Germany, France, Italy, the United Kingdom, the United States, Ukraine, Latvia, Lithuania, and Estonia. Links to forged articles hosted on the spoofed domains were then shared on social media platforms, mostly Facebook, Instagram, and Twitter. The campaign employed paid advertising and seems to have bought interactions to garner engagement with the posts.

The content of the influence campaign seemed intended to undermine the Ukrainian government and people, to advocate for the sanctions on Russia to be lifted, to emphasize the worsening European economy notionally because of the sanctions, and to push for allies to stop supplying Ukraine with weapons.

Posts and articles appeared in multiple languages with often poor proficiency, indicating non-native authors or the use of a machine-translation tool. While conducting its research into Doppelganger, Qurium noticed geoblocking used for certain hyperlinks amplified via social media. For instance, if a reader connected from a German internet protocol (IP) address, the false article in German would appear. If connected from outside Germany, a text from “Old Sultan,” a German fairy tale, would appear.

The spoofed websites used the graphic design of the legitimate websites operated by the media outlets. The easiest way to determine if a website was spoofed was by looking at top-level domains (TLDs), frequently with many different, nearly identical URLs used to spoof a single outlet. Of just reputable German outlets, seemingly the priority in September 2022, Qurium identified nine TLDs impersonating Der Spiegel, eight spoofing Bild, and eight mimicking T-Online. Qurium also mentioned that French outlet 20 Minutes was similarly spoofed. In June 2023, Viginum identified additional instances of 20 Minutes being impersonated, as well as Le Monde, Le Parisien, and Le Figaro. Though expansive in terms of digital assets used and the number of languages it targeted, the campaign garnered little engagement. Similar campaigns appeared in Ukraine. Russians created websites masquerading as Ukrainian media websites to promote narratives of despair and the uselessness of resisting Russia. These webpages featured identical pages, stealing even real journalists’ names, providing their content with unearned legitimacy. While such campaigns are usually delivered via Facebook ads, they also act as parasites by laundering their disinformation through the reputations of the well-known media brands they spoofed.

Screenshots of a real story in reputable Ukrainian outlet UNIAN (top), compared with a nearly identical forgery (bottom), which was promoted in a Facebook ad. (Source: Unian, top; Unian.in/archive, bottom)

Similarly, malign actors use the official logos and insignia of the Ukrainian government and international organizations to scam Ukrainians’ data or nudge them to subscribe to dubious Telegram channels, promising financial support. Such campaigns have multiple objectives: spreading discouraging narratives, undermining Ukrainians’ resilience and resistance, stealing personal data, or promoting narratives while using victims’ individual pages. Despite efforts to block such campaigns in Ukraine and abroad, they constantly reappear on popular platforms, promoting conspiracies or damaging Ukraine.

Case study: Poland

In 2023, pro-Kremlin actors expanded their efforts to undermine the relationship between Ukraine and Poland by sowing discord between the two nations. Russian and Belarusian actors attempted to influence Poland’s October 2023 parliamentary elections, specifically malicious activities against Poland primarily in three domains: information environment, cyberspace, and on the ground in Poland.

Since February 2022, Poland has hosted the largest number of Ukrainian refugees, causing pro-Kremlin actors to push false claims about refugees in Polish in an attempt to portray Ukrainian refugees in a negative light and to exacerbate anti-refugee sentiments within Polish society. In August 2023, Polish-language Telegram channel Niezależny Dziennik Polityczny (Independent Political Journal), which is believed to be managed by pro-Kremlin actors outside Poland, and pro-Kremlin Russian media outlet EurAsia Daily wrote that Polish authorities were allegedly hiding that Ukrainian refugees were supposedly responsible for a Legionella bacteria outbreak, which reportedly killed at least five people in the southeastern Polish city of Rzeszów in August and September 2023. Disinformation targeting Ukrainian refugees in 2023 also encompassed other false narratives, such as the notion that the Polish government cares about Ukrainian refugees more than Polish citizens, that Ukrainian refugees push Polish citizens out of the labor market, that refugees represent a burden for the Polish economy, and that they violate Polish law and undermine public order, among other distortions and falsehoods.

On the other side, pro-Kremlin actors tried to antagonize the Ukrainian people against Poland by pushing false claims about Poland’s supposedly hostile intentions toward Ukraine. In August 2023, Russian Defense Minister Shoigu falsely claimed that Poland was planning to create a Polish-Ukrainian Union with the goal of occupying Ukraine’s territories. Anonymous Russian Telegram channels also disseminated a fabricated statement purportedly from Poland’s former ruling Law and Justice party (PiS) demanding that Ukraine give Poland the city of Lviv in exchange for Polish support in the war against Russia.

Pro-Kremlin actors also tried to intimidate Polish society by pushing fabricated content about the presence of Wagner fighters near the Polish border. After President of Belarus Aleksandr Lukashenko stated on July 23, 2023, that the Wagner Group’s mercenaries stationed in Belarus had asked for permission “to go on a trip to Warsaw and Rzeszów,” Russian Telegram channels started to disseminate forged photos that allegedly confirmed the presence of Wagner fighters on the Polish-Belarus border. It seemed that this campaign aimed to sow fear in Poland by suggesting that the Wagner Group would target Poland if the nation continued to support Ukraine.

Meanwhile, Russian security services managed to recruit spy groups on the ground in Poland, which were uncovered by Polish security services. In March 2023, the Polish Internal Security Agency (ABW) arrested twelve people, charging them with collaborating with the Russian secret service, conducting intelligence activities against Poland, and preparing acts of sabotage on behalf of Russian intelligence to obstruct delivery of weapons to Ukraine through Poland. In November 2023, Poland arrested an additional sixteen foreigners, accusing them of being part of a network spying on Poland on behalf of Russian secret services. The alleged assignments for this second group included, among other tasks, “monitoring and documenting the passage of transports with military and humanitarian aid to Ukraine, or carrying out preparations for the derailment of trains transporting aid to Ukraine.” On August 14, ABW announced the detention of two Russian citizens who had allegedly conducted clandestine activities in Poland on behalf of Russia. The ABW press release stated that the suspects distributed three hundred Wagner recruitment leaflets around Krakow and Warsaw, and they were accused of acting on behalf of a foreign intelligence agency to the detriment of Poland.

Case study: Moldova

In terms of Russian influence, the nation of Moldova is among the most vulnerable. Like Ukraine, it faces territorial issues arising from separatist movements backed militarily and politically by Moscow, and Moldovan President Maia Sandu has expressed open interest to joining a “larger alliance,” but without naming NATO specifically—the type of statement Russia considers provocative.

Since the outset of the war, Moldovan authorities have consistently and strongly denounced Russian aggression in Ukraine, and its relationship with Russia worsened once missiles targeting Ukraine repeatedly entered Moldovan airspace. Russia’s air strikes on Ukrainian energy facilities led to power outages in Moldova and halted the import of electrical energy from Ukraine, which constitutes nearly 30 percent of Moldova’s power consumption.

Blackmail for access to energy provided another source for Russia to pressure Moldova: starting in October 2022, Russia’s state-owned oil company, Gazprom, progressively reduced gas supplies to the country by nearly 50 percent. This decision was primarily aimed at exerting pressure on Moldova’s pro-European government, which had been grappling with widespread social protests triggered by an increase in gas prices. Russia also used this situation to level baseless accusations against Kyiv, claiming that the decrease in gas flows was due to Ukraine’s purported refusal to permit larger gas volumes through the Sochranivka station in the Rostov region, a claim the Ukrainian gas transit operator denied. Gazprom also accused Ukraine of diverting gas meant for Moldova, but Moldovan authorities refuted that claim too, clarifying that the gas volumes referenced by Gazprom as remaining on Ukrainian territory were actually the savings and reserves of the Republic of Moldova stored in warehouses in Ukraine.

Initially cautious about imposing extensive sanctions on Russia due to its energy dependence, Moldova later joined in the international sanctions effort after it diversified its own energy sources. In response, Russia has repeatedly claimed that Moldova lacks full sovereignty over its decisions and acts at the behest of its “Western curators,” a narrative echoed by Moldova’s pro-Russian politicians. Moscow also depicts Moldova as a NATO testing ground for geopolitical confrontation with Russia, warning that it could face a fate similar to Ukraine. By insinuating that Moldova is a potential conflict zone, Russian propaganda seeks to instill fear and cultivate distrust in the Moldovan government among its citizens, thereby diminishing public support for neighboring Ukraine.

Russian actors frequently introduce the idea of potential military intervention in the breakaway region of Transnistria by Moldova, Ukraine, or NATO, a narrative intending to raise tension and delegitimize the governments of Moldova and Ukraine. Previously, the DFRLab reported on the dissemination of alarmist narratives surrounding Transnistria, sowing discord in Moldova and providing a supposed justification for intervention.

In a continuation of the narrative, before and during the European Political Community summit in Moldova (which involved forty-five heads of state), unverified information circulated on Telegram suggesting that Presidents Sandu and Zelenskyy had agreed on a potential Ukrainian military intervention in Transnistria. According to anonymous sources, the supposed interventions were intended to divert the attention of Russian troops and take control of the ammunition depot in the Transnistrian city of Cobasna. Sandu’s office promptly denied the claim.

Moldova has implemented different measures to safeguard its information space from Russian influence and propaganda, including prohibiting the rebroadcasting of Russian news and political talk shows, blocking over fifty Russian-affiliated news websites, suspending licenses for twelve television channels engaged in disinformation, and expelling the director of Russian state news agency Sputnik in Moldova, Vitali Denisov, due to concerns about national security. On December 15, 2023, the Moldovan Parliament adopted a new National Security Strategy, explicitly naming Russia for the first time as an existential threat to Moldova. It marks a significant milestone as the first official public document in the thirty-two years since Moldova gained independence to categorize Russia formally as an adversary.

Case study: Georgia

Following the February 2022 invasion of Ukraine, Georgia increased its trade with Russia while simultaneously joining in international financial sanctions against Russia. Throughout that year, Russian products comprised a growing proportion of the oil and gas sector in the country, allowing economic-related narratives to flourish.

As the country prepares for parliamentary elections in the autumn of 2024, the ruling Georgian Dream party has heightened its rhetoric, amplifying anti-Western conspiracy theories about foreign-instigated coup attempts within the country. Following the start of the war, the ruling party intensified its anti-Western rhetoric and attempted to introduce controversial bills intended to crack down on civil society and independent media.

In May 2023, Russia lifted its ban on Georgian airline flights and abolished visa requirements for Georgian citizens. The Georgian government’s decision to resume flights to Russia drew criticism from the EU and Ukraine, as well as resulting in protests in Georgia. That same month, Tbilisi City Hall procured trucks worth more than four million GEL (approximately US$1,100,000) from the sanctioned Russian company Kamaz. On May 24, during the Qatar Economic Conference, Georgian Prime Minister Irakli Garibashvili stated that the Georgian economy would face collapse if the country were to impose broad economic sanctions on Russia, even though Georgia was already imposing narrower financial sanctions on Russia.

On September 14, 2023, the United States imposed sanctions targeting various sectors of Russia’s economy. The list also included Otar Partskhaladze, a former prosecutor general of Georgia who is part of Georgian oligarch Bidzina Ivanishvili’s close inner circle. Partskhaladze was sanctioned alongside Aleksandr Onishchenko, an officer in Russia’s Federal Security Service (FSB). In its sanctions announcement, the US Department of State noted, “Onishchenko and the FSB have leveraged Partskhaladze to influence Georgian society and politics for the benefit of Russia. Partskhaladze has reportedly personally profited from his FSB connection.”

Later that fall, Georgia’s State Security Service (SSSG) claimed, as reported by independent Georgian media outlet Civil.ge, that groups inside and outside of Georgia were “plotting to orchestrate destabilization and civil unrest in the country” with an aim of “forcible overthrow of the government” and “a scenario similar to the ‘Euromaidan’ protests held in Ukraine in 2014.” In a follow-up statement, the SSSG accused USAID of funding a program that brought Serbian trainers to Georgia in order to train local activists in violent tactics to overthrow the country’s government. Later, Russian and Azerbaijani pro-government outlets exploited these accusations to further spread conspiracies blaming the United States for arranging revolutions abroad.

Case study: Armenia

Russia’s relationship with Armenia has deteriorated in recent years, with the loss of Nagorno-Karabakh to neighboring Azerbaijan in late 2023 eventually marking a new low point.

After Armenia’s 2020 war with Azerbaijan, Russia brokered a cease-fire and stationed around 2,000 peacekeepers along the contact lines in Nagorno-Karabakh and along the Lachin corridor (which remained the only overland link between Armenia and Nagorno-Karabakh after the war) for a designated period of five years with an option to extend. With the cease-fire agreement in force, the prospect of declining Russian influence in Armenia seemed low, as it came to depend on Russia.

Azerbaijan’s invasion of Armenian territory in September 2022, however, showcased that Russia and the Russia-led Collective Security Treaty Organization (CSTO) were not fulfilling their obligations. As Russia continued its war against Ukraine, it stopped supplying weapons to Armenia, and Armenia in turn repeatedly refused to participate in CSTO drills, both of which led to a further deterioration of the relationship.

Russian propaganda, meanwhile, unrelentingly blamed the Armenian government for the souring relations. On September 8, 2023, Moscow summoned the Armenian Ambassador to Russia and warned him over what it saw as a series of “unfriendly moves,” including Armenia’s joint military exercises with the United States, a humanitarian visit to Ukraine by the wife of Armenian Prime Minister Nikol Pashinyan, and Armenia’s plans at the time to ratify the International Criminal Court’s Rome Statute. Russia also expressed dissatisfaction with Armenia’s detention of a pro-Russian Sputnik columnist and a blogger.

However, on September 19, 2023, under the watch of Russian peacekeepers, Azerbaijan initiated an offensive in Nagorno-Karabakh following a ten-month blockade, ultimately gaining complete control of the disputed territory and committing ethnic cleansing against Armenians.

This event sparked protests in Armenia, which Russia also fueled. In September 2023, the DFRLab analyzed Kremlin narratives and propaganda aimed at deflecting responsibility from its part in the crisis and efforts to portray Pashinyan as the responsible party for the sour relationship with Russia and the war with Azerbaijan. One of those narratives, spread mostly in Russian media and Telegram posts, aimed to portray Pashinyan as a traitor. At the peak of civil turmoil in Armenia, pro-Kremlin Telegram channels exacerbated public anger by disseminating false information and encouraging the overthrow of the government.

Russian propaganda also regularly targeted Armenia with anti-Zelenskyy narratives to boost the pro-Russian claim that both Zelenskyy and Pashinyan are Western puppets. This tactic aimed to exploit Armenian sentiment using Nagorno-Karabakh, drawing unfavorable comparisons between Armenian and Ukrainian leaders to undermine Ukraine. They alleged that Pashinyan had chosen to strengthen his connections with the West at the expense of Armenia’s relationship with Russia.

On October 3, 2023, despite repeated warnings from Russia, Armenia ratified the Rome Statute, which obliges the country to follow ICC rulings and warrants, including an obligation to arrest Putin should he arrive on Armenian soil. Later that month on October 25, in an interview with The Wall Street Journal, Prime Minister Pashinyan said that he no longer saw any benefits in maintaining Russian military bases in Armenia. The interview came two days after Armenia signed a defense cooperation agreement with France that includes arms sales.

Later that same month, Russian state Channel One aired a program portraying Pashinyan as a Western puppet with mental health issues. The segment, dubbed “Nikol Pashinyan: a harbinger of disaster,” made unfavorable comparisons between Pashinyan, former Georgian President Mikheil Saakashvili, and Zelenskyy, reinforcing the narrative that all three are Western puppets. The next day, Armenia delivered a note of protest to the Russian ambassador to Armenia.

Despite worsening political ties, Armenia’s economic ties with Russia deepened, with exports tripling in 2022. Since the 2022 invasion of Ukraine, Russia has significantly reinforced its influence on Armenia’s economy. The country’s finance minister, Vahe Hovhannisyan, highlighted that most of the exports to Russia are reexports. Thus, Armenia covers some of the needs of the Russian market that arose as a result of Ukraine-reinvasion related sanctions, by exporting goods from other countries through Armenia.

Armenia heavily relies on Russia for energy; it imported 87.7 percent of its gas in 2022 from Russia. This dependency is essential due to the favorable pricing and its limited self-sufficiency, at 20 percent to 30 percent. Given the lack of alternatives to Russian gas and Armenia’s inability to cover its energy needs locally or through imports from other countries, Russian gas supply and its pricing remain a tool for blackmail. For example, two months after Russia’s 2022 invasion of Ukraine, Armenia agreed to pay for Russian gas in rubles. Armenia was also identified as a potential transshipment point for restricted items to Russia or Belarus, which led to two Armenian companies being sanctioned in 2023.

Case study: Azerbaijan

Two days prior to the February 2022 invasion, Vladimir Putin and Azerbaijani President Ilham Aliyev signed a new agreement in Moscow, which Aliyev described as elevating the relationship to a new level, that of an alliance. The following day, a pro-government media outlet published a report arguing Russia was not imposing its will on Azerbaijan, despite the timing of the document; on the contrary, the outlet claimed, it instead showed more mutual commitments by Russia and decreased Russian influence in the country.

Following the start of the war, Azerbaijan started to import Russian gas, despite a broader international push to make Russia a pariah in the world of international finance and trade. By 2023, Russia was Azerbaijan’s third biggest trade partner.

But other tensions soon came into play. Azerbaijan has a long-standing, hard-line position regarding breakaway republics based on the principle of territorial integrity; yet when Russia officially recognized the Ukrainian regions of Donetsk and Luhansk as independent republics, Azerbaijan remained silent. Meanwhile, just a month before the new alliance agreement between Russia and Azerbaijan in 2022, President Aliyev visited Ukraine in January and signed a joint declaration with Ukraine stating the commitment of both nations to supporting their sovereignty and territorial integrity.

Since February 2022, Azerbaijan has officially sent humanitarian aid to Ukraine totaling more than US$30 million, in the form of infrastructure, energy, and reconstruction support. Throughout 2023, Russian sources spread claims that Azerbaijan secretly sent military aid to Ukraine; in response, an Azerbaijani pro-government website blamed Armenian and Russian outlets for spreading lies. In December 2023, pro-government media agency Trend published an article debunking the military aid allegations based on a statement from the Media Development Agency (MEDIA), a government agency created by presidential decree that is also being weaponized to clamp down on independent media.

Kremlin-aligned narratives increased significantly after September 2023, when Azerbaijan took full control of Nagorno-Karabakh. That month, Azerbaijan launched a military attack on the region, an internationally recognized part of Azerbaijan populated by ethnic Armenians following the war in the 1990s that resulted in the displacement of over half a million Azerbaijanis. Following one day of fighting in September 2023, Azerbaijan claimed full control over the region; over 100,000 ethnic Karabakh Armenians fled the territory, and the self-proclaimed Nagorno-Karabakh Republic ceased to exist.

A month later, after Azerbaijan’s attack, a defense cooperation agreement was signed between Armenia and France, and in November, France announced selling military weapons to Armenia. When the actual agreement was announced, Azerbaijani pro-government internet television channel Baku TV broadcasted a program with the headline “Ukraine scenario in Caucasus: What is the West forcing Armenia to do?”—suggesting that the real reason behind Western support to Armenia is to challenge Russia. Other news websites pushed similar narratives with headlines such as “Paris wants to turn Armenia into Ukraine” or “the US’s plan to turn Armenia into the ‘Ukraine of the Caucasus.’ ”

Moreover, Azerbaijani news outlets pushed similar reports based on interviews with Russian political experts. These claims in Azerbaijani media coincide with the same period that the Armenian government started to distance itself from Russia.

Karabakh-related reports by Russian sources were sometimes criticized by pro-government media outlets, however. In 2022, Azerbaijan blocked access to Russian state-owned RIA Novosti due to its interview with Artak Beglaryan, the minister of state of the self-proclaimed Nagorno-Karabakh Republic. According to local fact-checking organization Fakt Yoxla, in May, June, and July of 2023, Azerbaijani media outlets published multiple reports accusing Russia or Russian peacekeepers in Nagorno-Karabakh of allegedly helping the region’s Armenian forces to deploy illegal arms or to create provocations. Just a month later, in August 2022, four Sputnik Azerbaijan workers in Azerbaijan resigned after refusing to publish information from the Russian Defense Ministry about Karabakh, explaining that the request from management was to cover violations of the cease-fire in Nagorno-Karabakh in a way that was “contrary to Azerbaijan’s position.” It was only in October 2022, after state-run Russian First Channel called Nagorno-Karabakh an “independent state,” that Azerbaijani state-owned television channel AZTV first referred to Russia’s war in Ukraine as “Russia’s invasion.”

Azerbaijani state media also used Kremlin narratives domestically to undermine civil society groups within the country. In conjunction with government-aligned media outlets, it exploited Georgia’s accusations that USAID is trying to overthrow the government in Georgia. The DFRLab found that at least fourteen reports were published about USAID with additional narratives accusing the US agency of financing anti-government activities in Azerbaijan. A comparison of the narratives revealed that multiple Azerbaijani outlets used similar or identical text regarding Georgia’s accusation against USAID.

Issue Brief Feb 29, 2024

In Ukraine, Russia tries to discredit leaders and amplify internal divisions

By the Digital Forensic Research Lab

On the information front, Russia had two goals in year two of its war: convince Ukrainians of their government’s inability to rule the country honestly, and persuade Ukraine’s allies that investing in Ukraine would be wasteful.

Disinformation Internet

Issue Brief Feb 29, 2024

In Latin America, Russia’s ambassadors and state media tailor anti-Ukraine content to the local context

By the Digital Forensic Research Lab

In the second year of Russia’s war on Ukraine, Moscow tried to sell a wider global audience on its version of events. In Latin America, Kremlin media outlets RT en Español and Sputnik Mundo were key players in this effort.

Disinformation Internet

Issue Brief Feb 29, 2024

After Prigozhin, Russia clamps down online

By the Digital Forensic Research Lab

Russia rolled out a new internet surveillance system in 2023 to crack down domestically on anti-war content, while pushing false narratives to undermine Ukraine at home and abroad.

Civil Society Disinformation

The post In Europe and the South Caucasus, the Kremlin leans on energy blackmail and scare tactics appeared first on Atlantic Council.

In Ukraine, Russia tries to discredit leaders and amplify internal divisions

the Digital Forensic Research Lab — Thu, 29 Feb 2024 11:00:00 +0000

This is one chapter of the DFRLab’s report, Undermining Ukraine: How Russia widened its global information war in 2023. Read the rest here.

At the beginning of its February 2022 invasion of Ukraine, Russia expected a swift military operation that would end before Kyiv and its allies could react. But relatively quickly it became clear that its initial plan would not work, forcing Russia to switch to a long-term operational posture that continued a strong emphasis on information operations.

Russia kept its focus on eroding Ukrainian morale and the country’s willingness to fight throughout 2023. The most prevalent themes included narratives discrediting Ukraine’s civilian and military leadership, portrayals of Ukraine as an unreliable partner, messages amplifying internal domestic struggles, and scams targeting Ukrainian civil society and the public at large.

Discrediting Ukrainian leadership

To destroy Ukrainian unity and support for its wartime government, Russians used multiple narratives and tactics, mixing old narratives with new approaches. Russian narratives targeting Ukrainian politicians had previously focused mostly on President Volodymyr Zelenskyy, but in 2023, they extended to other government officials, military figures, and local authorities.

Russia and pro-Russian actors placed particular emphasis on reports of Ukrainian government corruption. While journalists have documented specific instances of corruption, Russia presented the problem as endemic to the entire Ukrainian leadership. The tactic was simple: convince the domestic Ukrainian audience of its government’s inability to rule the country honestly while simultaneously demonstrating to Ukraine’s allies that investing their own governmental resources in Ukraine would be wasteful.

While investigating these corruption narratives, the DFRLab and BBC Verify jointly uncovered a massive TikTok network disseminating corruption allegations targeting Oleksii Reznikov, the former Ukrainian minister of defense, alongside accusations against mayors, heads of draft commissions, and the Office of the President of Ukraine. While Russian narratives framing Ukraine as corrupt or a failed state are nothing new, the use of TikTok as a propaganda vector took place at an exceptional scale, involving more than 12,800 separate user accounts. As noted in our December 2023 investigation, TikTok attributed it to a Russia-based covert operation and described it as the largest information operation ever uncovered on the platform.

Videos produced for the operation followed a basic pattern, employing AI voice narration in conjunction with images of luxury items such as villas and cars, presented alongside photos of officials and those of suffering Ukrainian citizens. In numerous cases, photos of luxury villas supposedly purchased with absconded funds were sourced from online real estate listings. These videos were then published in at least seven languages by thousands of TikTok accounts, each of which uploaded a single video to the platform.

While the campaign was not extremely sophisticated from a fact-checking perspective, its employment of nearly 13,000 TikTok accounts allowed it to garner hundreds of millions of views on the platform. This exposure ultimately led to dissemination across other platforms; in once instance, a single video received more than five million views across YouTube, Twitter, and BitChute. Other videos propagated across X, including some translated by users of the platform.

While the TikTok campaign targeting Reznikov was the most notable operation involving corruption allegations, others gained traction as well. A narrative claiming that Ukrainian First Lady Olena Zelenska had purchased luxury jewelry during a visit to the United States went viral on X, receiving millions of views even though the story had been widely debunked.

Weapons-trading narrative goes international

In 2022, Russians invested heavily in the narrative alleging that Western weapons donated to Ukraine were being traded on the black market or shared with Russians. It reached a new level of operational sophistication in 2023, however, when Russia hacked Ukrainian media outlets to plant forged documents on their websites, then subsequently delete them; this effort allowed the perpetrators to present archived copies of the planted materials as evidence that Ukrainian media had reported the story then covered it up. This narrative twist subsequently received coverage in both Russian and pro-Russian foreign media.

Elsewhere, pro-Russian social media sources amplified false allegations that Ukraine re-sold Western military aid to drug cartels and terrorist groups. In one instance, they shared a video and claimed it was proof that a cartel had purchased a Western-donated Javelin missile launcher from Ukraine; in a subsequent fact-check, AFP reported that the account that shared the clip had mistranslated a video from a Mexican news outlet so it could accuse Ukraine of selling the system.

A snapshot of the viral video of a Mexican cartel member carrying weapons falsely attributed to Ukrainian origin. Source: @citizenfreepres/archive

The latest push of Russian propaganda in this vein is to promote a story that Ukraine supplied weapons to Hamas, which allegedly used them in its attack on Israel on October 7, 2023. In one instance, Russian sources used screenshots of ammunition to claim without evidence that Ukraine sponsors Hamas; they also circulated a forged BBC video discussing a nonexistent report they attributed to the open-source research organization Bellingcat in a continuation of the 2022 trend of impersonating reputable outlets to convey legitimacy.

Screenshot from an October 2023 Bellingcat tweet denying the veracity of the BBC video. Source: @Bellingcat/archive

Internal conflicts and fear fuel Russian activities

Russia is adroit at exploiting the internal problems of adversaries to their advantage. This holds true in Ukraine as well. While the whole of Ukraine suffers from missile strikes, blackouts, and air raid alerts, the damage caused by the Russian invasion varies greatly by region, with the southern and eastern parts of the country experiencing the heaviest toll. Additionally, those regions historically had a larger percentage of Russian speaking Ukrainians, the legacy of Soviet industrialization and settlement of the region. Russian actors tried to exploit these two factors to foment hostility between regions. Russia used similar tactics in 2014, when it illegally annexed Crimea and started the war in the Donbas region, and it can be traced back as far as Ukraine’s 2004 presidential election.

In 2023, Russians played up narratives regarding the relative safety of western Ukraine as a point of internal division. For example, the meme song “Fortress Lviv” sarcastically demonstrated the supposed “suffering” of western Ukraine by contrasting images of people living a relatively normal day with claims of being targets of Russian violence. Originating on TikTok, the song was subsequently amplified and republished to other platforms. “Fortress Lviv” is a satiric parody of the song “Fortress Bakhmut,” which celebrates Ukraine’s efforts to defend that city. The Ukrainian government’s Center for Countering Disinformation later claimed that “Fortress Lviv” was a psychological operation of pro-Russian operators.

Russians and pro-Russian actors also amplify harmful and pessimistic content on Telegram and other social platforms, pushing doom-laden predictions for Ukraine’s future, its struggling military counteroffensive, and the abandonment of Ukraine by its allies. While the topics vary, their general purpose is to break Ukraine’s will to resist, reduce humanitarian and military aid from Western partners, and drive tensions within the country. For instance, during blackouts in Fall 2022 and Winter 2023, Russians amplified news of the small gathering of Odesa citizens who had protested the prolonged electricity shortage, attempting to use the instance to foment wider protests. In September 2o23, pro-Russian accounts spread footage from another protest in the city, claiming that people were protesting against President Zelenskyy, even though the protests were actually an attempt to nudge local authorities not to spend budget funds on infrastructure repair but on military supplies.

Attacks on civil society organizations and media

Ukrainian civil society organizations active in countering Russian disinformation also faced numerous attacks. Multiple organizations received suspicious phishing notifications on Facebook from an account called “Meta Service,” which prompted them to perform actions that would lead to them losing access to the account.

Campaigns targeting these organizations evolved over time, returning in waves in a variety of forms. An October 2023 campaign used WhatsApp and Telegram to contact Ukrainians and promised them easy money in exchange for liking specific YouTube and TikTok videos. Effectively a marketing scam, such campaigns can be used to push specific content in order to make it trend, thus giving audiences the perception that it is widely popular or accepted as fact. Additional phishing campaigns also appeared, aiming to take control over more pages. By some estimates, these phishing attempts occur thousands of times per month. And in another instance, hackers took direct control of the Facebook page of the nongovernmental organization Ukrainer without having to resort to phishing.

Meanwhile, inauthentic websites impersonated legitimate Ukrainian media websites and their journalists to promote pro-Russia narratives with a veneer of authenticity; some of these took place under the auspices of a longstanding inauthentic campaign commonly known as Operation Doppelganger. The DFRLab identified multiple instances in which Russians or pro-Russian actors copied the look and internal structure of a legitimate website, hosting them with a similar but altered domain name. Articles on these nearly identical pages usually portrayed Ukraine’s situation as doomed and predicted to fail quickly. The pages attempted to build their audience by sponsoring provocative ads on Facebook and Instagram presenting Ukraine in a negative light, accompanied by a link to a website that then redirected users to one of the fake Ukrainian media pages.

Issue Brief Feb 29, 2024

After Prigozhin, Russia clamps down online

By the Digital Forensic Research Lab

Russia rolled out a new internet surveillance system in 2023 to crack down domestically on anti-war content, while pushing false narratives to undermine Ukraine at home and abroad.

Civil Society Disinformation

Issue Brief Feb 29, 2024

In Europe and the South Caucasus, the Kremlin leans on energy blackmail and scare tactics

By the Digital Forensic Research Lab

Moscow tried to sow fear among Moldovans, Georgians, and Armenians that what happened to Ukrainians could happen to them.

Disinformation Internet

Issue Brief Feb 29, 2024

In Latin America, Russia’s ambassadors and state media tailor anti-Ukraine content to the local context

By the Digital Forensic Research Lab

Disinformation Internet

The post In Ukraine, Russia tries to discredit leaders and amplify internal divisions appeared first on Atlantic Council.

In Latin America, Russia’s ambassadors and state media tailor anti-Ukraine content to the local context

the Digital Forensic Research Lab — Thu, 29 Feb 2024 11:00:00 +0000

This is one chapter of the DFRLab’s report, Undermining Ukraine: How Russia widened its global information war in 2023. Read the rest here.

Russia deploys various strategies to communicate its narratives and advance its interests in Latin America. State media outlets RT and Sputnik continue to be the centerpieces of Russian communications in the region. Further, Russia is using more targeted communications tailored to topics that raise more interest in each country. In this strategy, ambassadors play a role by becoming legitimized spokespersons in national media and placing their op-eds in these spaces, which enables them to articulate the Kremlin’s narratives to Latin American audiences. Likewise, the Kremlin benefits from journalists and influencers who, although not officially affiliated with Russian media, serve as disseminators of pro-Russia propaganda. The DFRLab team analyzed how these strategies played in the Latin American information space during 2022 and 2023, supporting Russian narratives concerning its war against Ukraine, as well as other topics critical for Russia’s geopolitical goals.

Russian public diplomacy efforts

In 2023, the DFRLab examined public communications of Russian embassies in Brazil, Mexico, Argentina, Colombia, Venezuela, Chile, Ecuador, Bolivia, Cuba, and Nicaragua from January 1 to October 31 of that year. Russian ambassadors frequently gave media interviews to national media outlets, which sometimes published op-eds by the ambassadors. The topics addressed by the Russian ambassadors would often vary, focusing on what is most relevant to each country and combining variations of its narratives.

The war in Ukraine was the dominant topic in Brazil, where the Russian ambassador referred to the denazification of Ukraine in 176 statements, while referring to other issues in fewer than seventy statements. During the period of our analysis, Russian diplomats in the nine Spanish-speaking countries often referred to the Ukraine war, but it was the most commonly addressed topic only in Chile and Argentina. Nineteen out of thirty-eight statements by Russian diplomats in Chile referred to the war, often portraying Ukraine as the aggressor and responsible for war crimes. And in Argentina, seventeen out of sixty-six statements referred to Ukraine as a Nazi state and to the war as a denazification operation. In the rest of the region, Russian diplomats focused more frequently on other topics that resonate with local issues, such as US imperialism, sanctions, the rise of the multipolar world, and economic matters.

Summary of the most common narratives and topics present in the communications from Russian ambassadors in nine selected Spanish-speaking Latin America countries. The numbers in parentheses represent the number of mentions during the period of analysis, January 1 to October 31, 2023. (Source: Iria Puyosa/DFRLab)

In Argentina, the dominant Russian narrative was that the “special military operation” aimed to “denazify” and demilitarize Ukraine, which was framed as a Russophobic and corrupt country. Ambassador to Argentina Dmitry Feoktistov has been interviewed by Argentinian newswire Telam, a government-owned entity under the control of the Ministry of Public Communication, whose content is reproduced by numerous Argentine public and private media outlets. Feoktistov highlighted the importance of the multipolar world, Russia’s support for Argentina’s accession to BRICS (the intergovernmental bloc involving Brazil, Russia, India, China, and South Africa), and the common fight against colonialism, pointing specifically to “the Malvinas War,” commonly known as the Falklands War in English-speaking countries, itself a heritage of colonialism and thus an Argentine cultural touch point. The embassy constantly emphasized Russia’s solidarity with Argentina, referring in particular to its efforts supplying the country with the Sputnik V vaccine against COVID-19.

Brazilian news websites and blogs published 176 articles quoting the Russian ambassador, Alexey Labetskiy, between January 1, 2023, and October 23, 2023, according to a query conducted using Meltwater Explore, a news and social media monitoring tool. During his media engagements, Labetskiy maintained the Kremlin narrative that the invasion of Ukraine was a special operation to denazify the country. In a September 2023 interview published by the online version of the newspaper O Globo, Labetskiy accused Ukraine of neo-Nazism; five other digital outlets in Brazil also republished the interview. In the interview, the ambassador also emphasized Russia’s role as a strategic partner for Brazil to achieve its goal of obtaining a leadership role on the international stage and becoming a permanent member of the United Nations Security Council.

List of Brazilian online news outlets that quoted the Russian ambassador between January 1 and October 23, 2023. (Source: Beatriz Farrugia/DFRLab via Meltwater Explore)

In Chile, the predominant Russian narratives were that Ukraine was the original aggressor and that Russia was defending itself and fighting the resurgence of Nazism. Op-eds by Russian Ambassador to Chile Sergei Koshkin are regularly published by the left-wing digital outlet Crónica Digital. In his op-eds and interviews, Koshkin maintains that international media is plagued with “fake news” about the war, alleging that Russia is blamed for crimes perpetrated by Ukraine in Mariupol and Bucha. Other topics frequently addressed by the Russian ambassador are economic opportunities in Russia-Chile relations, the rise of the multipolar world, and the struggle against colonialism.

Meanwhile, the Russian Ambassador to Mexico Nikolay Sofinskiy maintained that the conflict in Ukraine originated from NATO aggression and that the Kremlin’s “special military operation” is intended to protect the Russian-speaking population from extermination while demilitarizing and denazifying Ukraine. According to his version, Russia reacted to the imposition of a colony controlled by Washington. In an op-ed published by influential left-wing daily La Jornada, Ambassador Sofinskiy alleged that the United States and its allies use Ukraine for the profiteering of the US military-industrial complex.

In his statements to Colombian media, Russian Ambassador to Colombia Nikolay Tavdumadze has expressed satisfaction with the “balanced” position of Colombian President Gustavo Petro and his decision to not send military equipment to Ukraine. In contrast, Tavdumadze has repeatedly complained that Colombian media coverage reflects the biased version of Western newswires and ignores reports from RT, Sputnik, and his embassy. Despite the complaints, Tavdumadze has been interviewed several times by prominent Colombian media outlets and had an op-ed appear in El Tiempo, the most influential newspaper in the country. In that op-ed, he contended that sanctions against Russia restrict food production in his country and affect global food security, while the maritime corridor initiative for exporting Ukrainian grain only benefited Western Europe without considering the needs of the poorest countries in Africa.

Finally, Russian Ambassador to Ecuador Vladimir Sprinchan frequently referred to the war in Ukraine indirectly, focusing instead on Ecuador’s economic interests. Sprinchan, however, highlighted how sanctions on Russia affect international trade and food security, and how former Ecuadorian President Guillermo Lasso’s position condemning the invasion negatively affected Ecuador’s agribusiness interests. Sprinchan’s communications during 2023 also included an op-ed in which he denied accusations of Ukrainian children being abducted to Russia, a war crime, and instead presented the version that the children had been evacuated from the war zone for their own protection.

The role of RT en Español and Sputnik Mundo

As the Kremlin deploys its global media apparatus to shape regional narratives around the war, understanding how its Spanish-language outlets target Latin American audiences becomes crucial. With millions of readers and followers on social media across the region, RT en Español and Sputnik Mundo have played an important role in disseminating pro-Kremlin narratives about the war in Spanish-speaking countries.

This analysis examines how the two state media outlets have covered the conflict, focusing on content published by the two outlets from January 2022 through August 2023. To conduct this analysis, the DFRLab gathered and analyzed news articles from RT en Español and Sputnik Mundo containing the keyword “Ucrania” (“Ukraine” in Spanish) to examine recurrent topics and narratives. According to data collection using the news monitoring platform Event Registry, these outlets published more than 6,100 articles on Ukraine during the first eight months of 2022, with the largest spikes occurring in tandem with the overall news cycle. During this period, RT en Español and Sputnik Mundo’s news articles on Ukraine centered on the ongoing conflict, frequently referring to the invasion as a “special military operation.” An analysis of the articles that received the most Facebook interactions revealed dominant narratives justifying Russia’s military actions, including alleged Ukrainian aggression, NATO expansionism, and the goal of “denazifying” Ukraine. Additionally, many articles emphasized other topics such as sanctions, energy infrastructure, weapons flows, and political issues, including actions taken by social media platforms to ban Russian state-backed media.

Line graph showing the number of news articles on Ukraine published by RT en Español and Sputnik Mundo between January 1 and August 31, 2022. Highlighted topics near peaks indicate the subjects of articles from these outlets that garnered the most Facebook interactions. (Source: @estebanpdl)

Between January 1, 2023 and August 31, 2023, RT en Español and Sputnik Mundo published over 6,300 articles related to the war in Ukraine, a 200-article increase over the previous time period in 2022. The two outlets maintained their overwhelmingly pro-Russian coverage of the war, with the most frequent narratives emphasizing alleged Ukrainian aggression, criticism of military aid to Ukraine, and the impacts of Western sanctions on Russia. Unlike 2022, when significant spikes in coverage emerged around key news events, the 2023 distribution revealed a more consistent stream of articles, typically with a daily range of between twenty to fifty published articles.

Line graph showing the number of news articles on Ukraine published by RT en Español and Sputnik Mundo between January 1 and August 31, 2023. The graph features less dramatic spikes in coverage, indicating a more consistent approach to reporting on the conflict (and thus a more consistent approach in trying to shape the narratives in Latin America about the war). (Source: @estebanpdl)

Using named entity recognition, a natural-language processing methodology used to identify and classify names of people, organizations, and locations, the DFRLab identified the most frequently mentioned names in relation to the articles that received the most engagement.

According to this analysis, the outlets placed greater emphasis on narratives criticizing Western military assistance to Ukraine in 2023, while also highlighting geopolitical themes around the “new world order,” NATO strategy, and alleged biological weapons. These narratives persisted throughout the eight-month period.

Screenshot of a network graph, created using Gephi software, showing the relationships between entities and topics discussed in news articles published by RT en Español and Sputnik Mundo between January 1 and August 31, 2023. Each circle (“node”) represents a topic discussed in the articles, while the lines (“edges”) represent connections between topics, such as both connected topics being mentioned in the same article. Spanish language versions of proper nouns are shown. (Source: @estebanpdl via Gephi)

Building on these network patterns, a detailed review of 2023 articles showed the proliferation of disinformation narratives, like reinforcing the “proxy war” portrayal of the conflict as NATO waging war against Russia through Ukraine. The topic of supplying arms to Ukraine remained a steady media focus. Allegations also abounded regarding supposed US-backed biolabs in Ukraine and around the alleged presence of uranium and biological weapons. Additionally, the outlets persistently promoted anti-NATO rhetoric, criticizing the treaty organization’s military support for Ukraine.

Graph showing the main topics related to Ukraine as covered by RT en Español and Sputnik Mundo between January 1 and August 31, 2023. Each topic is represented by horizontal lines with data points indicating the dates of publication. The graph highlights various discussed topics. In orange are narratives about support for Ukraine; in red, narratives concerning weapons, including biolabs; and, in blue, narratives related to NATO. (Source: @estebanpdl)

An examination of Facebook engagement data on RT en Español and Sputnik Mundo’s Ukraine articles showed a significant decrease in 2023. On high-volume publication days in 2022, stories on Ukraine garnered nearly 560,000 likes, reactions, and shares. In contrast, Facebook engagement dropped substantially in 2023, with articles receiving only around 18,136 interactions on peak publication days. While more research is needed, this substantial decline may reflect shifting audience interests and interaction patterns on Facebook rather than a loss of readership.

Sputnik Brazil and its impact on Brazilian websites and social media accounts

Sputnik Brazil was the main Russian media outlet operative in Brazil in 2023, as RT did not have a Portuguese version available at the time of the report. However, Sputnik Brazil’s operations changed over the year.

On March 18, 2023, Brazilian journalist Juliana Dal Piva reported on news website UOL that Sputnik Brazil had closed its office in the country, dismissing around twenty media professionals. The reason for the closure, according to Dal Piva, was the challenge Sputnik faced in processing bank transactions and paying local employees following Russia’s postinvasion ban from the SWIFT banking system. That same month, Brazilian journalist Carlos Madeiro reported that the Sputnik Brazil website had been the target of cyberattacks.

Four months later, the Sputnik Brazil website, which used to be hosted as a subdomain at https://br.sputniknews.com, changed to a new address, https://sputniknewsbr.com.br. Using a WHOIS search to review domain name registration information, the DFRLab found that the new address was created on July 8, 2023.

Screenshot of a WHOIS query showing details of the newer Sputniknewsbr.com.br domain. (Source: Beatriz Farrugia/DFRLab via WHOIS)

The DFRLab conducted a content analysis on articles mentioning the keyword “Ucrânia” (“Ukraine” in Portuguese) published by the website sputniknewsbr.com.br between August 1, 2023, and October 24, 2023, to identify the most frequent narratives spread by the outlet. The research resulted in 484 articles, according to data from Meltwater Explore.

Narratives promoting Russian military capacity were the most frequent topic covered by Sputnik Brazil within the entire period analyzed. In total, 127 pieces boasted about the skill and acumen of Russian forces and their military equipment, while an additional thirty-one articles labeled the Ukrainian forces as inefficient and unprepared for combat. Examples of this narrative also included criticism of the quality of military equipment provided by Western countries, the Ukrainian forces’ lack of skills in operating it, and Russia’s superiority in terms of strategy and military arsenal.

Another narrative frequently spread by Sputnik Brazil during the period analyzed was the possibility of Ukraine losing financial and military support, especially from the United States and EU. In total, there were seventy-eight pieces mentioning this topic. One of these articles received more engagement than any other articles about Ukraine, potentially reaching 691,000 people.

The piece, published on September 26, 2023, stated that the West was unsure about its support for Ukraine. It also highlighted how alleged Ukrainian government corruption had affected the chances of the country being successful in its counteroffensive against Russia, and how military equipment received from third parties had not improved the Ukrainian response to the invasion.

Screenshot of the Sputnik Brazil article that generated the most engagement between August 1, 2023 and October 24, 2023, with approximately 700,000 views, according to a Meltwater Explore query. (Source: Sputnik Brasil/archive)

Sputnik’s reach, however, went beyond its own website, as local media outlets in Brazil amplified the Russian outlets’ narratives throughout 2023. The DFRLab found 5,610 reposted articles both on Brazilian news websites and social media platforms between January 1, 2023, and October 30, 2023.

The website Brasil247 reposted the most content from Sputnik and quoted the Kremlin most frequently, with 645 mentions over the period. Created in 2011 by Brazilian journalist Leonardo Attuch, Brasil247 is aligned with left-wing parties, especially the Workers’ Party (Partido dos Trabalhadores), of which President Luiz Inácio Lula da Silva is a member. A search using website analysis tool SimilarWeb estimated the average monthly audience of Brasil247 to be around 9.7 million, though that number does not account for multiple visits by the same person.

Screenshot of a Meltwater Explore query showing the number of mentions of “Ukraine” and “Sputnik” together by Brazilian media outlets in 2023, with Brasil247 being the most prolific at just under 650 mentions. Investing.com Brazil was second highest, but its total was under one hundred. (Source: Beatriz Farrugia/DFRLab via Meltwater Explore)

Former RT journalists and other actors amplifying disinformation narratives

Politicians, media outlets, journalists, and organizations based in Spain and Latin America have hosted former journalists from Sputnik or RT in Spanish, allowing them to amplify narratives about Russia’s invasion of Ukraine that align with the interests of the Russian regime. While not all of these individuals and entities may be directly linked to the Kremlin, they, as information vectors, serve to amplify narratives in line with the Kremlin.

Prior to the invasion of Ukraine, Inna Afinogenova, former deputy director of RT en Español’s website and a former host of RT’s program ¡Ahí les Va!, was one of RT’s most recognizable faces for Spanish-speaking audiences. Afinogenova remained inactive during the early stages of the invasion; on May 3, 2022, she announced the termination of her ties with RT allegedly due to her opposition to the war. Afinogenova has nevertheless continued to use her personal social media accounts to disseminate content similar to the narratives propagated by Kremlin-affiliated media, often placing blame on Ukraine, the United States, and the EU for the war, as well as for economic and social challenges impacting Spanish-speaking countries. Afinogenova’s posts closely monitor the political situation of governments aligned with Putin while criticizing media outlets or journalists that report on Afinogenova or left-leaning governments.

Afinogenova has expanded her presence to other accounts associated with media outlets that either originated on YouTube or have a significant portion of their audience on that platform, and are affiliated with politicians or media groups aligned with the left-wing or progressive movements in Spain and Latin America. Since June 30, 2022, Afinogenova has been one of three presenters for the program Macondo. According to another of its presenters, Uruguayan journalist Leandro Grille, the program takes an “alternative, more progressive, left-leaning perspective” in reporting Latin American news. The third presenter is Marco Teruggi, a former Latin American correspondent for Sputnik News, who also has affiliations with left-wing Latin American politicians and organizations. This includes his work on the electoral campaign of Colombia’s vice president, Francia Márquez. Teruggi is among the former collaborators of pro-Kremlin media who, during the initial stages of Russia’s invasion of Ukraine, expressed their discontent with platforms still labeling them as linked to their former Kremlin employers.

In Spain, where she is based, Afinogenova also is a presenter on programs on the streaming channel Canal Red and the website Diario Red. These media outlets are part of a media conglomerate started in 2022 by Pablo Iglesias, the former vice president of the Spanish central government and former leader of the left-wing party Podemos. Iglesias has promoted these media outlets through crowdfunding campaigns as alternatives to what he refers to as the power of the right-wing Spanish media. These media outlets remain connected to companies associated with Jaume Roures, a television mogul who has publicly supported the left wing in Spain as well as Cuba’s Communist regime.

An analysis of Canal Red’s YouTube channel, which boasts the outlet’s largest social media audience, showed that among the most-viewed videos were those hosted by Afinogenova, including some reaching almost two million views. In these videos, she argues that the United States is responsible for the ongoing Russian invasion of Ukraine, attributing its continuation to a lack of interest in negotiating the end of the conflict and an apparent reluctance to engage in direct conflict with Russia, “the country with the largest nuclear arsenal in the world.”

Issue Brief Feb 29, 2024

After Prigozhin, Russia clamps down online

By the Digital Forensic Research Lab

Russia rolled out a new internet surveillance system in 2023 to crack down domestically on anti-war content, while pushing false narratives to undermine Ukraine at home and abroad.

Civil Society Disinformation

Issue Brief Feb 29, 2024

Two-pronged approach to Africa pays dividends for Russia

By the Digital Forensic Research Lab

In the African countries with which Russia has longstanding ties, diplomats lead the way. Elsewhere on the continent, Wagner Group fighters are Moscow’s more active representatives. Both official and covert approaches exploit local grievances to push Russia’s narrative.

Africa Disinformation

Issue Brief Feb 29, 2024

Complicated history helps Russian narratives about Ukraine find a foothold in the Middle East

By the Digital Forensic Research Lab

Across the Arabic-speaking world, the narratives amplified by Russian state media and local media partners are framed in a way that appeals to audiences in the region and their complicated history with the West.

Democratic Transitions Disinformation

The post In Latin America, Russia’s ambassadors and state media tailor anti-Ukraine content to the local context appeared first on Atlantic Council.

Two-pronged approach to Africa pays dividends for Russia

the Digital Forensic Research Lab — Thu, 29 Feb 2024 11:00:00 +0000

This is one chapter of the DFRLab’s report, Undermining Ukraine: How Russia widened its global information war in 2023. Read the rest here.

On August 16, 2023, Ukrainian Foreign Minister Dmytro Kuleba promised to “free Africa from Russia’s grip,” claiming that Russia’s primary “tools for its work in Africa” were propaganda and the Wagner Group.

In our previous Undermining Ukraine report, the DFRLab analyzed Russia’s use of Kremlin media and diplomatic channels in Africa to spread Russian narratives, as well as the manipulation of social media to spread content supportive of Russian President Vladimir Putin. Russia’s efforts to court African leaders did not decrease in 2023. Russian Foreign Minister Sergey Lavrov visited multiple countries on the continent throughout the year, Putin welcomed African leaders to the Russia-Africa Summit in Saint Petersburg, and the Wagner Group maintained its regional ties, despite the death of Wagner co-founder Yevgeny Prigozhin in August 2023.

Russian disinformation in Africa

Russia’s endeavors to deploy false narratives and disinformation campaigns in Africa cannot be understood in isolation: They are integral to a broader dual strategy toward Africa that has yielded substantial results over the past year. These results have facilitated the Kremlin’s efforts to bolster its influence on the continent while simultaneously undermining Ukraine on the global stage.

Russia’s approach to Africa still consists of two facets. On one hand, there are the official relationships with individual countries, characterized by trade and investment, diplomatic initiatives, public diplomacy, defense and security agreements, and engagements within the United Nations, among other official channels. On the other hand, there is an unofficial and covert aspect of the relationship involving hybrid tactics and the illicit trade of arms for resources, most notably by the Wagner Group. Alongside Wagner’s presence, there is an emphasis on disinformation campaigns and the propagation of false narratives.

Russian influence campaigns in Africa are as varied and unique as the countries they target. The two-pronged Russian strategy also has a significant impact on the Kremlin’s disinformation approach on the continent. In some countries, Moscow predominantly relies on formal engagements, including media and journalist training agreements and official diplomatic channels, particularly in contexts where Moscow has long-standing historical ties, like it has with South Africa, where relations with the African National Congress (ANC) are deeply rooted. These formal engagements serve as a means to exert influence through traditional diplomatic and media avenues.

Conversely, in countries like those in the Sahel and West Africa, Russia adopts a more covert approach. Here, the focus shifts toward nontraditional methods, including payments to local influencers, disinformation campaigns, or financial support for local political associations. In these regions, Moscow aims to exploit existing vulnerabilities and capitalize on local dynamics. This dual approach allows Russia to tailor its disinformation efforts to the specific circumstances and receptivity of individual African nations, adapting its tactics to maximize its influence and achieve its geopolitical objectives. Tied to this are successful false narratives that portray Russia as the “benevolent benefactor,” a “state unsullied by the taint of colonialism,” and a perception of Russian media as ‘independent’ sources of information.

This two-pronged approach was evident at the July 2023 Russia-Africa Summit held in Saint Petersburg. While the summit purportedly aimed to showcase the public face of Russia-Africa relations, it also harbored elements of Russia’s covert foreign policy strategy. Beyond its official foreign policy objectives, the summit served as a platform for reinforcing narratives disseminated by Russia in Africa, designed to undermine Ukraine and weaken its Western allies. These narratives have been amplified by local influencers and communication channels cultivated by Russia, capitalizing on long-standing African grievances, such as anti-French sentiments and broader anti-colonialist feelings in Sahelian countries.

Russian officials, including Putin, portray a changing and tumultuous global order where both Africa and Russia are under siege from the West on multiple fronts. In this context, Russia and Africa are portrayed as cooperative partners, reminiscent of their Cold War-era collaboration, working together to counter Western aggression and establish a multipolar world where Africa can claim its rightful place, free from the lingering legacies of colonialism and neocolonialism.

Conversely, Russia’s invasion of Ukraine received minimal public discussion at the 2023 summit, with narratives instead repeatedly blaming Ukraine and the West for Africa’s shortages of food, grains, and fertilizers. Despite encountering challenges related to its actual capacity to strengthen economic and trade ties, the messaging from the summit, as analyzed by the DFRLab at the time, confirmed Russia’s unwavering commitment to enhancing its influence on the African continent.

This aligns with additional observations concerning the Wagner Group throughout 2023. Following Prigozhin’s attempted mutiny, questions arose regarding the future of Wagner’s operations on the continent. Although the principle of plausible deniability, which had made Wagner highly effective and valuable to Moscow as an extension of its foreign policy and influence operations in Africa, appeared to have been compromised, the Wagner Group has persisted in promoting its services in Africa. The group’s representatives on the continent have reiterated their intention “not to curtail, but to expand” their presence in Africa, and evidence suggests the group is in fact expanding its presence and disinformation focus in West African coastal states.

While disavowing direct connections to Wagner’s actions in Africa may have become more challenging for the Kremlin, Russia is unlikely to forsake the network of influence and disinformation capabilities painstakingly constructed by the group in recent years. Instead, Moscow will likely continue to employ hybrid tools, albeit in different configurations, to displace Western influence, exploit natural resources, and circumvent sanctions through numerous front companies operating under the group’s umbrella.

Pro-Kremlin narratives in African media

Numerous African media outlets promoted a variety of pro-Kremlin messaging, including narratives glorifying the role of the Wagner Group in Africa and the Russian armed forces in the war, criticism of the West’s handling of the grain crisis, and presenting Russia as a humanitarian stakeholder and security provider. In each case, these narratives appeared in Russian media prior to their amplification by African outlets.

Russian and African media signed several cooperation agreements in 2023, including a reported collaboration between RT and Afrique Media TV, which influenced the latter’s coverage of the war in Ukraine and Russia’s role in global diplomacy. Afrique Media TV is a francophone Pan-Africanist television channel founded in 2011 that also operates an English news website. In a September 2023 investigation, African Digital Democracy Observatory found that Afrique Media TV is linked to Russian assets, including a Wagner front company. Reportedly, Afrique Media TV is partnering with the Association for Free Research and International Cooperation(AFRIC) and the Officers’ Union for International Security (COSI), both of which operate on behalf of the Wagner Group.

The DFRLab found that Afrique Media TV reposted content from Russian propaganda outlets RT and Sputnik that portrayed Russia’s security interests in pulling out of the grain deal, as well as its reported military successes against the Ukrainian armed forces. It also often hosts shows with RT France TV presenter Xavier Moreau, who was an observer during the illegal 2022 referendum on the annexation of the territories of Donetsk to Russia, according to the European Platform for Democratic Elections.

Screenshots from an Afrique Media TV briefing on the war in Ukraine (left) and from RT France TV Show L’échiquier Mondial (right), both featuring Xavier Moreau. (Sources: Afrique Media TV/archive, left; RT France/archive, right)

African media also echoed Kremlin narratives around Ukrainian grain supplies. The Kremlin used the continent’s reliance on Ukrainian grain as a means by which to cast blame on Ukraine and the West when supplies started to become more constricted, despite the Black Sea Grain Initiative, an agreement brokered by the United Nations and Turkey between Russia and Ukraine that helped maintain grain exports from Ukraine. Russian retaliation against Ukraine’s southern port infrastructure, however, was a leading cause of supply shortages. Narratives regarding this new “grain crisis,” first pushed by the Kremlin and its allies and then echoed in African media, arose after Russia formally announced its withdrawal from the grain deal. Russia also engaged in raiding dry grain cargo ships, which effectively resulted in another blockade of Ukrainian grain transiting the Black Sea.

Narratives originally published by the African branch of the pro-Kremlin Russian news outlet Sputnik were disseminated by African French-language media outlets. For example, Sputnik Afrique spread unfounded narratives that claimed that the West had lied about delivering grain to African countries from Ukraine; the narratives subsequently reappeared on both a Cameroonian online news outlet and a Hezbollah-affiliated outlet. Notably, these narratives spread ten days before the second gathering of the Russia-Africa Summit in Saint Petersburg, when Russia pulled out from the grain deal by letting it lapse.

Russia also expanded its media operations in 2023 by engaging in new partnerships with BRICS-based outlets. As noted by French nonprofit OpenFacto, Russia has consistently created websites that operate as showcases for the cooperation among the BRICS countries, an operation suspected to be affiliated with InfoRos, an online outlet with ties to Russia’s main intelligence directorate, the GRU. For example, Daily News Egypt signed a new cooperation agreement with Russia-owned television channel TV BRICS in October 2023. TV BRICS also signed partnerships with the African News Agency (ANA) and Chinese press agency Xinhua.

In addition to Russian content being spread to African media, there was also evidence of local citizens repackaging and distributing Russian propaganda of their own volition. In the spring of 2022, the DFRLab investigated a small inauthentic network from Côte d’Ivoire, which used the name MARIGONEWS, that a Meta spokesperson confirmed to the DFRLab was run by a single individual “with pro-Russian sentiment.”

Following the invasion of Ukraine, Facebook assets using the MARIGONEWS name and logo, with one group maintaining over 62,000 members, promoted a Telegram channel called Opération de Dénazification et de Démilitarisation de l’Ukraine (Operation to Denazify and Demilitarize Ukraine), which was subsequently renamed Marigo News—Opération ZOV.

Screenshot of a Facebook page (left) that was part of the MARIGONEWS inauthentic network and that promoted a corresponding Telegram channel (right), saying Marigo News supported the Russian Federation. (Source: Facebook, left; Telegram/archive, right)

While the channel claimed to have Russian correspondents, almost all of the content posted to the channel was copied from pro-Kremlin Telegram channels and websites and translated from Russian into French.

Following the DFRLab’s report and Meta’s removal of the group’s Facebook assets in the spring of 2022, it continued to post content copied from Kremlin channels to its Telegram group. Although it did lose followers and was periodically inactive for several months, the Telegram channel started posting regularly in October 2023, after changing its logo and name to MARIGONEWS. Some of the Facebook assets were also recreated, but at the time of publishing had received very little engagement.

Screenshots of the MARIGO NEWS Telegram channel rebranded with a new logo, which matches that on a Facebook page created in October 2023. (Source: Telegram/archive, left; Facebook/archive, right)

Calls for Putin’s arrest amid BRICS summit preparations

In late August 2023, South Africa hosted the fifteenth annual BRICS summit in Johannesburg. Immediately following the announcement of the summit, Putin’s planned attendance was mired in controversy because of an ICC warrant for his arrest due to alleged wartime deportation and transfer of children. Following pressure from opposition parties and nongovernmental organizations, Putin opted instead to attend the summit via video link and delivered a prerecorded seventeen-minute address.

Prior to the summit, there had been speculation regarding Putin’s attendance given the arrest warrant and South Africa’s international obligations. South Africa had previously chosen not to enforce an ICC warrant—in 2015, the South African government failed to arrest then-Sudanese President Omar al-Bashir after he attended an African Union conference in Johannesburg, despite an ICC warrant—so it was an open question in 2023. Preemptive and successful legal action instituted by opposition parties, however, obligated the South African government to arrest Putin should he attend.

Although Putin claimed that he decided to stay away from the summit to “avoid creating problems for friends,” this decision was only reached a few weeks before the summit after months of speculation—and diplomatic contortions—around his attendance.

The event underscored the complex local and geopolitical landscape in which the event took place, especially considering South Africa’s policy of nonalignment.

Issue Brief Feb 29, 2024

In Latin America, Russia’s ambassadors and state media tailor anti-Ukraine content to the local context

By the Digital Forensic Research Lab

Disinformation Internet

Issue Brief Feb 29, 2024

After Prigozhin, Russia clamps down online

By the Digital Forensic Research Lab

Russia rolled out a new internet surveillance system in 2023 to crack down domestically on anti-war content, while pushing false narratives to undermine Ukraine at home and abroad.

Civil Society Disinformation

Issue Brief Feb 29, 2024

Complicated history helps Russian narratives about Ukraine find a foothold in the Middle East

By the Digital Forensic Research Lab

Democratic Transitions Disinformation

The post Two-pronged approach to Africa pays dividends for Russia appeared first on Atlantic Council.

International law doesn’t adequately protect undersea cables. That must change.

Amy Paik and Jennifer Counter — Thu, 25 Jan 2024 15:00:00 +0000

Undersea cables are important tools for transmitting sensitive data and supporting international telecommunications—but they’re relatively vulnerable. Sensitive data remains safe as long as undersea cables are in good physical condition, but events such as severe sabotage—in the form of cutting cables—could leak data and interrupt vital international communications. Today, when events that damage or cut a cable, (including acts of sabotage) happen in international waters, there is no effective regime to hold the perpetrator of a physical attack accountable.

The United States and its allies and partners have come to understand how important it is to secure the world’s undersea cables. But there haven’t yet been enough efforts that incorporate all countries in a protection pact. The reality is that cable cutting could severely impact the lives of citizens in countries across the globe, from Tonga to Norway and far beyond. Thus, intergovernmental organizations such as the United Nations (UN) must take undersea cable security seriously, including by forming internationally recognized and formalized protections.

Risks are growing under the sea

Threats to undersea cables are increasing. For example, Russia is well positioned to conduct malicious attacks on undersea cables with the help of its intelligence ship, Yantar, which was spotted loitering near cable locations in 2019 and 2021. NATO Assistant Secretary General for Intelligence and Security David Cattler expressed particular concern about Russian activity in European waters, following the 2022 invasion of Ukraine. Cattler told reporters in May 2023 that Russia could attack infrastructure such as undersea cables in an attempt to “disrupt Western life and gain leverage over those nations that are providing support to Ukraine.”

For a sense of how interruptive cable cutting could be, look to the African continent and the Matsu Islands. In April 2018, damage to the Africa Coast to Europe cable—which at the time connected twenty-two countries along the western coast of Africa and Europe—caused significant connectivity issues (and in some cases days-long blackouts) for ten countries. Reporters suggested that the damage could have been caused by Sierra Leone, as the country’s government seemed to have imposed other internet blackouts on its citizens around the same time, impacting communications for not just social but also economic and governance matters.

In February 2023, two Chinese vessels on two separate instances severed cables in the East China Sea—one on February 2 and another on February 8. Although there is no direct evidence that the vessels did so intentionally, Taiwanese local officials said that the cable cuts are part of repeated cable breaks that amount to harassment by China. For nearly two months, the over thirteen thousand residents of the Taipei-governed Matsu Islands endured an internet outage, encountering great difficulty when conducting business and communicating. For China, understanding how undersea cable cuts can impact Taiwan provides useful insights that can be leveraged in both traditional and hybrid warfare.

These interruptions hit particularly hard when countries don’t have many connection points. For example, while Saudi Arabia has sixteen cable connections, the Matsu Islands only have two connections. Norway’s Svalbard archipelago similarly only has two connections, while Tonga only has one. The impact of a severe cable cut also depends on a country’s ability to fix damaged or degraded cables. It took Taiwan over a month to repair cables stretching to the Matsu Islands. For Tonga, whose cable was damaged by a volcanic eruption in 2022, it took ten days for a cable repair ship stationed in Papua New Guinea to even reach the island before beginning repairs, which then took several weeks.

Clusters of countries have begun to acknowledge the increasing threats to undersea cables. For example, in 2019, Japan outlined the Data Free Flow with Trust (DFFT) concept that promotes the free flow of data and the protection of individual privacy, national security, and intellectual property by connecting undersea cables only with allies and partner nations. At a May 2023 summit in Hiroshima, the Group of Seven (G7) endorsed the creation of the Institutional Arrangement for Partnership, which puts DFFT into action. The G7 also issued a communiqué (albeit more of a political consensus than any sort of treaty) with a section committing to collaborate more on undersea cable security.

Should the G7 countries follow through on their commitment—for example, by investing in an undersea cable project together—they could affect geopolitics in the undersea cable world and highlight to political and business leaders how necessary it is to keep countries connected through cables.

The G7’s progress and NATO’s recent establishment of a London-based center on protecting undersea cables are examples of how the United States prefers to share cables with likeminded countries. These efforts also demonstrate how democratic states are joining together in smaller consortia to invest in establishing and securing undersea communication cables.

Democratic states are also investing in undersea cables as a way to spread the free flow of data. In June 2023, the East Micronesia Cable project to connect several islands in Oceania began, funded by Australia, Japan, and the United States—with the understanding that connectivity is vital to economic development and, in this case, a means to counter Chinese influence in the region. The project was slow to start, as it faced a stalemate after China’s HMN Technologies submitted a tempting bid to build the cable, and the United States warned the Pacific islands about the risks associated with the participation of a Chinese company. Soon after, all bids were deemed noncompliant and removed from consideration, a challenge to China’s increasing control of digital traffic in Oceania.

China’s influence in the undersea cable world has grown immensely in recent years. In 2019, China owned, supplied, or was a landing point for over 11 percent of the world’s undersea cables, and it is aiming to grow this proportion to 20 percent by 2030. US warnings about Chinese cable companies demonstrate how Washington, with its allies and partners, is working to counter Chinese influence in supplying undersea cables in the Pacific.

A global deterrence plan

The world’s information is in serious danger, as perpetrators could resort to malicious attacks not only to interrupt connectivity but also to tap into the cables and eavesdrop. When undersea cables are cut or damaged, the laws that determine who is responsible for sabotage vary depending on where the cables are laid. For example, a coastal state has sovereign rights in its territorial sea, according to Article 21 of the UN Convention on the Law of the Sea (UNCLOS). In addition, a coastal state may exercise its rights to repair and maintain undersea cables in its exclusive economic zone, according to UNCLOS Article 58.

However, in regard to cables that are sabotaged in international waters, there is currently no effective regime to hold the perpetrator of damage responsible. If cables are willfully or accidentally damaged by a ship or person, the jurisdiction to determine an appropriate punishment for the perpetrator lies with the state under whose flag the ship operates or that of the person’s citizenship. Because this places onus on the perpetrator’s state, not the state that owns the cable, there is no effective regime to ensure that the responsible party is held accountable directly.

It is time for an intergovernmental organization such as the UN or its International Telecommunication Union (ITU) to take undersea cable security seriously and establish internationally recognized protocols under a formalized protection plan that deters actions against undersea cables and prioritizes the security of digital communications.

Such a protection plan should give jurisdiction to the cable owner’s state. Under such a plan, the fact that the cable owner’s state could take the perpetrator’s state to court might make intentional saboteurs think twice, creating a deterrent effect, especially if fines or remediation costs are significant. It should also take into account nonstate actors, such as armed groups or large multinational business companies, who could interfere with the cables. UNCLOS, as a traditional treaty between states, does not hold nonstate actors responsible, even in a scenario in which a terrorist group were to inflict damage.

The type of first-rate technology required to cut undersea cables is immensely expensive and not typically affordable for nonstate actors or militia groups—and even for many states. Only a few countries have submarines: For example, China owns vessels such as the Jiaolong and Russia owns vessels such as the Losharik. However, countries often rely on companies to manufacture and lay cables, and there are concerns that untrustworthy companies maintaining undersea cables could become involved in disrupting the data inside the cables—for example, by spying or stealing information.

However, if the ITU is to be the origin of such a regime, it must look inward and address what some democratic countries would call a major controversy: China’s increasing influence in the UN body. From 2015 to 2022, Chinese engineer Houlin Zhao served as the ITU’s secretary-general, and during that time he championed China’s Digital Silk Road vision and notably increased Chinese employment at the ITU. He seemed to forget his position as a neutral international civil servant, acting more like a Chinese diplomat.

During Zhao’s term, Huawei and the Chinese government introduced its “New IP” proposal to the ITU which quickly became controversial for sacrificing the privacy of individuals and making state control and monitoring of digital communications easier. Despite not yet being debated, it was backed by two authoritarian governments (China and Russia) and opposed by the United States, Sweden, the United Kingdom, and several other democratic nations.

While Zhao was replaced by an American engineer—Doreen Bogdan-Martin—China has been sending more individuals than other states to various study groups at the ITU. It is also one of the top contributors to the ITU’s annual budget, providing about $7.5 million in 2023. It is clear that China recognizes the importance and influence to be had in the digital space through undersea cables, and its attempts to influence the management of this global infrastructure should not be left uncountered.

In the UN, increasing factionalization could make finding common ground for a new regime difficult but not impossible. Countries would need to agree that managing undersea cables together is important. Similar agreement has been reached on the need for nuclear protocols and for deconfliction in space operations—areas where states are generally more willing to share information, despite counterintelligence concerns.

From a hybrid warfare perspective, sabotaging or destroying undersea cables can be a powerful tool for adversaries. As countries come to rely more on digital communications and infrastructures, a sudden or unexpected blackout can increase social angst and foster political instability. World leaders must switch focus to establishing a working international regime that governs how the world responds to undersea cable sabotage to deter those who may see an opportunity in attacking the system. The effort should be directed at creating a working international regime that enhances individual privacy, not more government control of the internet, when protecting the data in undersea cables.

The world’s interconnectivity provides for the movement of tremendous wealth, improved access to information, and international relationships that would have been impossible only fifty years ago. With huge benefits come huge risks, and for undersea cables, those risks include significant vulnerabilities that global leaders must take seriously. They must build better protections now, before nefarious actors come to view undersea cables as a viable target.

Amy Paik is an associate research fellow at the Korea Institute for Defense Analyses (KIDA). She has been with the Center for Security and Strategy at KIDA since 2013. She is also a visiting scholar at the Reischauer Center for East Asian Studies at Johns Hopkins University School of Advanced International Studies.

Jennifer Counter is a nonresident senior fellow in the Scowcroft Center for Strategy and Security’s Forward Defense Program. She is a member of the Gray Zone Task Force focusing on influence, intelligence, and covert action.

This piece is based on a doctoral dissertation, written by Paik, entitled “Building an International Regulatory Regime in Submarine Cables and Global Marine Communications.”

The post International law doesn’t adequately protect undersea cables. That must change. appeared first on Atlantic Council.

Ukraine is on the front lines of global cyber security

Joshua Stein — Tue, 09 Jan 2024 21:37:52 +0000

There is no clear dividing line between “cyber warfare” and “cyber crime.” This is particularly true with regard to alleged acts of cyber aggression originating from Russia. The recent suspected Russian cyber attack on Ukrainian mobile operator Kyivstar is a reminder of the potential dangers posed by cyber operations to infrastructure, governments, and private companies around the world.

Russian cyber activities are widely viewed as something akin to a public-private partnership. These activities are thought to include official government actors who commit cyber attacks and unofficial private hacker networks that are almost certainly (though unofficially) sanctioned, directed, and protected by the Russian authorities.

The most significant government actor in Russia’s cyber operations is reportedly Military Unit 74455, more commonly called Sandworm. This unit has been accused of engaging in cyber attacks since at least 2014. The recent attack on Ukraine’s telecommunications infrastructure was probably affiliated with Sandworm, though specific relationships are intentionally hard to pin down.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Attributing cyber attacks is notoriously difficult; they are designed that way. In some cases, like the attacks on Ukraine’s electrical and cellular infrastructure, attribution is a matter of common sense. In other cases, if there is enough information, security firms and governments can trace attacks to specific sources.

Much of Russian cyber crime occurs through private hacker groups. Russia is accused of protecting criminals who act in the interests of the state. One notable case is that of alleged hacker Maksim Yakubets, who has been accused of targeting bank accounts around the world but remains at large in Russia despite facing charges from the US and UK.

The Kremlin’s preferred public-private partnership model has helped make Russia a major hub for aggressive cyber attacks and cyber crime. Private hacker networks receive protection, while military hacking projects are often able to disguise their activities by operating alongside private attacks, which provide the Kremlin with a degree of plausible deniability.

More than ten years ago, Thomas Rid predicted “cyber war will not take place.” Cyber attacks are not a battlefield, they are a race for digital resources (including access to and control of sensitive devices and accounts). This race has been ongoing for well over a decade.

Part of the reason the US and other NATO allies should be concerned about and invested in the war in Ukraine is that today’s cyber attacks are having an impact on cyber security that is being felt far beyond Ukraine. As Russia mounts further attacks against Ukrainian targets, it is also expanding its resources in the wider global cyber race.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Andy Greenberg’s book Sandworm documents a range of alleged Russian attacks stretching back a number of years and states that Sandworm’s alleged operations have not been limited to cyber attacks against Ukraine. The United States indicted six GRU operatives as part of Sandworm for their role in a series of attacks, including attempts to control the website of the Georgian Parliament. Cyber security experts are also reasonably sure that the NotPetya global attack of 2016 was perpetrated by Sandworm.

The NotPetya attack initially targeted Ukraine and looked superficially like a ransomware operation. In such instances, the victim is normally prompted to send cryptocurrency to an account in order to unlock the targeted device and files. This is a common form of cyber crime. The NotPetya attack also occurred after a major spree of ransomware attacks, so many companies were prepared to make payouts. But it soon became apparent that NotPetya was not ransomware. It was not meant to be profit-generating; it was destructive.

The NotPetya malware rapidly spread throughout the US and Europe. It disrupted global commerce when it hit shipping giant Maersk and India’s Jawaharlal Nehru Port. It hit major American companies including Merck and Mondelez. The commonly cited estimate for total economic damage caused by NotPetya is $10 billion, but even this figure does not capture the far greater potential it exposed for global chaos.

Ukraine is currently on the front lines of global cyber security and the primary target for groundbreaking new cyber attacks. While identifying the exact sources of these attacks is necessarily difficult, few doubt that what we are witnessing is the cyber dimension of Russia’s ongoing invasion of Ukraine.

Looking ahead, these attacks are unlikely to stay in Ukraine. On the contrary, the same cyber weapons being honed in Russia’s war against Ukraine may be deployed against other countries throughout the West. This makes it all the more important for Western cyber security experts to expand cooperation with Ukraine.

Joshua Stein is a researcher with a PhD from the University of Calgary.

Then came many more graphic posts, propelled to virality by both Hamas Telegram channels and a constellation of other Hamas-adjacent paramilitary groups. Within a few hours, the al-Qassam Brigades channel’s distribution grew by more than 50 percent, rising to 337,000 subscribers. Within a matter of days it would surpass 600,000 subscribers. Three other Palestinian militant groups rushed to release self-congratulatory statements about their own roles in the attack, not wanting Hamas to get all the credit. All told, Hamas and Hamas-adjacent groups would produce nearly 6,000 Telegram posts in the first seventy-two hours of the war.

This was an early glimpse of a conflict that would be largely mediated by the internet. In the aftermath of October 7, an audience of tens of millions would turn to social media to understand a terror attack that killed 1,139 people and resulted in the abduction of roughly 240 hostages by Hamas militants. Social media would remain the primary conduit through which audiences tracked and debated Israel’s ensuing siege of Gaza and military operation—one that would kill at least twenty thousand people in the first seventy days of fighting. Many users experienced the crisis not as a series of static news headlines but as a stream of viral events, often accompanied by unverified claims, decontextualized footage, and salacious imagery.

Almost as soon as the war began, it collided with the engineering and policy decisions of social media companies. Differences in their user interfaces, algorithms, monetization systems, and content restrictions meant that the reality of the war could appear wildly distorted within and across platforms. While a full reckoning of social media’s role in the conflict is not yet possible, we wanted to capture early apparent trends: the rapid and mostly uncontested spread of terrorist content on Telegram; the proliferation of false or unverifiable claims on X, formerly Twitter; the often one-sided content moderation decisions of Meta, which worked to the detriment of Palestinian political expression; and deep confusion around TikTok, due to both the insular nature of TikTok communities and a broad lack of understanding about how the TikTok algorithm works.

The post Distortion by design: How social media platforms shaped our initial understanding of the Israel-Hamas conflict appeared first on Atlantic Council.

Ukrainian telecoms hack highlights cyber dangers of Russia’s invasion

Mercedes Sapuppo — Thu, 21 Dec 2023 00:09:09 +0000

A recent cyber attack on Ukraine’s largest telecommunications provider, Kyivstar, caused temporary chaos among subscribers and thrust the cyber front of Russia’s ongoing invasion back into the spotlight. Kyivstar CEO Oleksandr Komarov described the December 12 hack as “the biggest cyber attack on telco infrastructure in the world,” underlining the scale of the incident.

This was not the first cyber attack targeting Kyivstar since Russia launched its full-scale invasion in February 2022. The telecommunications company claims to have repelled around 500 attacks over the past twenty-one months. However, this latest incident was by far the most significant.

Kyivstar currently serves roughly 24 million Ukrainian mobile subscribers and another million home internet customers. This huge client base was temporarily cut off by the attack, which also had a knock-on impact on a range of businesses including banks. For example, around 30% of PrivatBank’s cashless terminals ceased functioning during the attack. Ukraine’s air raid warning system was similarly disrupted, with alarms failing in several cities.

Kyivstar CEO Komarov told Bloomberg that the probability Russian entities were behind the attack was “close to 100%.” While definitive evidence has not yet emerged, a group called Solntsepyok claimed responsibility for the attack, posting screenshots that purportedly showed the hackers breaching Kyivstar’s digital infrastructure. Ukraine’s state cyber security agency, known by the acronym SSSCIP, has identified Solntsepyok as a front for Russia’s GRU military intelligence agency.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The details of the attack are still being investigated but initial findings indicate that hackers were able to breach Kyivstar security via an employee account at the telecommunications company. This highlights the human factor in cyber security, which on this occasion appears to have enabled what Britain’s Ministry of Defense termed as “one of the highest-impact disruptive cyber attacks on Ukrainian networks since the start of Russia’s full-scale invasion.”

This latest cyber attack is a reminder of the threat posed by Russia in cyberspace. Ever since a landmark 2007 cyber attack on Estonia, Russia has been recognized as one of the world’s leading pioneers in the field of cyber warfare. The Kremlin has been accused of using both state security agencies and non-state actors in its cyber operations in order to create ambiguity and a degree of plausible deniability.

While cyber attacks have been a feature of Russian aggression against Ukraine since hostilities first began in 2014, the cyber front of the confrontation has been comparatively quiet following the launch of the full-scale invasion almost two years ago. Some experts are now warning that the recent attack on the Kyivstar network may signal an intensification of Russian cyber activities, and are predicting increased cyber attacks on key infrastructure targets in the coming months as the Kremlin seeks to make the winter season as uncomfortable as possible for Ukraine’s civilian population.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Ukraine’s cyber defense capabilities were already rated as robust before Russia’s full-scale invasion. These capabilities have improved considerably since February 2022, not least thanks to a rapid expansion in international cooperation between Ukraine and leading global tech companies. “Ukraine’s cyber defense offers an innovative template for other countries’ security efforts against a dangerous enemy,” the Financial Times reported in July 2023. “Constant vigilance has been paired with unprecedented partnerships with US and European private sector groups, from Microsoft and Cisco’s Talos to smaller firms like Dragos, which take on contracts to protect Ukraine in order to gain a close-up view of Russian cyber tradecraft. Amazon Web Services has sent in suitcase-sized back-up drives. Cloudfare has provided its protective service, Project Galileo. Google Project Shield has helped fend off cyber intrusions.”

As Ukraine’s cyber defenses grow more sophisticated, Russia is also constantly innovating. Ukrainian cyber security officials recently reported the use of new and more complex malware to target state, private sector, and financial institutions. Accelerating digitalization trends evident throughout Ukrainian society in recent years leave the country highly vulnerable to further cyber attacks.

There are also some indications that Ukrainian cyber security bodies may require reform. In November 2023, two senior officials were dismissed from leadership positions at the SSSCIP amid a probe into alleged embezzlement at the agency. Suggestions of corruption within Ukraine’s cyber security infrastructure are particularly damaging at a time when Kyiv needs to convince the international community that it remains a reliable partner in the fight against Russian cyber warfare.

The Kyivstar attack is a reminder that the Russian invasion of Ukraine is not only a matter of tanks, missiles, and occupying armies. In the immediate aftermath of the recent attack on the country’s telecommunications network, Ukrainian Nobel Peace Prize winner and human rights activist Oleksandra Matviichuk posted that the incident was “a good illustration of how much we all depend on the internet, and how easy it is to destroy this whole system.” Few would bet against further such attacks in the coming months.

Mercedes Sapuppo is a program assistant at the Atlantic Council’s Eurasia Center.

One of the key objectives facing all governments today is to maximize the positive impact of AI while minimizing any unethical use by both developers and users, amid mounting concerns over cyber security and other potential abuses. Clearly, this exciting new technological frontier must be regulated that ensure the safety of individuals, businesses, and states.

Some governments are looking to adopt AI policies that minimize any potential intervention while supporting business; others are attempting to prioritize the protection of human rights. Ukraine is working to strike a balance between these strategic priorities.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Today, Ukraine is among the world’s leading AI innovators. There are more than 60 Ukrainian tech companies registered as active in the field of artificial intelligence, but this is by no means an exhaustive list. Throughout Ukraine’s vibrant tech sector, a large and growing number of companies are developing products and applications involving AI.

The present objective of the Ukrainian authorities is to support this growth and avoid over-regulation of AI. We recognize that the rapid adoption of regulations is always risky when applied to fast-moving innovative fields, and prefer instead to adopt a soft approach that takes the interests of businesses into account. Our strategy is to implement regulation through a bottom-up approach that will begin by preparing businesses for future regulation, before then moving to the implementation stage.

During the first phase, which is set to last two to three years, the Ukrainian authorities will assist companies in developing a culture of self-regulation that will enable them to control the ethics of their AI systems independently. Practical tools will be provided to help businesses adapt their AI-based products in line with future Ukrainian and European legislative requirements. These tools will make it possible to carry out voluntary risk assessment of AI products, which will help businesses identify any areas that need improvement or review.

Ukraine also plans to create a product development environment overseen by the government and involving expert assistance. The aim is to allow companies to develop and test AI products for compliance with future legislation. Additionally, a range of recommendations will be created to provide stakeholders with practical guidelines for how to design, develop, and use AI ethically and responsibly before any legally binding regulations come into force.

For those businesses willing to do more during the initial self-regulation phase, the Ukrainian authorities will prepare voluntary codes of conduct. Stakeholders will also be issued a policy overview providing them with a clear understanding of the government’s approach to AI regulation and clarifying what they can expect in the future.

Eurasia Center events

Graham Brookie: What stands out are the implications for AI use in the US government

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

During the initial phase, the Ukrainian government’s role is not to regulate AI usage, but to help Ukrainian businesses prepare for inevitable future AI regulation. At present, fostering a sense of business responsibility is the priority, with no mandatory requirements or penalties. Instead, the focus is on voluntary commitments, practical tools, and an open dialogue between government and businesses.

The next step will be the formation of national AI legislation in line with the European Union’s AI Act. The bottom-up process chosen by Ukraine is designed to create a smooth transition period and guarantee effective integration.

The resulting Ukrainian AI regulations should ensure the highest levels of human rights protection. While the development of new technologies is by nature an extremely unpredictable process for both businesses and governments, personal safety and security remain the top priority.

At the same time, the Ukrainian approach to AI regulation is also designed to be business-friendly and should help fuel further innovation in Ukraine. By aligning the Ukrainian regulatory framework with EU legislation, Ukrainian tech companies will be able to enter European markets with ease.

AI regulation is a global issue that impacts every country. It is not merely a matter of protections or restrictions, but of creating the right environment for safe innovation. Ukraine’s AI regulation strategy aims to minimize the risk of abuses while making sure the country’s tech sector can make the most of this game-changing technology.

Mykhailo Fedorov is Ukraine’s Vice Prime Minister for Innovations and Development of Education, Science, and Technologies, and Minister of Digital Transformation.

Jointly Building a Community with a Shared Future in Cyberspace, a white paper from the government of the People’s Republic of China (most recently released in 2022 but reissued periodically since 2015), is a continuation of diplomatic efforts to rally the international community around China’s concept of cyber sovereignty.¹ By extending the concept of sovereignty to cyberspace, China makes the argument that the state decides the content, operations, and norms of its internet; that each state is entitled to such determinations as a de facto right of its existence; that all states should have equal say in the administration of the global internet; and that it is the role of the state to balance claims of citizens and the international community (businesses, mostly, but also other states and governing bodies).

But making the world safe for authoritarian governments is only part of China’s motivation. As the key provider of censorship-ready internet equipment and surveillance tools, China’s concept of cyber sovereignty offers political security to other illiberal governments. Case studies in this report demonstrate how such technologies may play a role in keeping China’s friends in power.

The PRC supports other authoritarian governments for good reason. Many countries in which Chinese state-owned enterprises and PRC-based companies own mineral drawing rights or have significant investments are governed by authoritarians. Political instability threatens these investments, and, in some cases, China’s access to critical mineral inputs to its high-tech manufacturing sector. Without a globally capable navy to compel governments to keep their word on contracts, China is at the mercy of democratic revolutions and elite power struggles in these countries. By providing political security to a state through censorship, surveillance, and hacking of dissidents, China improves its chances of maintaining access to strategic plots of land for military bases or critical manufacturing inputs. A government that perceives itself to be dependent on China for political security is in no position to oppose it.

Outside of China’s strategic objectives, the push for a Community with a Shared Future in Cyberspace may also have an operational impact on state-backed hacking teams.

As China’s cybersecurity companies earn more customers, their defenders gain access to more endpoints, better telemetry, and a more complete view of global cyber events. Leveraged appropriately, a larger customer base improves defenses. The Ministry of Industry and Information Technology’s Cybersecurity Threat and Vulnerability Information Sharing Platform, which collects information about software vulnerabilities, also collects voluntary incident response reports from Chinese firms responding to breaches of their customers.² Disclosure of incidents and the vulnerabilities of overseas clients of Chinese cybersecurity firms would significantly increase the PRC’s visibility into global cyber operations by other nations or transnational criminal groups. China’s own defensive posture should also improve as its companies attract more global clients.

China’s offensive teams could benefit, too. Many cybersecurity firms often allow their own country’s security services to operate unimpeded in their customers’ networks.³ Therefore, it is likely that more companies protected by Chinese cybersecurity companies means fewer networks where China’s offensive hacking teams must worry about evading defenses.

This report uses cases studies from the Solomon Islands, Russia, and beyond to show how China is operationalizing its view of cyber sovereignty.

Introduction

A long black slate wall covered in dark hexagonal tiles runs along the side of Nuhong Street in Wuzhen, China, eighty miles southwest of Shanghai. A gap in the middle of the wall leads visitors to the entrance of the Waterside Resort that, for the last nine years, has hosted China’s World Internet Conference, a premier event for Chinese Communist Party (CCP) cyber policymakers.

The inaugural conference didn’t seem like a foreign policy forum. The thousand or so attendees from a handful of countries and dozens of companies listened to a speaker circuit asserting that 5G is the future, big data was changing the world, and the internet was great for economic development—hardly groundbreaking topics in 2014.⁴ But the internet conference was more than a platform for platitudes about the internet: it also served as China’s soft launch for its international strategy on internet governance.

By the last evening of the conference, some of the attendees had already left, choosing the red-eye flight home over another night by the glass-encased pool on the waterfront. Around 11 p.m., papers slid under doorways up and down the hotel halls. Conference organizers went room by room distributing a proclamation they hoped attendees would endorse just nine hours later.⁵ Attendees were stunned. The document said: “During the conference, many speakers and participants suggest [sic] that a Wuzhen declaration be released at the closing ceremony.” The papers, stapled and stuffed under doors, outlined Beijing’s views of the internet. The conference attendees—many of whom were members of the China-friendly Shanghai Cooperation Organization—balked at the last-minute, tone-deaf approach to getting an endorsement of Beijing’s thoughts on the internet. The document went unsigned, and the inaugural Wuzhen internet conference wrapped without a sweeping declaration. It was clear China needed the big guns, and perhaps less shady diplomatic tactics, to persuade foreigners of the merits of their views of the internet.

President Xi Jinping headlined China’s second World Internet Conference in 2015.⁶ This time the organizers skipped the late-night antics. On stage and reportedly in front of representatives from more than 120 countries and many more technology firm CEOs, Xi outlined a vision that is now enshrined in text as “Jointly Building a Community with a Shared Future in Cyberspace.”⁷ The four principles and five proposals President Xi laid out in his speech, which generally increase the power of the state and aim to model the global internet in China’s image, remain a constant theme in China’s diplomatic strategy on internet governance.⁸ In doing so, Xi fired the starting gun on an era of global technology competition that may well lead to blocs of countries aligned by shared censorship and cybersecurity standards. China has reissued the document many times since Xi’s speech, with the latest coming in 2022.

Xi’s 2015 speech came at a pivotal moment in history for China and many other authoritarian regimes. The Arab Spring shook authoritarian governments around the world just years earlier.⁹ Social media-fueled revolutions saw some autocrats overthrown or civil wars started in just a few months. China shared the autocrats’ paranoia. A think tank under the purview of the Cyberspace Administration of China acutely summarized the issue of internet governance, stating: “If our party cannot traverse the hurdle represented by the Internet, it cannot traverse the hurdle of remaining in power for the long term.”¹⁰ Another PRC government agency report went even further: blaming the US Central Intelligence Agency for no fewer than eleven “color revolutions” since 2003: the National Computer Virus Emergency Response Center claimed that the United States was providing critical technical support to pro-democracy protestors.¹¹ Specifically, the center blamed the CIA for five technologies—ranging from encrypted communications to “anti-jamming” WiFi that helped connect protestors—that played into the success of color revolutions. Exuberance in Washington over the internet leveling the playing field between dictators and their oppressed citizens was matched in conviction, if not in tone, by leaders from Beijing to Islamabad.

But China and other repressive regimes could not eschew the internet. The internet was digitizing everything, from social relationships and political affiliations to commerce and trade. Authoritarians needed a way to reap the benefits of the digital economy without introducing unacceptable risks to their political systems. China’s approach, called a Community with a Shared Future in Cyberspace,¹² responds to these threats as a call to action for authoritarian governments and a path toward more amenable global internet governance for authoritarian regimes. It is, as one expert put it, China switching from defense to offense.¹³

The core of China’s approach

The PRC considers four principles key to structuring the future of cyberspace. These principles lay the conceptual groundwork for the five proposals, which reflect the collective tasks to build this new system. Table 1 shows the principles, which were drawn from Xi’s 2015 speech.¹⁴

Table 1: China’s Four Principles, in Xi’s Words

Respect for cyber sovereignty: “The principle of sovereign equality enshrined in the Charter of the United Nations is one of the basic norms in contemporary international relations. It covers all aspects of state-to-state relations, which also includes cyberspace. We should respect the right of individual countries to independently choose their own path of cyber development, model of cyber regulation and Internet public policies, and participate in international cyberspace governance on an equal footing. No country should pursue cyber hegemony, interfere in other countries’ internal affairs or engage in, connive at or support cyber activities that undermine other countries’ national security.”
Maintenance of peace and security: “A secure, stable and prosperous cyberspace is of great significance to all countries and the world. In the real world, there are still lingering wars, shadows of terrorism and occurrences of crimes. Cyberspace should not become a battlefield for countries to wrestle with one another, still less should it become a hotbed for crimes. Countries should work together to prevent and oppose the use of cyberspace for criminal activities such as terrorism, pornography, drug trafficking, money laundering and gambling. All cyber crimes, be they commercial cyber thefts or hacker attacks against government networks, should be firmly combated in accordance with relevant laws and international conventions. No double standards should be allowed in upholding cyber security. We cannot just have the security of one or some countries while leaving the rest insecure, still less should one seek the so-called absolute security of itself at the expense of the security of others.”
Promotion of openness and cooperation: “As an old Chinese saying goes, ‘When there is mutual care, the world will be in peace; when there is mutual hatred, the world will be in chaos.’ To improve the global Internet governance system and maintain the order of cyberspace, we should firmly follow the concept of mutual support, mutual trust and mutual benefit and reject the old mentality of zero-sum game or ‘winner takes all.’ All countries should advance opening-up and cooperation in cyberspace and further substantiate and enhance the opening-up efforts. We should also build more platforms for communication and cooperation and create more converging points of interests, growth areas for cooperation and new highlights for win-win outcomes. Efforts should be made to advance complementarity of strengths and common development of all countries in cyberspace so that more countries and people will ride on the fast train of the information age and share the benefits of Internet development.”
Cultivation of good order: “Like in the real world, freedom and order are both necessary in cyberspace. Freedom is what order is meant for and order is the guarantee for freedom. We should respect Internet users’ rights to exchange their ideas and express their minds, and we should also build a good order in cyberspace in accordance with law as it will help protect the legitimate rights and interests of all Internet users. Cyberspace is not a place beyond the rule of law. Cyberspace is virtual, but players in cyberspace are real. Everyone should abide by the law, with the rights and obligations of parties concerned clearly defined. Cyberspace must be governed, operated and used in accordance with law, so that the Internet can enjoy sound development under the rule of law. In the meantime, greater efforts should be made to strengthen ethical standards and civilized behaviors in cyberspace. We should give full play to the role of moral teachings in guiding the use of the Internet to make sure that the fine accomplishments of human civilizations will nourish the growth of cyberspace and help rehabilitate cyber ecology.”

The four principles are not of equal importance. “Respecting cyber sovereignty” is the cornerstone of China’s vision for global cyber governance. China introduced and argued for the concept in its first internet white paper in 2010.¹⁵ But cyber sovereignty is not itself controversial. The idea that a government can regulate things within its borders is nearly synonymous with what it means to be a state. Issues arise with the prescriptive and hypocritical nature of the three following principles.

Under the “maintenance of peace and security principle,” China—a country with a famously effective and persistent ability to steal and commercialize foreign intellectual property¹⁶—suggests that all countries should abhor cyberattacks that lead to IP theft or government spying. Xi’s statement establishes equivalency between two things held separate in Western capitalist societies: intellectual property rights and trade secrets versus espionage against other governments. China holds what the US prizes but cannot defend well, IP and trade secrets, next to what China prizes but cannot guarantee for itself, the confidentiality of state secrets. The juxtaposition was an implicit bargain and one that neither would accept. In considering China’s proposition, the US continuation of traditional intelligence-collection activities contravenes China’s “peace and security principle,” providing the Ministry of Foreign Affairs spokesperson a reason to blame the United States when China is caught conducting economic espionage.

“Promotion of openness and cooperation” is mundane enough to garner support until users read the fine print or ask China to act on this principle. Asking other countries to throw off a zero-sum mentality and view the internet as a place for mutual benefit, Xi unironically asks states to pursue win-win benefits. This argument blatantly ignores the clear differences in market access between foreign tech companies in the PRC and Chinese firms’ access to foreign markets. Of course, if a country allows a foreign firm into its market, by Xi’s argumentation, the country must have decided it was a win-win decision. It’s unclear if refusing market access to a Chinese company would be acceptable or if that would fall under zero-sum mentality and contravene the value of openness. Again, China’s rhetoric misrepresents the conditions it would likely accept.

Cultivating “good order” in cyberspace, at least as Xi conceptualizes it, is impossible for democratic countries with freedom of speech. Entreaties that “order” be the guarantor of freedom of speech won’t pass muster in many nations, at least not the “order” sought by China’s policymakers. A report from the Institute for a Community with a Shared Future shines light onto what type of content might upset the “good order.” In its Governing the Phenomenon of Online Violence Report, analysts identify political scandals like a deadly 2018 bus crush in Chongqing or the 2020 “Wuhan virus leak rumor” as examples of online violence, alongside a case where a woman was bullied to suicide.¹⁷ Viewing political issues as “online violence” associated with good order is not just a one-off report. Staff at the Institute argue that rumors spread at the start of the pandemic in 2020 “highlight the necessity and urgency of building a community with a shared future in cyberspace.”¹⁸ For China, “online violence” is a euphemism for speech deemed politically sensitive by the government. If “making [the internet] better, cleaner and safer is the common responsibility of the international community,”¹⁹ as Xi argues, how will China treat countries it sees as abrogating its responsibility to combat such online violence? Will countries whose internet service providers rely on Chinese cloud companies or network devices be able to decide that criticizing China is acceptable within its own borders?

China’s five proposals

The five proposals used to construct China’s Community with a Shared Future in Cyberspace carry less weight and importance than its four principles. The proposals are not apparently attached to specific funding or policy initiatives, and did not receive attention from China’s foreign ministry. They are, at most, way stations along the path to a shared future. The proposals are:

Speeding up the construction of a global internet infrastructure and promoting interconnectivity.
Building an online platform for cultural exchange and mutual learning.
Promoting the innovative development of the cyber economy and common prosperity.
Maintaining cyber security and promoting orderly development.
Building an internet governance system and promoting equity and justice.

Implications and the future of the global internet

China’s argument for its view of global internet governance and the role of the state rests on solid ground. The PRC frequently points to the General Data Protection Regulation (GDPR) in the European Union as a leading example of the state’s role in internet regulation. The GDPR allows EU citizens to have their data deleted, forces businesses to disclose data breaches, and requires websites to give users a choice to accept or reject cookies (and what kind) each time they visit a new website. China points to concerns in the United States over foreign interference on social media as evidence of US buy-in on China’s view of cyber sovereignty. Even banal regulations like the US “know your customer” rule—which requires some businesses to collect identifying personal information about users, usually for tax purposes—fit into Beijing’s bucket of evidence. But the alleged convergence between the views of China and democratic nations stops there.

Divergent values between liberal democracies and the coterie of PRC-aligned autocracies belie our very different interpretations of the meaning of cyber sovereignty. A paper published in the CCP’s top theoretical journal mentions both the need to regulate internet content and “promote positive energy,” a Paltrowesque euphemism for party-boosting propaganda, alongside

endorsements of the cyber sovereignty principle.²⁰ The article extrapolates on what Xi made clear in his 2015 speech. For the CCP, censorship and sovereignty are inextricably linked.

These differences are not new. Experts dedicate significant coverage to ongoing policy arguments at the UN, where China repeatedly pushes to classify the dissemination of unwanted content—read politically intolerable—as a crime.²¹ As recently as January 2023, China offered an amendment to a UN treaty attempting to make sharing false information online illegal.²² A knock-on effect of media coverage related to disinformation campaigns from China and Russia—despite their poor performance²³—means policymakers, pundits, and journalists make China’s point that narratives promoted by other nations is an issue to be solved. What counts as disinformation can be meted out on a country-by-country basis. The tension between the desire to protect democracy from foreign influence and the liberal value of promoting free speech and truth in authoritarian systems is palpable.
The United States has fueled the CCP’s concern with its public statements. China’s internet regulators criticized the United States’ Declaration for the Future of the Internet.²⁴ The CCP, which is paranoid about foreign attempts to support “color revolutions” or foment regime change, is rightfully concerned. The United States’ second stated principle for digital technologies is to promote “democracy,” a value antithetical to continuing CCP rule over the PRC. The universal value democratic governments subscribe to—the consent of the governed—drives the US position on the benefits of connectedness. That same value scares authoritarian governments.

Operationalizing our shared future

Jointly Build a Community with a Shared Future in Cyberspace alludes to the pathways the CCP will use to act on its vision. The document includes detailed statistics about the rollout of IPv6—a protocol for issuing internet-connected device addresses that could ease surveillance—use of the Beidou Satellite Navigation system within China and elsewhere, the domestic and international use of 5G, development of transformational technologies like artificial intelligence and Internet of Things devices, and the increasingly widespread use of internet-connected industrial devices.²⁵ The value of different markets, like that of e-commerce or trade enabled by any of the preceding systems, are repeated many times over the course of the document. It’s clear that policymakers see the fabric of the internet—its devices, markets, and economic value—as expanding. Owning the avenues of expansion, then, is key to spreading the CCP’s values as much as it is about making money.

Authoritarian and nondemocratic developing countries provide a bountiful market for China’s goods. Plenty of developing nations and authoritarian governments want to tighten control over the internet in their countries. Recent research demonstrates an increasing number of incidents when governments shut off the internet in their countries—a good proxy for their interest in censorship.²⁶ These governments need the technology and tools to finely tune their control over the internet. Owing to the political environment inside the PRC, Chinese tech firms already build their products to facilitate censorship and surveillance.²⁷ Some countries are having luck rolling out these services. The Australian Strategic Policy Institute found that “with technical support from China, local governments in East Africa are escalating censorship on social media platforms and the internet.”²⁸ These findings are mirrored by reporting from Censys, a network data company, that found, among other things, a significant footprint for PRC-made network equipment in four African countries.²⁹ In fact, there is no public list of countries that acknowledge supporting the Community with a Shared Future in Cyberspace approach, but there are good indicators for which nations are mostly likely to participate.

A 2017 policy paper entitled International Strategy of Cooperation on Cyberspace indicated that China would carry out “cybersecurity cooperation” with “the Conference on Interaction and Confidence Building Measures in Asia (CICA), Forum on China-Africa Cooperation (FOCAC), China-Arab States Cooperation Forum, Forum of China and the Community of Latin American and Caribbean States and Asian-African Legal Consultative Organization.”³⁰ But an international strategy document stating the intent to cooperate with most of the Global South is not the same as actually doing so. The 2017 strategy document is, at most, aspirational.

Instead, bilateral agreements and technical agreements between government agencies to work together on cybersecurity or internet governance are better indicators of who is part of China’s “community with a shared future.” For example, Cuba and the PRC signed a comprehensive partnership agreement on cybersecurity in early 2023, though the content of the deal remains secret.³¹ China has made few public announcements about other such agreements. In their place, the China National Computer Emergency Response Center (CNCERT) has “established partnerships with 274 CERTs in 81 countries and territories and signed cybersecurity cooperation memorandums with 33 of them.”³² But even these countries are not publicly identified.³³ A few nations or groups are regularly mentioned around the claims of CNCERT’s international partnerships, however. Thailand, Cambodia, Laos, Malaysia, the Association of Southeast Asian Nations, the United Arab Emirates, Saudi Arabia, Brazil, South Africa, Benin, and the Shanghai Cooperation Organization are frequently mentioned. The paper on jointly building a community also mentions the establishment of the China-ASEAN Cybersecurity Exchange and Training Center, the utility of which may be questioned given China’s track record of state-backed hacking campaigns against its members.³⁴

Along with the identity of their signatories, the contents of these agreements and their benefits also remain private. Without access to any of these agreements, one can only speculate about their benefits. There are also no countries especially competent at cyber operations or cybersecurity mentioned in the list above. The result may be that CNCERT and its certified private-sector partners receive “first dibs” when government agencies or other entities in these countries need incident response services; receiving favorable terms or financing from the Export-Import Bank of China to facilitate the purchase of PRC tech also aligns with other observed behavior.³⁵

Besides favorable terms of trade for PRC tech and cybersecurity firms, some of the CNCERT international partners may also be subject to intelligence-sharing agreements. CNCERT operates a software vulnerability database called China National Information Security Vulnerability Sharing Platform, which accepts submissions from the public and partners with at least three other vulnerability databases.³⁶ CNCERT’s international partnerships could add another valuable pipeline of software vulnerability information into China’s ecosystem. Moreover, under a 2021 regulation, Chinese firms conducting incident response for clients can voluntarily disclose those incidents to the Ministry of Industry and Information Technology’s “Cybersecurity Threat and Vulnerability Information Sharing Platform,” which has a separate system for collecting information about breaches.³⁷ The voluntary disclosure of incidents and mandatory disclosure of vulnerabilities observed in overseas clients of Chinese cybersecurity firms would significantly increase the PRC’s visibility into global cyber operations by other nations or transnational criminal groups.

Offensive capabilities, not just global cybersecurity, might be on CCP policymakers’ minds, too, when other countries agree to partner with China. Cybersecurity firms frequently allow their own country’s offensive teams to work unimpeded on their customers’ networks: with each new client China’s cybersecurity companies add to their rosters, China’s state-backed hackers may well gain another network where they can work without worrying about defenders.³⁸ In this vein, Chen Yixin, the head of the Ministry of State Security, attended a July 2023 meeting of the Cyberspace Administration of China that underlined the importance of the Community with a Shared Future in Cyberspace.³⁹ In September 2023, Chen published commentary in the magazine of the Cyberspace Administration of China arguing that supporting the Shared Future in Cyberspace was important work.⁴⁰ Researchers from one cybersecurity firm found that the PRC has been conducting persistent, offensive operations against many African and Latin American states, even launching a special cross-industry working group to monitor PRC activities in the Global South.⁴¹ Chinese cybersecurity companies operating in those markets have not drawn similar attention to those operations.

But China’s network devices and cybersecurity companies don’t just facilitate surveillance, collect data for better defense, or offer a potential offensive advantage, they can also be used to shore up relationships between governments and provide Beijing an avenue for influence. The Wall Street Journal exposed how Huawei technicians were involved in helping Ugandan security services track political opponents of the government.⁴² China’s government and its companies support such operations elsewhere, too. One source alleged that PRC intelligence officers were involved in cybersecurity programs of the UAE government, including offensive hacking and collection for the security services.⁴³ The closeness of the relationship is apparent in other ways, too. The UAE is reportedly allowing China’s military to build a naval facility, jeopardizing the longevity of US facilities in the area, and tarnishing the UAE’s relationship with the United States.⁴⁴

Providing other nondemocratic governments with offensive services and capabilities allows China to form close relationships with other regimes whose primary goal, like the CCP, is to maintain the current government’s hold on power. In illiberal democracies, such cooperation helps Beijing expand its influence and provides backsliding governments capabilities they would not otherwise have.

China is plainly invested in the success of many other nondemocratic governments. Around the world, state-owned enterprises and private companies have inked deals in extractive industries that total billions of dollars. Many of these deals, say for mining copper or rare earth elements, provide critical inputs to China’s manufacturing capacity—they are the lifeblood of many industries, from batteries to semiconductors.⁴⁵ In countries without strong rule of law, continued access to mining rights may depend on the governments that signed and approved those operations staying in power. China is already suffering from such abrogation of agreements in Mexico after the country’s president renationalized the country’s lithium deposits.⁴⁶ Countries where China has significant interests, like the Democratic Republic of the Congo, are also considering nationalizing such assets.⁴⁷ Close relationships with political elites, bolstered by agreements that provide political security, make it more difficult for those elites to renege on their contracts—or lose power to someone else who might.

China cannot currently project military power around the world to enforce contracts or compel other governments. In lieu of a blue-water navy, China offers what essentially amounts to political security services by censoring internet content, monitoring dissidents, and hacking political opponents—and a way to align the interests of other authoritarian governments with its own. If a political leader feels that China is a guarantor of their own rule, they are much more likely to side with Beijing on matters big and small. A recent series of events in the Solomon Islands provide a portrait of what this can look like.

Case studies in China’s “shared future”

The saga surrounding the Solomon Islands provides a good example of China’s model for internet governance and the reasons for its adoption.

Over the course of 2022, the international community watched as the Solomon Islands vacillated on its course and in statements, and prevaricated about secret commitments to build a naval base for China. After a draft agreement for the Solomon Islands to host the People’s Liberation Army Navy (PLAN), the navy of the CCP’s military, was leaked to the press in March 2022, representatives of the Solomon Islands stated the agreement would not allow PLA military bases.⁴⁸ Senior delegations from both Australia and the United States rushed to meet with representatives of the Pacific Island nation.⁴⁹ Even opposition leaders in the Solomon Islands—who were surprised by the leaked documents—agreed that claims of PLA military bases should not be taken at face value.⁵⁰ The back and forth by the Solomon Islands’ political parties worried China. In May 2022, a Chinese hacking team breached the Solomon Islands’ government systems, likely to assess the future of their agreement in the face of the island nation’s denials.⁵¹

But the denials only bought Solomon Islands Prime Minister Manasseh Sogavare more time. In August, the ruling party introduced a bill to delay elections from May 2023 to December of that year.⁵² Shortly thereafter, the Solomon Islands announced a deal to purchase 161 Huawei telecoms towers financed by the Export-Import Bank of China.⁵³ (The deal came just four years after Australia had successfully prevented the Solomon Islands from partnering with Huawei to lay undersea cables to provide internet access to the island nation.)⁵⁴ Months later, the foreign press reported in October 2022 that the Solomon Islands had sent police to China for training.⁵⁵ Local contacts in the security services may be useful for the PRC. A provision of the drafted deal leaked in March 2022 allows PLA service members to travel off base in the event of “social unrest.”⁵⁶ Such contacts could facilitate interventions in a political crisis on behalf of PM Sogavare or his successor. In the summer of 2023, China and the Solomon Islands signed an agreement expanding cooperation on cybersecurity and policing.⁵⁷

To recap, in a single year the Solomon Islands agreed to host a PLAN base, delayed an election for Beijing’s friend, sent security services to train in the PRC, and rolled out PRC-made telecommunications equipment that can facilitate surveillance of political opponents. In the international system the CCP seeks, one that makes normal the censorship of political opponents and makes it a crime to disseminate information critical of authoritarian regimes, the sale of censorship as a service directly translates into the power to influence domestic politics in other nations. If there was a case study to sell China’s version of internet governance to nascent authoritarian regimes around the world, it would be the Solomon Islands.

In the international system the CCP seeks, one that makes normal the censorship of political opponents and makes it a crime to disseminate information critical of authoritarian regimes, the sale of censorship as a service directly translates into the power to influence domestic politics in other nations.

For countries with established authoritarian regimes, buying into China’s vision of internet governance and control is less about delaying elections and buying Huawei cell towers, and more about the transfer of expertise and knowledge of how to repress more effectively. Already convinced on the merits of China’s vision, these governments lack the expertise and technical capabilities to implement their shared vision of control over the internet.

Despite its capable but sometimes blunder-prone intelligence services, Russia was recently found to be soliciting technical expertise and training from China on how to better control its domestic internet content.⁵⁸Documents obtained by Radio Free Europe/Radio Liberty detailed how Russian government officials met with teams from the Cyberspace Administration of China in 2017 and 2019 to discuss how to crack down on virtual private networks, messaging apps, and online content. Russian officials even went so far as to request that a Russian team visit China to better understand how China’s Great Firewall works and how to “form a positive image” of Russia on the domestic and foreign internet.⁵⁹ The leaked documents align with what the PRC’s policy document details already.

Since 2016, they have co-hosted five China-Russia Internet Media Forum[s] to strengthen new media exchanges and cooperation between the two sides. Through the Sino-Russian Information Security Consultation Mechanism, they have constantly enhanced their coordination and cooperation on information security.

The two countries formalized the agreement that served as the basis for their cooperation on the sidelines of the World Internet Conference in 2019.⁶⁰ They could not have picked a better venue to signify what China’s Community with a Shared Future in Cyberspace policy would mean for the world.

The Solomon Islands and Russia neatly capture the spectrum of countries that might be most interested in China’s vision for the global internet. At each step along the spectrum, China has technical capabilities, software, services, and training it can offer to regimes from Borneo to Benin.

In conclusion, the chart below provides a visualization of the spectrum of countries that could be the most interested in implementing China’s Community for a Shared Future in Cyberspace.⁶¹

Figure 1: PRC tech influence vs. democracy index score

Sources: Data from “China Index 2022: Measuring PRC Influence Around the Globe,” Doublethink Lab and China In The World Lab, https://china-index.io/; and “The World’s Most, and Least, Democratic Countries in 2022,” Economist, February 1, 2023, https://www.economist.com/graphic-detail/2023/02/01/the-worlds-most-and-least-democratic-countries-in-2022.

By combining data from The Economist Democracy Index (a proxy for a country’s adherence to democratic norms and institutions) and Doublethink Lab’s China Index for PRC Technology Influence (limited to eighty countries and a proxy for a country’s exposure to, and integration of, PRC technology in its networks and services), this chart represents countries with low scores on democracy and significant PRC technology influence in the bottom right. Based on this chart, Pakistan in the most likely to support the Shared Future concept. Indeed, Pakistan has its own research center on the “Community for a Shared Future” concept.⁶²The research center is hosted by the Communications University of China, which works closely with the CCP’s International Liaison Department responsible for keeping good relationships with foreign political parties.

Internet conference goes prime time

The 2022 Wuzhen World Internet Conference got an upgrade and name change: the annual conference became an organization based in Beijing and the summit continues as its event, now called the World Internet Conference (WIC). The content from all previous Wuzhen conferences plasters the new organization’s website.⁶³

An odd collection of six entities founded the new WIC organization: Groupe Speciale Mobile Association (GSMA), a mobile device industry organization; China Internet Network Information Center (CNNIC), which is responsible for China’s top-level .cn domain and IPv6 rollout, among others functions; ChinaCERT, mentioned above; Alibaba; Tencent; and Zhejiang Labs.⁶⁴ Another report by the author connects the last organization, Zhejiang Labs, to research on AI for cybersecurity and some oversight by members of the PLA defense establishment.⁶⁵

Though the Wuzhen iteration of the conference also included components of competition for technical innovation and research, the new collection of organizations overseeing WIC suggests it will focus more on promoting the fabric of the internet—hardware, software, and services—made by PRC firms. China’s largest tech companies including Alibaba and Tencent stand to benefit from China’s vision for global internet governance if the PRC can convince other countries to support its aims (and choose PRC firms to host their data in the process). Any policy changes tied to the elevation of the conference will become apparent over the coming years. For now, WIC will maintain the mission and goals of the Wuzhen conference.

Conclusion

China’s vision for the internet is really a vision for global norms around political speech, political oppression, and the proliferation of tools and capabilities that facilitate surveillance. Publications written by current and former PRC government officials on China’s “Shared Future for Humanity in Cyberspace” argue that the role of the state has been ignored until now, that each state can determine what is allowed on its internet—through the idea of cyber sovereignty, and that the political interests of the state are the core value that drives decision-making. Dressed up in language about the future of humanity, China’s vision for the internet is one safe for authoritarians to extract value from the interconnectedness of today’s economy while limiting risk to their regime’s stability.

China is likely to pursue agreements on cybersecurity and internet content control in regimes where it stands to lose most if the government changed hands. China’s grip on the critical minerals market is only as strong as its partners’ grip on power. In many authoritarian, resource-rich countries, a change of government could mean the renegotiation of contracts for access to natural resources or their outright nationalization—jeopardizing China’s access to important industrial inputs. Although internet censorship and domestic surveillance capabilities do not guarantee an authoritarian government will stay in power, it does improve their odds. China lacks a globally capable navy to project power and enforce contracts negotiated with former governments, so keeping current signatories in power is China’s best bet.

China will not have to work hard to promote its vision for internet governance in much of the world. Instead of China advocating for a new system that countries agree to use, then implement, the causality is reversed. Authoritarian regimes that seek economic benefits of widespread internet access are more apt to deploy PRC-made systems that facilitate mass surveillance, thus reducing the risks posed by increased connectivity. China’s tech companies are well-positioned to sell these goods, as their domestic market has forced them to perfect the capabilities of oppression.⁶⁶ The example of Russia’s cooperation and learning from China demonstrates what the demand signal from other countries might look like. Elsewhere, secret agreements between national CERTs could facilitate access that allows for greater intelligence collection and visibility. Many Arabian Gulf countries already deploy PRC-made telecoms kit and hire PRC cybersecurity firms to do sensitive work. As the world’s autocrats roll out China’s technology, their countries will be added to the brochures of firms advertising internet connectivity, surveillance, and censorship services to their peers. Each nation buying into China’s Community for a Shared Future may well be a case study on the successful use of internet connectivity without increasing political risks: a world with fewer Arab Springs or “color revolutions.”

About the author

Dakota Cary is a nonresident fellow at the Atlantic Council’s Global China Hub and a consultant at SentinelOne. He focuses on China’s efforts to develop its hacking capabilities.

The author extends special thanks to Nadège Rolland, Tuvia Gering, Tom Hegel, Kenton Thibaut, and Kitsch Liao for their edits and contributions.

Report Sep 6, 2023

Sleight of hand: How China weaponizes software vulnerabilities

By Dakota Cary and Kristin Del Rosso

China’s new vulnerability management system mandates reporting to MIIT within 48 hours, restricting pre-patch publication and POC code. This centralized approach contrasts with the US voluntary system, potentially aiding Chinese intelligence. MIIT shares data with the MSS, affecting voluntary databases as well. MSS also fund firms to provide vulnerabilities for their offensive potential.

China Cybersecurity

The 5×5 Jan 30, 2023

The 5×5—China’s cyber operations

By Simon Handler

Experts provide insights into China’s cyber behavior, its structure, and how its operations differ from those of other states.

China Cybersecurity

Issue Brief Nov 28, 2022

How the Chinese government is financing its way to becoming a techno-superpower

By Ngor Luong

Beijing is committed to becoming a state-led and self-sufficient techno-superpower. In doing so, the Chinese government is consolidating its influence in both the domestic market and overseas markets where Chinese firms are active, while simultaneously mobilizing public, private, and public-private investment vehicles to support these tech ambitions.

China Economy & Business

1 “China’s Internet White Paper,” China.org.cn, last modified June 8, 2010, accessed January 24, 2022, https://web.archive.org/web/20220124005101/http:/www.china.org.cn/government/whitepaper/2010-06/08/content_20207978.htm.

2 Dakota Cary and Kristin Del Rosso, “Sleight of Hand: How China Weaponizes Software Vulnerability,” Atlantic Council, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/report/sleight-of-hand-how-china-weaponizes-software-vulnerability/.

3 I assume that a process for counterintelligence and operational deconfliction exists within the PRC security services, particularly for the more than one hundred companies that support the civilian intelligence service. Other mature countries have such processes and I graciously extend that competency to China.

4 Liu Zheng, “Foreign Experts Keen on Interconnected China Market,” China Daily, 2014, https://www.wuzhenwic.org/2014-11/20/c_548230.htm.

5 Catherine Shu, “China Tried to Get World Internet Conference Attendees to Ratify This Ridiculous Draft Declaration,” TechCrunch, 2014, https://techcrunch.com/2014/11/20/worldinternetconference-declaration/.

6 Xi Jinping, “Remarks by H.E. Xi Jinping President of the People’s Republic of China at the Opening Ceremony of the Second World Internet Conference,” Ministry of Foreign Affairs of the People’s Republic of China, December 24, 2015, https://www.fmprc.gov.cn/eng/wjdt_665385/zyjh_665391/201512/t20151224_678467.html.

7 State Council Information Office of the People’s Republic of China, “Full Text: Jointly Build a Community with a Shared Future in Cyberspace,” November 7, 2022, http://english.scio.gov.cn/whitepapers/2022-11/07/content_78505694.htm. At the time, Xi was building on the nascent “shared future for humanity” concept introduced at the Eighteenth Party Congress in 2012; see Xinhua News Agency, “A Community of Shared Future for All Humankind,” Commentary, March 20, 2017, http://www.xinhuanet.com/english/2017-03/20/c_136142216.htm. However, state media has since claimed that the “shared future” concept was launched during a March 2013 event that Xi participated in while visiting Moscow; see Central Cyberspace Affairs Commission of the People’s Republic of China, “共行天下大道共创美好未来——写在习近平主席提出构建人类命运共同体理念十周年之际,” PRC, March 24, 2023, http://www.cac.gov.cn/2023-03/24/c_1681297761772755.htm. The party rolled out the concept as part of its foreign policy and even added its language to the constitution in 2018; see N. Rolland [@RollandNadege], “My latest for @ChinaBriefJT on China’s ‘community with a shared future for humanity,’ which is BTW now enshrined in PRC Constitution,” Twitter (now X), February 26, 2018, https://twitter.com/RollandNadege/status/968152657226555392, as also seen in N. Rolland, ed., An Emerging China-Centric Order: China’s Vision for a New World Order in Practice, National Bureau of Asian Research, 2020, https://www.nbr.org/wp-content/uploads/pdfs/publications/sr87_aug2020.pdf.

8 The PRC has even republished the 2015 document with updated statistics every few years, most recently in 2022; see State Council Information Office, “Full Text: Jointly Build a Community with a Shared Future in Cyberspace.”

9 US Director of National Intelligence (DNI), “Digital Repression Growing Globally, Threatening Freedoms,” [PDF file], ODNI, April 24, 2023, https://www.dni.gov/files/ODNI/documents/assessments/NIC-Declassified-Assessment-Digital-Repression-Growing-April2023.pdf.

10 E. Kania et al., “China’s Strategic Thinking on Building Power in Cyberspace,” New America, September 25, 2017, https://www.newamerica.org/cybersecurity-initiative/blog/chinas-strategic-thinking-building-power-cyberspace/.

11 National Computer Virus Emergency Response Center, “‘Empire of Hacking’: The U.S. Central Intelligence Agency—Part I,” [PDF file], May 4, 2023, https://web.archive.org/web/20230530221200/http:/gb.china-embassy.gov.cn/eng/PressandMedia/Spokepersons/202305/P020230508664391507653.pdf.

12 Occasionally, translations refer to this as “a Community with a Shared Destiny [for Mankind]” or “Shared Future for Humanity in Cyberspace.” See State Council Information Office of the People’s Republic of China, “Full text: Jointly Build a Community with a Shared Future in Cyberspace.”

13 Thanks to Nadege Rolland for her keen insight.

14 Xi, “Remarks by H.E. Xi Jinping President of the People’s Republic of China.”

15 “China’s Internet White Paper,” China.org.cn. Thanks to Tuvia Gering for flagging this.

16 W. C. Hannas, J. Mulvenon, and A. B. Puglisi, Chinese Industrial Espionage: Technology Acquisition and Military Modernisation (Abingdon, United Kingdom: Routledge, 2013), https://doi.org/10.4324/9780203630174.

17 Institute for a Community with Shared Future, “《网络暴力现象治理报告》 [Governance Report on the Phenomenon of Internet Violence],” Communication University of China, July 1, 2022, https://web.archive.org/web/20221205001148/https:/icsf.cuc.edu.cn/2022/0701/c6043a194580/page.htm; andInstitute for a Community with Shared Future, “Full Text《网络暴力现象治理报告》[Governance Report on the Phenomenon of Internet Violence],” Communication University of China, July 1, 2022, https://archive.ph/B741D.

18 Institute for a Community with Shared Future, “Understanding the Global Cyberspace Development and Governance Trends to Promote the Construction of a Cyberspace Community with a Shared Future,” Communication University of China, September 9, 2020, www.archive.ph/7XQyX.

19 Xi, “Remarks by H.E. Xi Jinping President of the People’s Republic of China.”

20 R. Creemers, P. Triolo, and G. Webster, “Translation: China’s New Top Internet Official Lays Out Agenda for Party Control Online,” New America, September 24, 2018, https://www.newamerica.org/cybersecurity-initiative/digichina/blog/translation-chinas-new-top-internet-official-lays-out-agenda-for-party-control-online/.

21 M. Schmitt, “The Sixth United Nations GGE and International Law in Cyberspace,” Just Security (forum), June 10, 2021, https://www.justsecurity.org/76864/the-sixth-united-nations-gge-and-international-law-in-cyberspace/; and S. Sabin, “The UN Doesn’t Know How to Define Cybercrime,” Axios Codebook (newsletter), January 10, 2023, https://www.axios.com/newsletters/axios-codebook-e4388c1d-d782-4743-b96f-c228cdc7baa1.html.

22 A. Martin, “China Proposes UN Treaty Criminalizes ‘Dissemination of False Information,’ ” Record, January 17, 2023, https://web.archive.org/web/20230118135457/https:/therecord.media/china-proposes-un-treaty-criminalizing-dissemination-of-false-information/.

23 R. Serabian and L. Foster, “Pro-PRC Influence Campaign Expands to Dozens of Social Media Platforms, Websites, and Forums in at Least Seven Languages, Attempted to Physically Mobilize Protesters in the U.S.,” Mandiant, September 7, 2021, https://www.mandiant.com/resources/blog/pro-prc-influence-campaign-expands-dozens-social-media-platforms-websites-and-forums; and G. Eady et al., “Exposure to the Russian Internet Research Agency Foreign Influence Campaign on Twitter in the 2016 US Election and Its Relationship to Attitudes and Voting Behavior, Nature Communications 14, no. 62 (2023), https://www.nature.com/articles/s41467-022-35576-9#MOESM1.

24 State Council of Information Office, PRC, “LIVE: Press Conference on White Paper on Jointly Building Community with Shared Future in Cyberspace,” New China TV, streamed live November 6, 2022, YouTube video, https://www.youtube.com/watch?v=hBYbjnSeLX0.

25 China Daily, “Jointly Build a Community with a Shared Future in Cyberspace,” November 8, 2022, https://archive.ph/ch3LP+.

26 Access Now, “Internet Shutdowns in 2022,” 2023, https://www.accessnow.org/internet-shutdowns-2022/.

27 K. Drinhausen and J. Lee, “CCP 2021: Smart Governance, Cyber Sovereignty, and Tech Supremacy,” Mercator Institute for China Studies (MERICS), June 15, 2021, https://merics.org/en/ccp-2021-smart-governance-cyber-sovereignty-and-tech-supremacy.

28 N. Attrill and A. Fritz, “China’s Cyber Vision: How the Cyberspace Administration of China Is Building a New Consensus on Global Internet Governance,” Australian Strategic Policy Institute, November 24, 2021, https://www.aspi.org.au/report/chinas-cyber-vision-how-cyberspace-administration-china-building-new-consensus-global.

29 S. Hoffman, “Potential Chinese influence on African IT infrastructure,” Censys, March 8, 2023, https://censys.com/potential-chinese-influence-on-african-it-infrastructure/.

30 Xinhua, “Full Text: International Strategy of Cooperation on Cyberspace,” March 1, 2017, https://perma.cc/GDY6-6ZF8.

31 Prensa Latina, “Cuba and China Sign Agreement on Cybersecurity,” 2023, April 3, 2023, https://www.plenglish.com/news/2023/04/03/cuba-and-china-sign-agreement-on-cybersecurity/.

32 China Daily, “Jointly Build.” CNCERT is a government-organized nongovernmental organization, not a direct government agency. It reports incidents and software vulnerabilities to PRC government agencies, including the 867-917 National Security Platform, and a couple of Ministry of Public Security Bureaus. See About Us (archive.vn).

33 When asked for records of these international partners, CNCERT directed the author back to the home page of the organization’s website.

34 Matt Burgess, “China Is Relentlessly Hacking Its Neighbors,” Wired, February 28, 2023, https://www.wired.com/story/china-hack-emails-asean-southeast-asia/.

35 Asian Development Bank, “Information on the Export-Import Bank of China,” n.d., https://www.adb.org/sites/default/files/linked-documents/46058-002-sd-04.pdf.

36 D. Cary and K. Del Rosso, Sleight of Hand: How China Weaponizes Software Vulnerabilities, Atlantic Council, September 6, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/report/sleight-of-hand-how-china-weaponizes-software-vulnerability/

37 Cary and Del Rosso, Sleight of Hand.

38 I assume that a process for counterintelligence and operational deconfliction exists with the PRC security services. Other mature countries have such processes and I graciously extend that competency to China.

39 Xinhua, “习近平对网络安全和信息化工作作出重要指示,” July 15, 2023, https://archive.ph/GkqnS.

40 Chen Yixin, Secretary of the Party Committee and Minister of the Ministry of National Security, “Strengthening National Security Governance in the Digital Era,” China Internet Information Journal, September 26, 2023, (中国网信). 国家安全部党委书记、部长陈一新：加强数字时代的国家安全治理–理论-中国共产党新闻网 (archive.ph).

41 M. Hill, “China’s Offensive Cyber Operations Support Soft Power Agenda in Africa,” CSO Online, September 21, 2023, https://www.csoonline.com/article/652934/chinas-offensive-cyber-operations-support-soft-power-agenda-in-africa.html; and T. Hegel, “Cyber Soft Power | China’s Continental Takeover,” SentinelOne, September 21, 2023, https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/.

42 J. Parkinson, N. Bariyo, and J. Chin, “Huawei Technicians Helped African Governments Spy on Political Opponents, Wall Street Journal, August 15, 2019, https://archive.ph/Xtwl1.

43 Interview conducted in confidentiality; the name of the interviewee is withheld by mutual agreement.

44 J. Hudson, E. Nakashima, and L. Sly, “Buildup Resumed at Suspected Chinese Military Site in UAE, Leak Says,” Washington Post, April 26, 2023, https://www.washingtonpost.com/national-security/2023/04/26/chinese-military-base-uae/.

45 Congressional Research Service, “Rare Earth Elements: The Global Supply Chain,” December 16, 2013, https://crsreports.congress.gov/product/pdf/R/R41347/20; M. Humphries, “China’s Mineral Industry and U.S. Access to Strategic and Critical Minerals: Issues for Congress,” Congressional Research Service, March 20, 2015, https://sgp.fas.org/crs/row/R43864.pdf; and the White House, “Building Resilient Supply Chains, Revitalizing American Manufacturing, and Fostering Broad-based Growth: 100-Day Reviews Under Executive Order 14017,” June 2021, https://www.whitehouse.gov/wp-content/uploads/2021/06/100-day-supply-chain-review-report.pdf.

46 Forbes Mexico, “AMLO Nationalizes Lithium and Declares There Are Plans to Review Existing Contracts,” in Mexico Daily Post, April 20, 2022, https://mexicodailypost.com/2022/04/20/amlo-nationalizes-lithium-and-declares-there-are-plans-to-review-existing-contracts/#:~:text=Mexico%E2%80%99s%20Congress%20on%20Tuesday%20passed%20a%20bill%20to,the%20lithium%20amendment%20to%20the%20country%E2%80%99s%20mining%20law.

47 “The Green Revolution Will Stall without Latin America’s Lithium,” Economist, May 2, 2023, https://www.economist.com/the-americas/2023/05/02/the-green-revolution-will-stall-without-latin-americas-lithium.

48 N. Fildes and K. Hille, “Beijing Closes in on Security Pact That Will Allow Chinese Troops in Solomon Islands,” Financial Times, March 24, 2022, https://archive.ph/X5a4h; and Associated Press, “Solomon Islands Says China Security Deal Won’t Include Military Base,” via National Public Radio, April 1, 2022, https://www.npr.org/2022/04/01/1090184438/solomon-islands-says-china-deal-wont-include-military-base.

49 N. Fildes, “Australian Minister Flies to Solomon Islands for Urgent Talks on China Pact,” Financial Times, April 12, 2022, https://www.ft.com/content/9da02244-2a10-4f18-a5c5-e88b14a2530b; and K. Lyons and D. Wickham, “The Deal That Shocked the World: Inside the China-Solomons Security Pact,” Guardian, April 20, 2022, https://www.theguardian.com/world/2022/apr/20/the-deal-that-shocked-the-world-inside-the-china-solomons-security-pact.

50 N. Fildes, “Australian PM Welcomes Solomon Islands Denial of Chinese Base Reports,” Financial Times, July 14, 2022, https://www.ft.com/content/789340da-8c1a-4aff-8cf6-276c97c9f200.

51 Microsoft, Microsoft Digital Defense Report 2022, 2022, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5bUvv.

52 Reuters, “Bill to Delay Solomon Islands Election until December 2023 Prompts Concern,” in Guardian, August 9, 2022, https://www.theguardian.com/world/2022/aug/09/bill-to-delay-solomon-islands-election-until-december-2023-prompts-concern; and D. Cave, “Solomon Islands’ Leader, a Friend of China, Gets an Election Delayed,” New York Times, September 8, 2022, https://www.nytimes.com/2022/09/08/world/asia/solomon-islands-election-delay.html.

53 N. Fildes, “China Funds Huawei’s Solomon Islands Deal in Sign of Deepening Ties,” Financial Times, August 19, 2022, https://archive.ph/R47T0.

54 “Huawei Marine Signs Submarine Cable Contract in Solomon Islands,” Huawei, July 2017, https://web.archive.org/web/20190129114026/https:/www.huawei.com/en/press-events/news/2017/7/HuaweiMarine-Submarine-Cable-Solomon; and W. Qiu, “Coral Sea Cable System Overview,” Submarine Cable Networks, December 13, 2019, https://archive.ph/E049b.

55 Kirsty Needham, “Solomon Island Police Officers Head to China for Training,” Reuters, October 12, 2022, https://www.reuters.com/world/asia-pacific/solomon-island-police-officers-head-china-training-2022-10-12/.

56 Fildes and Hillie, “Beijing Closes in on Security Pact.”

57 Nikkei Asia, “Solomons Says China Will Assist in Cyber, Community Policing,” Nikkei, July 17, 2023, https://archive.ph/90diZ.

58 D. Belovodyev, A. Soshnikov, and R. Standish, “Exclusive: Leaked Files Show China and Russia Sharing Tactics on Internet Control, Censorship,” Radio Free Europe/Radio Liberty, April 5, 2023, https://www.rferl.org/a/russia-china-internet-censorship-collaboration/32350263.html.

59 Belovodyev, Soshnikov, and Standish, “Exclusive: Leaked Files.”

60 Belovodyev, Soshnikov, and Standish, “Exclusive: Leaked Files.”

61 Thanks to Tuvia Gering for this idea.

62 “〖转载〗人类命运共同体巴基斯坦研究中心主任哈立德·阿克拉姆接受光明日报采访：中巴关系“比山高、比蜜甜”名副其实,” Communication University of China, June 4, 2021, https://comsfuture.cuc.edu.cn/2021/1027/c7810a188141/pagem.htm.

63 Office of the Central Cyberspace Affairs Commission, “我国网络空间国际交流合作领域发展成就与变革,” China Internet Information Journal, December 30, 2023, www.archive.vn/tCnEa; D. Bandurski, “Taking China’s Global Cyber Body to Task,” China Media Project, 2023, https://chinamediaproject.org/2022/07/14/taking-chinas-global-cyber-body-to-task/; and Xinhua, “世界互联网大会成立,” Gov.cn, July 12, 2022, https://web.archive.org/web/20220714134027/http:/www.gov.cn/xinwen/2022-07/12/content_5700692.htm.

64 World Internet Conference, “Introduction,” WIC website, August 31, 2022, www.archive.ph/Axmuc.

65 Dakota Cary, “Downrange: A Survey of China’s Cyber Ranges,” Issue Brief, Center for Security and Emerging Technology, September 2022, https://doi.org/10.51593/2021CA013.

66 Drinhausen and Lee, “CCP 2021: Smart Governance, Cyber Sovereignty, and Tech Supremacy.”

The post Community watch: China’s vision for the future of the internet appeared first on Atlantic Council.

Russian War Report: Desperate for recruits, Russia offers one million rubles to join its military

Digital Forensic Research Lab — Thu, 16 Nov 2023 19:14:31 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union (EU)—the DFRLab’s global team presents the latest installment of the Russian War Report.

Russian armed forces face difficulties in replenishing military and paramilitary supplies amid failed offensive in Avdiivka

In a November 8 article, the Wall Street Journal reported that Russian officials in an April visit to Egypt had asked President Abdel Fattah al-Sisi “to give back more than a hundred engines from Russian helicopters that Moscow needed for Ukraine.” Another source quoted by the Wall Street Journal also said that Russian officials were seeking to “[go] back in secret to their customers trying to buy back what they sold them.” The Washington Post, in an October 16 investigation, quoted US intelligence reporting that satellite imagery helped identify a North Korean container ship that could have provided munitions for Russia. The investigation found that three hundred containers had been shipped from North Korea’s Rajin Harbor to the Russian harbor of Dunai and were subsequently located at an ammunition depot next to the Azov Sea.

The DFRLab additionally found evidence that the Russian armed forces are turning to civilians to help with purchasing additional paramilitary equipment, including drones, thermal sights, vehicles, and medicine. The Russian charity fund “All for Victory” hosted fundraisers organized by Russian propagandist Vladimir Solovyov, including an additional “emergency fundraiser” to support soldiers on the front line during the battle of Avdiivka in October 2023. According to an October 13 Telegram post, the fundraiser aimed to collect money to purchase “drones, thermal sights, [. . .] anti-electronic warfare devices to protect themselves against [the enemy], tactical medicine, bulletproof vests and helmets, warm clothes and boots.”

Screencap of a promotional poster for the “People’s Front” and “Everything for victory!” joint fundraiser named “Emergency collection ‘Avdiivka. Everything for victory!’” Source: People’s Front/archive)

The DFRLab also found that several military bloggers reposted the original post to their channels, reaching an audience of nearly eight hundred thousand people, according to data from a query using Telegram monitoring tool TGStat. Pro-Russian news outlet DNR News reported that the initiative had raised around eighty-two million rubles (approximately nine hundred thousand dollars) in seven days.

Screencap of a TGStart readout, breaking down the reach of the People’s Front post that advertised the fundraiser. As of October 31, the post had been viewed a total of 815,204 times. (Source : TGStat/archive)

Additionally, Solovyov held a separate fundraiser during a livestream dedicated to the purchase of 1,440 units of Chinese-made DJI Mavic and FPV drones, earning a total of nearly 470 million rubles (approximately 5.175 million dollars) over the course of three days.

Screencap of the collection report for the “Solovyov Live” livestreamed fundraiser. Of the required 480 million rubles, the fundraiser collected 470 million rubles, as of October 25, 2023. (Source: pobeda.onf.ru/archive)

“The People’s Front,” a Russian organization that President Vladimir Putin directly headed from 2013 until 2018, established the “Everything for Victory” charity fund. The charity fund and the government-sponsored organization are intertwined, as the People’s Front was renamed in May 2022, as “The People’s Front, All for the victory,” only a few months after Russia invaded Ukraine. In 2022, the organization focused on providing humanitarian aid, which it advertises on its VKontakte page; it later shifted to providing paramilitary goods, initially as means to support the self-proclaimed separatist armed forces of the Donbas region. Still later, it shifted to providing the same goods but to the battalions of the Russian army, with additional promotional support on social media from military bloggers.

Upon investigating the phone number on display on the charity fund’s website, the DFRLab found that the number had been promoted as a general helpline across Russia, in which the Russian Red Cross also participates. Regional information portals, including Russia’s public service platform (Gosuslugi) in the region of Saint Petersburg, pushed the phone number as the health ministry’s local helpline during the COVID-19 pandemic.

A comparison of screencaps showing the phone helpline as displayed on the “People’s Front” advertisement alongside an earlier use, where it was presented as the Gosuslugi helpline for the Saint-Petersburg region regarding the COVID pandemic (Source: pobeda.onf.ru/archive, left; Gosuslugi/archive, right)

—Valentin Châtelet, Research Associate, Brussels, Belgium

Russian MoD seeks to boost recruitment efforts across Russia

The Russian Ministry of Defense (MoD) website dedicated to the recruitment of contract soldiers is engaging in a massive campaign to build an “elite division of contract soldiers” and has pledged a one-time down payment of one million rubles (approximately eleven thousand dollars) upon signing the contract. This special recruitment bonus will supposedly be available from November 1 to November 25. Russian military bloggers “Старше Эдды” (“Older than Edda”), “Пул N3” (“Bullet No. 3”), “Kotsnews,” and “Военкор Котенок” (“Military correspondent Kotyonok”) all amplified the MoD campaign on their Telegram channels.

A similar campaign took place in October, which another channel, “Reviewer of the war,” referred to as “the biggest one-time down payment for contract soldiers.” In that earlier campaign, the Russian MoD promised that new contractors would be paid six hundred thousand rubles (approximately 6,600 dollars) upon signing.

The Georgia-based “Get lost!” initiative, which aims to help Russians flee from mobilization, drafting, and summons to military commissariats reported on November 12 that Russian authorities had engaged in a widespread SMS campaign to entice men to enroll as soldiers. The initiative claimed that messages were sent to residents of the Bashkortotan and Tatarstan Republics, as well as Irkutsk Oblast. Although the DFRLab was unable to independently confirm the authenticity of most of the senders, it identified one phone number that users on callfilter.app, a website dedicated to report phone scams, identified as “military commissariat.” On November 14, the initiative reported that additional calls to enroll were identified online, as military commissariats sent out messages on messaging apps.

—Valentin Châtelet, Research Associate, Brussels, Belgium

Russian disinformation campaign to encourage split in Ukrainian leadership

Echoing an earlier situation featuring a poorly made deepfake of Ukrainian President Volodymyr Zelenskyy, three deepfake videos of General Valerii Zaluzhnyi, commander-in-chief of the Armed Forces of Ukraine, recently surfaced on Telegram. In the new fabricated videos, a clear facsimile of Zaluzhnyi claimed or alluded to Zelenskyy’s supposed intention to kill the general. These videos appeared against the backdrop of the death of Hennadii Chastiakov, Zaluzhnyi’s aide, from an explosion, the cause of which remains under investigation.

On the evening of November 6, the day the aide was killed, Russian Telegram channel Radio Truha published the first of the deepfake videos. The channel is connected to another channel, Truha Barselona. Both channels claim to provide “satire” regarding Anatolii Sharij, a pro-Russian Ukrainian blogger charged with high treason. The video copied graphics of the Armed Forces of Ukraine and supposedly depicted Zaluzhnyi saying that his birthday had already passed and asked viewers not to give him gifts, implying any such gift would be explosives such as those that killed his aide.

The awkward movement, unnatural facial expressions, and changed voice of the general, as well as the absence of a statement on his official channels, suggested that the video was not real. That did not stop, however, multiple Russian pro-Kremlin Telegram channels from amplifying the video. As of November 16, the video had received 233,000 views and been shared 1,500 times, according to TGStat, a Telegram analytics tool. While the original video had a disclaimer with the channel’s handle “@RadioTruha,” some of the pro-Kremlin channels cut the ending, thus obscuring its satiric origin.

Screenshot of the first deepfake video, as first published by pro-Russian Telegram channel @RadioTruha. (Source: @RadioTruha/archive)

The second fabricated video appeared on November 7, posted by Radio Truha but without the handle watermark at the end of the video. In this video, a fake Zaluzhnyi calls for mutiny, asking soldiers to march on Kyiv and stop listening to the “criminal orders of Zelenskyy.” The Center Countering Disinformation debunked the video and highlighted that it was widely shared on TikTok, X, and Telegram. Here again, Zaluzhnyi’s appearance, voice, and movement seen in the video appeared clearly unnatural.

Screencap of the second deepfake video of Zaluzhnyi, as first posted by @RadioTruha. (Source: RadioTruha/archive)

Radio Truha’s compatriot channel, Truha Barselona, published a third fake video; in this third fabricated video, Zaluzhnyi is seen claiming that, because Zelenskyy owns all Ukrainian media, they “wrongfully claimed that it is a deepfake.” This poorly made video supposedly featuring the commander-in-chief had received almost three hundred thousand views and been shared 7,500 times as of November 16.

Screencap of the Telegram post for the third deepfake video in which the fake Zaluzhnyi declares that claims that the videos are fake are themselves false. (Source: @TruhaBarselona/archive)

While even some pro-Kremlin users acknowledged the clearly fake nature of the video, some shared it without additional comment. Meanwhile, Ukrainians mocked the forgeries with a deepfake of their own, in which a Zaluzhnyi facsimile declares that he and Zelenskyy had argued over which target in occupied territory to hit, implying that they are plentiful.

On November 13, Truha Barselona published a deepfake of Zelenskyy, in which he appears to order Ukrainian troops to leave the Donbas town of Avdiivka and which includes footage of a supposed cemetery of Ukrainian soldiers that had “not evacuated from Bakhmut.” The video features the same telltale signs of inauthenticity as the three fake Zaluzhnyi videos.

It is not the first time that Russian sources have tried to portray a conflict between Ukrainian military and political leadership. In late April, they launched an advertising campaign suggesting Zaluzhnyi had political ambitions. Since then, occasional ads and articles on forged websites have appeared sporadically, making similar claims. In one such instance, ads appeared in early November claiming that Zaluzhnyi would take Zelenskyy’s seat after the former penned a column for the Economist.

—Roman Osadchuk, Research Associate

Media investigation finds Ukrainian colonel coordinated Nord Stream pipeline attack

On November 11, the Washington Post and Der Spiegel published a joint investigation arguing that, according to anonymous sources in Ukraine and Europe, the explosion of three lines of the Nord Stream gas pipeline on September 26, 2022, were coordinated by Roman Chervinsky, a former commander of the Ukrainian Special Operations Forces. According to the Washington Post and Der Spiegel interlocutors, Chervinsky managed a team of six people who rented the vessel and, using deep-sea diving equipment, installed explosive devices on the pipelines.

The two media outlets also reported that, according to their sources, Chervinsky had not acted alone and that he was obeying orders from high-ranking Ukrainian officials, including Major General of the Armed Forces of Ukraine Viktor Hanushchak, who reports to Commander-in-Chief of the Armed Forces of Ukraine Valerii Zaluzhnyi. However, Ukrainian authorities denied the involvement of the Ukrainian Armed Forces in the pipeline explosion, and Chervinsky himself also denied having any role in the attack. The Washington Post and Der Spiegel also clarified that there was no evidence that Zelenskyy had approved this attack and that Chervinsky’s involvement in this case revealed internal tensions within the Ukrainian government, specifically between the country’s intelligence and military establishment and the political leadership.

Chervinsky has been in custody since April 2023 in Ukraine, where he is accused of abusing his power in a failed special operation aimed at recruiting a Russian pilot in 2022. According to Ukrainian Security Services, Chervinsky acted without permission and, in doing so, gave away coordinates of a Ukrainian airbase in Kanatove, which then became a target of Russian missile attacks in July 2022, killing the commander of the base’s military unit and wounding seventeen others. According to the Washington Post and Der Spiegel, Chervinsky also coordinated a complex operation in 2020, which attempted to trick Wagner mercenary group fighters into entering Ukraine from Belarus in order to bring them to justice. While Chervinsky failed in this operation as well, Belarusian authorities instead arrested thirty-three Wagner fighters near the country’s capital, Minsk, charging them with trying to overthrow the government around the 2020 presidential elections. Minsk subsequently handed them over to Russia in August 2020.

—Givi Gigitashvili, Research Associate, Warsaw, Poland

Russia gets gradually closer to blocking VPNs in 2024

Content that is unfavorable or problematic in the Kremlin’s eyes is still available online for Russian internet users using circumvention tools such as virtual private networks (VPNs) to access it. Russia has already blocked several VPNs, but the move was not total or system-wide. It seems that a more comprehensive crackdown on VPNs will come about in 2024, however.

In early September, Russia’s Ministry of Digital Development introduced a draft government resolution expanding the powers of internet regulator Roskomnadzor in terms of blocking information about or access to prohibited online resources in Russia. In the same period, Digital Development Minister Maksut Shadayev stated that authorities would not penalize Russians for using VPNs—technology that helps Russians to circumvent government blocks to access restricted information.

Later in September, Roskomnadzor developed criteria for blocking information that provides tips on how to bypass censorship, describes the advantages of such tools, or urges their purchase. Reportedly, the restrictions will not be applied to scientific, technical, and statistical information on ways of bypassing the blockage. The proposal, if approved, would come into force on March 1, 2024, and be valid through September 1, 2029.

According to digital rights organization Roskomsvoboda, the proposal would not only violate digital rights but also possibly the right to privacy. There would be a high risk of “getting blocked for any publication about the capabilities of VPNs, proxies, anonymizers, Tor” and out-of-court decision making would deprive website owners and authors the right to defend themselves, the organization noted.

In October, Artem Sheikin, a member of Russia’s Federation Council Committee on Constitutional Legislation and State Building, stated that, starting in 2024, the country’s internet regulator will be able to block all VPN services available in app stores that provide access to prohibited websites.

In November, the Ministry of Digital Development “clarified” that Russian authorities would only block specific VPN services that “a commission of experts identify as a threat to the security of the internet.” In his Telegram post, head of the State Duma Committee on Information Policy Alexander Khinshtein wrote that “VPN services pose a threat to users, as some of them collect their personal data and activity history” and leaks of databases of public services with real IP addresses of users have recently begun to occur more and more often.”

In 2023, Russia’s internet restrictions reached previously unheard-of levels. According to Freedom House, Russia’s freedom on the net score decreased from the previous year in 2023. Russian outlet Kommersant reported Roskomnadzor’s estimation that the number of blocked resources in Russia had increased by 85 percent from 2022 through the middle of 2023.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

The post Russian War Report: Desperate for recruits, Russia offers one million rubles to join its military appeared first on Atlantic Council.

Dispatch from Bletchley Park: Where does transatlantic AI cooperation stand?

Mark Boris Andrijanič, Nicole Lawler — Fri, 03 Nov 2023 18:59:18 +0000

From the outside, Bletchley Park looks like the setting of a nineteenth-century English costume drama. But the Victorian mansion fifty miles outside of London has a claim to being the birthplace of modern computing. During World War II, it’s where Alan Turing’s machines helped crack the “unbreakable” Enigma code. This week, it was where politicians and business leaders sought to crack another difficult problem: how to regulate artificial intelligence (AI).

On November 1-2, the United Kingdom hosted a landmark AI Safety Summit at Bletchley Park. Earlier in the week, US President Joe Biden signed a sweeping executive order seeking to make AI safer and trustworthy, and the Group of Seven (G7) announced a new code of conduct and international guiding principles on AI. This week has proven just how transatlantic the global AI debate has become.

At the AI Safety Summit, British Prime Minister Rishi Sunak outlined his hopes that the United Kingdom will achieve a lasting impact on the global regulatory debate. As the global leader in AI technologies, the United States has staked out its aims to use its market influence to shape AI rules. In the European Union (EU), negotiations on the AI Act—intended to be the first major AI legislation with global reach—are nearing the finish line, with a final text expected before the end of the year.

As AI advances, it’s essential that like-minded allies and partners continue to work together to seize enormous opportunities offered by this technology while also mitigating its risks to citizens and democracies. As different regulatory approaches and governance frameworks emerge around the world, achieving commonly held standards and principles on AI becomes increasingly important. The question remains whether voluntary commitments and non-binding principles alone are as good as it is going to get on a global AI approach.

As transatlantic partners lead the global debate and craft a system of AI governance tools and mechanisms through both individual and multilateral efforts, here are the three main observations the authors took away from the AI Safety Summit about how to move transatlantic AI cooperation to the next level:

While transatlantic partners widely agree on the need to adopt a “risk-based” approach to global AI governance, there is significant variation in AI taxonomies, including even the definition of “risk-based” itself. Transatlantic partners should seek to standardize language to create a shared “frame of reference” when dealing with scientific concepts. The EU and United States already have an effective mechanism on technical standards through the Trade and Technology Council (TTC). While total harmony is not achievable across legal systems, AI taxonomies are useful as a way to lay the groundwork in order to better understand, measure, and manage risk together. Moreover, standardization enables greater interoperability, which is crucial for enhanced integration, scalability, and oversight of AI systems. So far, US and EU officials have agreed to sixty-five definitions related to AI through the TTC Joint Roadmap for Trustworthy AI and are now in consultation with stakeholders. The joint roadmap provides a useful model for how transatlantic partners and allies—beyond just the United States and EU—can align on technical standards.

While the Summit’s focus on “frontier risk”—defined as “general-purpose AI models that can perform a wide variety of tasks and match or exceed the capabilities present in today’s most advanced models”—is important, is this really a priority among international players? Is it the most pressing AI risk at the moment? While the Bletchley Declaration on AI was a significant win for the UK government—an unprecedented agreement between twenty-eight signatories, including the United States, EU, and China—future summits should consider the “full spectrum” of potential AI harms (to include frontier risk) in order to better address today’s risks to human rights and societies. These harms include AI-enabled disinformation and algorithmic bias.

While aligned on the Organisation for Economic Co-operation and Development’s (OECD’s) AI principles at the Group of Twenty (G20), the Global South is more inclined to view AI as an economic and growth opportunity. If transatlantic partners hope to ever “multilateralize” a regulatory approach on AI, they should consider how to engage with like-minded partners in the Global South—in ways that go beyond prescribing rules. The AI Safety Summit was a good start to have a broader international discussion on AI harms, but future summits should do more to address how to leverage AI to tackle some of the biggest challenges of our time, from climate change and food security to access to healthcare and education. With future summits set to occur in France and South Korea, the door should be open for a country in the Global South to host.

While the United States, United Kingdom, and EU offer different visions on how to regulate AI technologies, transatlantic partners are able to lead the global debate in spite of their differences. Their efforts should continue to focus on gathering a broad international consensus on technical standards and core principles, as these are the building blocks for a more harmonized set of regulatory activities across the board.

The AI Safety Summit presented an evolution rather than a revolution in the international dialogue on AI governance. It echoed the policy discussions in other fora, including the G7, G20, OECD, and even the TTC, while bringing more nations and other stakeholders into the conversation. How transatlantic partners and allies leverage that momentum will be critical to avoid regulatory fragmentation and ensure the trust of citizens in technologies that can deliver, if leveraged responsibly, massive improvements to their well-being. While there is a clear need for a coordinated approach to AI governance, transatlantic partners also need to collaborate closer on innovation policies and investments to ensure that the world’s democracies remain at the forefront of AI for the long term.

Mark Boris Andrijanič is a nonresident senior fellow at the Atlantic Council’s Europe Center.

Nicole Lawler is a program assistant at the Atlantic Council’s Europe Center.

The post Dispatch from Bletchley Park: Where does transatlantic AI cooperation stand? appeared first on Atlantic Council.

Experts react: What does Biden’s new executive order mean for the future of AI?

Atlantic Council experts — Mon, 30 Oct 2023 16:58:06 +0000

“Can machines think?” The mathematician Alan Turing posed this question in 1950, imagining a future human-like machine that observed the results of its own behavior and modified itself to be more effective. After observing the rapid development of artificial intelligence (AI) in recent months, US President Joe Biden issued an executive order on Monday intended to modify how humans use these “thinking machines.” The thinking behind the order is to make AI safer, more secure, and more trustworthy. Will it be effective? Below, our own “thinking machines”—that is, Atlantic Council experts—share their insights.

Click to jump to an expert analysis:

Lloyd Whitman: Executive action alone won’t get the job done

Rose Jackson: The US still must have hard conversations about AI

Trisha Ray: Establishing AI ethics is a task the US must tackle with allies and partners

Newton H. Campbell: This aggressive but necessary order will introduce regulatory burdens on AI

Frances G. Burwell: The order lacks the legislation with enforcement of Europe’s AI Act

Maia Hamin: A one-two punch to put the US on a path toward standardized testing of AI models

Rachel Gillum: A potential catalyst for responsible private sector innovation

Ramayya Krishnan: US leadership on AI will create new opportunities for workers and businesses

Steven Tiell: The executive order is vast in scope—and the equivalent of vaporware

Carole House: A bold, comprehensive vision facing potential challenges with implementation

What stands out are the implications for AI use in the US government

The Biden administration’s executive order on AI is a simple, pragmatic step forward in coherent and connective tech policy. The proliferation of AI governance efforts this year at nearly every level, including local, national, multinational, multi-stakeholder, and more, has been a natural extension of the rapid deployment of AI and industry reorientation around it. This executive order is an opening salvo not meant to be comprehensive or final, but it sets a significant policy agenda as other bodies—including Congress and aligned international partners—consider next steps. It is a clear signal from the United States ahead of the AI Safety Summit in the United Kingdom later this week.

What stands out the most is not necessarily the rules set out for industry or broader society, but rather the rules for how the government itself will begin to consider the deployment of AI, with security being at the core. As policy is set, it will be extremely important for government bodies to “walk the walk” as well.

—Graham Brookie is the vice president and senior director of the Atlantic Council’s Digital Forensic Research Lab.

Executive action alone won’t get the job done

The Biden-Harris administration has taken strong action with the comprehensive executive order on safe, secure, and trustworthy AI. But an executive order can only do so much, limited by the existing authorities and appropriations of the executive branch agencies. While priority-setting, principles and best practices, frameworks, and guidance across the federal AI landscape are important, much of the teeth of this order will require rule-making and other administrative actions that take time, are subject to judicial review, and can be revoked by a future administration. US leadership on AI will require bipartisan recognition of the opportunities and challenges AI presents for our economic security and national security, and thoughtful legislation ensuring a balanced, transparent, and accountable approach to promoting and protecting this critical emerging technology.

—Lloyd Whitman is the senior director of the Atlantic Council’s GeoTech Center. He previously served at the National Science Foundation as assistant to the director for science policy and planning. He also held senior positions at the White House Office of Science and Technology Policy in the Obama and Trump administrations.

The US still must have hard conversations about AI

The White House’s executive order comes days before world leaders head to the United Kingdom for a major summit on “AI Safety.” Amid a flurry of partner government and multilateral regulation, convenings, and conversations, the administration is clearly trying to both make its mark in a crowded space and begin to make sense of the AI landscape within the powers it has. It’s worth noting that this massive executive order builds on a few years of action from the administration, including the Commerce Department’s release of a Risk Management Framework, the more recent voluntary principles negotiated with major AI companies, and the White House’s Blueprint for an AI Bill of Rights.

We’ve seen these existing actions serve as the basis for US engagement on the Group of Seven’s (G7’s) Guiding Principles and Code of Conduct on Artificial Intelligence, which was released just this morning. We should expect to see echoes of the same in the commitments to come out of the AI Safety Summit in London later this week.

However, this executive order is more than just posturing. By requiring every government agency to examine how and where AI is relevant to their jurisdictions of policy and regulation, the United States is taking a major step in advancing a sectoral approach to AI governance. With nods to data privacy action and a clear call for Congress to pass legislation, there are plenty of hooks for meaningful action here. This is a substantive move that sets up the United States to have the hard conversations required to ensure AI is leveraged toward a better future.

Decoding Artificial Intelligence

Establishing AI ethics is a task the US must tackle with allies and partners

The Biden administration’s executive order is a timely signal of the United States’ intent to lead the global conversation on AI ethics by example. The order’s emphasis on international engagement is welcome, given the current moment of convergence of several trends in AI development and geopolitical tensions. In this vein, the US government should prioritize supporting existing multilateral and multi-stakeholder processes and recommendations. With the United States having rejoined the United Nations Educational, Scientific, and Cultural Organization (UNESCO) earlier this year, this includes UNESCO’s “Recommendation on the Ethics of Artificial Intelligence,” adopted in November 2021. Similarly, the executive order also calls for “the development of a National Security Memorandum that directs further actions on AI and security.” In doing so, the order finally, albeit only partially, addresses the void left by the 2023 US policy on “Autonomy in Weapons Systems” regarding the use of AI in law enforcement and border control, among other applications outside conflict. This memorandum could serve as an important signal to democratic allies and partners in a sphere that is often treated as an exception to broader principles of AI ethics.

—Trisha Ray is an associate director and resident fellow at the Atlantic Council’s GeoTech Center.

This aggressive but necessary order will introduce regulatory burdens on AI

Today’s executive order from Biden on a safe, secure, and trustworthy artificial intelligence is quite aggressive and will likely encounter some hurdles and court challenges. Nonetheless, direction was needed from the executive branch. The order is necessary to strike a balance between AI innovation and responsible use in the federal government, where new AI models, applications, and safeguards are constantly being developed. It emphasizes safety, privacy, equity, and consumer protection, which are essential for building trust in AI technologies. I see the emphasis on privacy-preserving technologies and the focus on establishing new international frameworks as a positive step for global AI governance.

The order directs every federal agency to regulate and shape AI’s growth to protect the public, national security, and the economy. But with limited power (the improbability of Congress passing any real laws that align funded activity to accommodate these new constraints and responsibilities), the order will introduce regulatory burdens, potentially slowing AI development and other AI-impacted processes due to an evolving skills gap in the government. The potential misalignment of new government programs and funding is of significant concern, and will likely be used to reinforce political narratives of government inefficiency.

—Newton H. Campbell is a nonresident fellow at the Atlantic Council’s Digital Forensic Research Lab and the director of space programs at the Australian Remote Operations for Space and Earth Consortium.

The order lacks the legislation with enforcement of Europe’s AI Act

The new White House executive order is a notable step forward toward protecting Americans from the biggest risks of advanced AI. The European Union (EU) is about to conclude negotiations over its own AI Act, and the similarity in ambitions between the two initiatives is remarkable. Both call for testing and documentation, greater security against cyberattacks, safeguards against discrimination and deception, and transparency for consumers, along with other measures. But the EU AI Act is legislation with enforcement, including significant fines, while the executive order depends on the market influence of the federal government.

Will developing standards and best practices aimed at preventing algorithmic discrimination, for example, and pushing these through federal programs and procurement, be sufficient? It will be some time before we know, but it is a worthwhile experiment. In the meantime, this executive order gives the US administration credibility as it works with other countries, in the G7 and elsewhere, to ameliorate the risks of AI and focus on the opportunities.

—Frances G. Burwell is a distinguished fellow at the Atlantic Council’s Europe Center and a senior director at McLarty Associates.

A one-two punch to put the US on a path toward standardized testing of AI models

The executive order directs the National Institute of Standards and Technology (NIST) to develop standards for red-teaming (adversarial testing for risks and bad behavior in AI models), and then separately proposes using the Defense Production Act to compel AI companies to disclose the results of their own red-teaming to the government. This one-two punch could be a path to getting something like a regime for pre-release testing for highly capable models without needing to wait on congressional action. Hopefully, the NIST standards will encompass both the cybersecurity of the model (e.g., its susceptibility to malicious attacks and circumvention) and its usefulness for malicious cyber activity. It will also be important to test models as integrated with other systems, such as code interpreters or autonomous agent frameworks, that give AI systems additional capabilities, such as executing code or taking actions autonomously.

The direction for the Department of Commerce to develop standards for detecting AI-generated content is important: any regime for AI content labeling that can be used by many different AI companies and communications platforms will rely on standardization. I’m glad to see the executive order mention both the watermarking of AI-generated content and authentication of real, non-AI generated content, as I suspect both may be necessary in the future.

I admire the White House’s goal to build AI to detect and fix software vulnerabilities, but I’ll be curious to see how they think about managing risks that could arise from powerful AI systems custom-built to hunt for vulnerabilities. I also hope they’ll tie new tools into existing efforts to “shift the burden of responsibility” in cyberspace to ensure AI vulnerability finders create secure-by-design software rather than endless patches.

It’s good to see privacy mentioned, but, as always, painful that no path appears but the congressional one, which has remained at an impasse for years now. However, the presence of privacy-preserving technologies is exciting—these technologies may help secure a policy that balances painful tradeoffs between individual privacy and innovation in data-hungry spaces like AI.

—Maia Hamin is an associate director with the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab.

A potential catalyst for responsible private sector innovation

The Biden administration’s executive order on AI is an important step toward steering the fast-moving AI sector toward responsible development. Its impact will largely depend on how the private sector reacts to its incentives and enforceability.

The order rightly focuses on safeguarding societal and consumer interests, such as identifying misleading or deceptive AI-generated content. However, an effective technological solution to this critical issue is still needed. Ideally, this directive will serve as a catalyst for investments in this space. Similarly, the inclusion of the National AI Research Resource pilot has the potential to democratize AI advancements, reducing reliance on major tech companies and encouraging innovations that prioritize societal benefits.

I welcome the executive order’s focus on immediate-term societal risks, especially its efforts to empower the government to enforce existing anti-discrimination laws. These efforts should incentivize developers to build these protections into their systems by design rather than consider them after the fact. However, effective enforcement will only be feasible if agencies are adequately equipped for this work. The executive order attempts to address this by attracting the desperately needed AI talent to government positions, but more needs to be done to facilitate interagency coordination to avoid fragmented policymaking and inconsistent enforcement.

Lastly, the order wisely aims to relax immigration barriers for skilled AI professionals, a bipartisan issue often overlooked yet strongly advocated for by the private sector. Nevertheless, equal emphasis should be placed on domestic education and retraining programs to create a comprehensive talent pipeline and support today’s workforce.

—Rachel Gillum is a nonresident fellow at the Atlantic Council’s Digital Forensic Research Lab. She is also vice president of Ethical and Humane Use of Technology at Salesforce and served as a commissioner on the Commission on Artificial Intelligence Competitiveness, Inclusion, and Innovation.

US leadership on AI will create new opportunities for workers and businesses

This executive order is comprehensive, and it establishes an important first step in US leadership in AI policy and governance to go hand in hand with our leadership in AI innovation and technology. Its timing right before the United Kingdom’s AI Safety Summit signals the US approach to lead in AI policy. The use of the Defense Production Act to get major model developers to share their internal red teaming AI safety data with the government prior to release is an important step beyond securing voluntary commitments from Model Developing Firms such as Open AI and Google. The executive order correctly calls for assessments by federal agencies in their use of AI, and that will require investments in building capability, tools, and technology, along with accountable AI methods and processes. All in all, it is an important step and I look forward to the rule-making to follow, as well as legislation from Congress aligned with the themes highlighted in this order. It is essential for both our economic and national security.

In particular, the focus on AI talent and making the United States the destination of choice, as well as directing improvements and changes in visas and green cards, will help to ensure that the US leads globally in AI innovation. It also has the opportunity to lead in using AI to improve skills development for both future and current workers, and to assess how AI can be used to augment the skills of current workers.

The commitments on AI safety, security, and reliability are the strongest I have seen globally, and the commitment to privacy and accountable use of AI will result in the United States becoming the leader in trustworthy and responsible AI. US AI leadership will create new opportunities for business and civil society to use AI to support economic opportunity and improve the quality of life for Americans. The parts of the order that deal with AI talent and the use by federal agencies of AI procurement to shape responsible AI will help US firms build the competitive advantage in operationalizing trustworthy AI. It is this operationalization that is the “know-how” required to go from policy to practice, and which will be a comparative advantage to US firms.

—Ramayya Krishnan is a member of the Geotech Commission of the Atlantic Council. He is also the W. W. Cooper and Ruth F. Cooper Professor of Management Science and Information Systems at Heinz College and the Department of Engineering and Public Policy at Carnegie Mellon University.

The executive order is vast in scope—and the equivalent of vaporware

This executive order is vast in scope, addressing multiple very difficult problems in responsible AI. It will be good for driving dialogue and investigation at agencies. But this executive order is the equivalent of vaporware in software—something that sounds nice, doesn’t exist, and likely never will (at least in the form it was presented). While it’s clear there is a strong appetite for AI regulation in the United States, it’s likely several years away. That said, there are signals from this administration for what it could include. What that regulation will look like will surely evolve yet again.

In October 2022, the White House Office of Science and Technology Policy published a Blueprint for an AI Bill of Rights. The Blueprint suggested that the United States would drive toward a rights-based approach to regulating AI. The new executive order, however, departs from this philosophy and focuses squarely on a hybrid policy and risk-based approach to regulation. In fact, there’s no mention of notice, consent, opt-in, opt-out, recourse, redress, transparency, or explainability in the executive order, while these topics comprised two of the five pillars in the AI Bill of Rights.

Before federal AI regulation comes to fruition, the United States has an opportunity it shouldn’t miss to pivot back to making humans—and their rights—the drivers of AI regulation.

—Steven Tiell is a nonresident senior fellow with the Atlantic Council’s GeoTech Center. He is also a strategy executive with wide technology expertise and particular depth in data ethics and responsible innovation for artificial intelligence.

A bold, comprehensive vision facing potential challenges with implementation

Biden’s executive order sets out an extremely comprehensive vision on ensuring responsible developments in AI systems. It includes measures to ensure their safety and security in defense of the United States and Americans, ranging from initiatives on safeguarding US national security and leadership in technological innovation, to ensuring equity and privacy in these systems, to addressing issues for recruitment and retention of top AI talent in the United States, including in the federal government. Future digital economies will rely on the use of AI, and it will generate many higher-order commercial and technological developments. The Biden administration is taking steps here to ensure that the future is one that leverages the benefits of AI but also safeguards the significant exploitation that this technology could potentially bring.

The executive order thoughtfully builds on prior administration efforts, such as its Blueprint for an AI Bill of Rights, tech sprints focused on AI and cybersecurity, and a previous executive order on advancing racial equity and support for underserved communities. It also inherently acknowledges that the government must lead by example but also cannot drive or subsidize responsible AI development on its own. While Biden’s directives are pointed at agencies, the principles that he outlines and the broader impact of these initiatives are pointed at an entire ecosystem of public, private, academic, and international stakeholders via directed regulatory actions, standards efforts, and research and development promotion.

The executive order prioritizes efforts on transparency, content authenticity, and cybersecurity and privacy, and these are especially important in driving competitive and democratic uses of AI. Transparency and explainability are some of the most critical features needed for AI systems (or really any emerging technologies) since they create the foundation for assessing a system’s ability to meet other objectives like equity and bias minimization, as well as safety and soundness of systems. Driving research and development and developing guidance for content authentication and watermarking to clearly label AI-generated content can provide huge steps forward on enabling trust in AI ecosystems and combating significant threats to national security, the economy, and public trust, including foreign malign influence, fraud, and cybercrime. Cybersecurity and privacy are also critical efforts reflected in the executive order that demand that developers and those who use AI systems understand and account for the security of sensitive data and functions to prevent exploitation.

The emphasis on standards and best practice efforts, as well as the comprehensive accounting for democratic principles and policy goals, is laudable. However, the White House will likely face challenges in the actual implementation of this ambitious initiative and in balancing restrictive controls and positive promoting efforts. The administration’s efforts really rely on cooperation by tech companies, and in my view those who invest in them, to meet these objectives. The US government still faces significant limitations and fragmentation of some of the regulatory authorities referenced, such as over critical infrastructure sectors. Other issues may challenge the government’s ability to meet the aspirations and timelines set out in the order. These issues include federal agency lags in implementing privacy goals set since the Obama administration, an extended timeline of ongoing regulatory efforts for infrastructure services referenced in the order, and a significant number of interagency asks, potentially without meeting resourcing needs via appropriations.

Despite these challenges, a bold vision and outline of multipronged, mutually reinforcing efforts to address these complex issues is likely what the government and industry need as a north star at this time, especially given likely challenges with any near-term meaningful legislation in this space. Biden has set forth a vision for responsible development of AI that can guide interagency, industry, and international cooperative efforts for years to come.

—Carole House is a nonresident senior fellow at the Atlantic Council GeoEconomics Center.

The post Experts react: What does Biden’s new executive order mean for the future of AI? appeared first on Atlantic Council.

The US-EU Summit: Time to focus on geopolitics

Frances G. Burwell and Georg Riekeles — Wed, 18 Oct 2023 14:44:28 +0000

The last summit between the European Union (EU) and the United States, in June 2021, focused on reaffirming the transatlantic partnership after some difficult years. At the summit in Washington, DC, this Friday, the United States and Europe must address the geopolitical challenges they face in an increasingly hostile and divided world. Transatlantic diplomacy can no longer be solely about the now strengthened partnership itself. Instead, its primary task must be to build joint efforts to ensure a more secure and resilient place for US and European citizens, in keeping with the transatlantic partnership’s democratic values.

The 2021 summit faced a relatively peaceful world. At this 2023 summit, the United States and the EU must demonstrate their determination and close coordination in their responses to Hamas’s strike on Israel and Russia’s invasion of Ukraine. Most immediately, this will require holding Israel to the standards of international law as it justifiably seeks to remove the threat of Hamas. Russia’s war on Ukraine has been a key catalyst in energizing the US-EU partnership, fostering transatlantic cooperation on sanctions, export controls, and supplies of armaments. This summit should leave no doubt about the continued willingness of the United States and the EU to work together to supply weapons and financial support to Ukraine for as long as needed.

These are not the only conflicts and tensions challenging the United States and the EU. This geopolitical summit must also show unity in the face of threats from Iran and other countries that encourage terrorism and foster extremism. The United States and the EU must also look beyond physical threats to focus—both domestically and abroad—on disruptive perils online, from cyberattacks to state-sponsored disinformation.

As the United States and the EU seek to make their own economies more secure, they should ensure that developing economies are not collateral damage.

The summit cannot just be about defending against aggression, however. It should also be an opportunity for the EU and United States to begin building a strategy based on a positive case for democracy and the rule of law, and for the critical nature of these values in making societies and economies prosperous and resilient. The United States and the EU have already reached out to other like-minded countries—Japan, South Korea, Australia, and others—that share these values. Now it is time to address other democracies, such as India, Brazil, and other regional powers, as well as those developing countries that are much more ambivalent toward democratic principles. In today’s tense geopolitical moment, such outreach is an essential part of making the United States and Europe more secure and resilient. Such a strategy will also require genuine assistance to developing countries, especially in helping them weather the green and digital transitions. The small projects that have been initiated under the US-EU Trade and Technology Council (TTC) can only be a beginning.

Much of the summit will be focused on how to make the transatlantic economies stronger and more competitive, especially when faced with the challenges of nonmarket economies, such as China. The United States and the EU need to use this summit to make progress in their negotiations on critical raw materials and greening the global steel market in the face of Chinese overcapacity. But they should also think about how to include others in these arrangements. As the United States and the EU seek to make their own economies more secure, they should ensure that developing economies are not collateral damage.

Technology offers another avenue for engaging these countries. The United States and the EU have started a very necessary conversation over the risks involved in generative and frontier artificial intelligence (AI). Indeed, leaders may adopt more initiatives in this area at the AI Safety Summit at Bletchley Park in the United Kingdom, which will be held in November. But there are many uses of AI that offer opportunities, including in agriculture, research, health care, and public services. Used with care and training, these can help many developing countries. Will China provide these opportunities, perhaps in a new version of the Belt and Road Initiative, or will the United States and the EU, as well as their partners, provide the systems and training that could make a real difference? The summit this week in Washington provides a opportunity to demonstrate transatlantic willingness to assist others in a safe, positive, and open digital transition.

Finally, with the United Nations Climate Change Conference, known as COP28, just a few weeks away, the United States and the EU must use the summit to demonstrate their commitment to climate goals. This is not only about assistance for climate mitigation, but also about the openness and accountability of US and EU climate policies, ensuring that subsidy schemes and clean energy standards are fair and do not create additional challenges for developing countries. For Europe especially, its southern neighbors could be a huge source of renewable energy. Any US-EU arrangements on clean tech that may emerge at the summit should be constructed to encourage this trade and engage developing countries with initiatives designed to build greener energy markets.

The EU-US relationship has come a long way since 2021. The TTC, which was created at the June 2021 summit, has proven to be an innovative and productive mechanism for addressing bilateral transatlantic tensions and for building consensus and relationships among officials. While focused mostly on emerging tech and supply chain issues, it has also organized real cooperation on critical issues such as export controls against Russia. The United States and the EU should now begin to consider how to make the TTC an even stronger, more legitimate, and perennial mechanism of transatlantic cooperation, for instance, through a small permanent team and parliamentary dialogue. But more broadly, the United States and the EU must look beyond their own relationship to cooperate on building a broader coalition to address today’s geopolitical challenges. This October summit is the place to start.

Frances G. Burwell is a distinguished fellow at the Atlantic Council’s Europe Center and a senior director at McLarty Associates.

Georg Riekeles is associate director and head of Europe’s political economy programme at the European Policy Centre.

The post The US-EU Summit: Time to focus on geopolitics appeared first on Atlantic Council.

Gilbert quoted in RFA on North Korea-related social media fakes

kyusko — Fri, 06 Oct 2023 14:28:59 +0000

ORIGINAL SOURCE

On October 5, Lauren Gilbert was quoted in Radio Free Asia on the proliferation of fake social media content surrounding North Korea on the Internet. Gilbert explained that the mystery of day-to-day life in North Korea is a magnet for Internet creators who seek to draw views by taking advantage of popular curiosity about life in what many see as a “dark and dangerous place.”

Staff

Lauren D. Gilbert

Deputy Director

Indo-Pacific Security Initiative Scowcroft Center for Strategy and Security

East Asia Human Rights

The post Gilbert quoted in RFA on North Korea-related social media fakes appeared first on Atlantic Council.

Russian War Report: Civilian cafe attacked and a fake Ukrainian news site is exposed

Digital Forensic Research Lab — Thu, 05 Oct 2023 17:56:38 +0000

Security

Strike on Ukrainian cafe leaves more than forty dead

Tracking narratives

Website impersonating Ukrainian news agency spreads narratives aimed at undermining Ukrainian morale

Media policy

Russia increasingly using criminal charges for online activities, says digital rights group

Russia’s federal budget draft indicates a funding boost for state media

International affairs

Putin meets South Sudanese President Salva Kiir

Strike on Ukrainian cafe leaves more than forty dead

An attack on the village of Hroza in northeast Ukraine left more than four dozen people dead, according to a Telegram statement from Ukraine’s Office of the General Prosecutor. According to the statement, the attack occurred around 1:25 p.m. local time on October 5, destroying a local cafe shop. It also noted local prosecutors have launched a pre-trial investigation. In a separate Telegram post, which included graphic imagery, Ukrainian presidential adviser Oleksiy Kuleba blamed Russia for the attack, stating, “A terrorist country deliberately kills peaceful Ukrainians. The world needs to see what true evil is.”

The United Nations Office for the Coordination of Humanitarian Affairs (UN OCHA) also condemned the attack. “Intentionally directing an attack against civilians or civilian objects is a war crime,” UN OCHA Humanitarian Coordinator for Ukraine Denise Brown stated. “Intentionally launching an attack knowing that it would be disproportionate is a war crime.”

Meanwhile, a Reuters report published on October 3 claimed that the Russian army has embedded so-called “Storm-Z” units within conventional Russian units to conduct counterattacks against Ukrainian gains in crucial front sectors. Reuters reported that the Storm-Z units comprise 100-150 personnel, including civilian penal recruits and Russian soldiers under punishment. The Russian army and defense ministry have not confirmed the existence of the Storm-Z units.

—Andy Carvin, managing editor, Washington DC

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Website impersonating Ukrainian news agency spreads narratives aimed at undermining Ukrainian morale

The DFRLab has identified at least one Facebook ad promoting a website impersonating a Ukrainian news agency. The now-defunct Facebook page “Onaqaq online shop” published the ad. It accused Ukrainian President Volodymyr Zelenskyy and Ukrainian leadership of corruption and misusing aid provided by the United States. The ad featured a caricature of the president alongside text noting the creation of a US team to monitor how aid to Ukraine is being used. The ad declared that all of Ukraine’s elite are corrupt and shared a debunked claim about a former “commander-in-chief,” likely a reference to Oleksii Reznikov, buying a villa for his daughter.

Screenshot of an ad from a now-defunct Facebook page. (Source: Facebook)

The ad included a link to the website thumbra.com, which when accessed by the DFRLab redirected to unian.in, a page masquerading as the website for the Ukrainian Independent Information Agency, unian.ua. At the time of writing, the website no longer redirected to the copycat website. Much of the content on the copycat website links back to UNIAN’s actual website, including share buttons. The link in the ad led to a forged story regarding Ukraine’s allies becoming skeptical of its ability to succeed in the war against Russia. The article cited decreased military aid as an indicator that allies are abandoning Ukraine.

Screenshots of a real UNIAN story (left) compared to the forgery page promoted by the Facebook ad (right). (Sources: Unian, left; Unian.in/archive, right)

Multiple aspects of the forgery point to it likely being of Russian origin. The strongest indicator is that the URL address includes “skepsis-i-podozritelnost,” which is transliterated from Russian, not Ukrainian. Second, the article is written in Ukrainian, but the tone and style differ from that of the information agency. Third, the faux article’s banner image, a stock photo, does not have a caption, as is standard for UNIAN. The image was also edited to include a text overlay, which reads “Allies don’t believe in us anymore?” UNIAN does not edit the stock photography it uses for banner images.

These types of forgeries are not unique. On September 18, a Ukrainian researcher found a similar forgery replicating the UNIAN website, which spread a narrative claiming that Ukraine’s allies are decreasing weapons shipments to Ukraine to force it to negotiate with Russia. The article stated that Ukraine’s losses were “in vain” as its allies plan to “sacrifice” the country for their own self-interest.

Campaigns such as this are likely intended to decrease the morale of Ukrainians. The DFRLab has previously covered similar attempts by Russia to impersonate media, including Operation Doppelganger, in which Russian assets impersonated prominent European news outlets.

—Roman Osadchuk, research associate

Russia increasingly using criminal charges for online activities, says digital rights group

In its latest monthly digest, Russian digital rights organization Roskomsvoboda examined high-profile cases in which Russian politicians or activists were punished, via administrative or criminal charges, for their online activities. According to Roskomsvoboda, the cases illustrate an increasing use of criminal charges rather than administrative ones, a reversal of what it observed in 2022.

The report also noted instances of Russians being punished for Telegram posts that “disrespect” or “discredit” Russian authorities or the army. One person was criminally charged for giving an interview to Ukrainian media, while another was charged for “participating in an extremist community.”

—Eto Buziashvili, research associate, Tbilisi, Georgia

Russia’s federal budget draft indicates a funding boost for state media

On September 29, the Kremlin submitted the 2024-2026 draft federal budget to the State Duma. According to the independent Russian news outlet Verstka, the Kremlin plans to increase funding for its state-run platforms, which are known to sow disinformation and propaganda. The increase coincides with Russia’s 2024 presidential elections.

The budget reportedly allocates 315 billion rubles ($3 billion) to support Russian media for the next three years. The budget assigns 121.3 billion rubles ($1.2 billion) for 2024, 94.1 billion rubles ($945 million) for 2025, and 99.5 billion rubles ($1 billion) for 2026. Overall, the draft media budget represents a decrease of 20 billion rubles ($200 million) from the previous budget; according to Verstka, the draft indicates that state-owned media will receive the largest funding stream in the election year, after which funds will decrease.

The report also noted that in 2024, RT will receive 1.8 billion rubles ($18 million) more than it received last year, and Vladimir Solovyov’s channel Solovyov LIVE will receive 750 million rubles ($7.5 million).

—Eto Buziashvili, research associate, Tbilisi, Georgia

Putin meets South Sudanese President Salva Kiir

South Sudanese President Salva Kiir travelled to Moscow to meet with Russian President Vladimir Putin on Thursday, September 28, where the two reportedly agreed to strengthen the relationship between the two countries, particularly focusing on trade, energy, and oil.

According to a transcript posted by the Kremlin, Putin told Kiir, “This is only the beginning. We have many good opportunities in a variety of fields, including energy.”

Oil-rich South Sudan seceded from Sudan in 2011 with Kiir at the country’s helm. South Sudan was admitted to the United Nations in the same year. The country has had a tenuous relationship with the international body, however, which extended an arms embargo against South Sudan in 2022; Russia abstained from that vote. Given that Russia is a permanent member of the UN Security Council, Kiir may look to Russia as an ally in his bid to have the embargo lifted. Notably, Kiir told Putin that Russia was a “strong friend” of South Sudan.

In his statement, Putin claimed Russia would also support South Sudan on the domestic front. Kiir is facing mounting pressure from the international community to move forward with a peace deal signed in 2018 and prepare for elections in 2024.

Putin’s meeting with Kiir comes off the back of the July 2023 Russia-Africa summit, in which Russia attempted to strengthen and solidify its relationships with African countries. In May 2023, the African Union warned that African countries should “resist all forms of instrumentalization” in a conflict that threatens to “transform Africa into a geostrategic battleground,” adding that it would come at the detriment of the continent.

—Tessa Knight, research associate, London, United Kingdom

The post Russian War Report: Civilian cafe attacked and a fake Ukrainian news site is exposed appeared first on Atlantic Council.

India’s embrace of ‘right to repair’ can transform the electronics sector

Trisha Ray — Mon, 28 Aug 2023 15:17:53 +0000

Electronic waste (e-waste) has emerged as a persistent environmental challenge, driven by the exponential growth in consumer electronics consumption and unfit disposal practices. E-waste refers to all types of e-products and their parts that have been discarded as waste without intention of reuse. In 2022, the value of the global consumer electronics market stood at $762 billion and is expected to reach $1.1 trillion by 2030. For developing nations such as India, e-waste is a quandary on two fronts: managing the dumping of e-waste by developed countries along with a rapidly growing domestic e-waste stream.

In India, better living standards, changing lifestyles, and higher disposable incomes have translated into higher demand for consumer electronics, including “luxury” electronics such as smartphones. Electronics consumption in 2021 was valued at $64.5 billion and is growing at a compounded annual growth rate of 15.77 percent. Smartphones account for more than half of this market. This official market is accompanied by a shadow market of products sold outside manufacturer-approved distribution channels. In 2022, 1.2 million handsets were imported through this shadow route, valued at roughly $13 billion.

If unchecked, the world is projected to generate 111 million tons of e-waste annually by 2050, according to the United Nations University. This growth is and will be exacerbated by developed nations exports of e-waste to developing and least developed countries to avoid national reporting requirements. Eighty percent of e-waste is informally recycled, often under hazardous conditions, in developing nations such as India, Indonesia, Ghana, and Nigeria. If not properly disposed, e-waste leaks harmful chemicals into the soil and atmosphere, posing severe health risks for workers, often children, who scavenge and process this waste. The reported figures do not, however, fully capture the true scope of e-waste dumping, as the United Nations Institute for Training and Research noted in a 2022 report:

“Quantifying these shipments is difficult . . . due to a grey-zone in business when nonfunctional used electronics are shipped for reuse (with individuals claiming that the electronics can still be repaired) or even in illegal situations when non-repairable and non-reusable equipment is shipped, only to prevent recycling costs in countries with strict e-waste legislations.”

India and other developing nations are therefore experiencing the exponential growth of e-waste from both imported and domestic sources.

Right to repair gains steam

While one part of the solution is improved reporting of e-waste flows through multilateral instruments, such as the Basel Convention, the other part lies in reducing the creation of e-waste in the first place through the right to repair (R2R). In 2021, India began deliberating a R2R framework, joining a wave of countries that launched a right to repair framework for electronics. The United Kingdom enacted right to repair regulations in 2021. In March 2023, the European Commission, as part of the European Green Deal, adopted rules whereby “a new set of rights and tools will be available to consumers to make ‘repair’ an easy and accessible option.”

In the United States, New York’s Digital Fair Repair Act was signed into law in December 2022 and went into effect in July of this year. However, writ large, the United States’ current R2R framework is fractured, with varying levels of recourse depending on one’s state. US President Joe Biden did issue the Executive Order on Promoting Competition in the American Economy in 2021, directing the Federal Trade Commission (FTC) to act on “unfair anticompetitive restrictions on third-party repair or self-repair of items, such as the restrictions imposed by powerful manufacturers that prevent farmers from repairing their own equipment.” This order was followed by a flurry of activity by the FTC, but with few concrete outcomes to date.

India’s Ministry of Consumer Affairs (MoCA) launched a R2R portal earlier this year. It is framed as part of Mission Lifestyle for Environment (LiFE), an initiative announced by Prime Minister Narendra Modi during the United Nations Framework Convention on Climate Change Conference of the Parties (COP26) in 2021. LiFE promotes mindful consumption, the adoption of circular economy practices, and an environmentally conscious lifestyle. R2R makes it mandatory for “manufacturers to share their product details with customers so that they can either repair them by self or by third parties, rather than only depending on original equipment manufacturers (OEMs).” Among the companies that have already registered are Samsung, Apple, Xiaomi, OPPO, Realme, and Nokia.

The end user experience, however, may not be an easy fix. A 2023 survey of Apple users in India, for instance, found that while one in four devices were in need of repair, 49 percent of respondents found the cost of repair through Apple or its authorized partners prohibitive. In response to the R2R framework, Apple will make repair kits available to users in India, but each component—battery, camera, screen—requires one to purchase a separate kit that, based on reports from the United States, would cost more than an in-store repair. India’s MoCA also claims that R2R will “boost business for small repair shops, which are an important part of local economies.” On face value, the cost of repair kits might make this a more sustainable proposition, but the experience of local repair shops in Australia gives cause for pause. In 2021, Australia’s Productivity Commission released a right to repair report that resulted in companies instituting an independent repair provider program. The program participants, however, are facing rising losses due to slow response times from the OEMs on requests for equipment and exorbitant costs for repair kits.

By situating R2R within LiFE, the Indian government will place the onus for e-waste on individuals rather than the companies that have made repair an inaccessible, costly, and cumbersome option. R2R as it is currently outlined will also not solve the problem of planned obsolescence, where the design or capabilities of the device may limit its useful life, or software updates prohibitively degrading device performance. In the 2023 survey of Apple users mentioned above, the issue most users cite for repair is rapid battery discharge, which has been linked in the past with iOS updates.

How India can lead

The Indian government should focus on building up the circular economy, as the world’s most populous nation grows more prosperous and consumes more. In addition, the Indian government must move beyond the LiFE framework and treat R2R as an issue of fair competition, not just consumer rights and duties. There is a precedent for this approach from the automotive sector: the Competition Commission of India in a 2014 verdict declared that the practice of OEMs denying spare parts to independent repairers was an abuse of dominance.

Finally, a plausible model for R2R needs to have buy-in beyond India’s shores, given the cross-border nature of the e-waste problem and the multi-regional footprint of OEMs. India has already injected this priority into the Group of Twenty (G20). While speculation looms as to whether G20 nations will pass a consensus declaration at the upcoming New Delhi summit following months of disagreement stemming from the crisis in Ukraine, India has already achieved a victory at the development ministers’ track. In June, the G20 development ministers adopted the G20 High Level Principles on Lifestyles for Sustainable Development. Principle four is on the need to “Promote sustainable production, including through sustainable value chains, technological transitions, innovations and investments in key areas.” Its focus on circular economy approaches will be of consequence in tackling the mounting e-waste challenge and could serve as a foundation for wider recognition of the right to repair.

R2R as a legal framework has its roots in the automobile sector in the 1990s. Unsurprisingly then, while it gains traction in the consumer electronics sector, it still faces growing pains. The market therefore finds itself in a global game of cat-and-mouse: Countries look to pass legislation that protects consumers and holds OEMs accountable for the entire lifecycle of a device, even as OEMs curb the accessibility of independent repair in increasingly creative ways, aided by new and emerging technologies. Amid this flux, India can learn from setbacks in other jurisdictions, including the importance of the cost of self-repair in the accessibility of right to repair solutions, the need to encode requirements against planned obsolescence for software, and the requirement of clear penalties for failure to provide timely responses to requests for repair. By taking these steps, India can build a right to repair framework that works for consumers.

Trisha Ray is a resident fellow at the Atlantic Council’s GeoTech Center. Her research interests lie in geopolitical and security trends in relation to emerging technologies.

The post India’s embrace of ‘right to repair’ can transform the electronics sector appeared first on Atlantic Council.

Ukraine upgrades digital education efforts

Valeriya Ionan — Sun, 27 Aug 2023 23:54:03 +0000

The full-scale Russian invasion has thrust Ukraine’s tech sector into the limelight and highlighted the importance of a national digitalization drive that was already well underway prior to the outbreak of hostilities. While international attention has understandably focused on the innovative defense tech developments that are currently helping Ukraine to defend itself on the battlefield, digital solutions are also playing a key role in supporting the Ukrainian economy and keeping the country running in the most difficult of circumstances.

Since it was launched in 2020, the Ukrainian government’s Diia ecosystem has been at the heart of the country’s digital infrastructure. The core Diia app now has more than 19 million users, and is updated with new services on an almost weekly basis in order to keep pace with rapidly evolving wartime demands. In May 2023, an updated and upgraded version of the Diia.Education digital platform was unveiled that aims to address the considerable vocational training and recruitment challenges created by the war.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The Diia.Digital educational platform was originally launched in 2020 as a portal offering free edutainment content to help close the digital gap in Ukrainian society and enable individual Ukrainians to develop the skills they need in order to thrive in an increasingly digital environment. The platform proved popular, attracting 1.5 million users during the first year. However, the onset of Russia’s full-scale invasion in early 2022 made it necessary to rethink the focus of the initiative.

The Russian invasion has caused some of the most dramatic social disruption witnessed in Europe since World War II, with millions of Ukrainians becoming refugees or internally displaced persons during the first few weeks of hostilities alone. Many have also lost their homes and jobs. According to the United Nations, nearly 60% of Ukrainian IDPs are of working age, but finding a job in unfamiliar regions can often be a daunting task. One possible solution to this problem is retraining and acquiring the digital skills that employers are looking for.

While the wartime job market in Ukraine has been marked by high levels of disruption, it is also possible to identify evidence of global recruitment trends toward digitalization. Even in the wartime climate, there are rising numbers of tech-related entry-level vacancies for positions such as data analyst, digital marketeer, video editor, and chat specialist. Training for these kinds of vacancies was an obvious focus for the Diia.Education upgrade.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

There have been growing indications in 2023 that the Ukrainian economy is regaining some of its earlier buoyancy. Despite the physical and psychological horrors of the ongoing Russian invasion, Ukrainians continue to open new businesses. In the first half of 2023, more than 130,000 Ukrainians registered as private entrepreneurs. The monthly registration figure for June was the highest in three years.

This rapidly evolving employment landscape is creating a critical need for effective training strategies to help Ukrainians remain competitive. The updated and upgraded version of Diia.Education is supported by Google and the East Europe Foundation. It offers a unique range of functions that allow users to create personalized learning trajectories and tailored educational courses focusing on their specific interests and objectives.

Users can also take career-oriented tests along with standardized national digital literacy tests. There are more than 50 different job-specific educational series to choose from, covering jobs ranging from SMM specialist to baker. Additional training tools focus on digital literacy, entrepreneurship, creativity, and more. Crucially, the upgraded platform now also features a job search function.

The Russian invasion has had devastating consequences for almost every aspect of Ukrainian daily life, but Ukrainians have refused to be beaten. Instead, there has been a determination throughout society to keep going at all costs. The challenge now in terms of employment is to provide displaced Ukrainians in particular with the necessary tools to get back on their feet and contribute to the country’s recovery. This requires a balanced approach that recognizes the immediate needs of the wartime job market while also keeping in mind the changes taking place in the global economy and the skills that will be in demand in the years to come.

Ukraine was experiencing rapid digitalization for a number of years before Russia’s full-scale invasion. The past eighteen months of wartime upheaval have accelerated existing digital adoption processes and significantly strengthened the various tech segments of the Ukrainian economy. Looking ahead, it will be vital to make sure there are enough Ukrainians with the requisite skills to fill vacancies in the expanding tech sector. Providing easily accessible educational tools is a step in the right direction.

Valeriya Ionan is Ukraine’s Deputy Minister for Eurointegration at the Ministry of Digital Transformation.

To examine these risks, we brought together a group to share their perspectives on the challenges facing cloud infrastructure and how policy can encourage better security and risk governance across this critical sector.

#1 Are the challenges facing cloud infrastructure security well-defined and understood by providers? What’s the biggest question you see as unresolved in cloud security?

Maia Hamin, associate director, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council:

“The hyperscale Infrastructure-as-a-Service providers—AWS, Microsoft Azure, Google Cloud—understand many questions about the security of the cloud; they have enough reason to. Then again, many hard problems remain hard—the recent Microsoft compromise is a reminder that identity and access management is crucial to the whole premise of cloud security, and something that even well-resourced providers get wrong. The biggest unresolved questions that I see are those of interdependence and systemic risk. Where are there particular widely used technologies inside of a single provider—like identity and access management—where a software vulnerability or error could lead to compromise or outages across users (and availability zones cannot save you)? Where are there widely used technologies across providers—widely deployed superscalar processors like those from Intel, for example—that might be found vulnerable en masse and create impacts across cloud providers? Big cloud service providers are not necessarily well set up to solve some of these risks since they bridge across companies and there are a lot of incentives toward business secrecy.”

Jim Higgins, chief information security officer, Snap Inc:

“I think the challenges are well known to the cloud service providers themselves, but not to the public. We could use a lot more transparency as to what the cloud service providers feel are the large security issues and see if they are aligned with the expertise of their own customers.”

Chris Hughes, chief information security officer and co-founder, Aquia:

“On one hand, I am inclined to say yes, because the three largest Infrastructure-as-a-Service providers by market share—AWS, Microsoft Azure, and Google Cloud—are the only cloud service providers that are operating at such scale and scope. That said, they face specific challenges as providers upon which the entire modern Internet and digital infrastructure has become dependent, ushering in unseen levels of systemic risk across the ecosystem. The biggest question I see as unresolved in cloud security is how cloud service providers and regulatory bodies should work together to address that systemic risk and ensure that critical dependencies do not have devastating downstream impacts on thousands of companies and millions of individuals in nearly every industry vertical, including critical infrastructure and economic and national security. How do we fix transparency gaps that impede our ability to fully understand and address these systemic risks, while not stifling innovative cloud services in the marketplace?”

Rich Mogull, analyst and chief executive officer, Securosis:

“First, we need to accept that there are material differences between cloud providers. At one end are the hyperscale providers—AWS, Microsoft Azure, and Google Cloud. Of those, I think the companies understand the security concerns but do not necessarily prioritize them to the same degree. The recent Microsoft issue is one example. Other providers are not even playing the same game—especially Software-as-a-Service providers. It is the Wild West, and only some providers understand the security challenges and take them seriously. There really are not unresolved questions, but providers must do the work and stay on top of things. Right now, my biggest area of concern is Microsoft’s Entra ID (formerly Azure Active Directory).”

Marc Rogers, chief technology officer, nbhd.ai:

“While I believe the Infrastructure-as-a-Service providers have a better handle on their challenges than their customers do, the gaps are large and lead to incidents that blindside defenders. The risk that concerns me most is visibility and transparency, especially for the consumers of Infrastructure-as-a-Service. Attackers are already several steps ahead on understanding chains of trust, cross system exposure, and the building blocks like open-source software.”

#2 If cloud service providers are struggling to engineer critical services to the level of reliability that current threats demand—as demonstrated in the latest Microsoft cloud compromise—what role could policy play to help address this gap?

Hamin: “Understanding what went wrong would be a good start. There are several big, open questions about how a failure like this could be allowed to happen, and few satisfactory answers. A better understanding of real-world cloud compromises would help us understand why these failures occur and help drive solutions for problems ranging from underinvestment to unsafe designs. Cloud service providers should have more of an obligation to work with the government in the wake of a major incident, and government should have more tools (and drive) to translate those insights into public accountings and policy prescriptions.”

Higgins: “At this point, I feel that it is time to bring a cloud focused version of FedRamp to help move the cloud service providers into a stricter reporting framework.”

Hughes: “While major cloud service providers may be struggling to engineer critical cloud-native services to the level of reliability that the current threats demand, there is not a viable alternative aside from returning to on-premises legacy infrastructure, which is not an option in the era of digital modernization. Policies and regulations can play a role in governing the cloud as they do for other critical infrastructure sectors on which society relies. As evident in a recent Atlantic Council report, cloud computing is now pervasive in nearly every aspect of society that touches software. Policy can also help, as discussed in the National Cybersecurity Strategy, by bringing some rationalization to bespoke, disparate, and duplicative frameworks and bolstering those that help properly manage risk in the era of cloud computing. Policies should require hyperscale cloud service providers to provide sufficient transparency for security incidents and disruptions to both regulators, federal entities, and customers. Transparency breeds trust, but right now we exist in an opaque ecosystem of limited insight from cloud service providers.”

Mogull: “This was a Microsoft issue, and I do not think the other hyperscale providers face the same struggle. That said, I see buying power as more capable of moving the needle than policy could be. The Trustworthy Computing initiative came about because the Defense Department told Microsoft that it would not purchase Microsoft products without massive security improvements. Right now, neither government agencies nor large companies are prioritizing security in their buying decisions, which means that there is not enough pressure on cloud service providers to improve security. Policy absolutely has a place, but I think cloud security could be improved more quickly and effectively if the government prioritized security in provider selection.”

Rogers: “I see several opportunities for policy to support security without being overly burdensome. The Software Bill of Materials is already in flight and offers a way to shine a light on the ingredients of complex stacks. Clearing up the balance of liability is a motivator that would keep companies including Infrastructure-as-a-Service providers honest. A minimum set of tools, resources, and processes would lead to standardization and availability during critical moments. Minimum security features like logging should always be a default, not a profit center.”

#3 What is the difference between a software flaw and an architectural flaw in the cloud? How does policy address one vs. the other?

Hamin: “Software bugs are errors in written code that enable exploitation, such as unsanitized inputs used unsafely, unsafe use of memory, or incorrect permissions-checks. Architectural flaws are deeper flaws emerging from the design of complex software systems, such as inappropriate connections between services that should not be talking to each other, or concentrated reliance on a few brittle dependencies. Policy can mandate procedures (though often incomplete!) for how organizations should write code and train developers to avoid common vulnerable software patterns. But I think policy is just starting to think about architectural risk in software systems and does not have an evolved toolkit for addressing it yet.”

Higgins: “The question is too general. Both can lead to equally widespread, negative impacts. Most architectures are software these days anyway.”

Hughes: “Many may argue that these are one in the same, or increasingly similar, in an era in which we have software defined perimeters, architectures and computational resources provisioned declaratively through Infrastructure-as-Code languages. That debate aside, a software flaw would typically relate to written software in various programming languages and could escalate into a vulnerability, often tracked in a vulnerability database with a correlating identification. An architectural flaw on the other hand is not a vulnerability in software but in how a system is configured. We have seen these run rampant in the cloud with customer misconfigurations that lead to incidents, but also in fundamental ways with how the cloud is architected that lead to scenarios such as system outages or even exploitation by malicious actors.”

Mogull: “Software flaws are basically coding errors and vulnerabilities. Architectural flaws are more design decisions. For example, look at how AWS handles regions (highly segregated) compared to the competition. Policy cannot help here. Policy should demand a secure outcome and not define either software or architectural decisions. If lawmakers focus on the highly variable technical and architectural options that will change from year to year and day to day, they will never be able to keep up. Penalties for preventable security failures will force the right architectural decisions. We know what needs to be done to improve security, but prioritizing those actions is the issue.”

Rogers: “Software flaws are easier to manage and support through policy by ensuring good practice such as the use of memory-safe languages or the implementation of widely understood Secure Development Guidelines in a well-developed software development life cycle. Architectural flaws are much more complicated. The low-hanging fruit can be addressed in a similar way to software with a mature software development life cycle, good testing practices, and industry guidance, such as the deprecation of known vulnerable configurations or methods. However, the more complex end gets much harder. Issues like logic flaws, interconnection with legacy infrastructure, and unintended contextual risks can be hard to eliminate completely and hard to draft policy for without chilling innovation or even making migrations impossible. My suggestion is to focus on the baseline software development life cycle and require high standards in testing and transparency.”

Critical Infrastructure and the Cloud: Policy for Emerging Risk

Dude, Where’s My Cloud? A Guide for Wonks and Users

Four myths about the cloud: The geopolitics of cloud computing

#4 Why does transparency in cloud services and infrastructure matter for cloud users? What are some examples of what meaningful transparency looks like?

Hamin: “The shared responsibility model for cloud services has a lot of advantages, including outsourcing complexity to large Infrastructure-as-a-Service providers and letting small organizations take advantage of the benefits afforded by the cloud. But this model also breaks some important elements of how we think about risk management, especially with respect to data. Cloud customers are most often the ones with specific legal and contractual obligations to protect their data or to ensure operational continuity. However, customers often do not have visibility into what is behind the veil that separates their responsibility from that of their cloud service provider to understand the other half of that equation. Policy needs to adapt to make sure there are real mechanisms to propagate requirements for data protection, transparency, and trust for cloud service providers that provide computing infrastructure for healthcare or banking institutions, for example.”

Higgins: “Transparency builds accountability and trust; it is that simple. Meaningful cloud service provider transparency may include: 1) Software Bills of Materials or some kind of accountability to show what software contains; 2) root access numbers to show how many employees have access to data under normal circumstances; and 3) logs of security incidents involving the cloud over a period of time, indicating response capabilities and whether incidents repeatedly share the same root causes.”

Hughes: “Transparency in cloud services and infrastructure is paramount for cloud users, especially on the cybersecurity front. Cloud computing is fundamentally built on a shared responsibility model, which has implied assumptions of various responsibilities across the cloud provider and consumer. Without transparency, the assurance around those responsibilities being fulfilled by the provider is inherently called into question by the consumer, which threatens the entire cloud paradigm. Even an implied lack of transparency can rattle trust. Meaningful transparency would entail cloud service providers being forthcoming with details of incidents, how they were identified, confirmed and potential ramifications, and meaningful actions consumers can take to mitigate risk. Being opaque with incident details or providing them slower than other security researchers and vendors, for example, neither bolsters the cloud service provider’s reputation nor the community’s trust.”

Mogull: “Transparency allows customers to make both informed buying decisions and technical decisions. Meaningful transparency is seen in the AWS incident reports that the company releases after major public outages or issues. Lack of transparency is exemplified by how the company does not always disclose the scope of security incidents.”

Rogers: “One of the greatest risks around cloud services is the fact that they include a tradeoff. You trade a significant amount of visibility and operational control for ease of implementation, access to mature technology, and reduced cost. That lack of visibility can strip away the ability of anyone but the provider to manage risks, understand the blast radius of an incident, or even know when an incident has occurred. A sensible amount of transparency—Software Bills of Materials, useful logs, transparent joint architecture reviews, and so on—can help mitigate the lack of visibility.”

#5 How can policymakers encourage cloud adoption in a way that supports security and does not create new sources of risk?

Hamin: “There is a reason we have critical infrastructure sectors over which the government performs more oversight than it does for other sectors. These are places where the risk of getting it wrong is too high to tolerate, and the major cloud service providers should be considered in that category already. Cloud service providers should be coming to the table and working with policymakers on risk and threat models, architecture reviews, and the like. That said, there is a lot of more mundane, we-know-it-already stuff that we need to get right for secure cloud adoption too. Organizations still fail to configure and use the cloud securely, and credential theft and phishing are still huge threats. These might be cases where government can lead the way in pushing known best practices and ensuring that sector-specific security regulations are up to date with the evolving needs of cloud-based systems.”

Higgins: “No clue. We play whack-a-mole in the security world, meaning that when we fix one area of security, it causes another vulnerability to arise. Policy should drive awareness to risk rather than trying to reduce actual risk.”

Hughes: “Policymakers can encourage secure cloud adoption by harmonizing and bolstering applicable frameworks, as well as providing more robust oversight and governance of these cloud service providers that are now dubbed ‘too big to fail’ and ‘critical infrastructure’ by some industry leaders. Encouragement around adoption should also involve educating consumers, as the role of consumers is important, as demonstrated in countless cloud security incidents. Policymakers should avoid hyperbole and spreading fear, uncertainty, and doubt related to the cloud, while instead raising valid concerns grounded in data. On premises infrastructure is not infallible and has been breached or impacted by security incidents historically as well. That said, such breaches to on-premises infrastructure generally impacted a single organization or small group of customers, as opposed to the society-wide impact that cloud risks can bring.”

Mogull: “Policymakers can encourage secure cloud adoption through transparency requirements on security incidents, mandated vulnerability disclosures, mandated customer notifications for security incidents, and buying pressure to steer agencies towards platforms that demonstrate a stronger security posture. If security issues continue, some providers may need to be classified as systemically vital as we do with systemically important financial institutions. That would put cloud service providers under a microscope. I would prefer we not get to that point, but some providers seem to be doing their best to drive that outcome.”

Rogers: “First and foremost, while the cloud is a fantastic tool, it is a not panacea. Policymakers should use the levers of government to level the playing field, and use purchasing levers to ensure government business goes toward providers that help keep this playing field level, help ensure risk is controlled and, most importantly, empower their customers to handle a wide range of risk scenarios as standard practice.”

Simon Handler is a fellow at the Atlantic Council’s Cyber Statecraft Initiative within the Digital Forensic Research Lab (DFRLab). He is also the editor-in-chief of The 5×5, a series on trends and themes in cyber policy. Follow him on Twitter @SimonPHandler.

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

The post The 5×5—Cloud risks and critical infrastructure appeared first on Atlantic Council.

Digital identities and border cultures: The limits of technosolutionism in the management of human mobility

Nanjala Nyabola — Wed, 16 Aug 2023 13:22:45 +0000

download PDF

Introduction

In August 2022, British anti-surveillance group Privacy International filed a complaint against the United Kingdom (UK) government for the use of GPS tagging and ankle monitors on refugees and migrants arriving in the country via the Channel. The group argued that the practice—leveraging tactics used to manage criminal populations—traumatizes and stigmatizes refugees and migrants, and by extension, criminalizes the search for asylum. Some of the victims of the practice asserted that it made them feel “like prisoners,” and others showed psychological impacts such as reluctance to engage with outsiders or even to leave their homes.

This is just one of the many instances of the growing use of technology to manage refugee and migrant populations around the world. In 2021, there were an estimated 281 million migrants globally, comprising: refugees and asylum seekers; students; those fleeing environmental and natural disasters; and those who relocated for employment or leisure. By this count, an estimated 3.6 percent of the world’s population was on the move in one year—the highest in history and a rate likely to continue if circumstances remain unchanged.

Policymakers and analysts have interpreted data on the rising number of global migrants and refugees to mean that there is a crisis underway that requires increasingly elaborate methods of policing and control, leading many to turn inward toward law enforcement or security-based technologies. However, data and research suggest that there is not so much a crisis of migrants as there is a crisis within policymaking, where the humanitarian instinct to protect those in search of safety and opportunity is being displaced by a desire to project power at the expense of vulnerable populations. Without critical evaluation of these claims, governments are increasingly accepting, normalizing, and indeed championing claims about fears of invasion and replacement that are, by extension, making dangerous room for extremist rhetoric that undermines democracy globally. Put differently, the absence of policy space for humane conversations around refugees and migrants is directly undermining democracy.

Technology has become a major mechanism to manage the movement of people both domestically and internationally, triggering ethical debates about its impact, particularly when employed by democratic governments in ways that are at odds with universal human rights. Countries are deploying tools to address the questions of digital citizenship and digital identity, but the leap between legal and technical definitions of identity is not insignificant and has major social implications, as discussed here. The rise of technosolutionism, or reliance on technology to solve complex social and political issues better suited to social approaches, reinforces exclusionary ideologies such as ethnonationalism and racism. That same technology, developed in securitized immigration contexts with fewer legal protections, is then often redeployed more broadly within democratic societies, or sold overseas to governments with less responsive governance structures, muddying citizens’ expectations of due process, civil rights, and democratic protections.

This paper intends to better inform the conversation around technology’s impact on democracy by evaluating technosolutionism and its application to the management of human mobility.

The post Digital identities and border cultures: The limits of technosolutionism in the management of human mobility appeared first on Atlantic Council.

Protecting point-to-point messaging apps: Understanding Telegram, WeChat, and WhatsApp in the United States

Iria Puyosa — Mon, 14 Aug 2023 10:00:00 +0000

Download PDF

Executive summary

Too often, consideration of point-to-point messaging platforms in the United States is focused on either diaspora or second-language usage, given the global popularity of these platforms. Another common focus is on extremist or unlawful usage.

In reality, a broad swath of Americans use point-to-point platforms, the popularity of which is increasing, but that usage remains at a lower rate when compared to that in other regions of the world. An estimated 69 percent of the United States population currently uses at least one point-to-point messaging app, though the use and dynamics of this part of the information ecosystem remain understudied.

The Digital Forensic Research Lab (DFRLab) undertook this project to better understand and contextualize point-to-point platform usage in the United States with two goals: first, to analyze the growing use of these platforms in the United States; and, second, to emphasize the growing importance of rights respecting— and protecting—elements of some platforms, such as end-to-end encryption as an important technology at the core of designing for data privacy and free speech.

The DFRLab carried out this research project to shed light on the following topics:

First, how point-to-point platforms work, their varying degrees of security features, and how they deploy encryption.
Second, understanding how diverse communities use the messaging platforms for different purposes.
Third, understanding the variance among platform design and enforcement of terms of usage.
Finally, how messaging app security is important for protecting and respecting rights—like privacy and freedom of expression—in this digital era.

We mapped the ecosystem of point-to-point messaging apps in the United States, looking at the more than forty apps available in the market. We assessed the features these apps offer, their registration requirements, and their approach toward encryption.

The messaging apps reviewed may be similar in communication features but varied substantially in security, privacy, and content policies. The intersection of technical features, policies, and detection methods around acceptable usage (as defined by the platforms) leads to different models for use. Ultimately, we chose to focus our empirical research on Telegram, WeChat, and WhatsApp because they present distinct product architectures and technical features, and varying policies on usage.

Platforms must balance complex trade-offs to protect their users and ensure app integrity. Messaging apps typically establish policies of acceptable usage, prohibiting some harmful or criminal content, ranging from spam to sexual abuse material and terrorism. Telegram has a permissive content policy, but the platform has been adding restrictions in recent years following pressure from law enforcement in different countries. WhatsApp has a growing list of unacceptable content considered harmful or illegal. WeChat is the most restrictive messaging app regarding acceptable content, banning even political content. All three of these messaging apps prohibit sharing content depicting sexual abuse or calls for violent crimes.

Messaging app security depends on how encryption is enabled. Almost every messaging app offers data encryption in transit between devices, as is standard in most internet-enabled data exchanges. Additionally, most reliable messaging apps provide end-to-end (E2E) encryption, which protects messages from unauthorized access by third parties, including the platform itself.

WhatsApp offers E2E encryption by default, Telegram offers opt-in encryption, and WeChat only offers transport-layer encryption for data in transit. In general, data collection is less extensive in messaging apps than on mainstream social media platforms such as Twitter or Facebook. Few messaging apps conduct extensive monitoring for unacceptable content since human moderation and automated scanning would infringe on their terms of service. However, most messaging apps collect basic usage metadata to monitor platform performance and integrity. Telegram collects minimal usage data, WhatsApp collects sizable usage data, and WeChat extensively captures both usage and content data. As such, Telegram and WeChat are, in many ways, at opposite ends of the spectrum, where Telegram is loosely moderated and controlled while WeChat comprehensively tracks its users, their behavior, and the content they post.

Remarkable differences exist among the three messaging platforms that the DFRLab focused on in this report. Telegram’s design prioritizes that the content of communications be available on different devices. Its public channels offer large group sizes, ample reach, and many features for reacting to content. WeChat is an all-encompassing app in which interaction with service and official accounts is paramount. Automated monitoring to ensure compliance with its policies of acceptable content is built into the design, in compliance with Chinese regulations. WhatsApp’s original design aimed to satisfy the needs of direct individual-to-individual personal communications. Thus, it still favors a balance between privacy and safety, although this may change as the platform embraces other forms of interactions, such as communities, public channels, and business transactions.

Usage of messaging platforms is growing and overwhelmingly lawful and beneficial. The DFRLab observed the following general trends:

Messaging conversations often link to content posted on social media platforms and the open web.
Local communities’ dynamics and information related to transnational issues are intertwined.
Diaspora communities rely on WhatsApp and WeChat for mutual support and exchange of resources.

The case studies in this report were selected as illustrations of a cross section of platforms and communities or uses that have either received extensive news coverage or too little. In our analysis, we found different ways in which misinformation and foreign influence operations spread—or did not spread—on Telegram, WeChat, and WhatsApp. We found that political or ideological topics were more prevalent in messaging interactions among US-born users in public Telegram groups than among foreign-born diaspora communities. Moreover, we observed issues outside our initial scope. These issues included intrusive practices such as business spamming and outright harms such as the unsolicited posting of sexual abuse content on public groups. Upon analysis of public groups and channels on WhatsApp, Telegram, and WeChat, the DFRLab observed the following outlying findings:

Misinformation and disinformation about political and health topics were widespread on the public Telegram channels, health-related misinformation was found in WhatsApp public groups, and misleading political narratives were detected on WeChat public accounts.
Individuals and groups in the United States who espouse white supremacist beliefs are active on Telegram public channels in a way that they are not able to be (under the terms and conditions) on larger social media platforms like Facebook or Twitter.
Public WeChat accounts were instrumentalized to foster narratives aligned with the Chinese Communist Party among various groups.
Pro-Russian influence campaigns were active on public Telegram channels in English and Spanish.
Supporters of former US President Donald Trump used public Telegram channels to boost their political views ahead of the 2022 midterm elections, and they are already sharing content related to the 2024 presidential elections.
Unsolicited sharing of sexual imagery and content derived from sexual exploitation, including child sexual abuse, was found in a few public WhatsApp groups.
Some users with business accounts violate WhatsApp’s acceptable usage policies by engaging in spam, offering prohibited transactions such as cryptocurrencies, or advertising fraudulent products.

Messaging platforms can rely on methods that do not require accessing message texts or images in compliance with policies and terms of usage. These methods are in-app user reporting, analysis of metadata, and analysis of behavioral signals. WhatsApp uses all three methods for enforcing its policies. Telegram relies mainly on in-app user reporting, although the platform has capabilities for metadata analysis. WeChat also encourages user reporting, but this platform deploys automated content scanning for interactions within the app.

Some organizations working on counterterrorism or child sexual abuse have been asking for privileged access or backdoors for law enforcement and deployment of automated scanning in messaging apps. E2E encryption renders automated scanning of content impossible, making it equally impossible for E2E encrypted apps to implement many common content policies of more open platforms, since they cannot decrypt content shared by their users. Content-dependent preemptive methods, such as server-side or client-side scanning to match content a user is sending against a database, compromise encryption integrity, weaken security, and erode privacy protection. Both server-side and client-side scanning are ineffective for identifying never-seen-before content that is not already part of a database. Currently, “hashes” databases are available for terrorist content and child sexual abuse material posted on social media. Security experts warn that automated content scanning undermines encryption and introduces security vulnerabilities in messaging apps, increasing risks for all users. Conversely, machine-learning procedures applied to metadata and behavioral signals would not compromise encryption and may detect never-before-seen content.

Based upon this investigation, the DFRLab recommends that platforms prioritize the following:

Investing in in-app reporting tools.
Defining robust policies for business and organizational accounts.
Partnering with outside researchers to investigate the spread of harmful content, while establishing protocols for protecting users’ personal data in the process.
Collaborating with counterterrorism hashes databases.
Considering impacts on human rights when designing policies and products.

Likewise, the DFRLab recommends that policymakers prioritize the following:

Enacting data privacy protection legislation.
Avoiding regulations that undermine rights-protecting technologies, such as E2E encryption.
Examining business practices and commercial services offered via messaging apps to identify regulatory gaps.
Promoting digital literacy tailored to the risks faced by users of messaging apps.

As an underlying ethos, legislators and policymakers should always take into consideration how policies and regulations aiming to govern or control messaging apps could be enforced across countries that maintain different levels of respect for human rights. For instance, a regulation instituted in the United States that mandates platforms keep identification records for their users and deliver that information to law enforcement agencies upon request could be weaponized in authoritarian or autocratic countries where a given messaging app is widely used, increasing the possibility of capture and incarceration of political dissidents. Similarly, requiring messaging apps to build in means for privileged access to E2E encrypted communications in a domestic context would likely open the door for other governments to repurpose the same technical infrastructure for surveillance.

Ultimately, all actions taken by any company or government have potential impact beyond their intended target, often creating unintentional harm, and this potential must be a persistent consideration in every decision about how an app should operate.

full report

Russian oil tanker struck as Ukrainian general alleges chemical weapons use

The post Protecting point-to-point messaging apps: Understanding Telegram, WeChat, and WhatsApp in the United States appeared first on Atlantic Council.

Russian War Report: Co-founder of Russia’s most popular search engine condemns war in Ukraine

Digital Forensic Research Lab — Thu, 10 Aug 2023 19:24:08 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Satellite imagery supports report of depleted armored vehicles in Russian military storage facility

Tracking narratives

Yandex co-founder condemns Russia’s war in Ukraine

Russian independent outlet ties Investigative Committee of Russia to forced deportations of Ukrainian children

Russian oil tanker struck as Ukrainian general alleges chemical weapons use

Russia accused Ukraine of striking a Russian oil tanker on August 4 with a naval drone. The vessel was identified by the Moscow Times as the chemical tanker SIG, currently under US sanctions for supplying jet fuel to Russian forces in Syria. Ukrainian media outlet Suspilne, citing unnamed Ukrainian security officials, reported that the Ukrainian navy struck the ship near the Kerch Strait Bridge using a naval drone. Ukrainian forces have long targeted the Kerch Bridge in an attempt to cut off Russian military logistics in southern Ukraine. On the night of August 3, Ukrainian troops conducted a series of aerial and naval drone strikes against Russian logistics and seaside infrastructure in occupied Crimea and Russia’s Krasnodar region, reportedly striking the Russian Ropucha-class landing ship Olenegorsky Gornyak.

The General Staff of the Ukrainian Armed Forces announced on August 7 that it conducted offensive operations in the direction of the Russian-occupied cities of Berdyansk and Melitopol. Ukrainian Deputy Defense Minister Hanna Maliar said that fighting is ongoing south of Bakhmut. The Ukrainian army is making progress on this front, albeit slowly. Ukrainian President Volodymyr Zelenskyy acknowledged in an interview published on August 6 with Argentine newspaper La Nacion that counteroffensive operations are progressing slower than expected and mentioned the need for patience.

Meanwhile, Ukrainian General Oleksandr Tarnavskyi alleged on August 6 that Russian forces used chemical weapons in Ukraine, violating international conventions. According to a post on Tarnavskyi’s Telegram channel, Russian troops fired two artillery barrages with munitions containing the toxic compound chloropicrin in Novodanylivka. Tarnavskyi did not include evidence to back up his claim, nor has it been independently verified.

On the evening of August 7, Russian forces reportedly dropped four guided aerial bombs on the village of Kruhliakivka, located twenty-five kilometers southeast of Kupiansk. According to Governor Oleh Syniehubov, the attack killed two civilians; and Russia struck the village again when first responders arrived on the scene. That same day, Head of the Office of the President of Ukraine Andriy Yermak said that Russia struck a house in the town of Kucherivka, Kharkiv Oblast, killing two people. In addition, a man was reportedly killed during a Russian attack in Nikopol, located across the Dnipro River from Russian-controlled Enerhodar in Zaporizhzhia Oblast.

On August 6, Zelenskyy said that over the past week, Russian forces had launched sixty-five missiles against Ukraine and 178 combat drones, including eighty-seven Iranian-made Shahed drones. Meanwhile, the Ukrainian air force reported that Russian troops used Kinzhal ballistic missiles against Ukraine on August 5, targeting central and western regions.

According to Ukraine’s Ministry of Culture and Information Policy, Russia has damaged at least 763 cultural heritage sites in unoccupied regions of Ukraine since February 24, 2022. The most damage has been recorded in Kharkiv, Donetsk, Kherson, Kyiv, and Odesa. At least 255 architectural landmarks, 185 historical sites, nineteen monumental art sites, and eighteen sites of archeological significance are reportedly among the damaged locations.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Satellite imagery supports report of depleted armored vehicles in Russian military storage facility

In an August 8 article, the Moscow Times claimed that a Russian open-air storage facility dedicated to tanks and armored vehicles in the Vagzhanova district of Buryatia’s capital city, Ulan-Ude, had been depleted of almost 40 percent of its units since June 2022. The outlet based its claims on Google Earth imagery, with the May 2023 update showing empty spots where tanks used to be located. The DFRLab compared the Google imagery to Capella Space satellite aperture radar (SAR) imagery, which also appears to show that many armored vehicles and tanks in storage at the Vagzhanova facility had been relocated. The SAR imagery only covers the area from June to November 2022.

Animated SAR imagery of the Vagzhanova military storage facility in Russia; imagery taken on June 28, 2022, and November 27, 2022. (Source: DFRLab via Capella Space)

According to the Moscow Times’ estimates, in September 2021, the storage facility stored 3,840 armored vehicles. The figure shrank to around 2,600 units in November 2022, and the latest Google Earth imagery points to around 2,270 remaining units. The Moscow Times also indicated that around 1,570 units were missing from the storage facility, with the most significant departures observed after the enforcement of the partial mobilization in late May 2022.

Using measurement tools on satellite imagery, the DFRLab can infer that based on the length and width of the vehicles in the imagery, the tanks could be identified as the BTR-RD, BMD-4M or BMD-3, and BTR-MD (codename: “Rakushka”). The Moscow Times reported that military units 4428 and 46108 are deployed to the Vagzhanova military facility.

The armored vehicles cited above also appear consistent with losses reported by open-source researcher Oryx during the February 2023 battle of Vuhledar, which saw heavy Russian losses. According to Oryx’s estimates, twenty-one BTR-MD tanks were destroyed or captured during the failed offensive. The DFRLab also monitored the failed Russian push on Vuhledar, which highlighted the presence of Russian soldiers from Russia’s far-east regions, including Primorsky Krai and Buryatia. Both regions have suffered heavy fatalities since the Russian invasion of Ukraine.

At the time of writing, the DFRLab cannot confirm that these units were equipped with the vehicles presented in the satellite imagery dating back to November 2022.

Citing Russian defense ministry instructions, the Moscow Times also reported that armored vehicles stored in open-air facilities are typically part of the least valuable units, as more modern vehicles are stored in protected facilities or under tents.

—Valentin Châtelet, research associate, Brussels, Belgium

Yandex co-founder condemns Russia’s war in Ukraine

After independent Russian news outlet Agenstvo reported that Arkady Volozh, co-founder of the search engine and tech company Yandex, did not describe himself as Russian in his official website bio, Volozh reportedly issued a statement voicing opposition to the war in Ukraine and acknowledged his “share of responsibility.”

“I am categorically against Russia’s barbaric invasion of Ukraine, where I, like many, have friends and relatives,” the statement noted. “I am horrified by the fact that every day bombs fly into the homes of Ukrainians. Despite the fact that I have not lived in Russia since 2014, I understand that I also have a share of responsibility for the actions of the country.”

Independent outlets, including Meduza and Proekt, have previously published articles critical of Volozh and Yandex, alleging that both have been complicit in Russia’s crackdowns on internet freedoms. “Over time, it became clear that Russia was in no hurry to become part of the global world,” the statement added. “At the same time, the pressure on the company grew. But we did not give up, we did our best despite the external conditions. Has it always been possible to find the right balance? Now, looking back, it is clear that something could have been done differently.”

On August 7, Agenstvo raised questions about how Volozh presented himself to the world, noting that his official bio describes him as a “Kazakhstan-born, Israeli tech entrepreneur, computer scientist, investor, and philanthropist.” Agenstvo also noted a back-and-forth series of edits on his Wikipedia page in which an IP address located in Israel had removed the phrase “Russian billionaire.”

“There were many reasons why I had to remain silent,” the statement concluded. “You can argue about the timeliness of my statement, but not about its substance. I am against war.”

—Andy Carvin, DFRLab managing edtior, Washington, DC

Russian independent outlet ties Investigative Committee of Russia to forced deportations of Ukrainian children

Russian independent media outlet Verstka reported that the Investigative Committee of Russia and its head, Alexander Bastrykin, are allegedly involved in the forced deportation of Ukrainian children to Russia. In a special report published on August 6, Verstka claimed that the Investigative Committee of Russia took patronage over the Ukrainian children living in Russia and sent its employees to homes with toys, clothes, and school materials.

Verstka also claimed that the Investigative Committee previously advertised the cadet corps to Ukrainian children from eastern Ukraine. According to data published in an Investigative Committee magazine, at least seventy-eight Ukrainian children entered Russian educational institutions, including the cadet corps and academies affiliated with the Investigative Committee, between February 2022 and March 2023.

Bastrykin does not appear to have commented on the allegation; the Russian War Report will continue to keep an eye on this story in case he issues a statement.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

The post Russian War Report: Co-founder of Russia’s most popular search engine condemns war in Ukraine appeared first on Atlantic Council.

Sudan’s precarious information environment and the fight for democracy

Tessa Knight, Lujain Alsedeg — Tue, 08 Aug 2023 04:00:00 +0000

Read in English

Read in Arabic

Executive summary

In recent years, Sudan has seen significant political upheaval, from the 2019 ouster of autocratic ruler Omar al-Bashir and the October 2021 military coup that unseated the transitional government, to the outbreak of violent conflict between the Sudanese Armed Forces (SAF) and the paramilitary Rapid Support Forces (RSF) in April 2023. The result is a country—and its hopes for a democratic transition—now derailed, despite years of civil protests that themselves were disrupted by police maneuvering and the threat of full-blown civil war. This societal discord is manifested not just in real life but also in the country’s online information environment. This report examines the state of digital affairs in Sudan in the lead-up to the current conflict, focusing on the period from the October 2021 coup through December 2022.

While online networks played a crucial role in exposing brutalities committed by al-Bashir’s security apparatus and in organizing protests, almost 70 percent of the Sudanese population remained offline as of January 2022.

Despite less than a third of the country having access to the internet, both the al-Bashir regime and the subsequent ruling councils viewed online communication as a potentially dangerous tool in the hands of protesting citizens. Between December 2018 and December 2022, Sudanese citizens were subjected to 138 days of internet disruptions.

Overall, the legal infrastructure was typical of autocratic regimes in that it was designed to limit free speech and enable punitive actions against dissenters and opposition figures. Authorities used deliberately vague laws to enforce internet disruptions and confiscate protesters’ cell phones. For example, the Criminal Act of 1991 criminalized the spreading of false information, while the 2020 amendment to the Cybercrimes Law, which was passed in secret, made the spread of disinformation punishable with up to four years in prison, flogging, or both. While many laws from al-Bashir’s time remain in place, there have also been tangible improvements to Sudan’s legal infrastructure since his removal. Independent citizens took to the courts to fight against internet shutdowns, and journalists defied the Press and Publications Act to create a media union.

Sudan’s National Intelligence and Security Service formed a Cyber Jihad Unit to monitor online dissent and spread disinformation. During the 2018–19 protests that led to al-Bashir’s ouster, internal disinformation from the regime painted protesters as violent. After al-Bashir’s removal, internal campaigns worked to promote the military apparatus and target the transitional government.

Yet activists who spoke to the authors indicated they were primarily concerned with being identified by intelligence agents for sharing legitimate evidence of violence committed against protesters. Despite the danger, activists used Facebook Live to stream evidence of the regime’s brutality and ensured the evidence could not be easily dismissed as old or fake by including the time, date, and location of incriminating incidents in social media posts.

An important form of online resistance took place on women-only Facebook groups. Previously used to identify cheating men, the groups turned into investigative platforms where women posted images of suspected plain-clothed members of the intelligence services accused of abusing protesters. The groups were so successful at unearthing personal information about undercover intelligence officers that many officers took to wearing masks to hide their identities.

Foreign entities orchestrating disinformation campaigns primarily focused on promoting their relationship with Sudan or pushing Sudanese politics in a way to their own benefit. Yevgeny Prigozhin, who oversees Russian private military company the Wagner Group, told al-Bashir to spread disinformation depicting protesters as violent, while later Russian campaigns focused on promoting Russia’s own interests around a naval base in Port Sudan. Public relations firms from Gulf states that were supportive of the coup that toppled al-Bashir spent thousands of dollars promoting the military, seeing a greater opportunity of a beneficial relationship with the latter.

Meanwhile, rumors spread offline posed a threat to grassroots organizations that struggled to combat false information shared via word of mouth. Sudan’s unique information environment features a combination of a media ecosystem attempting to build a trustworthy reputation after years of censorship, a legal system designed to limit it further, and, despite these things, a populace striving toward greater governmental representation and democracy in spite of the autocratic rivalries that have violently hijacked it. In light of the ongoing conflict, with Sudanese civil society caught in the middle, the near horizon remains bleak, but in the long term, only greater transparency and accountability around the free flow of information in conjunction with a cessation in violence will provide the stepping stones necessary to build a resilient democracy in Sudan.

إنجليزي

عربي

الملخص التنفيذي

ﻓﻲ اﻟﺴﻨﻮات اﻷﺧﻴﺮة، ﺷﻬﺪ اﻟﺴﻮدان اﺿﻄﺮاﺑﺎت ﺳﻴﺎﺳﻴﺔ ﻛﺒﻴﺮة، ﻣﻦ اﻹﻃﺎﺣﺔ ﺑﺎﻟﺤﺎﻛﻢ اﻻﺳﺘﺒﺪادي ﻋﻤﺮ اﻟﺒﺸﻴﺮ ﻓﻲ ﻋﺎم ،٢٠١٩واﻧﻘﻼب ٢٠٢١اﻟﺬي أﻃﺎح ﺑﺎﻟﺤﻜﻮﻣﺔ اﻻﻧﺘﻘﺎﻟﻴﺔ، ﻹﻧﺪﻻع اﻟﺼﺮاع اﻟﻌﻨﻴﻒ ﺑﻴﻦ اﻟﻘﻮات اﻟﻤﺴﻠﺤﺔ اﻟﺴﻮداﻧﻴﺔ وﻗﻮات اﻟﺪﻋﻢ اﻟﺴﺮﻳﻊ اﻟﺸﺒﻪ ﻋﺴﻜﺮﻳﺔ ﻓﻲ اﺑﺮﻳﻞ .٢٠٢٣ﻣﻤﺎ أﺛﻤﺮ ﻋﻦ ﺧﺮوج اﻟﺪوﻟﺔ ﻋﻦ ﻣﺴﺎرﻫﺎ وآﻣﺎﻟﻬﺎ ﻓﻲ اﻟﺘﺤﻮل اﻟﺪﻳﻤﻘﺮاﻃﻲ، ﻋﲆ اﻟﺮﻏﻢ ﻣﻦ ﺳﻨﻮات ﻣﻦ اﻻﺣﺘﺠﺎﺟﺎت اﻟﻤﺪﻧﻴﺔ اﻟﺘﻲ ﺗﻌﻄﻠﺖ ﻫﻲ ﻧﻔﺴﻬﺎ ﺑﺴﺒﺐ ﻣﻨﺎورات اﻟﺸﺮﻃﺔ واﻟﺘﻬﺪﻳﺪ ﺑﺤﺮب أﻫﻠﻴﺔ ﺷﺎﻣﻠﺔ. ﻻ ﺗﻨﺤﺴﺮ اﻧﻌﻜﺎﺳﺎت ﻫﺬا اﻟﺨﻼف اﻟﻤﺠﺘﻤﻌﻲ ﻋﲆ اﻟﺤﻴﺎة اﻟﻮاﻗﻌﻴﺔ ﻓﺤﺴﺐ، ﺑﻞ أﻳﻀً ﺎ ﻋﲆ ﺑﻴﺌﺔ اﻟﻤﻌﻠﻮﻣﺎت ﻋﺒﺮ اﻹﻧﺘﺮﻧﺖ ﻓﻲ اﻟﺪوﻟﺔ. ﻳﺘﻨﺎول ﻫﺬا اﻟﺘﻘﺮﻳﺮ ﺣﺎﻟﺔ اﻟﻤﺠﺎل اﻟﺮﻗﻤﻲ ﻓﻲ اﻟﺴﻮدان ﻓﻲ اﻟﻔﺘﺮة اﻟﺘﻲ ﺳﺒﻘﺖ اﻟﺼﺮاع اﻟﺤﺎﻟﻲ، ﻣﻊ اﻟﺘﺮﻛﻴﺰ ﻋﲆ اﻟﻔﺘﺮة ﻣﻦ اﻧﻘﻼب أﻛﺘﻮﺑﺮ ٢٠٢١ﺣﺘﻰ دﻳﺴﻤﺒﺮ ٢٠٢٢.

ﻓﻲ اﻟﻮﻗﺖ اﻟﺬي ﻟﻌﺒﺖ ﻓﻴﻪ ﺷﺒﻜﺎت اﻹﻧﺘﺮﻧﺖ دورا ًﺣﺎﺳﻤًﺎ ﻓﻲ ﺗﻨﻈﻴﻢ اﻻﺣﺘﺠﺎﺟﺎت واﻟﻜﺸﻒ ﻋﻦ اﻷﻋﻤﺎل اﻟﻮﺣﺸﻴﺔ اﻟﺘﻲ ارﺗﻜﺒﻬﺎ ﺟﻬﺎز أﻣﻦ اﻟﺒﺸﻴﺮ، ﻇﻞ ﻣﺎ ﻳﻘﺮب ﻣﻦ ٪٧٠ ﻣﻦ ﺳﻜﺎن اﻟﺴﻮدان ﻣﻨﻘﻄﻌﻴﻦ ﻋﻦ اﻻﻧﺘﺮﻧﺖ اﻋﺘﺒﺎرًا ﻣﻦ ﻳﻨﺎﻳﺮ ٢٠٢٢.

ﻋﲆ اﻟﺮﻏﻢ ﻣﻦ أن أﻗﻞ ﻣﻦ ﺛﻠﺚ اﻟﺴﻜﺎن ﻳﻤﻠﻜﻮن إﻣﻜﺎﻧﻴﺔ اﻟﻮﺻﻮل إﱃ اﻹﻧﺘﺮﻧﺖ، اﻋﺘﺒﺮ ﻛﻞ ﻣﻦ ﻧﻈﺎم اﻟﺒﺸﻴﺮ واﻟﻨﻈﻢ اﻟﺤﺎﻛﻤﺔ اﻟﻼﺣﻘﺔ أن اﻻﺗﺼﺎل ﻋﺒﺮ اﻹﻧﺘﺮﻧﺖ أداة ﺧﻄﺮة ﻓﻲ أﻳﺪي اﻟﻤﻮاﻃﻨﻴﻦ اﻟﻤﺤﺘﺠﻴﻦ. ﺑﻴﻦ دﻳﺴﻤﺒﺮ ٢٠١٨ ودﻳﺴﻤﺒﺮ ،٢٠٢٢ﺗﻌﺮض اﻟﻤﻮاﻃﻨﻮن اﻟﺴﻮداﻧﻴﻮن إﱃ ١٣٨ﻳﻮﻣًﺎ ﻣﻦ اﻧﻘﻄﺎع اﻹﻧﺘﺮﻧﺖ.

ﻋﻤﻮﻣﺎً، ﻛﺎﻧﺖ اﻟﺒﻨﻴﺔ اﻟﺘﺤﺘﻴﺔ اﻟﻘﺎﻧﻮﻧﻴﺔ ﻧﻤﻮذﺟﻴﺔ ﻟﺨﺪﻣﺔ اﻷﻧﻈﻤﺔ اﻻﺳﺘﺒﺪادﻳﺔ ﻣﻦ ﺣﻴﺚ أﻧﻬﺎ ﻣﺼﻤﻤﺔ ﻟﻠﺤﺪ ﻣﻦ ﺣﺮﻳﺔ اﻟﺘﻌﺒﻴﺮ وﺗﻤﻜﻴﻦ اﻹﺟﺮاءات اﻟﻌﻘﺎﺑﻴﺔ ﺿﺪ اﻟﻤﻌﺎرﺿﻴﻦ. ﺣﻴﺚ وﻇﻔﺖ اﻟﺴﻠﻄﺎت ﻗﻮاﻧﻴﻨﺎً ﻏﺎﻣﻀﺔ ﻋﻦ ﻋﻤﺪ ﻟﻔﺮض ﺗﻌﻄﻴﻞ اﻹﻧﺘﺮﻧﺖ وﻣﺼﺎدرة اﻟﻬﻮاﺗﻒ اﻟﻤﺤﻤﻮﻟﺔ ﻟﻠﻤﺘﻈﺎﻫﺮﻳﻦ. ﻋﲆ ﺳﺒﻴﻞ اﻟﻤﺜﺎل، ﻳﺠﺮّم اﻟﻘﺎﻧﻮن اﻟﺠﻨﺎﺋﻲ ﻟﻌﺎم ١٩٩١ﻧﺸﺮ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻜﺎذﺑﺔ، ﻓﻲ ﺣﻴﻦ أن ﺗﻌﺪﻳﻞ ﻋﺎم ٢٠٢٠ ﻟﻘﺎﻧﻮن اﻟﺠﺮاﺋﻢ اﻹﻟﻜﺘﺮوﻧﻴﺔ، واﻟﺬي ﺗﻢ إﻗﺮاره ﺳﺮاً، أﻗﺮ أن ﻋﻘﺎب ﻧﺸﺮ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻤﻀﻠﻠﺔ ﻫﻮ اﻟﺴﺠﻦ ﻟﻤﺪة ﺗﺼﻞ إﱃ أرﺑﻊ ﺳﻨﻮات أو اﻟﺠﻠﺪ أو ﻛﻠﻴﻬﻤﺎ. ﻓﻲ ﺣﻴﻦ أن اﻟﻌﺪﻳﺪ ﻣﻦ اﻟﻘﻮاﻧﻴﻦ ﻣﻦ ﻋﻬﺪ اﻟﺒﺸﻴﺮ ﻻ ﺗﺰال ﺳﺎرﻳﺔ، ﻛﺎﻧﺖ ﻫﻨﺎك أﻳﻀًﺎ ﺗﺤﺴﻴﻨﺎت ﻣﻠﻤﻮﺳﺔ ﻋﲆ اﻟﺒﻨﻴﺔ اﻟﺘﺤﺘﻴﺔ اﻟﻘﺎﻧﻮﻧﻴﺔ ﻓﻲ اﻟﺴﻮدان ﻣﻨﺬ إﻗﺎﻟﺘﻪ. ﻟﺠﺄ ﻣﻮاﻃﻨﻮن ﻣﺴﺘﻘﻠﻮن إﱃ اﻟﻤﺤﺎﻛﻢ ﻟﻤﺤﺎرﺑﺔ ﻗﻄﻊ اﻹﻧﺘﺮﻧﺖ، ﻛﻤﺎ ﺗﺤﺪى اﻟﺼﺤﻔﻴﻮن ﻗﺎﻧﻮن اﻟﺼﺤﺎﻓﺔ واﻟﻤﻄﺒﻮﻋﺎت ﻹﻧﺸﺎء ﻧﻘﺎﺑﺔ إﻋﻼﻣﻴﺔ.

ﺷﻜﻞ ﺟﻬﺎز اﻷﻣﻦ واﻟﻤﺨﺎﺑﺮات اﻟﻮﻃﻨﻲ اﻟﺴﻮداﻧﻲ وﺣﺪة ﻟﻠﺠﻬﺎد اﻹﻟﻜﺘﺮوﻧﻲ ﻟﻤﺮاﻗﺒﺔ اﻟﻤﻌﺎرﺿﺔ ﻋﺒﺮ اﻹﻧﺘﺮﻧﺖ وﻧﺸﺮ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻤﻀﻠﻠﺔ. ﺧﻼل اﺣﺘﺠﺎﺟﺎت ٢٠١٩-٢٠١٨اﻟﺘﻲ أدت إﱃ اﻹﻃﺎﺣﺔ ﺑﺎﻟﺒﺸﻴﺮ، وﺻﻔﺖ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻤﻀﻠﻠﺔ اﻟﺪاﺧﻠﻴﺔ ﻟﻠﻨﻈﺎم اﻟﻤﺘﻈﺎﻫﺮﻳﻦ ﺑﺎﻟﻌﻨﻒ. وﺑﻌﺪ إﻗﺎﻟﺔ اﻟﺒﺸﻴﺮ، ﻋﻤﻠﺖ اﻟﺤﻤﻼت اﻟﺪاﺧﻠﻴﺔ ﻋﲆ اﻟﺘﺮوﻳﺞ ﻟﻠﺠﻬﺎز اﻟﻌﺴﻜﺮي واﺳﺘﻬﺪاف اﻟﺤﻜﻮﻣﺔ اﻻﻧﺘﻘﺎﻟﻴﺔ.

أﺷﺎر اﻟﻨﺸﻄﺎء اﻟﺬﻳﻦ ﺗﺤﺪﺛﻮا إﱃ ﻣﺆﻟﻔﻲ اﻟﺘﻘﺮﻳﺮ إﱃ أﻧﻬﻢ ﻛﺎﻧﻮا ﺣﺬرﻳﻦ ﻓﻲ اﻟﻤﻘﺎم اﻷول ﻣﻦ ﺗﻤﻜﻦ ﻋﻤﻼء اﻟﻤﺨﺎﺑﺮات ﻣﻦ ﺗﺤﺪﻳﺪ ﻫﻮﻳﺎﺗﻬﻢ ﺑﻌﺪ ﻣﺸﺎرﻛﺘﻬﻢ أدﻟﺔ ﻣﺸﺮوﻋﺔ ﻋﲆ اﻟﻌﻨﻒ اﻟﻤﺮﺗﻜﺐ ﺿﺪ اﻟﻤﺘﻈﺎﻫﺮﻳﻦ. ﻋﲆ اﻟﺮﻏﻢ ﻣﻦ اﻟﺨﻄﺮ، اﺳﺘﺨﺪم اﻟﻨﺸﻄﺎء Facebook Live ﻟﺒﺚ أدﻟﺔ ﻋﲆ وﺣﺸﻴﺔ اﻟﻨﻈﺎم وﺗﺄﻛﺪوا ﻣﻦ أﻻ ﻳﻤﻜﻦ ﺗﻜﺬﻳﺒﻬﺎ ﺑﺴﻬﻮﻟﺔ ﺑﺎدّﻋﺎء أﻧﻬﺎ ﻗﺪﻳﻤﺔ أو ﻣﺰﻳﻔﺔ ﻣﻦ ﺧﻼل ﺗﻀﻤﻴﻦ وذﻛﺮ وﻗﺖ وﺗﺎرﻳﺦ وﻣﻮﻗﻊ ﺣﻮادث ﻫﺬه اﻟﺠﺮاﺋﻢ ﻓﻲ ﻣﻨﺸﻮرات وﺳﺎﺋﻞ اﻟﺘﻮاﺻﻞ اﻻﺟﺘﻤﺎﻋﻲ.

ﻇﻬﺮ ﺷﻜﻞ ﻣﻬﻢ ﻣﻦ أﺷﻜﺎل اﻟﻤﻘﺎوﻣﺔ ﻋﺒﺮ اﻹﻧﺘﺮﻧﺖ ﻓﻲ ﻣﺠﻤﻮﻋﺎت ﻓﻴﺴﺒﻮك اﻟﻤﺨﺼﺼﺔ ﻟﻠﻨﺴﺎء ﻓﻘﻂ. ﻛﺎﻧﺖ ﻫﺬه اﻟﻤﺠﻤﻮﻋﺎت ﺗُﺴﺘﺨﺪم ﺳﺎﺑﻘًﺎ ﺑﻐﺮض اﻟﺘﻌﺮف ﻋﲆ اﻟﺮﺟﺎل اﻟﺨﺎﺋﻨﻴﻦ ﻟﺰوﺟﺎﺗﻬﻢ، ﺛﻢ ﺗﺤﻮﻟﺖ إﱃ ﻣﻨﺼﺎت ﺗﺤﻘﻴﻖ ﺗﻨﺸﺮ ﻓﻴﻬﺎ اﻟﻨﺴﺎء ﺻﻮرًا ﻟﻠﻤﺸﺘﺒﻬﻴﻦ ﺑﺄﻧﻬﻢ أﻋﻀﺎء ﺟﻬﺎز اﻷﻣﻦ ﻣﺮﺗﺪﻳﻦ ﻣﻼﺑﺴﺎً ﻣﺪﻧﻴﺔ وﻣﺘﻬﻤﻴﻦ ﺑﺈﺳﺎءة ﻣﻌﺎﻣﻠﺔ اﻟﻤﺘﻈﺎﻫﺮﻳﻦ. ﻛﺎﻧﺖ اﻟﻤﺠﻤﻮﻋﺎت ﻧﺎﺟﺤﺔ ﻟﻠﻐﺎﻳﺔ ﻓﻲ اﻟﻜﺸﻒ ﻋﻦ ﻣﻌﻠﻮﻣﺎت ﺷﺨﺼﻴﺔ ﻋﻦ ﺿﺒﺎط اﻟﻤﺨﺎﺑﺮات اﻟﺴﺮﻳﻴﻦ ﻟﺪرﺟﺔ أن اﻟﻌﺪﻳﺪ ﻣﻦ اﻟﻀﺒﺎط ﺑﺪأوا ﺑﺎرﺗﺪاء اﻷﻗﻨﻌﺔ ﻹﺧﻔﺎء ﻫﻮﻳﺎﺗﻬﻢ.

رﻛﺰت اﻟﻜﻴﺎﻧﺎت اﻷﺟﻨﺒﻴﺔ اﻟﺘﻲ ﺗﻨﻈﻢ ﺣﻤﻼت اﻟﺘﻀﻠﻴﻞ ﻓﻲ اﻟﻤﻘﺎم اﻷول ﻋﲆ ﺗﻌﺰﻳﺰ ﻋﻼﻗﺘﻬﺎ ﻣﻊ اﻟﺴﻮدان أو دﻓﻊ اﻟﺴﻴﺎﺳﺔ اﻟﺴﻮداﻧﻴﺔ ﺑﺎﻻﺗﺠﺎه اﻟﺬي ﻳﺨﺪم ﻣﺼﺎﻟﺤﻬﺎ. ﻗﺎم ﻳﻔﻐﻴﻨﻲ ﺑﺮﻳﻐﻮزﻳﻦ، اﻟﻤﺸﺮف ﻋﲆ ﺷﺮﻛﺔ ﻋﺴﻜﺮﻳﺔ روﺳﻴﺔ ﺧﺎﺻﺔ ﺗﺴﻤﻰ ﻣﺠﻤﻮﻋﺔ ﻓﺎﻏﻨﺮ، ﺑﺈﺧﺒﺎر اﻟﺒﺸﻴﺮ أن ﻳﻨﺸﺮ ﻣﻌﻠﻮﻣﺎت ﻣﻀﻠﻠﺔ ﺗﺼﻮر اﻟﻤﺘﻈﺎﻫﺮﻳﻦ ﻋﲆ أﻧﻬﻢ ﻋﻨﻴﻔﻮن، ﺑﻴﻨﻤﺎ رﻛﺰت اﻟﺤﻤﻼت اﻟﺮوﺳﻴﺔ ﻻﺣﻘًﺎ ﻋﲆ اﻟﺘﺮوﻳﺞ ﻟﻤﺼﺎﻟﺢ روﺳﻴﺎ اﻟﺨﺎﺻﺔ ﺣﻮل ﺑﻨﺎء ﻗﺎﻋﺪة ﺑﺤﺮﻳﺔ ﻓﻲ ﺑﻮرﺗﺴﻮدان. ﻛﻤﺎ أﻧﻔﻘﺖ ﺷﺮﻛﺎت اﻟﻌﻼﻗﺎت اﻟﻌﺎﻣﺔ ﻣﻦ دول اﻟﺨﻠﻴﺞ اﻟﺘﻲ ﻛﺎﻧﺖ داﻋﻤﺔ ﻟﻼﻧﻘﻼب اﻟﺬي أﻃﺎح ﺑﺎﻟﺒﺸﻴﺮ آﻻف اﻟﺪوﻻرات ﻋﲆ اﻟﺘﺮوﻳﺞ ﻟﻠﺠﻴﺶ، ذﻟﻚ ﻋﻨﺪﻣﺎ رأت اﻟﻔﺮص اﻟﻤﺤﺘﻤﻠﺔ ﻣﻦ ﺑﻨﺎء ﻋﻼﻗﺔ ﻣﻔﻴﺪة ﻣﻌﻪ.

ﻓﻲ ﻫﺬه اﻷﺛﻨﺎء، ﺷﻜّﻠﺖ اﻟﺸﺎﺋﻌﺎت اﻟﻤﻨﺘﺸﺮة ﻓﻲ ﻇﻞ اﻧﻘﻄﺎع اﻹﻧﺘﺮﻧﺖ ﺗﻬﺪﻳﺪًا ﻟﻠﻤﻨﻈﻤﺎت اﻟﺸﻌﺒﻴﺔ اﻟﺘﻲ ﺗﻜﺎﻓﺢ ﻣﻦ أﺟﻞ ﻣﺤﺎرﺑﺔ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻜﺎذﺑﺔ اﻟﺘﻲ ﻳﺘﻢ ﺗﻨﺎﻗﻠﻬﺎ ﺷﻔﻬﻴﺎً.

ﺗﺘﻤﻴﺰ ﺑﻴﺌﺔ اﻟﻤﻌﻠﻮﻣﺎت اﻟﻔﺮﻳﺪة ﻓﻲ اﻟﺴﻮدان ﺑﻤﺰﻳﺞ ﻳﺠﻤﻊ ﻧﻈﺎم إﻋﻼﻣﻲ ﻳﺤﺎول ﺑﻨﺎء ﺳﻤﻌﺔ ﺟﺪﻳﺮة ﺑﺎﻟﺜﻘﺔ ﺑﻌﺪ ﺳﻨﻮات ﻣﻦ اﻟﺮﻗﺎﺑﺔ، وﻧﻈﺎم ﻗﺎﻧﻮﻧﻲ ﻣﺼﻤﻢ ﻟﻠﺤﺪ ﻣﻦ ﻣﺴﺎﻋﻲ اﻟﻨﻈﺎم اﻹﻋﻼﻣﻲ ﺗﻠﻚ، ﺑﺎﻹﺿﺎﻓﺔ إﱃ ﺷﻌﺐ ﻳﺴﻌﻰ إﱃ زﻳﺎدة اﻟﺪﻳﻤﻘﺮاﻃﻴﺔ واﻟﺘﻤﺜﻴﻞ اﻟﺤﻜﻮﻣﻲ. ﻓﻲ ﺿﻮء اﻟﺼﺮاع اﻟﻤﺴﺘﻤﺮ، ﻻ ﻳﺰال اﻷﻓﻖ اﻟﻘﺮﻳﺐ ﻗﺎﺗﻤﺎ. وﻟﻜﻦ ﻋﲆ اﻟﻤﺪى اﻟﻄﻮﻳﻞ، ﻟﻦ ﺗﺘﻮﻓﺮ ﻧﻘﺎط اﻻﻧﻄﻼق اﻟﻼزﻣﺔ ﻟﺒﻨﺎء دﻳﻤﻘﺮاﻃﻴﺔ ﻣﺮﻧﺔ ﻓﻲ اﻟﺴﻮدان إﻻ ﻣﻦ ﺧﻼل ﺗﺤﻘﻴﻖ أﻛﺒﺮ ﻗﺪر ﻣﻦ اﻟﺸﻔﺎﻓﻴﺔ واﻟﻤﺴﺎءﻟﺔ ﺣﻮل اﻟﺘﺪﻓﻖ اﻟﺤﺮ ﻟﻠﻤﻌﻠﻮﻣﺎت ﺑﺎﻟﺘﺰاﻣﻦ ﻣﻊ وﻗﻒ اﻟﻌﻨﻒ.

Issue Brief

Aug 8, 2023

A US agenda for action in Sudan’s information environment

By Cameron Hudson

A brief on how the United States and Sudan can collaborate on combatting disinformation and building up the African nation’s democratic potential.

Africa Disinformation

Report launch

Online Event Tue, August 8, 2023 • 8:00 am ET

Democracy derailed: Sudan’s precarious information environment

The DFRLab hosts the launch of its newest report, Democracy Derailed: Sudan’s Precarious Information Environment. The report looks at the intricacies of Sudan’s information and media ecosystem between 2019 and 2022 in light of the current conflict.

Africa Digital Policy Disinformation East Africa

Online Event Tue, August 8, 2023 • 8:00 am ET

The post Sudan’s precarious information environment and the fight for democracy appeared first on Atlantic Council.

A US agenda for action in Sudan’s information environment

Cameron Hudson — Tue, 08 Aug 2023 04:00:00 +0000

These recommendations were compiled in the second half of 2022, well ahead of the start of the April 2023 violence. As such, they reflect the earlier reality of the pre-April time period.

DOWNLOAD PDF

Lessons learned for improving the timeliness and effectiveness of combatting disinformation and supporting civilian rule

There are few African countries that have received the same degree of high-level and sustained attention from the US government, during the administrations of both Donald Trump and Joe Biden, as the Republic of Sudan. While this engagement stems in large part from a long history of Washington leading diplomatic efforts to isolate the Sudanese government for its support for terrorism during the 1990s, advance the peace process in the country’s north-south civil war, and eventually punish the government for the Darfur genocide, Washington’s renewed diplomatic engagement at the time of Sudan’s 2018 popular uprising reflected a sense of opportunity that real change was potentially coming to the country.

The historic events during the spring and summer of 2019, beginning with longtime dictator Omar al-Bashir’s arrest and removal by senior army officers and the brokering of a civilian-military hybrid government, created both an opportunity and what many in Washington saw as an obligation to help Sudan’s transition succeed. After decades of economic sanctions and diplomatic isolation, the installation of a civilian-led government created the minimal condition that allowed Washington and Western allied governments to begin the task of providing a trusted local partner with the assistance to begin reforming the political system, stabilizing the economy, and transforming the armed forces that would eventually enable a full transition to democracy, one of the popular demands of the revolution.

By late 2019, during a historic visit to Washington by Sudan’s newly named prime minister, Abdallah Hamdok, the Trump administration announced a process to normalize diplomatic relations with Sudan through an exchange of ambassadors, among other steps. Privately, the Trump administration also set about the task of constructing an assistance package that would meet the moment and provide the technical, financial, and development assistance needed to demonstrate a true “democracy dividend” to the vast majority of average Sudanese who were by this time struggling under the weight of financial collapse brought on by the one-two punch of regime neglect and, soon, COVID-19 shutdowns.

Washington, however, was both ill-postured and slow to foresee the monumental political opening occurring in the early days of the revolution and then further delayed by an interlocking web of restrictions and prohibitions, some of them self-imposed and some imposed by the US Congress, that limited its ability to scale up resources in a timely manner. In addition to the challenges of having to undo more than twenty-five years of bureaucratic restrictions and red tape, Washington also needed to scale up its human resources inside Sudan that had largely dwindled over the years.

Many of those we spoke with both inside and outside the US government and on the ground in Sudan acknowledged that the speed of change in late 2018 and early 2019, leading to the April 2019 arrest and removal of al-Bashir from office, was so dizzying that Washington was forced into a “wait-and-see” approach. As such, it was more inclined to stand back and assess events as they unfolded and only act to prevent what many feared could result in a mass atrocity against civilian protesters instead of actually trying to shape an outcome that would more immediately deliver on the aims of the protesters. This posture was aided by the fact that the US government had no recent history of partners and programming around the kind of democracy and governance issues that were needed in the early days of the revolution. Nor was the US government postured to provide other forms of assistance owing to its own existing restrictions on the al-Bashir regime.

Many of these issues were exacerbated by the lack of an ambassador at post; the state sponsor of terrorism label that until December 14, 2020, still applied; and the personal restrictions imposed on US diplomats in Khartoum that meant critical positions were left unfilled at the time of the revolution, leaving them to be filled by an acting junior officer or those who did not have a deep understanding of the unique challenges in countries seeking to transition from autocracy to democracy. Illustrating the severity of this point, through the popular wave of protests until six months after a civilian government was installed in September 2019, the US government remained unable to initiate any new Democracy, Human Rights, and Governance (DRG) programming related to ongoing restrictions from the al-Bashir era, a lack of policy direction from Washington, and a dearth of programmatic staff in the field.

One observer noted in testimony to the US Senate in February 2022, “While assistance opportunities may have been limited in post-secession Sudan, there has not been adequate staffing up [of the embassy] since the 2019 revolution…. More personnel could be devoted to messaging and public affairs outreach, both in person in Sudan and on social media.”

This problem persisted until early 2020 when, after Hamdok’s visit to Washington in December 2019, US officials accelerated their efforts to shore up the new prime minister’s standing vis-à-vis the security services, which remained the dominant force in the country, while helping Hamdok deliver some early wins to his government that could be passed on to the Sudanese people. In fact, some of Washington’s caution was well-intended, if not well-founded, as it struggled to ensure that the civilian component was in fact functioning as an independent and responsible arm of the Sudanese government and was not operating under duress or influence of the military. In retrospect, however, that delay in programming ultimately provided Russia and other malign external influencers more time to cement their operational and influential roles with Sudan’s security services, giving the other powers an advantage in setting and controlling the narrative around the new government, as was only later evident.

Comfortable in the view that the West could work with the civilian government, by November 2019, the first assessment team from the US Agency for International Development’s (USAID’s) Office of Transition Initiatives (OTI) was on the ground in Sudan identifying needs and opportunities. According to its website, OTI “provides fast, flexible, short-term assistance targeted at key political transition and stabilization needs. Strategically designed for each unique situation, OTI has laid the foundation for long-term development by promoting reconciliation, supporting emerging independent media, and fostering peace and democracy through innovative programming. In countries transitioning from authoritarianism to democracy, from violence to peace, or following a fragile peace, OTI’s programs serve as catalysts for positive political change.” Starting with the OTI team’s arrival in February 2020, it would lead all US government programmatic activity around these areas, including the growing concern around disinformation.

During its time in Sudan, the OTI team took its programmatic direction from the prime minister’s office in the belief that, as the central reformist figure and symbol of the change brought about by the revolution, those around the prime minister would know how best to design and manage the technical resources that OTI provided. However, as one USAID employee said, echoing a point made by several colleagues in interviews, “our programming needed to be sensitive to the politics of the country, but the cabinet of technocrats were themselves not sensitive to the politics of their own country, especially the PM.” Themes quickly emerged as a large impediment to effective US programming and messaging, specifically those of government leaders being divorced from the politics and public opinions in Sudan and, therefore, unable to tailor messages to them or adequately respond to active disinformation campaigns led by the security services and their foreign backers.

Nearly six months after OTI’s engagement began, a United Kingdom-based contractor was engaged via a US contract to provide the prime minister’s office, as well as the US government, a window into the kinds of disinformation, public attitudes, and trending news items that were circulating on a daily basis across Sudanese social media networks. The project also aimed to identify which ministries and ministers were being particularly targeted with disinformation campaigns so that efforts could be made to counter those stories, prepare ministers to get ahead of trending news events, and empower individual social media influencers with accurate information for dissemination. Through the firm’s weekly social media monitoring reports and more frequent spot reports, civilian leaders and those inside the US Embassy with access to the reports had a real-time view as to which issues were trending among local social media users, a measure of evolving public attitudes toward those issues, and which local and foreign accounts were responsible for driving these narratives.

While these efforts to share and disseminate this “intelligence” were viewed inside of USAID as having mixed levels of success inside the prime minister’s office and with other ministries, depending on the quality of the people on the inside responsible for acting on and sharing these reports, it was nonetheless viewed as critical that these efforts and this contract transition to a wholly owned and operated program of the civilian government. By mid-2021, efforts were being made to create a disinformation unit inside of the Ministry of Information and Culture that would move the center of gravity on this issue away from the prime minister’s office, which was often inundated with reports and visitors and had difficulty making decisions in a timely way, to a central command center where information could be more effectively disseminated across the cabinet in a more timely manner and where policy questions could perhaps get a decision faster.

In talks with representatives of the British contractor, on many occasions civilian government officials were presented with data on manipulated content emanating from collections of accounts driven by, inter alia, pro-Islamist, pro-military, and pro-Hemedti accounts and given options that the contractor could pursue on the government’s behalf, including notifying Facebook to shut the accounts down and offering counter-messaging. [Gen. Mohamed Hamdan Dagalo, leader of the Rapid Support Forces (RSF) and commonly known as Hemedti, served as deputy chairman of the Transitional Military Council after al-Bashir’s ouster in 2019.] In many instances, “decision-making paralysis” often meant that timely decisions on fast-moving messaging issues went unaddressed. However, in one instance, the contractor was able to notify Facebook of the inauthentic behavior, prompting the platform to shut down more than one thousand accounts. Several months later, Facebook shut down an additional tranche of inauthentic accounts without prompting from the Sudanese or their contractor, suggesting to the contractor at least that Sudan had been “put on the map” for Facebook as a place of concern that they should continue to monitor. In response, however, one former OTI staffer noted that “shutting down Facebook accounts is great, but they keep churning out new ones. It only helps if it is in service of a larger strategy, which we didn’t have.”

Beyond these efforts, with the help of outside contractors, the government was able to train journalists, including citizen journalists, to identify misinformation and perform their own investigative work to push back against false narratives circulating about the civilian government. Contractors also compiled a list of the most influential social media voices in the country and worked with government officials to ensure those influencers were engaged with regularly to ensure they had access to accurate information and could promote it. These efforts also included financial support to a Sudanese-operated nongovernmental organization that actively fact-checked news reports and published deep-dive analyses behind military and foreign-backed disinformation campaigns. One policy request, not acted upon, was the creation of a network of “500 or more newly trained journalists who could sit inside the Ministry of Information and push out factual information, reasoning that if the Islamists and military had troll farms churning out fake news why couldn’t the government counter that with its own team pushing out real news?”What the government routinely failed to realize was that it had the power to defuse these narratives and their accounts if it only used the tools and took their contractor’s advice.

However, just as these nascent efforts were beginning to take hold, two simultaneous events derailed those efforts: the October 25, 2021, military coup in which Hamdok was detained and the civilian cabinet dissolved and the simultaneous internet shut down, which not only halted most of the information sharing but also limited pro-democracy groups’ ability to use online tools to organize and coordinate their activities. And since the US government programming came well after the internet shutdowns that defined the early days of the popular revolution, its efforts to empower online activism were immediately and completely undermined by the military’s renewed control over the internet after the coup.

According to several USAID employees at the US Embassy in Khartoum at the time, there was initially serious consideration and effort given to bringing in internet hardware from outside the country to create a parallel, albeit temporary, internet infrastructure that would get around the junta’s shutdown of the service. One former OTI official interviewed noted “there were three to four weeks of intense effort given to identify the technology, the resources, and the requirements of the system,” but that Washington ultimately decided that it would be too difficult to procure and to get into the country without being discovered.

But while some on the USAID side felt that the risk to reward was worth it, more conservative voices within the US Department of State worried that, if their efforts were discovered by the military, it could result in the expulsion of US diplomats and a worsening of the military’s response against protesters. The effort was ultimately abandoned with no other serious conversation beginning that could help to empower civilian protesters with virtual private networks (VPNs), burner phones—sometimes call “protest phones”—or other means of circumventing the junta’s control over private communications.

Indeed, as the internet controls became more widespread post-coup, resistance committees and others reverted to previous, decidedly low-tech communication and organization efforts, including the use of printed pamphlets and flyers or word-of-mouth organization. Here, too, there was little the United States or others could offer in the way of support to these efforts.

Recommendations

Washington was caught flat-footed in 2019 when al-Bashir was removed from office after nearly thirty years in power. No day-after plan existed for supporting a transition, nor had any efforts been foreseen to untie the hands of US policy so that the full diplomatic toolkit of rewards, incentives, and punitive measures could be deployed in a timely manner. This was as true in efforts to push back against online disinformation efforts as it was in providing technical assistance to ministries or direct financial and organizational support to pro-democracy organizations still on the frontlines. In the ten months from the fall of the National Congress Party regime to the first deployment of OTI advisers to Sudan, Russia and other malign actors demonstrated an ability to build relations, become operational, and begin to influence the media and political environment in favor of their allies in the security services. This left the United States and its Western allies playing an even bigger game of catch-up when their staffing was in place and when their programs were finally ready to be rolled out.

In watching the events in Sudan unfold through the revolution and speaking to Sudanese stakeholders and US government officials on the ground since that time, a number of important insights and recommendations, specifically around countering online influence from malicious actors, have emerged:

Invest in resources, strategies, and lessons learned for combatting disinformation. The United States needs a specific strategy for combatting disinformation. The United States has never had a strategy for pushing back against online content that is intended to weaken civilian and pro-democracy governance and empower security actors. Both Sudanese actors, working closely with the United States, along with US staff-level officers from across USAID variously described US efforts as “ad hoc,” “inconsistent,” and “haphazard,” in some cases responding to requests from the prime minister’s office and in some cases surmising what was needed. While one former OTI staffer noted that, while OTI was still “brand new to the communications and disinformation space, there must have been some case studies or resident knowledge somewhere in the US government that could have served as a kind of playbook.” Given the explosive growth in the use of disinformation and online authoritarianism and the shrinking of internet freedom in Sudan and across the region, the United States would be well-served to invest in further developing its expertise in this space, while at the same time conducting a lessons-learned process of what worked and what did not in Sudan and other analogous settings for future use.
Do not just detect misinformation, respond and combat it. The United States must make better use of the information that it collects about online disinformation and get it into the hands of those who need it in time to be useful. In particular, many in USAID noted that US diplomats did not know how to make use of the information and insights in the reports they were generating, viewing the information merely as “interesting data points” rather than intelligence that could better inform policy choices or programmatic efforts. One former OTI staffer sounded a similar note that “the products were useful and provided us with ongoing sentiment analysis of the protest movement, but we could never operationalize what we were learning.” Interviewees mentioned similar arguments regarding Sudan’s civilian government, which had difficulty deciding what it should do since acting on advice to shut down, for example, pro-Islamist accounts could have unleashed a backlash those officials could not foresee. In those cases, the United States would be well advised to consider its own ability to act in support of its allies in the civilian government and authorize action against inauthentic networks in a bid to “decontaminate the information space for the sake of civilian rule and democracy.”
Shine a light on disinformation. The United States should make public its findings and research on the information space in Sudan. While the training of journalists, promotion of media freedom, and advocacy around free speech is important, the speed at which fake accounts and fake news can be put up, taken down, and spread, to paraphrase Mark Twain, happens before the truth can put on its boots. Part of an offensive would be the more immediate and regular release of disinformation reporting that is being collected to shine a light on bad actors in real time. To a large extent, this requires treating that information not as intelligence, with a limited and tightly controlled distribution, but simply as public information. Creating a stand-alone website or dashboard or sharing that information in real time with a trusted Sudanese source for posting and dissemination would have compelled not just governments to act, but empowered civil society, including many young people, who might have made better use of the information.
Improve working relationships with Sudanese civil society. The United States needs to develop more effective ways of working with local civil society organizations. This holds true in regard to both US efforts in the counter-disinformation space and its entire engagement in support of pro-democracy forces throughout the revolution. It is clear that government-to-government ties and assistance relationships are the most natural and comfortable way for the United States to engage, but in circumstances like in Sudan, where civilian leaders were either too constrained or too paralyzed to act, empowering civil society actors must become a more available alternative. While some of that was accomplished through the sharing of disinformation reporting with local influencer and fact-checking organizations, more could have been done to creatively support their efforts to circumvent military shutdowns of the internet or the near continuous churn of new disinformation campaigns that actively sought to undermine civilian rule and the popular revolution.

Report

Aug 8, 2023

Sudan’s precarious information environment and the fight for democracy

By Tessa Knight, Lujain Alsedeg

An examination of the time from December 2018, when protests against then-president Omar al-Bashir first broke out, and December 2022, when a framework agreement between civilian and military leaders came into play.

Africa Civil Society

Report launch

Democracy derailed: Sudan’s precarious information environment

Africa Digital Policy Disinformation East Africa

Ukraine strikes critical bridge as Wagner trains Belarusian brigades

The post A US agenda for action in Sudan’s information environment appeared first on Atlantic Council.

Russian War Report: Drones target central Moscow skyscrapers

Digital Forensic Research Lab — Thu, 03 Aug 2023 20:34:27 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Wave of drone attacks target Moscow’s central business district

Media policy

TGStat restricts access to channel providing data on slain Russian soldiers

Ukraine strikes critical bridge as Wagner trains Belarusian brigades

Ukrainian armed forces announced on July 29 a successful attack on a railway bridge near Chonhar, along the M-18 Dzhankoi-Melitopol highway, which connects occupied Crimea with the occupied Kherson region. The bridge is a notable point along a critical ground line of communication for Russia.

Ukrainian officials circulated a photo purportedly documenting railway damage at one end of the bridge.

A photo of the Chonhar bridge after a Ukrainian strike on it on 29th July, 2023.

Ukrainian Armed Forces confirmed a strike on Chonhar bridge (one of the key elements in Russian military logistics in the South of Ukraine).

Russian media did not mention the strike at all.… pic.twitter.com/1cfi8JWpKB
— Anton Gerashchenko (@Gerashchenko_en) July 31, 2023

Satellite imagery before and after the attack appears to show damage in the same location.

https://twitter.com/EuromaidanPress/status/1686030017916989441

The Ukrainian army continued to launch counteroffensive attacks in northwest and southwest Bakhmut and in the eastern and western parts of Zaporizhzhia Oblast. Ukrainian Deputy Defense Minister Hanna Maliar announced on July 31 that Ukrainian forces took back two square kilometers of territory in the Bakhmut area over the past week, as well as twelve square kilometers in the direction of Berdyansk and Melitopol. Ukrainian troops reported forty combat engagements with Russian forces in Donetsk’s Mariinka, Pobjeda, and Staromaiorske, as well as east toward Berestove in Kharkiv and near Novoselivske in Luhansk. Ukrainian troops also claimed that they caught a Russian saboteur group attempting to enter the Chernihiv region, though this is not yet confirmed.

A drone attack on Russia’s Black Sea Fleet appears to have resulted in casualties, according to intercepted radio communications between Russian Ka-29 helicopters involved in an evacuation and coastal aviation services. The Russian defense ministry claimed to have successfully repelled three naval drones that targeted the patrol ships Sergey Kotov and Vasily Bykov. However, audio shared by the Telegram channel Babel purports that one person was killed and five injured. The DFRLab cannot independently verify the authenticity of the audio at this time.

Soldiers with Ukraine’s AREY Battalion, within the Territorial Defense Forces, spoke to CNN on August 1 about the tactical strategies Russia employs against Ukraine. They alleged that Russia often hides the bulk of its personnel in basements to avoid aerial reconnaissance. As a result, when attacking, Ukrainian forces may encounter an enemy many times larger than expected. In addition, the report claimed that Russian army commanders had adopted the Wagner tactic of taking prisoners to uncover Ukrainian firing positions.

Meanwhile, Belarusian Defense Minister Viktor Khrenin met with Iranian Defense Minister Mohammad Reza Ashtiani on July 31 in Tehran. The pair signed a memorandum of understanding and a military cooperation plan. In May, the government-affiliated Ukrainian National Resistance Center reported, citing unnamed Belarusian rebels, that Iran was considering opening a Shahed drone production plant in Belarus. This report has not been confirmed. Russia is actively using Shahed drones across Ukraine. On August 1, several groups of Shahed drones were reportedly launched from Russia’s Primorsko-Akhtarsk area toward Ukraine; around this time explosions were reported in Kherson.

Ukraine has begun producing RUBAKA kamikaze drones, which are expected to be deployed by Ukraine’s Main Directorate of Intelligence. The drones reportedly have a range of five hundred kilometers. Unlike Iran’s Shahed drones, RUBAKA drones will carry a smaller warhead and cost about $15,000 per unit. According to a report from the New York Times, Shahed drones cost about $20,000 per unit.

On August 1, Ukrainian Telegram channels claimed that five medical personnel were reportedly wounded in an attack on a Kherson hospital. In addition, one person was reportedly killed and another injured in an aerial attack on Pershotravneve, Kharkiv Oblast.

On July 30, the Belarusian Ministry of Defense announced that Wagner soldiers conducted company-level training with multiple Belarusian mechanized brigades. The Belarusian military usually conducts such exercises with Russian trainers. This could signal a new role for Wagner; the DFRLab will continue to monitor Wagner’s buildup in Belarus.

Ukrainian Presidential Chief-of-Staff Andriy Yermak stated on July 30 that Kyiv and Washington will begin consultations on providing Ukraine with “security guarantees.” Yermak said the guarantees would remain in place until Ukraine acquires NATO membership. US State Department Spokesperson Matthew Miller confirmed the consultations during a press briefing on July 31. “Those talks are going to kick off this week,” he stated.

Meanwhile, Ukrainian military intelligence spokesperson Andrii Cherniak alleged on July 30 that since the beginning of 2022, Russia had forcibly mobilized 55,000 to 60,000 men in the occupied territories of Ukraine. Cherniak told Radio Svoboda that Russian forces “caught people on the street…and forcibly took people away.” Cherniak’s claims have not been independently verified.

According to a Financial Times report, the United States has signed contracts with Bulgaria and South Korea to supply 155mm shells to Ukraine. The report stated that the US government has also financed additional ammunition production facilities in Texas and Canada. Bulgaria recently opened a plant to produce 155mm projectiles. Negotiations toward a similar agreement with Japan are currently under way.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Wave of drone attacks target Moscow’s central business district

Drone strikes in Moscow’s central business district on July 30 and August 1 targeted buildings housing government ministries. Moscow Mayor Sergei Sobyanin addressed the July 30 attack on his Telegram channel, reporting zero casualties. According to Russian independent outlet Meduza, one of three drones was intercepted by anti-air defense systems, causing it to crash into one of the OKO towers, a complex of two eighty-four-story skyscrapers built in 2015, damaging the facade on the first and fourth floor. The neighboring fifty-story IQ-Kvartal skyscraper had damaged windows on the sixth and fifth floors. Sobyanin identified the drones as Ukrainian in his Telegram post. Short of admitting responsibility, Adviser to the Head of the Office of President of Ukraine Mykhailo Podolyak tweeted about “[m]ore unidentified drones.”

#Moscow is rapidly getting used to a full-fledged war, which, in turn, will soon finally move to the territory of the "authors of the war" to collect all their debts… Everything that will happen in #Russia is an objective historical process. More unidentified drones, more…
— Михайло Подоляк (@Podolyak_M) August 1, 2023

Speaking with journalists, Russian government spokesperson Dmitry Peskov referred to the incidents as “terrorist attacks” and “desperate attacks amid failures.” The second comment is a possible reference to the frontline situation. Telegram channel SOTA posted social media pictures that allegedly show documents found near the damaged towers. SOTA’s Telegram post alleged the documents belong to the ministries of industry and commerce, economic development, and digital development and communications; the DFRLab has not verified the authenticity of the documents at this time. Russian outlet Astra shared footage on Telegram capturing the moment of impact at the OKO Tower. Astra also reported that windows shattered on the twenty-first floor, the location of Russia’s economic development office.

On the morning of August 1, another drone strike targeted Moscow’s business district. According to the Russian Ministry of Defense (MoD), one drone was allegedly “suppressed by means of electronic warfare, and having lost control, crashed on the territory of a complex of non-residential buildings in Moscow City.” The MoD also said it intercepted two drones over the Odintsovo and Naro-Fominsk districts in western Moscow Oblast.

Previously on July 24, a Russian MoD building was reportedly damaged in an earlier drone attack. The location was identified by Bellingcat investigator Christo Grozev as the potential headquarters of Fancy Bear, a hacker group aligned with Russia’s Main Intelligence Directorate (GRU). As cited by Meduza, quoting Russian outlet Novaya Gazeta, the struck building was previously mentioned in an US indictment as the home of military unit 26165, which allegedly has ties to Fancy Bear.

—Valentin Châtelet, research associate, Brussels, Belgium

TGStat restricts access to channel providing data on slain Russian soldiers

Telegram analysis tool TGStat has restricted access to the channel “Don’t wait for me FROM Ukraine,” also known by its handle @poisk_in_ua (“Search in Ukraine”). When searching for the channel, the TGStat platform now displays a pop-up message with a 403 access restricted error that says forbidden content was found on the channel. The channel frequently shared death announcements for Russian soldiers killed in Ukraine. It also reportedly posted data containing personal information and social media pictures of the deceased.

The DFRLab recently analyzed @poisk_in_ua’s posts about Russian fatalities to glean insights into the number of Russian soldiers killed in Ukraine. The channel made nearly 20,000 posts about slain Russian soldiers, an estimate that is consistent with figures cited by other outlets, including the BBC and independent Russian media outlet Mediazona.

In a piece posted in early July 2023, Meduza indicated that it had confirmed more than 47,000 fatalities using reports of inheritance notices published since February 2022.

—Valentin Châtelet, research associate, Brussels, Belgium

The post Russian War Report: Drones target central Moscow skyscrapers appeared first on Atlantic Council.

Chinese discourse power: Capabilities and impact

Kenton Thibaut — Wed, 02 Aug 2023 16:30:58 +0000

Download PDF

Executive summary

This report is part of the Digital Forensic Research Lab’s (DFRLab’s) “discourse power” series, which outlines the strategy, capabilities, impacts, and responses to China’s attempts to shape the global information environment. The series argues that China’s leaders believe the country can gain the geopolitical power necessary to establish itself as a world leader, to spread its norms and values, and to decenter US power in the international system by gaining “discourse power” (话语权). In concept, discourse power is a narrative agenda-setting ability focused on reshaping global governance, values, and norms to legitimize and facilitate the expression of state power.

Whereas the first report introduced China’s discourse power strategy, this second report examines its efforts to date. This report assesses this through a frame of “media convergence” (融媒体), a Chinese term that refers to the integration of internal and external Chinese Communist Party (CCP) propaganda, the online and offline channels for its dissemination, and the mechanisms of oversight on which communications systems rely.

More specifically, this report examines “media convergence” across three vectors: channel expansion, content innovation, and governance of technological infrastructure and digital connectivity.

The first vector, channel expansion, refers to creating or better leveraging delivery vehicles for China’s messaging across different media platforms. The aim is to expose a growing international audience to Chinese narratives and norms in the hopes of eroding the global “discourse dominance” of the West. This report examines this trend through both traditional and social media. As for traditional media, China has spent over $1.5 billion annually since 2008 on propaganda, with much of that going toward initiatives in the Global South. This is especially obvious in the strategies of China’s flagship news organization, Xinhua, which describes itself as “light cavalry” in China’s global public opinion war. Xinhua has described its media strategy as using a combination of “shipbuilding to go out to sea” and “borrowing a boat to go out to sea” (“造船出海”与”借船出海”相结合)—that is, building up China’s own capacity to effectively disseminate its message internationally, while using foreign social media platforms to disseminate propaganda. As part of these efforts, Xinhua has over the years greatly expanded its networks to now have the largest number of foreign correspondents of any news agency in the world. Other strategies include both coercing and incentivizing journalists abroad to engage in more favorable coverage of China.

Chinese state entities have greatly expanded their presence on social media as well. As of January 2021, Xinhua distributed on average seven thousand three hundred articles, photos, videos, and other media content in fifteen languages daily, garnering over 200 million overseas social media followers across various platforms (including Facebook, Twitter, and YouTube). Indeed, China-based Twitter account creation skyrocketed by over 6,000 percent over a period of just three months in 2017, following reports on the situation in Xinjiang in the Western press. At the same time, however, there is a balancing act that the party-state faces when seeking to portray China as a confident leader to global audiences while also being subject to popular nationalism and domestic discontent in its actions.

As an example, tensions between different bureaucratic departments belie the official sanctioning of the assertive “wolf warrior” style of coercive diplomacy. In some instances, it appears that different elements responsible for external messaging within the Chinese government have initially contradicted each other, sometimes going as far as refuting each other’s public statements, before consolidating around a single message. One such example occurred between the Central Propaganda Department and wolf warrior diplomat Zhao Lijian around the origins of the COVID-19 virus.

Self-censorship can be a nefarious side effect of the editorial pressures that Chinese state news agencies bring—not just in China’s favor but also for authoritarian governments with which it is aligned. With regard to China’s efforts in shaping public opinion, most studies have found that China’s messaging at a general level is not especially resonant with local audiences; however, some initial studies have shown that Chinese propaganda can be effective at persuading audiences that the “China model” is superior to that of democratic political systems in delivering growth and stability. On social media platforms, Chinese officials have often engaged in coordinated influence and information campaigns, including those spreading disinformation on the origin of the COVID-19 pandemic.

The second “prong” of China’s strategy of media convergence is content innovation, which includes tailoring content (and the narratives baked into it) in a way that best resonates with a particular audience, otherwise known as “precise communication” (精准传播). China sees access to public opinion data abroad as essential to enhancing its ability to tailor content. As the party secretary and president of the online arm of the CCP’s flagship People’s Daily stated in a 2022 address, the internet “houses a vast amount of…data and is able to accurately reflect social sentiments…. Using big data [analytics] and artificial intelligence (AI), the internet can be a tool for strengthening the Party’s leadership.” To this end, China recently launched four State Key Laboratories dedicated to using big data to better tailor content to specific audiences, as well as spread “positive energy” through digital and social media.

In addition to shaping content, another tactic is to obscure the fact that the content originates from Chinese state sources. This is a phenomenon known as “political native advertising,” in which Chinese state-run media organizations purchase space in news outlets abroad to publish state-sanctioned content “camouflaged” as neutral news articles. In a 2020 report, Freedom House highlighted that, especially in digital versions of local newspapers, “China Observer”—an English-language column produced by Chinese state media outlet China Daily—often goes unlabeled as being state sponsored.

Lastly, a related strategy involves China’s attempts to control local media environments via content-sharing agreements, which in some cases end up flooding local media environments with free or low-cost pro-CCP content. A huge part of this push is to countries within China’s Belt and Road Initiative (BRI), a majority of which are in the Global South.

The last frame for examining China’s digital discourse power strategy is governance. This includes ensuring China-sponsored standards, norms, and governance protocols in prioritized industries are widely adopted, especially in the Global South. China has, for instance, been active in shaping information and communications technologies standards in the International Telecommunication Union through a “flooding the zone” strategy in which all China-affiliated members, be they from academia, private industry, or government, vote as a bloc. This ensures that standards proposals from Chinese entities end up receiving the number of votes needed to be adopted by the standards-setting body.

These exchanges serve to spread Chinese cyber norms, such as “cyber sovereignty” (网络主权), which is China’s vision for internet governance that upholds a government’s sovereign right to control the internet within its borders. The party-state spreads this norm by advising governments on how to shape laws and policies to govern the technologies (often Chinese-provided, Chinese-standard-compliant) in their own societies. This process becomes a positive feedback loop, creating a degree of both technical and policy lock-in via China-provided technical infrastructure, the standards through which it operates, and know-how and data governance frameworks. At the same time, China leverages its media relationships to flood local environments with stories of the benefits of China’s investment in developing countries’ futures.

These relationships also allow China to gain access to vast data resources. One Chinese firm outlined in this report, Nebula, uses its big data and cloud computing technologies to obtain vast amounts of data related to international public opinion on news topics related to China. It uses a variety of analysis methods, including semantics and clustering, to understand public preferences and “evaluate the difference between this understanding and media expectations…helping Chinese media build top international discourse power and influence.” The Chinese state can then use this data to hone its messages further and enhance its censorship and propaganda apparatus. It can deploy these improved tools and technologies in banal ways, like helping the tourism bureau craft a compelling narrative of “Beautiful China.” However, it can also use Nebula’s sentiment data to help the People’s Liberation Army engage in more targeted information operations and psychological warfare campaigns against countries like Taiwan.

This report finds that, anecdotally, China’s efforts gain larger ground in countries where civic freedoms are already limited and where winning the support of a small coalition of political elites matters over winning public support. In the rather extreme case of Zimbabwe, China is openly and actively antagonizing and targeting journalists and civil society activists. These findings cast doubt on assessments of Chinese influence that look solely at public opinion data. Such research may miss the fact that in some domestic contexts, China sees elite capture as much more important than winning hearts and minds.

In short, China’s discourse power efforts are uneven. While the popularity of its state and traditional media lags behind that of Western countries, its efforts to shape the environments within media and information spaces are much more effective—and are in fact the focus of China’s discourse power strategy. China is creating an alternative order in the Global South, and any effort to make meaningful progress on technological governance will need to stem from an understanding of the ecosystem that China has created, the push and pull factors facing the countries that engage with it, and on clearly messaging what the advantages of a democratic approach to such issues offers to the global majority.

In-Depth Research & Reports Aug 24, 2022

Chinese discourse power: Ambitions and reality in the digital domain

By Kenton Thibaut

The CCP has embarked on a concerted strategy to gain control over the global digital and information environment. Its goal: create an alternative global order with China at its heart.

China Digital Policy

In-Depth Research & Reports Dec 17, 2020

Countering Chinese disinformation reports

By Digital Forensic Research Lab

A series of reports on countering Chinese disinformation campaigns around the globe from the Digital Forensic Research Lab and Asia Security Initiative, housed in the Scowcroft Center for Strategy and Security.

China Digital Policy

Report Apr 20, 2022

China’s discourse power operations in the Global South

By Kenton Thibaut

An overview of China’s discourse power activities in the Global South, including the regions of Sub-Saharan Africa, Latin America, and the Middle East. It outlines the processes through which China leverages its diplomatic, media, and political positions in these regions to gain influence, and assesses the impacts of these activities for democratic resilience worldwide.

Africa China

The post Chinese discourse power: Capabilities and impact appeared first on Atlantic Council.

Ukraine’s digital revolution is proving vital for the country’s war effort

Mykhailo Fedorov — Thu, 27 Jul 2023 19:47:05 +0000

What is it like living through the nightmare of war in the twenty-first century? For most people, this would conjure up images of devastated cities, collapsing economies, and a desperate rush for survival. However, Ukraine’s experience over the past year-and-a-half is proof that life can go on, even in the most challenging of circumstances. Despite suffering the horrors and trauma of Russia’s ongoing invasion, Ukrainians continue to open new businesses, get married, pay taxes, and apply for financial assistance from the state. This remarkable resilience has been possible in large part thanks to Ukraine’s digital revolution.

Digital tools like Uber and Booking have long since become part of our everyday lives, providing basic services with maximum convenience. Imagine if all your interactions with the state could be as efficient and unintrusive; imagine if you could pay taxes or register a business in a matter of seconds via your smartphone. In Ukraine, this is already reality.

Launched in September 2019, Ukraine’s Diia app is a core element of the country’s digital infrastructure that has dramatically enhanced Ukrainian society’s ability to withstand the Russian invasion. More than 19.2 million Ukrainians currently use Diia, which is installed on approximately 70% of the smartphones in the country. In regions of Ukraine under Russian occupation, it is often the only way for Ukrainians to receive assistance or access services provided by the Ukrainian government.

International audiences have already noticed the effectiveness of Diia. Estonia, which has long been a global leader in the field of digital government, is currently implementing a similar app based on Diia. Countries in Latin America and Africa are next in line to develop their own versions. This recognition for Ukraine’s innovative e-governance app should come as no surprise; after all, it has now proven itself in the toughest of wartime conditions.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Diia is not just a wartime success story, of course. In the almost four years since it was first launched, the app has managed to slowly but surely transform Ukrainian attitudes toward innovation while shaping perceptions regarding the role of digital technologies in daily life. Following the introduction of digital passport and driver’s license functions, Diia became a routine tool for millions of Ukrainians. The realities of the Russian invasion have now further embedded the app into the country’s everyday existence.

This familiarity has helped build growing levels of public trust in the digital state. Indeed, most Ukrainians have overcome any initial fears related to the pace of digitalization in the country and now openly embrace Ukraine’s digital revolution. People are no longer paranoid about the possibility of personal data leakages and have stopped worrying about how elderly relatives will cope with smartphone technologies.

It has also been some time since I last encountered by personal favorite: What will happen if the state has all my personal information? In reality, of course, the state has always had access to the information that is now digitally available via Diia. The only difference is users can finally access this information themselves in a highly convenient and transparent manner.

Eurasia Center events

Ukrainian attack damages Kerch Bridge

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Since 2019, Ukrainians have learned that digital tools can offer high levels of security in addition to efficiency. Indeed, security has always been at the heart of Ukraine’s digital transformation. A number of important decisions were made on the eve of Russia’s full-scale invasion that underlined this commitment to prioritizing the safety of users and their data, including steps to move the entire Diia infrastructure to cloud format.

We created our own in-house team of hackers to probe the Ukrainian government’s digital systems for weaknesses, and also worked with partners to engage hackers around world with the task of penetrating the Diia platform. They found no security vulnerabilities. Security has been further enhanced by the introduction of the Diia.Signature function, which provides an extra layer of protection for particularly sensitive e-services such as changing place of residence or registering a car.

One of the last remaining arguments against digitalization is the claim that an over-reliance on digital technologies will backfire in the event of restricted access to electricity or the internet. Ukrainians have now debunked this myth by maintaining high degrees of digital connectivity throughout the fall and winter months of the past year, despite the blackout conditions created by Russia’s large-scale bombing campaign against Ukraine’s civilian energy infrastructure. Businesses continued to operate and online services remained available as the nation adapted from October 2022 onward to the uncertainty of regular power cuts. Satellite internet, Starlink, and power generators all played crucial roles in this process, proving that digital solutions do not require perfect conditions in order to improve quality of life.

For the past eighteen months, Ukrainians have demonstrated that the digital state is both safe and convenient. They have done so in incredibly testing conditions amid the largest European war since World War II, which is also widely recognized as the world’s first full-scale cyberwar. This achievement should dispel any lingering doubts that governments across the world will all eventually go digital. As they embrace digitalization, other countries can look to Ukraine as a model and as a source of inspiration.

Mykhailo Fedorov is Ukraine’s Vice Prime Minister for Innovations and Development of Education, Science, and Technologies, and Minister of Digital Transformation.

Pakistan’s technology sector is a bright spot within a rather bleak economic outlook, but passing legislation like the current draft of the bill will only weaken the sector…

Another key recommendation from stakeholders in our April issue brief was that “policy must balance the need to regulate with avoiding the imposition of onerous compliance costs on the technology ecosystem.” This is especially true in the context of domestic technology companies, in particular those looking to scale and export their services, thereby helping earn scarce foreign exchange for Pakistan. The draft legislation ignores this recommendation as well, potentially increasing compliance costs and generating headwinds that will slow down the growth of the country’s burgeoning technology sector.

Some of the specific concerns voiced by stakeholders whom I have spoken with around the latest draft of the legislation revolve around broad definitions for categories of data, including critical and sensitive personal data. In addition, the scope and applicability of the legislation has also raised concerns, and the requirements for cross-border data flows and data localization are expected to create significant challenges for the technology ecosystem. Finally, the composition and powers of the National Commission for Personal Data Protection has also raised eyebrows.

Commenting on Section 32 of the draft legislation, which provides for mandatory access to “sensitive personal data” by the Government of Pakistan, the US Chamber of Commerce wrote that the “requirement is inconsistent with the Government of Pakistan’s goal of protecting the personal data of individuals and guaranteeing their fundamental right to privacy under Article 14 of the Constitution of Pakistan.” In addition, including this section is likely to “lead to the conclusion under global privacy law norms that the [Personal Data Protection Bill] is not adequate and therefore likely to hamper data transfers into Pakistan.”

Data localization requirements are also expected to create challenges for both domestic and international technology companies operating in Pakistan. Jeff Paine, managing director of the Asia Internet Coalition, stated on July 26 that this requirement “will limit Pakistanis’ access to many global digital services.” In addition, Paine stated that the legislation “creates unnecessary complexities that will increase the cost of doing business and dampen foreign investment.”

Stakeholders have long agreed that legislation and regulation governing the technology ecosystem in Pakistan is necessary. The current draft legislation, however, falls significantly short of stakeholders’ expectations.

Pakistan’s technology sector is a bright spot within a rather bleak economic outlook, but passing legislation like the current draft of the bill will only weaken the sector—and, by extension, the broader economy. Lawmakers ought to reconsider their plans to approve this legislation and, instead, hit the pause button. Then, they should seek to address pressing concerns and make necessary amendments to this draft in an inclusive and transparent manner. Such a process will ensure that once elections are held in Pakistan in the coming months, a new government can debate and pass legislation that has the buy-in of key stakeholders, especially those from within the country’s technology ecosystem.

Uzair Younus is the director of the Pakistan Initiative at the Atlantic Council’s South Asia Center.

The post Pakistan needs to press pause on its data overhaul appeared first on Atlantic Council.

Russian War Report: Wagner is still in business in Africa

Digital Forensic Research Lab — Thu, 20 Jul 2023 20:22:35 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Wagner moves soldiers to Belarus following apparent disbandment in Russia

Wagner vehicle columns are seen driving from Voronezh to Belarus

Tracking narratives

Russian officials and state media change their tune about the Kerch Bridge attack after Kremlin announces terror investigation

Media policy

FSB colonel alleged to be behind popular Telegram channel detained for extortion

International response

Wagner continues to advertise its services in Africa

Wagner troops arrive in Central African Republic ahead of critical referendum

Lavrov to replace Putin at BRICS summit

Ukrainian attack damages Kerch Bridge

Russia accused Ukraine of conducting a drone strike against the Kerch Strait Bridge on July 17. The bridge, also known as the Crimean Bridge, connects Ukraine’s Crimean Peninsula with Russia’s Krasnodar region. The bridge is used for civilian movement and as an essential logistical route for the Russian army.

Explosions were reported at around 3:00 a.m. local time. Footage of the aftermath indicates that a span of the bridge’s road had collapsed while another suffered damage but remained intact. Traffic reportedly resumed several hours after the explosion, but in the interim, occupation authorities asked civilians to consider alternate evacuation routes. Russian Telegram channels reported extensive traffic jams in Crimea’s Dzhankoi area and in the occupied Kherson region towards Melitopol.

Ukraine defense intelligence spokesperson Andrii Yusov told Suspilne News that damage to the bridge could create logistical difficulties for Russian forces, but said Kyiv would not comment on the cause of the explosion. CNN, citing a source in the Security Service of Ukraine (SBU), reported that the attack on the bridge was a joint operation of the SBU and Ukrainian naval forces. Ukrainian media outlet LIGA also reported that the SBU and Ukrainian naval forces were responsible for the attack, citing sources in the SBU. LIGA also noted that the strike was likely conducted with surface drones. The SBU said that information about the incident would only be revealed once the war ended. Some Russian military bloggers, including former Russian officer and pro-war nationalist Igor Girkin, stated that Russian authorities had focused too heavily on road security and not enough on maritime security. Alexander Kots, another prominent blogger and Kremlin-appointed Russian Human Rights Council member, also blamed Russian authorities for focusing too much on land security.

Natalia Humeniuk, a spokesperson for Ukraine’s Southern Operational Command, speculated without evidence that the attack may have been a provocation by Russia amid talks on prolonging the Black Sea Grain Initiative. The grain deal, brokered by Turkey and the United Nations in July 2022, has been essential for stemming a global surge in food prices. The agreement, necessitated after the Russian navy blocked all Ukrainian ports, permits Ukraine to export products. It has has been prolonged several times, with the last extension expiring on July 17. The Kremlin announced on July 17 that it had suspended its participation in the initiative but claimed that the decision was unrelated to the bridge attack.

Meanwhile, about twenty-four hours after the attack on the Kerch Bridge, explosions were heard in Odesa in southern Ukraine. Unconfirmed reports claimed the explosions were a response from Russia. The attack on Odesa continued for a second night on July 19, described by Ukrainian officials as “hellish.” Odesa is an essential port for Ukrainian exports and was allowed to remain open under the conditions of the grain deal.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Wagner moves soldiers to Belarus following apparent disbandment in Russia

The Wagner Group appears to have disbanded its operations in Russia and relocated to Belarus, according to footage reviewed by the DFRLab documenting the movements of Wagner military columns in the days following the mutiny through July 18. Additionally, satellite imagery captured the entry of troops and equipment at the Tsel military camp, located near the Belarusian town of Asipovichy.

On July 17, a video shared on Telegram depicted Wagner soldiers taking down the Russian flag and the Wagner flag at the group’s original military base in Molkino, Krasnodar Krai, Russia. In another video published on July 19, Prigozhin addressed Wagner fighters as they left the Molkino base, describing the situation on the front as “a shame.” In addition, he declared that the group is relocating to Belarus and will focus on its activities in Africa. For the time being, he said, Wagner soldiers are no longer participating in Russia’s special military operation in Ukraine, although they “will perhaps return to the special military operation at the moment when [they] are sure [they] will not be forced to shame ourselves.”

Russian "military correspondent" published a video of the flags taken down in a Wagner PMC camp in Molkino, Ryazan region.

The base is now officially closed. pic.twitter.com/d3tqVXzqr0
— Anton Gerashchenko (@Gerashchenko_en) July 17, 2023

Shortly after the mutiny ended, Russian authorities conducted raids on Wagner’s accounting divisions in Saint Petersburg, according to information purportedly shared by the wives and mothers of Wagner fighters in an online forum. Additional raids took place on Prigozhin’s residence. The movements of Prigozhin’s private jet also indicate frequent travel to Belarus over the past three weeks.

An investigation by Belarusian opposition media outlet Motolko.help revealed a photograph of a man resembling Prigozhin in his undergarments allegedly at the Tsel military base, where he reportedly spent the night on July 12. According to flight data posted on the online portal Radarbox, Prigozhin’s personal Embraer Legacy 600 jet, registration number RA-02795, completed four round-trip flights between Belarus’ Machulishchy air base and Russia.

Radar imagery acquired on July 17 also shows the tents where Wagner fighters appear to be housed and several places for vehicles parked inside the military base.

SAR imagery of Tsel military camp in Belarus, taken on July 17, 2023. (Source: DFRLab via Capella Space)

—Valentin Châtelet, research associate, Brussels, Belgium

Wagner vehicle columns are seen driving from Voronezh to Belarus

On July 16, several videos emerged on Telegram documenting Wagner vehicles departing Voronezh Oblast along Russia’s M-4 Don highway. Utilizing social media footage, the DFRLab determined the location of the vehicles and identified forty registration plates. At least two-thirds of these vehicles displayed military registration plates from the self-proclaimed Donetsk and Luhansk People’s Republic. However, the Belarusian monitoring project Belaruski Hajun reported that many other vehicles used tape to cover their registration plates.

The columns are composed of various buses and trucks, of which only a few could transfer construction equipment. Most of the convoys consist of UAZ Patriot pickup trucks, Ural vans, and Lada cars. No heavy military equipment was observed at the time of writing.

Screenshots show a UAZ Patriot pickup truck (top) and a Mitsubishi pickup truck (bottom) bearing military registration plates from the Luhansk People’s Republic. A police car escorted the trucks one hundred kilometers south of Voronezh on July 14, 2023. (Source: Telegram/archive)

Another video shared on the Russian Telegram channel VChK-OPGU revealed a Wagner convoy of soldiers entering Belarusian territory. According to a post by Belaruski Hajun, at least sixty vehicles entered Belarus through Mogilev Oblast in the early hours of June 15 using the R-43 and M-5 roads. A photograph on Telegram showed the Russian and Wagner Group flags flying at a border outpost.

According to Belaruski Hajun, since July 14, nine distinct military convoys have entered Belarusian territory. They are likely located at the Tsel military camp near Asipovichy. The camp is home to military unit 61732 and was previously identified by Verstka Media as a potential site to accommodate Wagner soldiers. Further, the Belarusian military TV channel VoyenTV posted a video on July 14 showing Wagner soldiers arriving in Belarus and training local forces. According to updated estimates from Belaruski Hajun, as many as 2,500 Wagner members may have relocated to the Tsel military camp since last week.

—Valentin Châtelet, research associate, Brussels, Belgium

Russian officials and state media change their tune about the Kerch Bridge attack after Kremlin announces terror investigation

In the immediate aftermath of the July 17 attack on the Kerch Bridge, Russian officials and state media were relatively mild in their initial language addressing the incident, referring to it as an “emergency.” However, once Kremlin agencies began referring to the attack as a “terror act,” state media and officials began changing their language to follow the Kremlin.

“Traffic was stopped on the Crimean bridge: an emergency occurred in the area of the 145th support from the Krasnodar territory,” Sergei Aksenov, the Russian-installed head of occupied Crimea, wrote on his Telegram channel at 4:21 a.m. local time. Notably, Aksenov did not use the words “explosion,” “attack,” or “terror” to describe the destruction of the bridge. Two subsequent posts, made at 5:03 a.m. and 6:59 a.m., also avoided these terms. It wasn’t until 1:51 p.m. that Aksenov used the phrase “terror act” to describe the attack.

In between Aksenov’s posts, Russia’s National Antiterrorism Committee reported at 10:04 a.m. that they had assessed the Kerch Bridge explosion as a “terror act,” according to Kremlin-owned news agency TASS. Several minutes later at 10:07 a.m., Russia’s Investigative Committee announced that it would open a criminal case investigating the “terror act” on the Kerch Bridge.

Several Kremlin-owned Russian media outlets, including RIA Novosti and TASS, also used the term “emergency” (“чрезвычайное прошествие” or ЧП) to first describe the bridge explosion before later pivoting to using “terror act.” Neither outlet referred to the destruction of the Kerch Bridge as a “terror act” prior to the official announcements from the Investigative Committee and Antiterrorism Committee. In the case of RIA Novosti, they published a story using the word “emergency” in the headline at 11:41 a.m., more than ninety minutes after the terror investigation announcement, while TASS used the term as late as 7:31 p.m., even though it had already published a report on the investigation. Similarly, many other Kremlin-controlled media outlets, like Komsomolskaya Pravda, Gazeta.ru, RBC, Lenta.ru, and Izvestiya used both “emergency” and “terror act” in their publications throughout the day interchangeably.

—Nika Aleksejeva, resident fellow, Riga, Latvia

FSB colonel alleged to be behind popular Telegram channel detained for extortion

According to Russian media outlet RBC, former Federal Security Service (FSB) Colonel Mikhail Polyakov, the purported administrator of the Telegram channel Kremlevskaya Prachka (“Kremlin Laundress”), was detained for suspected extortion. The press office for the Moscow court released a statement that said Polyakov is “suspected of extorting 40 million rubles [around $440,000] from JSC Lanit, the leader of the Russian industry of information technology.”

“According to the prosecution, from 2020 to 2023, Polyakov received a large sum of money from a group of IT companies for not publishing information (the so-called ‘negative block’) that could cause significant harm to the rights and legitimate interests of Lanit JSC and the management of Lanit JSC,” the Moscow court continued. The “negative block” is a guarantee that a channel will not mention a particular person or a company in a negative light in exchange for money; this is reportedly a popular practice among Russian Telegram channels.

The independent Russian media outlet Vazhnyye Istorii (“Important Stories”), citing a source close to Russian intelligence services, reported that Polyakov was behind the Kremlevskaya Prachka Telegram channel. According to the outlet, Polyakov supervised an unnamed service at the FSB’s Office for the Protection of the Constitutional Order. In addition, he reportedly oversaw pro-government Telegram channels and was engaged in promoting the Kremlin’s agenda via media and social networks. According to Important Stories, he worked in coordination with Vladimir Putin’s deputy chief of staff, Sergey Kiriyenko.

Important Stories noted that the Telegram channel 112 also named Polyakov as Kremlevskaya Prachka’s administrator, along with the Telegram channels Siloviki, Nezigar, and Brief, which are not as staunchly pro-govern cited by Kremlin propagandists and proxies.

Kremlevskaya Prachka has not posted since the evening of July 13, corresponding with the reported detainment of Polyakov.

—Eto Buziashvili, research associate, Tbilisi, Georgia

Wagner continues to advertise its services in Africa

On July 16, the Wagner-affiliated Telegram channel REVERSE SIDE OF THE MEDAL posted an advertisement offering Wagner’s services to African states. The post included an image from the Prigozhin-funded film, Granite, as well as an email address, seemingly for interested African countries to communicate with Wagner.

In French, the advertisement reads: “PMC Wagner offers its services to ensure the sovereignty of states and protect the people of African from militants and terrorists.” The fine print emphasizes that “various forms of cooperation are possible,” as long as the cooperation does not “contradict Russia’s interests.” Russia’s interests are not specified.

While the Telegram channel claimed the advertisement was replicated on African social media channels, the DFRLab has not found additional evidence to support this claim.

Wagner-affiliated Telegram channel shared an advertisement for Wagner’s services in Africa, claiming it was widely circulated on the continent. (Source: rsotmdivision)

—Tessa Knight, research associate, London, United Kingdom

Wagner troops arrive in Central African Republic ahead of critical referendum

Alexander Ivanov, director of the Officer’s Union for International Security (COSI), released a statement on COSI’s Telegram channel regarding the recent arrival of dozens of Wagner operatives in Central African Republic. According to US authorities, COSI is a front company for the Wagner Group in Central African Republic.

In the statement, Ivanov confirmed the Wagner troop rotation while stressing that the new personnel have no contract with Russia’s Ministry of Defense. He reiterated that both in CAR and across the continent, “security work is carried out by private companies that enter into contracts directly with the governments of sovereign states,” and that these private companies have nothing to do with official Russian state entities. Ivanov also indicated that this staff rotation should not impact the activities of Russia in Ukraine, and he claimed to have been in contact with Yevgeny Prigozhin.

Notably, Ivanov stated that despite the recent changes in the structure of Wagner’s “African business,” Prigozhin “intends not to curtail, but to expand his presence in Africa.” This is somehow consistent with what some analysts are observing: Wagner appears to be trying to expand its presence in West African coastal states increasingly threatened by a spillover of the jihadist insurgency from the Sahel, or possibly taking advantage of upcoming elections in several fragile African countries.

Although Ivanov has often remarked on Wagner activities in CAR and Africa in the past, this statement, coupled with other recent comments, suggest that the COSI director might be now exercising a wider role as spokesman for all Wagner activity in Africa, as Wagner reorganizes its structure in the wake of last month’s failed mutiny.

The statement comes as a U-turn in recent communications over Wagner’s presence in CAR. In past weeks both CAR and Russian officials stated that the African republic had an agreement with Russia and not with a private military company. Ivanov seems to be returning to earlier narratives in which Wagner claimed that the CAR government signed an agreement with the PMC and not the Russian government. This narrative seems to confirm DFRLab reporting in the June 30 edition of the Russian War Report, in which we noted that denying direct links to Wagner’s actions in Africa has become more difficult for the Kremlin after recent events damaged the principle of plausible deniability, which had previously been a key aspect of Wagner’s success in Africa. However, Russia does not want to waste the network of influence built by its state proxy forces and is now attempting to reorganize, rebrand and develop a new narrative around Wagner and the Kremlin’s ability to conduct hybrid warfare.

The arrival of dozens of troops from Russia’s Wagner in CAR comes at a critical time as the country prepares to hold a constitutional referendum on July 30 that would eliminate presidential term limits and allow President Faustin-Archange Touadéra to extend his term. The CAR government stated earlier this month that Wagner operatives will help in securing the referendum. This could be seen as a strong signal from Moscow to reiterate the strategic importance of its influence in CAR and reassure local partners of its continued support, while sending a message of continuity and strength to other countries in the region where Wagner operates.

—Mattia Caniglia, associate director, Brussels, Belgium

Lavrov to replace Putin at BRICS summit

The Office of South Africa’s Presidency announced on July 19 that Russian Foreign Minister Sergey Lavrov would replace President Vladimir Putin at the upcoming Summit of BRICS Nations (Brazil, Russia, India, China and South Africa) “by mutual agreement.”

In Russian media, pro-Kremlin and opposition news outlets alike posted articles claiming that Russia had refused South Africa’s proposal to send Lavrov as head of the country’s delegation on July 14. Quoting an interview with South Africa’s deputy president, the Russian pro-Kremlin news outlet RTVI suggested that “negotiations are still ongoing.”

Putin is wanted by the International Criminal Court (ICC) for alleged war crimes committed during Russia’s war in Ukraine. A warrant for the arrest of both the Russian president and Presidential Commissioner for Children’s Rights Maria Lvova-Belova alleges that they were involved in organizing and participating in the deportation of Ukrainian children. As a signatory to the Rome Statute, which established the ICC, South Africa would have been obligated to arrest Putin had he attended the BRICS Summit in August.

South Africa’s largest opposition party, the Democratic Alliance, took to court in a petition to force the government to arrest Putin if he did attend. In a responding affidavit, South African President Cyril Ramaphosa stated that Russia would view South Africa arresting Putin as a “declaration of war.”

The Kremlin denied claims that Moscow had threatened South African authorities. However, Kremlin spokesperson Dmitry Peskov said on July 19 that “it is clear to everyone in the world what an attempt to encroach on the head of the Russian Federation means.”

—Tessa Knight, Research Associate, London, United Kingdom and Valentin Châtelet, Research Associate, Brussels, Belgium

The post Russian War Report: Wagner is still in business in Africa appeared first on Atlantic Council.

Russian War Report: Russian conspiracy alleges false flag at Zaporizhzhia nuclear plant

Digital Forensic Research Lab — Fri, 07 Jul 2023 18:02:29 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Russian missile strike in Lviv kills ten civilians, injures dozens

Tracking narratives

New narrative accuses US and Ukraine of planning false flag attack on Zaporizhzhia nuclear power plant

Media policy

Former employees share details about Prigozhin’s media group and troll farms

Kremlin-owned RT offers jobs to former employees of Prigozhin’s troll factory

Russian missile strike in Lviv kills ten civilians, injures dozens

At least ten people were killed and thirty-seven injured in Russia’s July 6 attack on Lviv, in western Ukraine. Regional Governor Maksym Kozytskyy said that a Russian missile struck a residential building in the city, destroying more than fifty apartments.

Meanwhile, Russian forces continue to launch offensive actions in Donetsk and Luhansk oblasts. Ukrainian forces reported thirty-eight combat engagements against Russian troops near Novoselivske, Novohryhorivka, Berkhivka, Bohdanivka, Bakhmut, Avdiivka, and Marinka. In the direction of Lyman, Russian forces shelled Nevske, Bilohorivka, Torske, Verkhnokamyanske, and Rozdolivka in Donetsk. Russian aviation conducted an airstrike in Bilohorivka. Russia also attacked villages in Zaporizhzhia and Kherson oblasts, including Levadne, Olhivske, Malynivka, Huliaipole, and Bilohirka. On July 6, Russian troops shelled Chervonohryhorivka and Nikopol, damaging civilian infrastructure.

On July 5, reports from Russian military bloggers suggested that Ukrainian forces had advanced southwest of Berkhivka, west of Yahidne, and southwest of Bakhmut. The Ukrainian army said it conducted offensive operations south and north of Bakhmut and is moving on Bakhmut’s southern flank. The Russian Ministry of Defense claimed that the Ukrainian army conducted offensive operations near Lyman, Bakhmut, along the Avdiivka front, on the border between Zaporizhzhia and Donetsk, and in western Zaporizhzhia.

The Ukrainian army appears to have launched a coordinated attack on Russian army logistical and communications hubs. On July 4, Ukrainian forces reportedly struck an ammunition depot in occupied Makiivka, Donetsk. Russian sources claimed without evidence that Ukraine had struck a hospital. Former Russian army commander Igor Strelkov, also known as Igor Girkin, said the attack demonstrates how Ukraine regularly launches missile strikes against Russian rear targets. Other unconfirmed reports from July 5 indicate Ukraine may have struck Russian positions near Debaltseve. Russian sources claimed that Ukrainian forces hit Russian positions near Yakymivka in the Melitopol area and attempted to strike Berdyansk in the Zaporizhzhia region.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

New narrative accuses US and Ukraine of planning false flag attack on Zaporizhzhia nuclear power plant

Ahead of next week’s NATO Summit in Vilnius, Lithuania, allegations that the United States and Ukraine will launch a false flag operation on the Zaporizhzhia nuclear power plant are spreading on various platforms, including Twitter, 4chan, and Instagram. The allegations seemingly aim to create panic and, in the event of a future attack on the plant, establish a narrative the West and Ukraine are to blame.

On July 3, a post appeared on 4chan from an anonymous user who introduced himself as a US Marine Corps veteran now working for the government in electronic espionage. The user claimed that the Ukrainian and US governments are working together to bomb the Zaporizhzhia power plant. According to the conspiracy theory, after the false flag operation, the United States will be able to use “nuclear warheads” against Russia. At the time of writing, the post had been deleted from 4chan. However, similar posts remain on the platform.

Screencap of an anonymous 4chan post claiming the US and Ukraine are planning a false flag attack. (Source: 4chan)

However, the false flag claims did not originate on 4chan. Russian Twitter accounts posted similar claims building the false flag narrative. After the 4chan post, the claim circulated again on Twitter.

A similar narrative was also shared by Renat Karchaa, an adviser to Rosenergoatom, a subsidiary of the Russian state nuclear agency Rosatom. Karchaa claimed on Russian state television channel Russia-24 that on the night of July 5, the Ukrainian army would attempt an attack on the Zaporizhzhia plant. Without evidence, he accused the United States and the West of planning a false flag incident to damage Russia’s reputation. The claims were further amplified by Russian state media outlets.

The allegations escalated on social media after July 4, when Ukrainian President Volodymyr Zelenskyy repeated Ukraine’s concerns about the status of the nuclear power plant. In an address, Zelenskyy restated that Russia plans to attack the plant and that Russian troops have placed explosive-like objects on the building’s roof. In June, Ukrainian military intelligence made similar claims when it reported that the plant’s cooling pond had been mined by Russian troops.

On July 5, the International Atomic Energy Agency (IAEA) said that it was aware of reports that mines and other explosives had been placed around the plant. The IAEA said their experts inspected parts of the facility and did not observe any visible indications of mines or explosives. IAEA Director General Rafael Mariano Grossi added, “The IAEA experts requested additional access that is necessary to confirm the absence of mines or explosives at the site.” On July 7, the IAEA announced that Russia had granted its experts further access, “without – so far – observing any visible indications of mines or explosives.”

—Sayyara Mammadova, research assistant, Warsaw, Poland

Former employees share details about Prigozhin’s media group and troll farms

Several independent Russian media outlets published stories this week interviewing former employees of Yevgeny Prigozhin’s Patriot Media Group, which dissolved on June 30.

In a video published on Telegram, Yevgeny Zubarev, director of Patriot Media Group’s RIA FAN, said the goal was to “work against the opposition, such as Alexei Navalny and others who wanted to destroy our country.” Zubarev confirmed key details previously reported by independent Russian journalists at Novaya Gazeta in 2013 and the now-Kremlin-controlled RBC in 2017 about the existence of paid commentators and the creation of Prigozhin-affiliated media outlets. Zubarev added that, after Russian President Vladimir Putin’s 2018 re-election, the group hired “foreign affairs observers.” The timing corresponds with attempts by Prigozhin’s Internet Research Agency to meddle in the 2020 US presidential election.

Further, independent Russian media outlets Sever.Realii, Bumaga, and Novaya Gazeta interviewed former employees of Prigozhin’s media group. Speaking on the condition of anonymity, the former employees confirmed that Prigozhin’s “troll factory” and “media factory” conducted coordinated information attacks on opposition leaders, published fabricated or purchased news “exclusives,” praised Putin, and deliberately ignored particular individuals who criticized Wagner Group. Bumaga and Sever.Realii described a smear campaign against Saint Petersburg Governor Alexander Beglov. In 2019, Prigozhin’s media group supported and promoted Beglov, but in 2021, Prigozhin reportedly launched a smear campaign, as Beglov allegedly prevented him from developing a waste collection business in the city. Novaya Gazeta’s report also provided evidence that Prigozhin’s troll farm activities extended beyond Russia, with employees portraying skinheads and fascists in the Baltic region, specifically in Lithuania.

In recent years, additional revelations about Prigozhin’s media group have come to light. For example, Bumaga reported that prospective hires had to pass a “lie detector test” in which “security service specialists” asked candidates about their attitudes toward the opposition and Alexei Navalny in particular. Once hired, employees were closely surveilled. One former employee Bumaga interviewed characterized the atmosphere as being in a “closed military company.” Both Bumaga and Novaya Gazeta’s interviewees said that most of the employees did not believe in the mission. In one example, an employee left after refusing to launch a smear campaign against Ivan Golunov, a journalist at the independent news outlet Meduza who was detained in 2019 under false pretenses. Bumaga, citing an unnamed former employee, also reported that at one point an employee had hacked the system, erased a database, and fled to Poland. The same interviewee claimed they employed two Telegram administrators who also administered pro-Ukraine channels.

—Nika Aleksejeva, resident fellow, Riga, Latvia

Kremlin-owned RT offers jobs to former employees of Prigozhin’s troll factory

RT Editor-in-Chief Margarita Simonyan offered to hire employees of Yevgeny Prigozhin’s Patriot Media Group, which reportedly housed his troll factories. In the latest episode of the program Keosayan Daily, Simonyan praised the work of “Wagner’s media empire.” She said their work “was super professional” and that anyone left without a job can join “them,” referring to Russian propaganda outlets. She added, “We know you as professional colleagues of ours.”

The fate of Patriot’s former employees is being actively discussed in Russia. According to Russian outlet Novie Izverstia, Pavel Gusev, editor-in-chief of the pro-Kremlin outlet MK.ru, volunteered to help find jobs for former employees of Patriot. In addition, the chairman of the Saint Petersburg branch of the Union of Journalists of Russia stated that the union would contact the heads of media outlets to help find opportunities for dismissed employees and would provide additional informational support.

—Eto Buziashvili, research associate, Tbilisi, Georgia

The post Russian War Report: Russian conspiracy alleges false flag at Zaporizhzhia nuclear plant appeared first on Atlantic Council.

Russian War Report: Kremlin denies that it targeted civilians in a missile attack on a pizza restaurant

Digital Forensic Research Lab — Fri, 30 Jun 2023 19:00:00 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Military camps for Wagner reportedly under construction in Belarus

Tracking narratives

Pro-Kremlin sources spreading disinformation to justify missile strike in Kramatorsk

Kremlin blames Colombian victims for the injuries they sustained in the Kramatorsk attack

Media policy

Prigozhin’s online assets reportedly blocked in Russia

International Response

Questions abound over the future of Wagner contracts and Prigozhin-linked businesses in Africa

Analysis: With Wagner mutiny, Russia’s loses plausible deniability about its involvement in Africa

Investigation sheds light on how Putin’s childhood friends allegedly evade sanctions

Military camps for Wagner reportedly under construction in Belarus

Russian independent outlet Verstka reported on the construction of camps for Wagner forces near Asipovichi, Mogilev Oblast, located in Belarus approximately two hundred kilometers from the Ukraine border. According to Verstka’s local forestry source, the area will cover 2.4 hectares (5.9 acres) and accommodate eight thousand Wagner fighters. The source also claimed that there will be additional camps constructed. Family members of Wagner fighters also confirmed to Verstka that they were deploying to Belarus.

Radio Svaboda, the Belarusian-language edition of Radio Liberty, reviewed satellite imagery from Planet Labs that suggested signs of expansion at the Unit 61732 military camp adjacent to the village of Tsel, twenty kilometers northwest of Asipovichi. The outlet interviewed Ukrainian military analyst Oleg Zhdanov, who suggested it was “too early to tell” as to whether the military camp’s expansion is specifically for Wagner forces. “Very little time has passed to start building a camp specifically for the Wagnerites—it’s unreal,” Zhdanov told Radio Svaboda.

Location of possible construction at the Unit 61732 military camp in Tsel, Belarus. (Source: Planet Labs)

On June 27, in his first speech after the Wagner mutiny, Russian President Vladimir Putin reaffirmed the deal that ended the rebellion on June 24 in which Yevgeniy Prigozhin would relocate to Belarus. Putin praised those Wagner fighters who did not participate in the revolt and said they could sign a contract with the Russian Ministry of Defense of other services. He added that other mercenaries who do not want to join could go either home or follow Prigozhin to Belarus.

—Eto Buziashvili, research associate, Tbilisi, Georgia

Pro-Kremlin sources spreading disinformation to justify missile strike in Kramatorsk

Pro-Kremlin sources denied Russia targeted civilians when a missile struck a crowded pizza restaurant in Kramatorsk, killing at least twelve civilians and injuring more than fifty others. According to this narrative, RIA Pizza was actually a military base hosting US and Ukrainian soldiers. To support the claims, pictures taken after the strike were published on Telegram and Twitter.

To support the claim that soldiers of 101st Airborne Division were located at the pizza “military base,” pro-Kremlin sources circulated grisly footage of the attack aftermath recorded by freelance journalist Arnaud De Decker. The clip shows a man wearing a morale patch of a US flag with the words “Always Be Ready: 5.11 Tactical.” 5.11 Tactical is a military apparel company that sells branded merchandise, including morale patches, worn to offer support to various causes and slogans but not used official unit patches. Various types of 5.11 Tactical’s “Always Be Ready” patches are readily available for purchase online.

Top: A 5.11 Tactical morale patch for sale on its website. Bottom: Image taken during the aftermath of the Kramatorsk attack showing a man wearing the same morale patch on his helmet. (Source: 5.11 Tactical/archive, top; @arnaud.dedecker/archive, bottom)

Similarly, another post from Aleksandr Simonov’s Telegram channel that a man wearing an 101^st Airborne t-shirt was a member of the US Army division. These t-shirts are also readily available from online retailers.

Montage of three screenshots from online retail websites selling 101^st Airborne t-shirts. (Sources: top left, Etsy/archive; bottom left, Predathor/archive; right, Allegro/archive)

Montage of three screenshots from online retail websites selling 101st Airborne t-shirts. (Sources: top left, Etsy/archive; bottom left, Predathor/archive; right, Allegro)

—Sayyara Mammadova, research assistant, Warsaw, Poland

Kremlin blames Colombian victims for the injuries they sustained in the Kramatorsk attack

In addition to pro-Kremlin accusations that the Kramatorsk attack targeted a base housing US Army soldiers, Kremlin influencers also targeted citizens of Colombia, three of whom were injured in the attack, for being at the site of the incident. Colombian President Gustavo Petro said the attack targeted “three defenseless Colombian civilians” in violation of the protocols of war and called for the Colombian Foreign Ministry to submit a note of diplomatic protest to Russia. While the Kremlin acknowledged launching the attack, it insisted the assault struck military personnel rather than civilians.

The three Colombian citizens injured in the attack include acclaimed Colombian writer Hector Abad Faciolince; Sergio Jaramillo Caro, who previously led Colombia’s peace negotiations with FARC rebels; and Ukrainian-based journalist Catalina Gomez. According to the New York Times, Abad and Jaramillo were in Kramatorsk “collecting material” in support of their initiative, ¡Aguanta Ucrania! (“Hang On Ukraine!”), which seeks to garner support for Ukraine in Latin America.

Following the attack, Colombian influencers and officials criticized the attack through media outlets and social media accounts in Spanish. Danilo Rueda, Colombia’s current high commissioner for peace, issued a statement expressing support for the victims without mentioning Russia, while the Ministry of Foreign Affairs expressed its “strongest condemnation of the unacceptable attack by Russian forces on a civilian target.”

Gomez, who was injured in the attack, broadcast a video for France 24 from the site of the explosion. Meanwhile, Abad and Jaramillo conducted interviews with Colombian media outlets such as El Tiempo in which they described the incident.

Actualidad RT, a Russian media outlets with enormous reach in the Spanish-speaking world, insisted that the victims of the attack were mercenaries and instructors of NATO and Ukraine rather than civilians. Actualidad RT quoted statements from Igor Konashenkov, spokesperson for the Russian Ministry of Defense, and Kremlin spokesperson Dmitri Peskov, who said the attack struck “military targets” and that “Russia does not attack civilian infrastructure.” Actualidad RT promoted its claims via Twitter and Facebook multiple times on June 28.

Colombian radio station WRadio interviewed Kremlin foreign policy spokesperson Maria Zakharova on the morning of June 28. Zakharova stated that the restaurant was a Russian military target and called for an investigation into Victoria Amelina, a Ukrainian writer who was gravely injured while purportedly hosting the Colombians at the restaurant, claiming without evidence that Amelina had prior knowledge that the restaurant was a military target. Zakharova reiterated this statement after a WRadio journalist asked her to confirm the accusation. In contrast, Abad stated that it was Gomez who suggested they visit the restaurant, and that she apologized for doing so after the attack.

The Russian embassy in Colombia amplified Zakharova’s narrative later that same afternoon and evening. On Twitter, the embassy insisted that the city was “an operational and logistical-military hub, not a suitable place to enjoy Ukrainian cuisine dishes.” It also seemed to celebrate that the “reckless trip [of the Colombians] did not turn into an irreparable tragedy.”

—Daniel Suárez Pére z, research associate, Bogota, Colombia

Prigozhin’s online assets reportedly blocked in Russia

Over the course of the thirty-six-hour Wagner mutiny, the Kremlin attempted to limit information about Yevgeniy Prigozin on Russian social media and search engines, eventually blocking websites affiliated with Prigozhin. On June 24, the Telegram channel of Russian state-owned propaganda outlet RT reported that several Prigozhin-controlled media outlets including RIA FAN, People’s News, and Patriot Media Group were no longer accessible in parts of Russia. RT added that the reason for their disappearance was unknown. Similar reports appeared in Mediazona and several Telegram channels.

The DFRLab used the Internet censorship measurement platform OONI to verify the claim and check the accessibility of RIA FAN within Russia. OONI detected signs that riafan.ru was blocked in the country.

Internet censorship measurement platform OONI detected the apparent blocking of Prigozhin-owned media outlet RIA FAN. (Source: OONI)

On June 29, independent Russian outlet The Bell claimed the Kremlin was searching for a new owner for Patriot Media Group, which includes media assets associated with Prigozhin. The following day, multiple Russian outlets reported that Prigozhin had dissolved Patriot Media Group.

—Eto Buziashvili, research associate, Tbilisi, Georgia

Questions abound over the future of Wagner contracts and Prigozhin-linked businesses in Africa

For years, Wagner has acted as Russia’s primary form of influence in Africa—spreading disinformation and propaganda, securing military contracts, and exporting natural resources to support Putin’s war effort. Following Prigozhin’s attempted mutiny, the future of Wagner’s operations on the continent has come into question. While it is highly unlikely the Kremlin would willingly abandon its influence in Africa, if Wagner is retired or its troops absorbed into the Ministry of Defense, it is uncertain who would maintain the group’s operations on the continent.

Russian Foreign Minister Sergei Lavrov confirmed that Russia’s work in Africa will continue. In a TV interview with Russia Today, Lavrov said, “In addition to relations with this PMC the governments of CAR and Mali have official contacts with our leadership. At their request, several hundred soldiers are working in CAR as instructors.”

A top advisor to Central African Republic President Faustin-Archange Touadéra appeared unconcerned about the weekend’s events. Speaking of Wagner’s military instructors, Fidèle Gouandjika said, “If Moscow decides to withdraw them and send us the Beethovens or the Mozarts rather than Wagners, we will have them.” In a statement released to its Telegram channel, the Officer’s Union for International Security—a US-sanctioned Wagner front company operating in CAR—claimed CAR’s defense minister had apologized for Gouandjika’s remarks. It quoted Defense Minister Claude Rameaux Bireau as saying, “The people of the CAR are grateful to the Russian instructors of Wagner, ask any Central African on the streets of Bangui or in the village of the CAR—he will confirm my words.”

In Mali, where Wagner forces have taken over responsibility for pushing back jihadists after the departure of French forces, the online outlet Mali Actu reported that the situation could dramatically impact Mali. “This situation raises major concerns about the security, stability and sovereignty of Mali, as well as the impact on the local population and counter-terrorism efforts,” it wrote.

—Tessa Knight, research associate, London, United Kingdom

Analysis: With Wagner mutiny, Russia loses plausible deniability about its involvement in Africa

While Wagner’s future in Africa remains uncertain, it is important to consider that the Wagner Group not just a paramilitary force. It is also a conglomerate of companies active in different sectors, from mining and logistics to political warfare and moviemaking, able to travel the spectrum between private entrepreneurism to state proxy. This flexibility has previously allowed Moscow to deploy Wagner to act as a force multiplier in Africa while simultaneously denying Russia’s direct presence on the continent. In Africa, Russia has used Wagner multiple times as part of a strategy to help authoritarian leaders stay in power and gain a pro-Russian military presence on the ground, all while maintaining plausible deniability. Until now, the positive outcomes of this strategy have far exceeded the costs for the Kremlin, as Russia has built a strong network of African influence with relatively little effort, securing concessions in strategic extractive industries, and expanding military-to-military relations on the continent.

However, this principle of plausible deniability, which made Wagner so successful and so useful for Moscow as an extension of its foreign policy and influence, is now damaged. As previously noted, Russian Foreign Minister Sergei Lavrov, as well as Putin, publicly confirmed direct links between Wagner and the Russian state apparatus.

Africa is intimately linked to Wagner: In the wake of Wagner’s involvement in Syria, Africa became the scene of the group’s expansion. Engaging in Sudan, the Central African Republic, Libya, Mozambique, Madagascar, and Mali, Wagner employed an opportunistic strategy of supplying security while taking concessions to mine natural resources. While its forces were in most cases invited to stabilize fragile states, its actions actively invited further instability, creating more opportunities and a greater demand signal for its services, ultimately granting renewing opportunities to Moscow to reinforce its footprint in the continent.

While denying direct links to Wagner’s actions in Africa might have become more difficult for the Kremlin, Russia is unlikely to waste the network of influence built by the group in recent years. Instead, Moscow will likely continue to deploy hybrid tools such as Wagner, although organized in different shapes and forms, so Russia can continue displacing Western influence, exploiting natural resources, and evading sanctions through dozens of front companies.

—Mattia Caniglia, associate director, Brussels, Belgium

Investigation sheds light on how Putin’s childhood friends allegedly evade sanctions

On June 20, the Organized Crime and Corruption reporting project (OCCRP) published a series of investigations titled “The Rotenberg Files” that shed light on the business dealings and alleged sanctions evasion attempts of Boris and Arkady Rotenberg, close friends of Russian President Vladimir Putin. The report is based on fifty thousand leaked emails and documents, examined by journalists from seventeen outlets. The OCCRP said the leak came from a source who worked for the brothers at a Russian management firm. The OCCRP investigation was conducted in partnership with the Times of London, Le Monde, and Forbes, among others.

Boris and Arkady Rotenberg are childhood friends of Putin. The billionaire brothers faced Western sanctions amid Russia’s 2014 annexation of Crimea, but their lavish lifestyles do not appear to have been impacted.

According to the OCCRP, the leaked documents demonstrate how the Rotenberg brothers allegedly used Western lawyers, bankers, corporate service providers, and proxies to evade sanctions.

One of the report’s findings also alleges the brothers maintain business links to Prince Michael of Kent, a cousin of the late Queen Elizabeth II who was previously accused by the Sunday Times and Channel 4 of profiting off close access to the Kremlin. According to the latest investigation, “Prince Michael distanced himself from earlier ties to the Putin regime in the wake of the 2022 invasion of Ukraine. But leaked emails and corporate records show he co-owns a company with two Russian businessmen who helped billionaire oligarch and Putin ally Boris Rotenberg dodge Western sanctions.”

Another investigation from the Rotenberg files reported that Putin’s eldest daughter regularly visited a holiday property financed by Arkady Rotenberg in an exclusive Austrian skiing destination. Documents reviewed by the OCCRP suggest that the house was purchased by a Cypriot company in 2013 with a loan from a bank then owned by Arkady, using funds invested by another company he owned. Other records suggested that the former romantic partner of Putin’s daughter is connected to the company that owns the Austrian property. Residents claim to have seen Putin himself at the Kitzbühel residence, though this has not been confirmed.

The Rotenberg brothers and Prince Michael declined to comment to the OCCRP investigative consortium.

—Ani Mejlumyan, research assistant, Yerevan, Armenia

The post Russian War Report: Kremlin denies that it targeted civilians in a missile attack on a pizza restaurant appeared first on Atlantic Council.

The disinformation landscape in West Africa and beyond

Tessa Knight, Jean le Roux — Thu, 29 Jun 2023 09:00:00 +0000

Download pdf

Introduction

The prominence of West Africa, and Africa as a whole, within the global disinformation ecosystem cannot be ignored. A report by the Africa Center for Strategic Studies released in April 2022 identified twenty-three disinformation campaigns targeting African countries dating back to 2014. Of these campaigns, sixteen are linked to Russia.

The listed disinformation campaigns—nine of which were identified by the DFRLab—reveal two key points. First, there has been a marked increase in the number of publicly identified disinformation campaigns in recent years. Whether this is due to an increase in the scrutiny, analytical capacity, or efforts on the part of bad actors is unclear. Second, the characteristics of each of these influence operations are distinct—these operations target a wide variety of issues, such as elections, the war in Ukraine, commercial interests, and domestic and international politics.

Further, relations between France and francophone West Africa have, following years of amicable relations built on the back of military cooperation, seen a marked erosion that was underscored by the exit of the last of the French troops from Mali in August 2022. Anti-France and pro-Russia sentiments have surged contemporaneously, with overlapping narratives positioning Russia as a viable alternative to Western aid. When French forces began their departure from Mali in June 2022, Russian private military companies (PMCs) such as the Wagner Group stood ready to fill the void.

This report examines several influence operation case studies from the West African region, with a particular emphasis on Mali, Burkina Faso, Côte d’Ivoire, and Niger. The narratives, actors, and contexts supporting these influence operations are summarized alongside their impact on regional stability. Russian influence plays a significant role in these case studies, an unsurprising fact considering the geopolitical history of this region.

This report also includes case studies from outside the Sahel region, consisting of thematically distinct but strategically noteworthy influence campaigns from elsewhere on the continent. For example, the Nigerian government used social media influencers to suppress citizen participation in the #EndSARS movement. Elsewhere, the Ethiopian diaspora used innovative click-to-tweet campaigns to spread international awareness of the conflict in Ethiopia’s Tigray region. In South Africa, the rise in violent xenophobic demonstrations was precipitated by a popular social media campaign that normalized prejudice against foreign nationals.

The plethora of actors, targets, strategies, and tactics make a blanket approach to studying African disinformation networks difficult. The depth and breadth of these campaigns shows that Africa is facing the same challenges as the rest of the world insofar as disinformation is concerned. Moreover, the interest shown by foreign governments attests to the region’s geopolitical significance. This combination of geopolitical importance and a vulnerability to influence campaigns makes Africa a notable case study.

Background

Africa’s information environment is not monolithic Analog channels such as radio and film are used in conjunction with digital efforts to reach audiences, but Internet penetration rates and the accompanying reli- ance on analog media differ significantly from country to country For example, as of January 2022, Morocco, the Seychelles, and Egypt maintained Internet penetration rates of higher than 70 percent, nearly ten times the rate of the country with the lowest penetration rate, the Central African Republic (7 percent).

In the countries mentioned in the table above, Facebook and Instagram maintain a leading position insofar as social media penetration is concerned This can be partly ascribed to Facebook’s Free Basics service that “zero-rates” data (including Facebook and Instagram data) on participating mobile networks. These mobile networks can then bundle Facebook and Instagram data into a consumer’s service plan without the consumer having to pay extra for that data use Considering that mobile connections outstrip desktop connections, and that mo- bile data is more expensive than fixed broadband, it is clear why this has been effective to expand Facebook and Instagram’s footprint Meta shuttered the Free Basics program in some regions at the end of 2022 as the program’s spiritual successor – Meta Discover – was being rolled out The impact this will have on the information environment remains to be seen.

Social media and internet penetration rates in some of the African countries referenced in this report

Read full report

With contributions from

Senior Fellow, Scowcroft Strategy Initiative

The post The disinformation landscape in West Africa and beyond appeared first on Atlantic Council.

Global Strategy 2023: Winning the tech race with China

Peter Engelke, Emily Weinstein — Tue, 27 Jun 2023 13:00:00 +0000

Strategy Paper Editorial Board
Executive summary
A 2033 What If…
Strategic context
Goals
Major elements of the strategy
Assumptions
Guidelines for implementation
Major risks
Conclusions and recommendations

As strategic competition between the United States and China continues across multiple domains, the Scowcroft Center for Strategy and Security in partnership with the Global China Hub, has spent the past year hosting a series of workshops aimed at developing a coherent strategy for the United States and its allies and partners to compete with China around technology. Based on these workshops and additional research, we developed our strategy for the US to retain its technological advantage over China and compete alongside its allies and partners.

Strategy Paper Editorial board

Executive editors

Frederick Kempe
Alexander V. Mirtchev

Editor-in-chief

Matthew Kroenig

Editorial board members

James L. Jones
Odeh Aburdene
Paula Dobriansky
Stephen J. Hadley
Jane Holl Lute
Ginny Mulberger
Stephanie Murphy
Dan Poneman
Arnold Punaro

Executive summary

The United States and the People’s Republic of China (PRC) are engaged in a strategic competition surrounding the development of key technologies. Both countries seek to out-compete the other to achieve first-mover advantage in breakthrough technologies, and to be the best country in terms of the commercial scaling of emerging and existing technologies.

Until recently, the United States was the undisputed leader in the development of breakthrough technologies, and in the innovation and commercial scaling of emerging and existing technologies, while China was a laggard in both categories. That script has changed dramatically. China is now the greatest single challenger to US preeminence in this space.

For the United States, three goals are paramount. The first is to preserve the US advantage in technological development and innovation relative to China. The second is to harmonize US strategy and policy with those of US allies and partners, while gaining favor with nonaligned states. The third is to retain international cooperation around trade in technology and in scientific research and exploration.

The strategy outlined in these pages has three major elements: the promotion of technologically based innovation; the protection of strategically valuable science and technology (S&T) knowhow, processes, machines, and technologies; and the coordination of policies with allies and partners. The shorthand for this triad is “promote, protect, and coordinate.”

On the promotion side, if the United States wishes to remain the leading power in scientific research and in translating that research into transformative technologies, then the US government—in partnership with state and local governments, the private sector, and academia—will need to reposition and recalibrate its policies and investments. On the protect side, a coherent strategy requires mechanisms to protect and defend a country’s S&T knowledge and capabilities from malign actors, including trade controls, sanctions, investment screening, and more. Smartly deploying these tools, however, is exceedingly difficult and requires the United States to hone its instruments in a way that yields only intended results. The coordination side focuses on “tech diplomacy,” given the need to ensure US strategy and policy positively influence as many allies, partners, and even nonaligned states as possible, while continuing to engage China on technology-related issues. The difficulty lies in squaring the interests and priorities of the United States with those of its allies and partners, as well as nonaligned states, and even China itself.

This strategy assumes that China will remain a significant competitor to the United States for years to come. It also assumes that relations between the United States and China will remain strained at best or, at worst, devolve into antagonism or outright hostility. Even if a thaw were to reset bilateral relations entirely, the US interest in maintaining its advantage in technological development would remain.

Any successful long-term strategy will require that the US government pursue policies that are internally well coordinated, are based on solid empirical evidence, and are flexible and nimble in the short run, while being attentive to longer-run trends and uncertainties.

There are two major sets of risks accompanying this strategy. Overreach is one because decoupling to preserve geopolitical advantages can be at odds with economic interests. A second involves harms to global governance including failure to continue cooperation surrounding norms and standards to guide S&T research, and failure to continue international science research cooperation focused on solving global-commons challenges such as pandemics and climate change.

The recommendations that follow from this analysis include the following, all directed at US policymakers.

Restore and sustain public research and development (R&D) funding for scientific and technological advancement.
Improve and sustain STEM (science, technology, engineering, and math) education and skills training across K–12, university, community college, and technical schools.
Craft a more diverse tech sector.
Attract and retain highly skilled talent from abroad.
Support whole-of-government strategy development.
Ensure private-sector firms remain at the cutting edge of global competitiveness.
Improve S&T intelligence and counterintelligence.
Ensure calibrated development and application of punitive measures.
Build out and sustain robust multilateral institutions.
Engage with China, as it cannot be avoided.

A 2033 What If…

Imagine that it is the year 2033. Imagine that China has made enormous strides forward in the technology arena at the expense of the United States and its allies and partners. Suppose that this outcome occurred because, between 2023 and 2033, China’s economy not only does not weaken substantially but instead goes from strength to strength, including (importantly) increasing its capabilities in technological development and innovation. Suppose, too, that the US government failed to craft and maintain the kinds of investments and policies that are needed to sustain and enhance its world-leading tech-creation machine—its “innovation ecosystem”—to stay ahead of China. Suppose that the US government also failed to properly calibrate the punitive measures designed to prevent China from acquiring best-in-class technologies from elsewhere in the world—where calibration means the fine-tuning of policies to achieve prescribed objectives without spillover consequence. Finally, suppose that the United States and its allies and partners around the world failed to align with one another in terms of strategies and policies regarding how to engage China and, just as critically, about alignment of their own ends. What might that world look like?

Looking at that world from the year 2033, a first observation is that US scientific and technological (S&T) advantage, a period that lasted from 1945 to the 2020s, has come to an end. In its place is a world where China’s government labs, universities, and firms are often the first to announce breakthrough scientific developments and the first to turn them into valuable technologies.

For the US government and for allies and partners in the Indo-Pacific region, the strategic consequences are severe, as China has not only closed much of the defense spending gap by 2033 but is able to employ weaponry as advanced, and in some cases more advanced, than those of the United States and its allies.¹ Military planners from Washington to New Delhi watch China’s rising capabilities with much anxiety, given the geostrategic leverage that such changes have given Beijing across the region.

Nor is this problem the only headache for the United States and its coalition of partners in 2033. For a variety of reasons, many of China’s tech firms are outcompeting those elsewhere in the world, including some of the United States’ biggest and most important firms. Increasingly, the world looks as much to Shenzhen as to Silicon Valley for the latest tech-infused products and services.

China’s long-standing ambition to give its tech firms an advantage has paid off. The Chinese state has successfully pursued its strategy of commercial engagement with other countries, one that has been well known for decades and is characterized by direct and indirect financial and technical aid for purchases of Chinese hardware and software. This approach, while imperfect, drove adoption of Chinese technology abroad, with much of that adoption happening in the Global South.² Across much of Africa, Latin America, South and Southeast Asia, and the Middle East, China has grown into the biggest player in the tech space, with its technologies appealing both to consumers and to many governments looking for financial assistance in upgrading their tech infrastructure. Moreover, China’s tech assistance has aided authoritarian governments seeking the means to control access to information, especially online, and the desire to surveil citizens and suppress dissent.³ China’s efforts have been a major reason why the internet has fractured in many countries around the world. The ideal of the internet as an open platform is largely gone, replaced by a system of filtered access to information—in many instances, access that is controlled by authoritarian and illiberal states.

In 2033, even the biggest US-based tech firms struggle to keep pace with Chinese firms, as do tech firms based in Europe, Asia, and elsewhere. Although still formidable, Western firms find themselves at a disadvantage in both domestic and foreign markets. China’s unfair trading practices have continued to give its firms an edge, even in markets in mature economies and wealthy countries. China has continued its many unfair trading practices, including massive direct and indirect state subsidies and regulatory support for its firms, suspect acquisition—often outright theft—of intellectual property (IP) from firms abroad, and requiring that foreign firms transfer technology to China in exchange for granting access to its enormous domestic consumer market, in 2033 the biggest in the world.⁴ When added to the real qualitative leaps that China has made in terms of the range and sophistication of its tech-based products and services, foreign firms are often on the back foot even at home. In sector after sector, China is capturing an increasingly large share of global wealth.

Nor is this all. China’s rising influence means that the democratic world has found it impossible to realize its preferences concerning the global governance of technology. This problem extends beyond China’s now significant influence on technical-standards development within the range of international organizations that are responsible for standards.⁵ The problem is much larger than even that. Since the early 2020s, because of decreasing interest in scientific cooperation, the United States, China, and Europe have been unable to agree on the basic norms and principles that should guide the riskiest forms of advanced tech development. As a result, big gaps have appeared in how the major players approach such development. This patchwork, incomplete governance architecture has meant that countries, firms, and even individual labs have forged ahead without common ethical-normative frameworks to guide research and development. In such fields as artificial intelligence (AI), China has increased its implementation of AI-based applications that have eroded individual rights and privacies—for example, AI-driven facial-recognition technologies used by the state to monitor individual activity—not only within China, but in parts of the world where its technologies have been adopted.⁶

Nor is even this long list all that is problematic in the year 2033. Scientific cooperation between the United States and China—and, by extension, China and many US allies and partners—has declined precipitously since 2023. Cross-national collaboration among the world’s scientists has always been a proud hallmark of global scientific research, delivering progress on issues ranging from cancer treatments to breakthrough energy research. Collaboration between China on the one hand, and Western states on the other, used to be a pillar of global science. Now, unfortunately, much of that collaboration has disappeared, given the rising suspicions and antagonism and the resulting policies that were implemented to limit and, in some cases, even block scientific exchange.⁷

From the perspective of developments that led to this point in the year 2033, the United States and its allies and partners failed to pursue a coherent, cooperative, and united strategy vis-à-vis strategic competition with China. Policymakers were unable to articulate, and then implement, policies that were consistent over time and across national context. Various international forums were created for engagement on strategy and policy questions, but they proved of low utility as policy harmonization bodies or tech trade-dispute mechanisms.

Opening session of US-China talks at the Captain Cook Hotel in Anchorage, Alaska, US March 18, 2021. REUTERS/Frederic J. Brown

Strategic context

The above scenario, which sketches a world in 2033 where China has gained the upper hand at the expense of the United States and its allies and partners, is not inevitable. As this strategy paper articulates, there is much that policymakers in the United States and elsewhere can do to ensure that more benign futures, from their perspectives, are possible. However, as this strategy paper also articulates, their success is far from a given.

The United States and the People’s Republic of China (PRC) are engaged in a strategic competition surrounding the development of key technologies, including advanced semiconductors (“chips”), AI, advanced computing (including quantum computing), a range of biotechnologies, and much more. Both countries seek to out-compete the other to achieve first-mover advantage in breakthrough technologies, and to be the best country at the commercial scaling of emerging and existing technologies.

These two capabilities—the first to develop breakthrough technologies and the best at tech-based innovation—overlap in important respects, but they are not identical and should not be regarded as the same thing. The first country to build a quantum computer for practical application (such as advanced decryption) is an example of the former capability; the country that is best at innovating on price, design, application, and functionality of electric vehicles (EVs) is an example of the latter capability. The former will give the inventing country a (temporary) strategic and military advantage; the latter will give the more innovative country a significant economic edge, indirectly contributing to strategic and military advantage. The outcome of this competition will go a long way toward determining which country—China or the United States—has the upper hand in the larger geostrategic competition between them in the coming few decades.

For China, the primary goal is to build an all-encompassing indigenous innovation ecosystem, particularly in sectors that Chinese leadership has deemed critical. Beijing views technology as the main arena of competition and rivalry with the United States, with many high-level policies and strategy documents released under Xi Jinping’s tenure emphasizing technology across all aspects of society. Under Xi’s direction, China has intensified its preexisting efforts to achieve self-sufficiency in key technology sectors, centering on indigenous innovation and leapfrogging the United States.

On the US side, the Joe Biden administration and Congress have emphasized the need to maintain leadership in innovation and preserve US technological supremacy. Although there are many similarities between the Donald Trump and Biden administrations’ approaches to competition with China, one of the primary differences has been the Biden administration’s focus on bringing allies and partners onboard and trying to make policies as coordinated and multilateral as possible. While a laudable goal, implementation of a seamless allies-and-partners coordination is proving difficult.

Until recently, the United States was the undisputed leader in the development of breakthrough technologies, and in the innovation and commercial scaling of emerging and existing technologies. Until recently, China was a laggard in both categories, falling well behind the United States and most, if not all, of the world’s advanced economies in both the pace of scientific and technological (S&T) development and the ability to innovate around technologically infused products and services.

That script has changed dramatically as a result of China’s rapid ascension up the S&T ladder, starting with Deng Xiaoping’s reforms in the 1970s and 1980s and continuing through Xi Jinping’s tenure.⁸

Although analysts disagree about how best to measure China’s current S&T capabilities and its progress in innovating around tech-based goods and services, there is no dispute that China is now the greatest single challenger to US preeminence in this space. In some respects, China may already have important advantages over the United States and all other countries—for example, in its ability to apply what has been labeled “process knowledge,” rooted in the country’s vast manufacturing base, to improve upon existing tech products and invent new ones.⁹

Chinese President Xi Jinping speaks at the military parade marking the 70th founding anniversary of People’s Republic of China, on its National Day in Beijing, China October 1, 2019. REUTERS/Jason Lee

This competition represents a new phase in the two countries’ histories. The fall of the Berlin Wall and the decade that followed saw US leadership seek to include China as a member of the rules-based international order. In a March 2000 speech, President Bill Clinton spoke in favor of China’s entry into the World Trade Organization (WTO), arguing that US support of China’s new permanent normal trade relations (PNTR) status was “clearly in our larger national interest” and would “advance the goal America has worked for in China for the past three decades.”¹⁰ China’s leadership returned the favor, with President Jiang Zemin later stating that China “would make good on [China’s] commitments…and further promote [China’s] all-directional openness to the outside world.”¹¹

Despite some US concerns, the period from 2001 through most of the Barack Obama administration saw Sino-American relations at their best.¹² The lure of the Chinese market was strong, with bilateral trade in goods exploding from less than $8 billion in 1986 to more than $578 billion in 2016.¹³ People-to-people exchanges increased dramatically as well, with tourism from China increasing from 270,000 in 2005 to 3.17 million in 2017, and the number of student F-visas granted to PRC students increasing tenfold, from approximately 26,000 in 2000 to nearly 250,000 in 2014.¹⁴ US direct investment in China also grew significantly after 2000, as US companies saw the vast potential of the Chinese market and workforce. Notably, overall US investment in China continued to grow even after the COVID-19 pandemic.¹⁵

So what changed? In a 2018 essay titled “The China Reckoning,” China scholars Ely Ratner and Kurt Campbell—now both members of the Biden administration—described how the US plan for China and its role in the international system had not gone as hoped.

Neither carrots nor sticks have swayed China as predicted. Diplomatic and commercial engagement have not brought political and economic openness. Neither US military power nor regional balancing has stopped Beijing from seeking to displace core components of the US-led system. And the liberal international order has failed to lure or bind China as powerfully as expected. China has instead pursued its own course, belying a range of American expectations in the process.
Campbell and Ratner, “The China Reckoning.”

These sentiments were shared by many others in Washington. Many felt like China was taking advantage of the United States as the Obama administration transitioned to its “pivot to Asia.” For example, in 2014 China sent an uninvited electronic-surveillance ship alongside four invited naval vessels to the US-organized Rim of the Pacific (RIMPAC) military exercises, damaging what had appeared to be improving military-to-military relations.¹⁶ On the economic side, despite the two sides signing an agreement in April 2015 not to engage in industrial cyber espionage, it soon became clear that China did not plan to uphold its side of the bargain. In 2017, the US Department of Justice indicted three Chinese nationals for cyber theft from US firms, including Moody’s Analytics, Siemens AG, and Trimble.¹⁷

Within China, political developments were also driving changes in the relationship. Xi Jinping assumed power in November 2012, and most expected him to continue on his predecessors’ trajectory. However, in 2015 a slew of Chinese policies caught the eye of outside observers, especially the “Made in China 2025” strategy that caused a massive uproar in Washington and other global capitals, given its explicit focus on indigenization of key sectors, including the tech sector.

On the US side, when President Trump was elected in 2017, the bilateral economic relationship came under further fire, sparked by growing concerns surrounding China’s unfair trade practices, IP theft, and the growing trade deficit between the two countries. First the first time, frustration over these issues brought about strong US policy responses, including tariffs on steel, aluminum, soybeans, and more, a Section 301 investigation of Chinese economic practices by the US trade representative, and unprecedented export controls on the Chinese firms Huawei and ZTE. On the Chinese side, a growing emphasis on self-reliance, in conjunction with narratives surrounding the decline of the West, has dominated the conversation at the highest levels of government. In many instances, some of these statements—like China’s relatively unachievable indigenization goals in the semiconductor supply chain—have pushed the US policy agenda closer toward one centering on zero-sum tech competition.

In 2023, the Biden administration continued some Trump-era policies toward China, often reaching for export controls as a means to prevent US-origin technology from making its way to China. The Biden administration is even considering restricting outbound investment into China, stemming from concerns around everything from pharmaceutical supply chains to military modernization. The bottom line is that US-China competition is intense, and is here to stay for the foreseeable future.

Goals

There are three underlying goals for policymakers in the United States to consider when developing a comprehensive strategy.

Preserve the US advantage in technological development and innovation relative to China. Although the United States has historically led the world in the development of cutting-edge technologies, technological expertise, skills, and capabilities have proliferated worldwide and eroded this advantage. Although the United States arguably maintains its first position, it can no longer claim to be the predominant global S&T power across the entire board. As a result, US leadership will have to approach this issue with a clear-eyed understanding of US capabilities and strengths, as well as weaknesses.

Further, it is impractical to believe that the United States alone can lead in all critical technology areas. US policymakers must determine (with the help of the broader scientific community) not only which technologies are critical to national security but also how these technologies are directly relevant in a national security context. This point suggests the need for aligning means with ends—what is the US objective in controlling or promoting a specific technology? Absent strong answers to this question, technology controls or promotion efforts will likely yield unintended results, both good and bad.

Further, it is impractical to believe that the United States alone can lead in all critical technology areas. US policymakers must determine (with the help of the broader scientific community) not only which technologies are critical to national security but also how these technologies are directly relevant in a national security context. This point suggests the need for aligning means with ends—what is the US objective in controlling or promoting a specific technology? Absent strong answers to this question, technology controls or promotion efforts will likely yield unintended results, both good and bad.

Further, the United States’ capacity to transform basic research into applications and commercial products is an invaluable asset that has propelled its innovation ecosystem for decades. In contrast, Chinese leadership is keenly aware of its deficiencies in this area.

First-mover advantage in laboratory scientific research is not the same thing as innovation excellence. A country needs both if it seeks predominance. A country can have outstanding scientific capabilities but poor innovation capacity (or vice versa). Claims that China is surpassing the United States and other advanced countries in critical technology areas are premature, and often fail to consider how metrics to assess innovative capacity interact with one another (highly cited publications, patents, investment trends, market shares, governance, etc.).¹⁸ Assessing a country’s ability to preserve or maintain its technological advantage requires a holistic approach that takes all of these factors into account.
Harmonize strategy and policy with allies and partners, while gaining favor with nonaligned states. With respect to strategic competition vis-a-vis China, the interests of the United States are not always identical to those of its allies and partners. Any strategy designed to compete in the tech space with China needs to align with the strategies and interests of US allies and partners. Simultaneously, US strategy should offer benefits to nonaligned states within the context of this strategic competition with China, so as to curry favor with them.

This goal is especially important, given that the United States relies on and benefits from a network of allies and partners, whereas China aspires to self-sufficiency in S&T development. To preserve the United States’ advantage, US leadership must first recognize that its network is one of the strongest weapons in the US arsenal.

US allies and partners, of which there are many, want to maintain and strengthen their close diplomatic, security, and economic ties to the United States. The problem is that most also have substantial, often critical, economic relationships with China. Hence, they are loath to jeopardize their relationships with either the United States or China.

This strategic dilemma has become a significant one for US allies in both the transpacific and transatlantic arenas. As examples, Japan and South Korea, the two most advanced technology-producing countries in East Asia, are on the front lines of this dilemma. Their challenging situation owes to their geographic proximity to China on the one hand—and, hence, proximity to China’s strategic ambitions in the East and South China Seas, as well as Taiwan—and to their close economic ties to both China and the United States on the other.¹⁹ Although both have been attempting an ever-finer balancing act between the United States and China for years, the challenge is becoming more difficult.²⁰ In January 2023, Japan reportedly joined the United States and the Netherlands to restrict sales of advanced chipmaking lithography machines to China, despite the policy being against its clear economic interests.²¹ In April and May 2023, even before China banned sales of chips from Micron Technology, a US firm, the US government was urging the South Korea government to ensure that Micron’s principal rivals, South Korea’s Samsung Electronics and SK Hynix, did not increase their sales in China.²²

For nonaligned states, many of which are in the Global South, their interests are manifold and not easily shoehorned into a US-versus-China bifurcation. Many states in this category have generalized concerns about a world that is dominated by either Washington or Beijing, and, as such, are even more interested in hedging than are the closest US allies and partners. Their governments and business communities seek trade, investment, and access to technologies that can assist with economic development, while their consumers seek affordable and capable tech. Although China has made enormous strides with respect to technological penetration of markets in the Global South, there also is much opportunity for the United States and its allies and partners, especially given widespread popular appetite for Western ideals, messaging, and consumer-facing technologies.²³
Retain cooperation around trade and scientific exploration. One of the risks that is inherent in a fraught Sino-American bilateral relationship is that global public-goods provision will be weakened. Within the context of rising tensions over technological development, there are two big concerns: first, that global trade in technologically based goods and services will be harmed, and second, that global scientific cooperation will shrink.

An open trading system has been an ideal of the rules-based international order since 1945, built on the premise that fair competition within established trading rules is best for global growth and exchange. The US-led reforms at the end of the World War II and early postwar period gave the world the Bretton Woods system, which established the International Monetary Fund (IMF), plus the Marshall Plan and the General Agreement on Tariffs and Trade (GATT). Together, these reforms enabled unprecedented multi-decade growth in global trade.²⁴ China’s accession to the WTO in 2001, which the US government supported, marked a high point as many read into China’s entry its endorsement of the global trade regime based on liberal principles. However, since then—and for reasons having much to do with disagreements over China’s adherence to WTO trading rules—this global regime has come under significant stress. In 2023, with few signs that the Sino-American trade relationship will improve, there is significant risk of damage to the global trading system writ large.²⁵

Any damage done to the global trading system also risks harm to trade between the two countries, which is significant given its ongoing scale (in 2022, bilateral trade in goods measured a record $691 billion).²⁶. Tech-based trade and investment remain significant for both countries, as illustrated by the February 2023 announcement of a $3.5-billion partnership between Ford Motor Company and Contemporary Amperex Technology Limited (CATL) to build an EV-battery plant in Michigan using CATL-licensed technology.²⁷ A priority for US policymakers should be to preserve trade competition in tech-infused goods and services, at least for those goods and services that are not subject to national security-based restrictions and where China’s trade practices do not result in unfair advantages for its firms.

Beyond trade, there are public-goods benefits resulting from bilateral cooperation in the S&T domain. These benefits extend to scientific research that can hasten solutions to global-commons challenges—for example, climate change. China and the United States are the two most active countries in global science, and are each other’s most important scientific-research partner.²⁸ Any harm done to their bilateral relationship in science is likely to decrease the quality of global scientific output. Further, the benefits from cooperation also extend to creation and enforcement of international norms and ethics surrounding tech development in, for example, AI and biotechnology.

A worker conducts quality-check of a solar module product at a factory of a monocrystalline silicon solar equipment manufacturer LONGi Green Technology Co, in Xian, Shaanxi province, China December 10, 2019. REUTERS/Muyu Xu

Major elements of the strategy

The strategy outlined in these pages has three major elements: the promotion of technologically based innovation, sometimes labeled “running faster”; the protection of strategically valuable S&T knowhow, processes, machines, and technologies; and the coordination of policies with allies and partners. This triad—promote, protect, and coordinate—is also shorthand for the most basic underlying challenge facing strategists in the US government and in the governments of US allies and partners. In the simplest terms, strategists should aim to satisfy the “right balance between openness and protection,” in the words of the National Academies of Sciences, Engineering, and Medicine.²⁹ This strategic logic holds for both the United States and its allies and partners.

Promote: The United States has been the global leader in science and tech-based innovation since 1945, if not earlier. However, that advantage has eroded, in some areas significantly, in particular since the end of the Cold War. If the United States wishes to remain the leading power in scientific research and in translating that research into transformative technologies (for military and civilian application), then the US government, in partnership with state and local governments, the private sector, and academia, will have to reposition and recalibrate its policies and investments.

The preeminence of America’s postwar innovation ecosystem resulted from several factors, including: prewar strengths across several major industries; massive wartime investments in science, industry, and manufacturing; and even larger investments made by the US government in the decades after the war to boost US scientific and technological capabilities. The 1940s through 1960s were especially important, owing to the whole-of-society effort behind prosecuting World War II and then the Cold War. The US government established many iconic S&T-focused institutions, including the National Science Foundation (NSF), Defense Advanced Research Projects Agency (DARPA), the National Aeronautics and Space Administration (NASA), most of the country’s national laboratories (e.g., Sandia National Laboratories and Lawrence Livermore National Laboratories), and dramatically boosted funding for science education, public-health research, and academic scientific research.³⁰

This system, and the enormous investments made by the US government to support it, spurred widespread and systematized cooperation among government, academic science, and the private sector. This cooperation led directly to a long list of breakthrough technologies for military and civilian purposes, and to formation of the United States’ world-leading tech hubs, Silicon Valley most prominent among them.³¹

The trouble is that after the Cold War ended, “policymakers [in the US government] no longer felt an urgency and presided over the gradual and inexorable shrinking of this once preeminent system,” in particular through allowing federal spending on research and development (R&D) and education to flatline or even atrophy.³² From a peak of around 2.2 percent of national gross domestic product (GDP) in the early 1960s, federal R&D spending has declined since, reaching a low of 0.66 percent in 2017 before rebounding slightly to 0.76 percent in 2023.³³

Today, US competitors, including China, have figured out the secrets to growing their own innovation ecosystems (including the cultural dimensions that historically have been key to separating the United States from its competition) and are investing the necessary funding to do so. For example, several countries, especially China, have outpaced the United States in R&D spending. Between 1995 and 2018, China’s R&D spending grew at an astonishing 15 percent per annum, about double that of the next-fastest country, South Korea, and about five times that of the United States. By 2018, China’s total R&D spending (from public and private sources) was in second place behind the United States and had surpassed the total for the entire European Union.³⁴ From the US perspective, other metrics are equally concerning. A 2021 study by Georgetown University’s Center for Security and Emerging Technology (CSET) projected that China will produce nearly twice as many STEM PhDs as the United States by 2025 (if counting only US citizens graduating with a PhD in STEM, that figure would be three times as much). This projection is based, in part, on China’s government doubling its investment in STEM higher education during the 2010s.³⁵

The United States retains numerous strengths, including the depth and breadth of its scientific establishment, number and sizes of its Big Tech firms, robust startup economy and venture capital to support it, numerous world-class educational institutions, dedication to protection of intellectual property, relatively open migration system for high-skilled workers, diverse and massive consumer base, and its still-significant R&D investments from public and private sources.³⁶

In addition, over the past few years there have been encouraging signs of a shift in thinking among policymakers, away from allowing the innovation model that won the Cold War to further erode and toward increased bipartisan recognition that the federal government has a critical role to play in updating that system. As was the case with the Soviet Union, this newfound interest in strengthening the US innovation ecosystem owes much to a recognition that China is a serious strategic competitor to the United States in the technology arena.³⁷ The Biden administration’s passage of several landmark pieces of legislation, including the CHIPS and Science Act, the Inflation Reduction Act (IRA), and the Infrastructure Investment and Jobs Act (IIJA), increased the amount of federal government spending on S&T, STEM education and skills training, and various forms of infrastructure (digital and physical), all of which are concrete evidence of the degree to which this administration and much of Congress recognize the stiff challenge from China.
Protect: A coherent strategy requires mechanisms to protect and defend a country’s S&T knowledge and capabilities from malign actors. Policy documents and statements from US officials over the past decade have called out the many ways in which the Chinese state orchestrates technology transfer through licit and illicit means, ranging from talent-recruitment programs and strategic mergers and acquisitions (M&A) to outright industrial espionage via cyber intrusion and other tactics.³⁸

On the protect side, tools include trade controls, sanctions, investment screening, and more. On the export-control side, both the Trump and Biden administrations have relied on dual-use export-control authorities to both restrict China’s access to priority technologies and prevent specific Chinese actors (those deemed problematic by the US government) from accessing US-origin technology and components.³⁹ Investment screening has also been a popular tool; in 2018, Congress passed the bipartisan Foreign Investment Risk Review Modernization Act (FIRRMA) that strengthened and modernized the Committee on Foreign Investment in the United States (CFIUS)—an interagency body led by the Treasury Department that reviews inbound foreign investment for national security risks.⁴⁰ Under the Biden administration, a new emphasis on the national security concerns associated with US outbound investment into China has arisen, with an executive order focused on screening outbound tech investments in the works for almost a year.⁴¹ On sanctions, although the United States has so far been wary of deploying them against China, the Biden administration has, in conjunction with thirty-eight other countries, imposed a harsh sanctions regime on Russia and Belarus following Russia’s unprovoked invasion of Ukraine.⁴²

Trade controls can be effective tools, but they need to be approached with a clear alignment between means and ends. For decades, an array of export controls and other regulations have worked to prevent rivals from accessing key technologies. However, historical experience (such as that of the US satellite industry) shows that, with a clear alignment between means and ends, trade controls can have massive implications for the competitiveness of US industries and, by extension, US national security.⁴³

Before deploying these tools, it is critical for policymakers to first identify what China is doing—both within and outside its borders—in its attempts to acquire foreign technology, an evaluation that should allow the United States to hone more targeted controls that can yield intended results. Trade controls that are too broad and ambiguous tend to backfire, as they create massive uncertainties that lead to overcompliance on the part of industry, in turn causing unintended downside consequences for economic competitiveness.

Understanding China’s strategy for purposes of creating effective trade controls is not as difficult as it once appeared. For instance, a 2022 report from CSET compiled and reviewed thirty-five articles on China’s technological import dependencies.⁴⁴ This series of open-source articles, published in Chinese in 2018, provides specific and concrete examples of Chinese S&T vulnerabilities that can be used by policymakers to assess where and how to apply trade controls. Other similar resources exist. Although the Chinese government appears to be systematically tracking and removing these as they receive attention, there are ways for US government analysts and scholars to continue making use of these materials that preserve the original sources.
Coordinate: The final strategy pillar is outward facing, focused on building and sustaining relationships with other countries in and around the tech strategy and policy space. This pillar might be labeled “tech diplomacy,” given the need to ensure US strategy and policy positively influences as many allies, partners, and even nonaligned states as possible, while continuing to engage China on technology-related issues. As with the other two pillars, this pillar is simple to state as a priority, but difficult to realize in practice.

In a May 2022 speech, US Secretary of State Antony Blinken said that the administration’s shorthand formula is to “invest, align, [and] compete” vis-a-vis China.⁴⁵ Here, he meant “invest” to refer to large public investments in US competitiveness, “align” to closer coordination with allies and partners on tech-related strategy and policy, and “compete” largely to geostrategic competition with China over Taiwan, the East and South China Seas, and other areas.

Blinken’s remarks underscore the Biden administration’s priority for allies and partners to view the United States as a trusted interlocutor. When it comes to technology policy on China, the trouble lies in the execution—in particular, overcoming the tensions inherent within the “invest, align, compete” formula. After Blinken’s speech, for example, the IRA became law, which triggered a firestorm of protest among the United States’ closest transpacific and transatlantic allies. Viewing the IRA’s ample support for domestic production and manufacturing of electric vehicles and renewable-energy technologies—designed to boost the US economy and tackle climate change while taking on China’s advantages in these areas—the protectionist European Union (EU) went so far as to formulate a Green Deal Industrial Plan, widely seen as an industrial policy response to the IRA.⁴⁶ Much of the row over the IRA resulted from the perception—real or not—that the United States had failed to properly consider allies’ and partners’ interests while formulating the legislation. In the words of one observer, “amid the difficult negotiations at home on the CHIPS Act and the IRA, allies and partners were not consulted, resulting in largely unintended negative consequences for these countries.”⁴⁷

Long-term investment by US policymakers in multilateral institutions focused on technology will be a critical aspect of any potential victory. The Biden administration is already making strides on this front through several multilateral arrangements, including the resurrection of the Quadrilateral Security Dialogue (the Quad) and the establishment of the US-EU Trade and Technology Council (TTC) and AUKUS trilateral pact. All three of these arrangements have dedicated time and resources to specific technological issues in both the military/geopolitical and economic spheres, and all three have the potential to be massively impactful in terms of technology competition.

However, history has shown that these types of arrangements are only effective as long as high-level political leadership remains involved and dedicated to the cause. Cabinet officials and other high-level leaders from all participating countries—especially the United States—will have to demonstrate continued interest in and commitment to these arrangements if they want them to produce more than a handful of documents with broad strategic visions.

Assumptions

The strategy outlined in these pages rests on two plausible assumptions. First, this strategy assumes that China will not follow the Soviet Union into decline, collapse, and disintegration anytime soon, which, in turn, means that China should remain a significant competitor to the United States for a long time to come.

China’s leadership has studied the collapse of the Soviet Union closely and learned from it, placing enormous weight on delivering economic performance through its brand of state capitalism while avoiding the kind of reforms that Mikhail Gorbachev instituted during the 1980s, which included freer information flows, freer political discourse, and ideological diversity within the party and state—all of which Chinese leadership believes to have been key to the Soviet Union’s undoing.⁴⁸ China also does not have analogous centrifugal forces that threaten an internal breakup along geographic lines as did the Soviet Union, which had been constructed from the outset as a federation of republics built upon the contours of the tsarist empire. (The Soviet Union, after all, was a union of Soviet Socialist republics scattered across much of Europe and Asia).⁴⁹

These factors weigh against an assessment that China will soon collapse. Nicholas Burns, the US ambassador to China, has said recently that China is “infinitely stronger” than the Soviet Union ever was, “based on the extraordinary strength of the Chinese economy” including “its science and technology research base [and] innovative capacity.” He concluded that the Chinese challenge to the United States and its allies and partners “is more complex and more deeply rooted [than was the Soviet Union] and a greater test for us going forward.”⁵⁰

A more realistic long-term scenario is one in which the United States and its allies and partners would need to manage a China that will either become stronger or plateau, rather than one that will experience a steep decline. Both variants of this scenario are worrisome, and both underscore the need to hew to the strategy outlined in this paper. A stronger China brings with it obvious challenges. A plateaued China is a more vexing case, owing to the very real possibility that Chinese leadership might conclude that, as economic stagnation portends a future decline and fall, the case for military action (e.g., against Taiwan) is more, rather than less, pressing. The strategist Hal Brands, for example, has suggested that a China that has plateaued will become more dangerous than it is now, requiring a strategy that is militarily firm, economically wise (including maintenance of the West’s advantages in the tech-innovation space), and diplomatically flexible.⁵¹

Second, the strategy outlined here assumes that relations between the United States and China will remain strained at best or, at worst, devolve into antagonism or outright hostility. In 2023, the assumption of ongoing strained relations appears wholly rational, based on a straightforward interpretation of all available diplomatic evidence.

How this strategy should shift if the United States and China were to have a rapprochement would depend greatly on the durability and contours of that shift. Even if a thaw were to reset bilateral relations to where they were at the beginning of the century (an unlikely prospect), the US interest in maintaining a first-mover advantage in technological development would remain. As reviewed in this paper, there was a long period during which the United States and China traded technologically based goods and services in a more open-ended trading regime than is currently the case. During that period, the United States operated on two presumptions: that China’s S&T capabilities were nowhere near as developed as its own, and that the US system could stay ahead owing to its many strengths compared with China’s.

The trouble with returning to this former state is that both presumptions no longer hold. China has become a near-peer competitor in science and technological development, and its innovative capabilities are considerable.

If China and the United States were to thaw their relationship, the policy question would concern the degree to which the United States would reduce its “protect” measures—the import and export restrictions, sanctions, and other policies designed to keep strategic technologies and knowhow from China, while protecting its own assets from espionage, sabotage, and other potential harms.

Guidelines for implementation

As emphasized throughout this paper, any successful long-term strategy will require that the US government pursue policies that are internally well coordinated, are based on solid empirical evidence, and are flexible and nimble in the short run, while being attentive to longer-run trends and uncertainties. The government will need to improve its capabilities in three areas.

Improved intelligence and counterintelligence: The US government will need to reassess, improve, and extend its intelligence and counterintelligence capabilities about tech development. The intelligence community will need to be able to conduct ongoing, comprehensive assessments of tech trends and uncertainties of relevance to the strategic competition with the United States. To properly gauge the full range of relevant and timely information about China’s tech capabilities, the Intelligence Community’s practice of relying on classified materials will need to be augmented by stressing unclassified open-source material. Classified sources, which the Intelligence Community always has prioritized, do not provide a full picture of what is happening in China. Patent filings, venture-capital investment levels and patterns, scientific and technical literature, and other open sources can be rich veins of material for analysts looking to assess where China is making progress, or seeking to make progress, in particular S&T areas. The US government’s prioritization of classified material contrasts with the Chinese government’s approach. For decades, China has employed “massive, multi-layered state support” for the “monitoring and [exploitation] of open-source foreign S&T.”⁵² There is recognition that the US government needs to upgrade its capabilities in this respect. In 2020, the House Permanent Select Committee on Intelligence observed that “open-source intelligence (OSINT) will become increasingly indispensable to the formulation of analytic products” about China.⁵³

An intelligence pillar will need a properly calibrated counterintelligence element to identify where China might be utilizing its means and assets—including legal, illegal, and extralegal ones—to obtain intellectual property in the United States and elsewhere (China has a history of utilizing multiple means, including espionage, to gain IP that is relevant to their S&T development).⁵⁴ Here, “properly calibrated” refers to how counterintelligence programs must ensure that innocent individuals, including Chinese nationals who are studying or researching in the United States, are not brought under undue or illegitimate scrutiny. At the same time, these programs must be able to identify, monitor, and then handle as appropriate those individuals who might be engaging in industrial espionage or other covert activities. The Trump administration’s China Initiative was criticized both for its name (it implied that Chinese nationals and anyone of East Asian descent were suspect) and the perception of too-zealous enforcement (the program resulted in several high-profile cases ending in dismissal or exoneration for the accused). In 2022, the Biden administration shuttered this initiative and replaced it with “a broader strategy aimed at countering espionage, cyberattacks and other threats posed by a range of countries.”⁵⁵
Improved foresight: Strategic-foresight capabilities assist governments in understanding and navigating complex and fast-moving external environments. Foresight offices in government and the private sector systematically examine long-term trends and uncertainties and assess how these will shape alternative futures. These processes often challenge deeply held assumptions about where the world is headed, and can reveal where existing strategies perform well or poorly.

This logic extends to the tech space, where the US government should develop a robust foresight apparatus to inform tech-focused strategies and policies at the highest levels. The purpose of this capability would be to enhance and deepen understanding of where technological development might take the United States and the world. Such a foresight capability within the US government would integrate tech-intelligence assessments, per above, into comprehensive foresight-based scenarios about how the world might unfold in the future. The US government has impressive foresight capabilities already, most famously those provided by the National Intelligence Council (NIC). However, for a variety of reasons, including distance from the center of executive power, neither the NIC nor other foresight offices within the US government currently perform a foresight function described here. The US government should institutionalize a foresight function within or closely adjacent to the White House—for example, within the National Security Council or as a presidentially appointed advisory board. Doing so would give foresight the credibility and mandate to engage the most critical stakeholders from across the entire government and from outside of it, a model followed by leading public foresight offices around the world.⁵⁶ This recommendation is consistent with numerous others put forward by experts over the past decade, which stress how the US government needs to give foresight more capabilities while bringing it closer to the office of the president.⁵⁷
Improved S&T strategy and policy coordination: One of the major challenges facing the US government concerns internal coordination around S&T strategy and policy. As technology is a broad and multidimensional category, the government’s activities are equally broad, covered by numerous statutes, executive orders, and administrative decisions. One of many results is a multiplicity of departments and agencies responsible for administering the many different pieces of the tech equation, from investment to development to monitoring, regulation, and enforcement. In just the area of critical technology oversight and control, for example, numerous departments including Commerce, State, Defense, Treasury, Homeland Security, and Justice, plus agencies from the Intelligence Community, all have responsibilities under various programs.⁵⁸

Moreover, the US government’s approach to tech oversight tends to focus narrowly on control of specific technologies, which leads to an underappreciation of the broader contexts in which technologies are used. A report issued in 2022 by the National Academies of Sciences, Engineering, and Medicine argued that the US government’s historic approach to tech-related risks is done through assessing individual critical technologies, defining the risks associated with each, and then attempting to restrict who can access each type of technology. Given that technologies now are “ubiquitous, shared, and multipurpose,” the National Academies asserted, a smarter approach would be to focus on the motives of bad-faith actors to use technologies and then define the accompanying risks.⁵⁹ This approach “requires expertise that goes beyond the nature of the technology to encompass the plans, actions, capabilities, and intentions of US adversaries and other bad actors, thus involving experts from the intelligence, law enforcement, and national defense communities in addition to agency experts in the technology.”⁶⁰

US Secretary of State Antony Blinken meets with Chinese President Xi Jinping in the Great Hall of the People in Beijing, China, June 19, 2023. REUTERS

Major risks

There are two major sets of risks accompanying this strategy, both of which involve the potential damage that might result from failure to keep the strategic competition within acceptable boundaries.

Decoupling run amok: Overreach is one of the biggest risks associated with this strategy. Geopolitical and economic goals contradict, and it can be difficult to determine where to draw the line. As such, reconciling this dilemma will be the hardest part of a coherent and effective competition strategy.

Technology decoupling to preserve geopolitical advantages can be at odds with economic interests, which the United States is currently experiencing in the context of semiconductors. The October 7, 2022, export controls were deemed necessary for geopolitical reasons, as the White House’s official rationale for the policy centered around the use of semiconductors for military modernization and violation of human rights. However, limiting the ability of US companies like Nvidia, Applied Materials, KLA, and Lam Research to export their products and services to China, in addition to applying complex compliance burdens on these firms, has the potential to affect these firms’ ability to compete in the global semiconductor industry.

In addition, the continued deployment of decoupling tactics like export controls can put allies and partners in a position where they feel forced to choose sides between the United States and China. On the October 7 export controls, it took months to convince the Netherlands and Japan—two critical producer nations in the semiconductor supply chain whose participation is critical to the success of these export controls—to get on board with US policy.⁶¹ Even now, although media reporting says an agreement has been reached, no details of the agreements have been made public, likely due to concerns surrounding Chinese retaliation.

These issues are not exclusive to trade controls or protect measures. On the promote side, the IRA has also put South Korea in a difficult position as it relates to EVs and related components. When first announced, many on the South Korean side argued that the EV provisions of the IRA violated trade rules. At one point in late 2022, the South Korean government considered filing a complaint with the WTO over the issue.⁶² Although things seem to have cooled between Washington and Seoul—and the Netherlands and Japan have officially, albeit privately, agreed to join the US on semiconductor controls—these two instances should be lessons for US policymakers in how to approach technology policies going forward. Policies that push allies and partners too hard to decouple from the Chinese market are likely to be met with resistance, as many (if not all) US allies have deeply woven ties with Chinese industry, and often do not have the same domestic capabilities or resources that the United States has that can insulate us from potential harm. China is acutely aware of this, and will likely continue to take advantage of this narrative to convince US allies to not join in US decoupling efforts. China has historically leveraged economic punishments against countries for a variety of reasons, so US policymakers should be sure to incorporate this reality into their policy planning to ensure that allies are not put in tough positions.

Recently, government officials within the Group of Seven (G7) have been using the term “de-risking ” instead of “decoupling.” The term was first used by a major public official during a speech by Ursula von der Leyen, president of the European Commission, in a March 2023 speech where she called for an “open and frank” discussion with China on contentious issues.⁶³ The term was used again in the G7 communique of May 2023: economic security should be “based on diversifying and deepening partnerships and de-risking, not de-coupling.”⁶⁴ This rhetorical shift represents a recognition that full economic decoupling from China is unwise, and perhaps impossible. Moreover, it also is a tacit admission that decoupling sends the wrong signals not only to China, but to the private sector in the West as well.

In the authors’ opinion, de-risking is superior to decoupling as a rhetorical device—but changes in phrasing do not solve the underlying problem for policymakers in the United States, Europe, East Asia, and beyond. That underlying problem is to define and then implement a coherent strategy, coordinated across national capitals, that manages to enable them to stay a step ahead of China in the development of cutting-edge technology while preventing an economically disastrous trade war with China.
Harm to global governance: Another major set of risks involves the harms to global governance should the strategic competition between the United States and China continue on its current trajectory. Although the strategy outlined in these pages emphasizes, under the coordination pillar, maintenance of global governance architecture—the norms, institutions, pathways, laws, good-faith behavior, and so on that guide technology development—there is no guarantee that China and the United States, along with other important state and nonstate actors, will be able to do so given conflicting pressures to reduce or eliminate cooperative behavior.

Tragic outcomes of this strategic competition, therefore, would be: failure to continue cooperation regarding development of norms and standards that should guide S&T research; and failure to continue S&T research cooperation focused on solving global-commons challenges such as pandemics and climate change.

Any reduction in cooperation among the United States, China, and other leading S&T-research countries will harm the ability to establish norms and standards surrounding tech development in sensitive areas—for instance, in AI or biotechnology. As recent global conversations about the risks associated with rapid AI development show, effective governance of these powerful emerging technologies is no idle issue.⁶⁵

Even under the best of circumstances, however, global governance of such technologies is exceedingly difficult. For example, Gigi Kwik Gronvall, an immunologist and professor at Johns Hopkins University, has written that biotechnology development is “inherently international and cannot be controlled by any international command and control system” and that, therefore, “building a web of governance, with multiple institutions and organizations shaping the rules of the road, is the only possibility for [effective] governance.”⁶⁶ By this, she meant that—although a single system of rules for governing the biotechnology development is impossible to create given the speed of biotech research and multiplicity of biotech research actors involved (private and public-sector labs, etc.) around the world—it is possible to support a “web of governance” institutions such as the WHO that set norms and rules. Although this system is imperfect, as she admits, it is much better than the alternative, which is to have no governance web at all. The risk of a weak or nonexistent web becomes much more real if the United States, China, and other S&T leaders fail to cooperate in strengthening it.

Conclusions and recommendations

The arguments advanced in this paper provide an overview of the range and diversity of policy questions that must be taken into consideration when formulating strategies to compete with China in science and technology. This final section offers a set of recommendations that follow from this analysis.

Restore and sustain public R&D funding for scientific and technological advancement. As noted in this paper, public investment in R&D—most critically, federal-government investment in R&D—has been allowed to atrophy since the end of the Cold War. Although private-sector investment was then, and is now, a critical component of the nation’s R&D spending, public funding is also imperative for pure scientific research (versus applied research) and for funneling R&D toward ends that are in the public interest (defense, public health, etc.). Although the CHIPS and Science Act and the IRA both pledge massive increases in the amount of federal R&D investment, there is no guarantee that increased funding will be sustained over time. Less than a year after the CHIPS Act was signed into law, funding levels proposed in Congress and by the White House have fallen well short of amounts specified in the act.⁶⁷
Improve and sustain STEM education and skills training across K–12, university, community college, technical schools. It is widely recognized that the United States has fallen behind peer nations in STEM education and training at all levels, from K–12 through graduate training.⁶⁸ Although the Biden administration’s signature pieces of legislation, including the CHIPS Act, address this problem through increased funding vehicles for STEM education and worker-training programs, the challenge for policymakers will be to sustain interest in, and levels of funding for, such programs well into the future, analogous to the federal R&D spending challenge. Other related problems include the high cost of higher education, driven in part by lower funding by US states, that drives students into long-term indebtedness, and the need to boost participation in (and reduce stigma around) STEM-related training at community colleges and technical schools.⁶⁹ Germany’s well-established, well-funded, and highly respected technical apprenticeship programs are models.⁷⁰
Craft a more diverse tech sector. A closely related challenge is to ensure that the tech sector in the United States reflects the country’s diversity, defined in terms of gender, ethnicity, class, and geography. This is a long-term challenge that has multiple roots and many different pathways to success, including public investment in education, training, and apprenticeship programs, among other things.⁷¹ Among the most challenging problems (with potentially the most beneficial solutions) are those rooted in economic geography—specifically regional imbalances in the knowledge economy, where places like Silicon Valley and Boston steam ahead and many other places fall behind. As in other areas, recent legislation including the IRA, CHIPS Act, and IIJA have called for billions in funding to spread the knowledge economy to a greater number of “tech hubs” around the country. As with other pieces of the investment equation, however, there is no guarantee that billions will be allocated under current legislation.⁷²
Attract and retain high-skilled talent from abroad. One of the United States’ enduring strengths is its ability to attract and retain the world’s best talent, which has been of enormous benefit to its tech sector. A December 2022 survey conducted by the National Bureau of Economic Research (NBER), for example, found that between 1990 and 2016, about 16 percent of all inventors in the United States were immigrants, who, in turn, were responsible for 23 percent of all patents filed during the same period.⁷³ Although the United States is still the top destination for high-skilled migrants, other countries have become more attractive in recent years, owing to foreign countries’ tech-savvy immigration policies and problems related to the US H-1B visa system.⁷⁴
Support whole-of-government strategy development. This paper stresses the need to improve strategic decision-making regarding technology through improving (or relocating) interagency processes and foresight and intelligence capabilities. One recommendation is to follow the suggestion by the National Academies of Sciences, Engineering, and Medicine, and bring a whole-of-government strategic perspective together under the guidance of the White House.⁷⁵ Such a capacity would bring under its purview and/or draw upon a tech-focused foresight capacity, as well as an improved tech-focused intelligence apparatus (see below). The CHIPS Act contains provisions that call for development of quadrennial S&T assessments followed by technology strategy formulation, both to be conducted by the White House’s Office of Science Technology and Policy (OSTP).⁷⁶ A bill that was introduced in June 2022 by Senators Michael Bennet, Ben Sasse, and Mark Warner (and reintroduced in June 2023) would, if passed, create an Office of Global Competition Analysis, the purpose of which would be to “fuse information across the federal government, including classified sources, to help us better understand U.S. competitiveness in technologies critical to our national security and economic prosperity and inform responses that will boost U.S. leadership.”⁷⁷
Ensure private sector firms remain at the cutting edge of global competitiveness. Policymakers will need to strengthen the enabling environment to allow US tech firms to meet and exceed business competition from around the world. Doing so will require constant monitoring of best-practice policy development elsewhere, based on the presumption that other countries are tweaking their own policies to outcompete the United States. Policymakers will need to properly recalibrate, as appropriate and informed by best practices, an array of policy instruments including labor market and immigration policies, types and level of infrastructural investments, competition policies, forms of direct and indirect support, and more. An Office of Global Competition Analysis, as referred to above, might be an appropriate mechanism to conduct the horizon scanning tasks necessary to support this recommendation.
Improve S&T intelligence and counterintelligence. Consistent with the observations about shortcomings in the US Intelligence Community regarding S&T collection, analysis, and dissemination, some analysts have floated creation of an S&T intelligence capability outside the Intelligence Community itself. This capability would be independent of other agencies and departments within the government and would focus on collection and analysis of S&T intelligence for stakeholders within and outside of the US government, as appropriate.⁷⁸
Ensure calibrated development and application of punitive measures. As this paper has stressed at multiple points, although the US government has powerful protect measures at its disposal, implementing those measures often comes with a price, including friction with allies and partners. The US government should create an office within the Bureau of Industry and Security (BIS) at the Commerce Department to monitor the economic impact (intended and unintended) of its export-control policies on global supply chains before they are implemented (including impacts on allied and partner economies).⁷⁹ This office would have a function that is similar in intent to the Sanctions Economic Analysis Unit, recently established at the US Treasury to “research the collateral damage of sanctions before they’re imposed, and after they’ve been put in place to see if they should be adjusted.”⁸⁰
Build out and sustain robust multilateral institutions. This paper has stressed that any effort by the United States to succeed in its tech-focused competition with China will require that it successfully engage allies and partners in multilateral settings such as the EU-TTC, Quad, and others. As with so many other recommendations on this list, success will be determined by the degree to which senior policymakers can stay focused over the long run (i.e., across administrations) on this priority and in these multilateral forums. In addition, US policymakers might consider updating multilateral forums based on new realities. For example, some analysts have called for the creation of a new multilateral export-control regime that would have the world’s “techno-democracies…identify together the commodities, software, technologies, end uses, and end users that warrant control to address shared national security, economic security, and human rights issues.”⁸¹
Engagement with China cannot be avoided. The downturn in bilateral relations between the United States and China should not obscure the need to continue engaging China on S&T as appropriate, and as opportunities arise. There are zero-sum tradeoffs involved in the strategic competition with China over technology. At the same time, there are also positive-sum elements within that competition that need to be preserved or even strengthened. As the Ford-CATL Michigan battery-plant example underscores, trade in nonstrategic technologies (EVs, batteries, etc.) benefits both countries, assuming trade occurs on a level playing field. The same is true of science cooperation, where the risk is of global scientific research on climate change and disease prevention shrinking if Sino-American scientific exchange falls dramatically. Policymakers in the United States will need to accept some amount of S&T collaboration risk with China. They will need to decide what is (and is not) of highest risk and communicate that effectively to US allies and partners around the world, the scientific community, and the general public.

The authors would like to thank Noah Stein for his research assistance with this report.

Report authors

Staff

Peter Engelke

Global Energy Center Scowcroft Center for Strategy and Security

Technology & Innovation Europe & Eurasia

Former fellow

Emily Weinstein

Former Nonresident Fellow

Global China Hub

China Technology & Innovation

Explore the Strategy Paper Series

Atlantic Council Strategy Paper Series Dec 21, 2022

Global Foresight 2023

In this year’s Global Foresight edition, our experts identify the top risks and opportunities for 2023. Our foresight team spots “snow leopards” that could have major unexpected impacts in 2023 and beyond. And we share findings from our survey of global strategists and foresight practitioners on how human affairs could unfold over the next decade.

Atlantic Council Strategy Paper Series Nov 30, 2022

Preparing for victory: A long-haul strategy to help Ukraine win the war against Russia—and secure the peace

By Stephen J. Hadley, William Taylor, John E. Herbst, Matthew Kroenig, Melinda Haring, and Jeffrey Cimmino

Ukraine’s counteroffensives, backed by expanded and accelerated US and allied support, continue to push Russian forces out of Ukrainian territory, although at a reduced rate. These hard-won successes, however, bring with them possible challenges that also must be addressed.

Europe & Eurasia Politics & Diplomacy

Report Dec 22, 2021

Seizing the advantage: A vision for the next US national defense strategy

By Clementine G. Starling-Daniels, Tyson Wetzel, Christian Trotti

In this latest installment of the Atlantic Council Strategy Papers series, Forward Defense’s Clementine Starling, Lt Col Tyson Wetzel, and Christian Trotti articulate their vision and recommendations for the next US National Defense Strategy, including clearer prioritization, investments and divestments, reposturing of US forces, a new warfighting concept, and a focus on transnational threats like hybrid warfare and climate change.

China Defense Industry

Strategic Insights Memo Apr 24, 2023

Assessing China’s approach to technological competition with the United States

By Peter Engelke, Emily Weinstein

This past winter, the Scowcroft Center for Strategy and Security and the Global China Hub convened experts and officials in a private workshop to discuss how China views technological competition with the United States.

China Politics & Diplomacy

Strategic Insights Memo Nov 15, 2022

Designing domestic and multilateral strategies for maintaining technological superiority

By Peter Engelke, Emily Weinstein

This fall, the Scowcroft Center for Strategy and Security and the Global China Hub convened experts and officials in a private workshop to discuss how the United States, in conjunction with allies and partners, might design strategies to maintain technological superiority over China. The workshop explored the necessary components of a competitive strategy via both “protect” and “run faster” policies. This memo draws from insights gathered during the workshop to give policy makers a better understanding of the potential tools in the strategic arsenal.

China Defense Technologies

Strategic Insights Memo Jul 19, 2022

Toward coherence in tech competition with China

By Peter Engelke, Emily Weinstein

This June, the Scowcroft Center for Strategy and Security and the Global China Hub convened experts and officials in a private workshop to discuss technological competition between the United States, its allies and partners, and their biggest global competitor, China. The workshop explored the stakes in this competition across economic, military, and other domains, as well as the challenges facing Washington and its allies and partners with respect to China’s rising technological capabilities. This memo draws from insights gleaned during the workshop to give policymakers a better understanding of this competition, it stakes, and the strategic choices facing the United States and its allies and partners.

China Defense Technologies

Explore the programs

The Scowcroft Center for Strategy and Security works to develop sustainable, nonpartisan strategies to address the most important security challenges facing the United States and the world.

The Global China Hub researches and devises allied solutions to the global challenges posed by China’s rise, leveraging and amplifying the Atlantic Council’s work on China across its fifteen other programs and centers.

How Prigozhin used Telegram to declare war on the Russian Ministry of Defense – and then suddenly pull back

1 Although China likely will not close the spending gap with the United States by the mid-2030s, current spending trajectories strongly suggest that China will have narrowed the gap considerably. See the US-China bilateral comparison in: “Asia Power Index 2023,” Lowy Institute, last visited June 13, 2023, https://power.lowyinstitute.org; “China v America: How Xi Jinping Plans to Narrow the Military Gap,” Economist, May 8, 2023, https://www.economist.com/china/2023/05/08/china-v-america-how-xi-jinping-plans-to-narrow-the-military-gap.

2 See, e.g., the arguments presented by: Bryce Barros, Nathan Kohlenberg, and Etienne Soula, “China and the Digital Information Stack in the Global South,” German Marshall Fund, June 15, 2022, https://securingdemocracy.gmfus.org/china-digital-stack/.

3 For a brief overview of China’s efforts in this regard, see: Bulelani Jili, China’s Surveillance Ecosystem and the Global Spread of Its Tools, Atlantic Council, October 17, 2022, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/chinese-surveillance-ecosystem-and-the-global-spread-of-its-tools/.

4 For background to these practices, see: Karen M. Sutter, ““Made in China 2025’ Industrial Policies: Issues for Congress,” Congressional Research Service, March 10, 2023, https://sgp.fas.org/crs/row/IF10964.pdf; Gerard DiPippo, Ilaria Mazzocco, and Scott Kennedy, “Red Ink: Estimating Chinese Industrial Policy Spending in Comparative Perspective,” Center for Strategic and International Studies, May 23, 2022, https://www.csis.org/analysis/red-ink-estimating-chinese-industrial-policy-spending-comparative-perspective; “America Is Struggling to Counter China’s Intellectual Property Theft,” Financial Times, April 18, 2022, https://www.ft.com/content/1d13ab71-bffd-4d63-a0bf-9e9bdfc33c39; “USTR Releases Annual Report on China’s WTO Compliance,” Office of the United States Trade Representative, February 16, 2022, press release, 3, https://ustr.gov/about-us/policy-offices/press-office/press-releases/2022/february/ustr-releases-annual-report-chinas-wto-compliance.

5 On China and technical standards, see: Matt Sheehan, Marjory Blumenthal, and Michael R. Nelson, “Three Takeaways from China’s New Standards Strategy,” Carnegie Endowment for International Peace, October 28, 2021, https://carnegieendowment.org/2021/10/28/three-takeaways-from-china-s-new-standards-strategy-pub-85678.

6 China’s current (2023) AI regulations are generally seen as more developed than those in either Europe or the United States. However, analysts argue that the individual rights and corporate responsibilities to protect them, as outlined in China’s regulations, will be selectively enforced, if at all, by the state. See: Ryan Heath, “China Races Ahead of U.S. on AI Regulation,” Axios, May 8, 2023, https://www.axios.com/2023/05/08/china-ai-regulation-race.

7 The scientific community has warned that this scenario is a real risk, owing to heightened Sino-American tension. James Mitchell Crow, “US–China partnerships bring strength in numbers to big science projects,” Nature, March 9, 2022, https://www.nature.com/articles/d41586-022-00570-0.

8 Deng Xiaoping’s reforms included pursuit of “Four Modernizations” in agriculture, industry, science and technology, and national defense. In the S&T field, his reforms included massive educational and worker-upskilling programs, large investments in scientific research centers, comprehensive programs to send Chinese STEM (science, technology, engineering, and math) students abroad for advanced education and training, experimentation with foreign technologies in manufacturing and other production processes, and upgrading of China’s military to include a focus on development of dual-use technologies. Bernard Z. Keo, “Crossing the River by Feeling the Stones: Deng Xiaoping in the Making of Modern China,” Education About Asia 25, 2 (2020), 36, https://www.asianstudies.org/publications/eaa/archives/crossing-the-river-by-feeling-the-stones-deng-xiaoping-in-the-making-of-modern-china/.

9 Dan Wang, “China’s Hidden Tech Revolution: How Beijing Threatens U.S. Dominance,” Foreign Affairs, March/April 2023, https://www.foreignaffairs.com/china/chinas-hidden-tech-revolution-how-beijing-threatens-us-dominance-dan-wang.

10 “Full Text of Clinton’s Speech on China Trade Bill,” Federal News Service, March 9, 2000, https://www.iatp.org/sites/default/files/Full_Text_of_Clintons_Speech_on_China_Trade_Bi.htm.

11 “Speech by President Jiang Zemin at George Bush Presidential Library,” Ministry of Foreign Affairs of the PRC, October 24, 2002, https://perma.cc/7NYS-4REZ; G. John Ikenberrgy, “The Rise of China and the Future of the West: Can the Liberal System Survive?” Foreign Affairs 87, 1, (2008), https://www.jstor.org/stable/20020265.

12 Elizabeth Economy, “Changing Course on China,” Current History 102, 665, China and East Asia (2003), https://www.jstor.org/stable/45317282; Thomas W. Lippman, “Bush Makes Clinton’s China Policy an Issue,” Washington Post, August 20, 1999, https://www.washingtonpost.com/wp-srv/politics/campaigns/wh2000/stories/chiwan082099.htm.

13 Kurt M. Campbell and Ely Ratner, “The China Reckoning: How Beijing Defied American Expectations,” Foreign Affairs, February 18, 2018, https://www.foreignaffairs.com/articles/china/2018-02-13/china-reckoning.

14 “Number of Tourist Arrivals in the United States from China from 2005 to 2022 with Forecasts until 2025,” Statista, April 11, 2023, https://www.statista.com/statistics/214813/number-of-visitors-to-the-us-from-china/; and “Visa Statistics,” U.S. Department of State, https://travel.state.gov/content/travel/en/legal/visa-law0/visa-statistics.html.

15 “Direct Investment Position of the United States in China from 2000 to 2021,” Statista, January 26, 2023, https://www.statista.com/statistics/188629/united-states-direct-investments-in-china-since-2000/.

16 Robbie Gramer, “Washington’s China Hawks Take Flight,” Foreign Policy, February 15, 2023, https://foreignpolicy.com/2023/02/15/china-us-relations-hawks-engagement-cold-war-taiwan/; Sam LaGrone, “China Sends Uninvited Spy Ship to RIMPAC,” USNI News, July 18, 2014, https://news.usni.org/2014/07/18/china-sends-uninvited-spy-ship-rimpac.

17 “Findings of the Investigations into China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation Under Section 301 of the Trade Act of 1974,” Office of the United States Trade Representative, March 22, 2018, https://ustr.gov/sites/default/files/Section%20301%20FINAL.PDF. When asked in November 2018 if China was violating the 2015 cyber-espionage agreement, senior National Security Agency cybersecurity official Rob Joyce said, “it’s clear that they [China] are well beyond the bounds today of the agreement that was forced between our countries.” See: “U.S. Accuses China of Violating Bilateral Anti-Hacking Deal,” Reuters, November 8, 2018, https://www.reuters.com/article/us-usa-china-cyber/u-s-accuses-china-of-violating-bilateral-anti-hacking-deal-idUSKCN1NE02E.

18 Jacob Feldgoise, et. al, “Studying Tech Competition through Research Output: Some CSET Best Practices,” Center for Security and Emerging Technology, April 2023, https://cset.georgetown.edu/article/studying-tech-competition-through-research-output-some-cset-best-practices.

19 The World Intellectual Property Organization’s annual “Global Innovation Index,” considered the gold standard rankings assessment of the world’s tech-producing economies, ranks South Korea sixth and Japan thirteenth in the 2022 edition. “Global Innovation Index 2022. What Is the Future of Innovation-Driven Growth?” World Intellectual Property Organization, 2022, https://www.globalinnovationindex.org/analysis-indicator.

20 For a general review of the Japanese case, see: Mireya Solis, “Economic Security: Boon or Bane for the US-Japan Alliance?,” Sasakawa Peace Foundation USA, November 5–6, 2022, https://spfusa.org/publications/economic-security-boon-or-bane-for-the-us-japan-alliance/#_ftn19. For the South Korean case, see: Seong-Ho Sheen and Mireya Solis, “How South Korea Sees Technology Competition with China and Export Controls,” Brookings, May 17, 2023, https://www.brookings.edu/blog/order-from-chaos/2023/05/17/how-south-korea-sees-technology-competition-with-china-and-export-controls/.

21 Jeremy Mark and Dexter Tiff Roberts, United States–China Semiconductor Standoff: A Supply Chain under Stress, Atlantic Council, February 23, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/united-states-china-semiconductor-standoff-a-supply-chain-under-stress/.

22 Yang Jie and Megumi Fujikawa, “Tokyo Meeting Highlights Democracies’ Push to Secure Chip Supplies,” Wall Street Journal, May 18, 2023, https://www.wsj.com/articles/tokyo-meeting-highlights-democracies-push-to-secure-chip-supplies-54e1173d?mod=article_inline; “US Urges South Korea not to Fill Chip Shortfalls in China if Micron Banned, Financial Times Reports,” Reuters, April 23, 2023, https://www.reuters.com/technology/us-urges-south-korea-not-fill-china-shortfalls-if-beijing-bans-micron-chips-ft-2023-04-23/.

23 See, e.g., the arguments in: Matias Spektor, “In Defense of the Fence Sitters. What the West Gets Wrong about Hedging,” Foreign Affairs, May/June 2023, https://www.foreignaffairs.com/world/global-south-defense-fence-sitters.

24 On the expansion of trade under Bretton Woods during the first postwar decades, see: Tamim Bayoumi, “The Postwar Economic Achievement,” Finance & Development, June 1995, https://www.elibrary.imf.org/view/journals/022/0032/002/article-A013-en.xml.

25 For a review of the history of the bilateral trade relationship, see: Anshu Siripurapu and Noah Berman, “Backgrounder: The Contentious U.S.-China Trade Relationship,” Council on Foreign Relations, December 5, 2022, https://www.cfr.org/backgrounder/contentious-us-china-trade-relationship.

26 Eric Martin and Ana Monteiro, “US-China Goods Trade Hits Record Even as Political Split Widens,” Bloomberg, February 7, 2023, https://www.bloomberg.com/news/articles/2023-02-07/us-china-trade-climbs-to-record-in-2022-despite-efforts-to-split?sref=a9fBmPFG#xj4y7vzkg

27 Neal E. Boudette and Keith Bradsher, “Ford Will Build a U.S. Battery Factory with Technology from China,” New York Times, February 13, 2023, https://www.nytimes.com/2023/02/13/business/energy-environment/ford-catl-electric-vehicle-battery.html.

28 “Tracking the Collaborative Networks of Five Leading Science Nations,” Nature 603, S10–S11 (2022), https://www.nature.com/articles/d41586-022-00571-z.

29 “Protecting U.S. Technological Advantage,” National Academies of Sciences, Engineering, and Medicine, 2022, 12, https://doi.org/10.17226/26647.

30 Robert W. Seidel, “Science Policy and the Role of the National Laboratories,” Los Alamos Science 21 (1993), 218–226, https://sgp.fas.org/othergov/doe/lanl/pubs/00285712.pdf.

31 The federal government’s hand in creating Silicon Valley is well known. For a short summary, see: W. Patrick McCray, “Silicon Valley: A Region High on Historical Amnesia,” Los Angeles Review of Books, September 19, 2019, https://lareviewofbooks.org/article/silicon-valley-a-region-high-on-historical-amnesia/. A forceful defense of the federal government’s role in creating and sustaining Silicon Valley is: Jacob S. Hacker and Paul Pierson, “Why Technological Innovation Relies on Government Support,” Atlantic, March 28, 2016, https://www.theatlantic.com/politics/archive/2016/03/andy-grove-government-technology/475626/.

32 Robert D. Atkinson, “Understanding the U.S. National Innovation System, 2020,” International Technology & Innovation Foundation, November 2020, 1, https://www2.itif.org/2020-us-innovation-system.pdf.

33 “National Innovation Policies: What Countries Do Best and How They Can Improve,” International Technology & Innovation Foundation, June 13, 2019, 82, https://itif.org/publications/2019/06/13/national-innovation-policies-what-countries-do-best-and-how-they-can-improve/; “Historical Trends in Federal R&D, Federal R&D as a Percent of GDP, 1976-2023,” American Association for the Advancement of Science, last visited June 13, 2023, https://www.aaas.org/programs/r-d-budget-and-policy/historical-trends-federal-rd.

34 Matt Hourihan, “A Snapshot of U.S. R&D Competitiveness: 2020 Update,” American Association for the Advancement of Science, October 22, 2020, https://www.aaas.org/news/snapshot-us-rd-competitiveness-2020-update.

35 Remco Zwetsloot, et al., “China is Fast Outpacing U.S. STEM PhD Growth,” Center for Security and Emerging Technology, August 2021, 2–4, https://cset.georgetown.edu/publication/china-is-fast-outpacing-u-s-stem-phd-growth/.

36 As reviewed in: Robert D. Atkinson, “Understanding the U.S. National Innovation System, 2020,” International Technology & Innovation Foundation, November 2020, https://www2.itif.org/2020-us-innovation-system.pdf.

37 See, e.g., the arguments laid out by Frank Lucas, chairman of the House Science, Space, and Technology Committee, in: Frank Lucas, “A Next-Generation Strategy for American Science,” Issues in Science and Technology 39, 3, Spring 2023, https://issues.org/strategy-american-science-lucas/.

38 “Findings of the Investigations into China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property, and Innovation Under Section 301 of the Trade Act of 1974”; “Threats to the U.S. Research Enterprise: China’s Talent Recruitment Plans,” Permanent Subcommittee on Investigations, Committee on Homeland Security and Governmental Affairs, US Senate, November 2019, https://www.hsgac.senate.gov/wp-content/uploads/imo/media/doc/2019-11-18%20PSI%20Staff%20Report%20-%20China’s%20Talent%20Recruitment%20Plans%20Updated2.pdf; Michael Brown and Pavneet Singh, “China’s Technology Transfer Strategy: How Chinese Investments in Emerging Technology Enable A Strategic Competitor to Access the Crown Jewels of U.S. Innovation,” Defense Innovation Unit Experimental (DIUx), January 2018, https://www.documentcloud.org/documents/4549143-DIUx-Study-on-China-s-Technology-Transfer.

39 Steven F. Hill, et. al, “Trump Administration Significantly Enhances Export Control Supply Chain Restrictions on Huawei,” K&L Gates, September 2020, https://www.klgates.com/Trump-Administration-Significantly-Enhances-Export-Control-Supply-Chain-Restrictions-on-Huawei-9-2-2020; and “Implementation of Additional Export Controls: Certain Advanced Computing and Semiconductor Manufacturing Items; Supercomputer and Semiconductor End Use; Entity List Modification,” Bureau of Industry and Security, US Department of Commerce, October 14, 2022, https://www.federalregister.gov/documents/2022/10/13/2022-21658/implementation-of-additional-export-controls-certain-advanced-computing-and-semiconductor.

40 “The Committee on Foreign Investment in the United States,” US Department of the Treasury, last visited June 13, 2023, https://home.treasury.gov/policy-issues/international/the-committee-on-foreign-investment-in-the-united-states-cfius.

41 Hans Nichols and Dave Lawler, “Biden’s Next Move to Box China out on Sensitive Tech,” Axios, May 25, 2023, https://www.axios.com/2023/05/25/china-investments-ai-semiconductor-biden-order.

42 “With Over 300 Sanctions, U.S. Targets Russia’s Circumvention and Evasion, Military-Industrial Supply Chains, and Future Energy Revenues,” US Department of the Treasury, press release, May 19, 2023, https://home.treasury.gov/news/press-releases/jy1494.

43 Tim Hwang and Emily S. Weinstein, “Decoupling in Strategic Technologies: From Satellites to Artificial Intelligence,” Center for Security and Emerging Technology, July 2022, https://cset.georgetown.edu/publication/decoupling-in-strategic-technologies/.

44 The articles were published in China’s state-run newspaper, Science and Technology Daily. Ben Murphy, “Chokepoints: China’s Self-Identified Strategic Technology Import Dependencies,” Center for Security and Emerging Technology, May 2022, https://cset.georgetown.edu/publication/chokepoints/.

45 Antony J. Blinken, “The Administration’s Approach to the People’s Republic of China,” US Department of State, May 26, 2022, https://www.state.gov/the-administrations-approach-to-the-peoples-republic-of-china/.

46 “Media Reaction: US Inflation Reduction Act and the Global ‘Clean-Energy Arms Race,’” Carbon Brief, February 3, 2023, https://www.carbonbrief.org/media-reaction-us-inflation-reduction-act-and-the-global-clean-energy-arms-race/; Théophile Pouget-Abadie, Francis Shin, and Jonah Allen, Clean Industrial Policies: A Space for EU-US Collaboration, Atlantic Council, March 10, 2023, https://www.atlanticcouncil.org/blogs/energysource/clean-industrial-policies-a-space-for-eu-us-collaboration/.

47 Shannon Tiezzi, “Are US Allies Falling out of ‘Alignment’ on China?” Diplomat, December 19, 2022, https://thediplomat.com/2022/12/are-us-allies-falling-out-of-alignment-on-china/.

48 “The Fall of Empires Preys on Xi Jinping’s Mind,” Economist, May 11, 2023, https://www.economist.com/briefing/2023/05/11/the-fall-of-empires-preys-on-xi-jinpings-mind; Kunal Sharma, “What China Learned from the Collapse of the USSR,” Diplomat, December 6, 2021, https://thediplomat.com/2021/12/what-china-learned-from-the-collapse-of-the-ussr/; Simone McCarthy, “Why Gorbachev’s Legacy Haunts China’s Ruling Communist Party,” CNN, August 31, 2022, https://www.cnn.com/2022/08/31/china/china-reaction-mikhail-gorbachev-intl-hnk/index.html.

49 For a review of the complex history of the construction and deconstruction of the Soviet Union, see: Serhii Plokhy, “The Empire Returns: Russia, Ukraine and the Long Shadow of the Soviet Union,”Financial Times, January 28, 2022, https://www.ft.com/content/0cbbd590-8e48-4687-a302-e74b6f0c905d.

50 Phelim Kine, “China ‘Is Infinitely Stronger than the Soviet Union Ever Was,’” Politico, April 28, 2023, https://www.politico.com/newsletters/global-insider/2023/04/28/china-is-infinitely-stronger-than-the-soviet-union-ever-was-00094266.

51 Hal Brands, “The Dangers of China’s Decline,” Foreign Policy, April 14, 2022, https://foreignpolicy.com/2022/04/14/china-decline-dangers/.

52 Tarun Chhabra, et al., “Open-Source Intelligence for S&T Analysis,” Center for Security and Emerging Technology (CSET), Georgetown University Walsh School of Foreign Service, September 2020, https://cset.georgetown.edu/publication/open-source-intelligence-for-st-analysis/.

53 A summary of and link to the committee’s redacted report is in: Tia Sewell, “U.S. Intelligence Community Ill-Prepared to Respond to China, Bipartisan House Report Finds,” Lawfare, September 30, 2020, https://www.lawfareblog.com/us-intelligence-community-ill-prepared-respond-china-bipartisan-house-report-finds.

54 William Hannas and Huey-Meei Chang, “China’s Access to Foreign AI Technology,” Center for Security and Emerging Technology (CSET), Georgetown University Walsh School of Foreign Service, September 2019, https://cset.georgetown.edu/publication/chinas-access-to-foreign-ai-technology/.

55 Ellen Nakashima, “Justice Department Shutters China Initiative, Launches Broader Strategy to Counter Nation-State Threats,” Washington Post, February 23, 2022, https://www.washingtonpost.com/national-security/2022/02/23/china-initivative-redo/.

56 Tuomo Kuosa, “Strategic Foresight in Government: The Cases of Finland, Singapore, and the European Union,” S. Rajaratnam School of International Studies, Nanyang Technological University, 43, https://www.files.ethz.ch/isn/145831/Monograph19.pdf.

57 For a review, including a summary of such recommendations, see: J. Peter Scoblic, “Strategic Foresight in U.S. Agencies. An Analysis of Long-term Anticipatory Thinking in the Federal Government,” New America, December 15, 2021, https://www.newamerica.org/international-security/reports/strategic-foresight-in-us-agencies/.

58 See, for example: Marie A. Mak, “Critical Technologies: Agency Initiatives Address Some Weaknesses, but Additional Interagency Collaboration Is Needed,” General Accounting Office, February 2015, https://www.gao.gov/assets/gao-15-288.pdf.

59 “Protecting U.S. Technological Advantage,” 97.

60 Ibid.

61 Toby Sterling, Karen Freifeld, and Alexandra Alper, “Dutch to Restrict Semiconductor Tech Exports to China, Joining US Effort,”Reuters, March 8, 2023, https://www.reuters.com/technology/dutch-responds-us-china-policy-with-plan-curb-semiconductor-tech-exports-2023-03-08/.

62 Troy Stangarone, “Inflation Reduction Act Roils South Korea-US Relations,” Diplomat, September 20, 2022, https://thediplomat.com/2022/09/inflation-reduction-act-roils-south-korea-us-relations/; “S. Korea in Preparation for Legal Disputes with U.S. over IRA,” Yonhap News Agency, November 3, 2022, https://en.yna.co.kr/view/AEN20221103004500320.

63 “Speech by President von der Leyen on EU-China Relations to the Mercator Institute for China Studies and the European Policy Centre,” European Commission, March 30, 2023, https://ec.europa.eu/commission/presscorner/detail/en/speech_23_2063.

64 “G7 Hiroshima Leaders’ Communiqué,” White House, May 20, 2023, https://www.whitehouse.gov/briefing-room/statements-releases/2023/05/20/g7-hiroshima-leaders-communique/.

65 See, e.g.: Kevin Roose, “A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn,” New York Times, May 30, 2023, https://www.nytimes.com/2023/05/30/technology/ai-threat-warning.html.

66 Gigi Kwik Gronvall, “Managing the Risks of Biotechnology Innovation,” Council on Foreign Relations, January 30, 2023, 7, https://www.cfr.org/report/managing-risks-biotechnology-innovation.

67 Madeleine Ngo, “CHIPS Act Funding for Science and Research Falls Short,” New York Times, May 30, 2023, https://www.nytimes.com/2023/05/30/us/politics/chips-act-science-funding.html; Matt Hourihan, Mark Muro, and Melissa Roberts Chapman, “The Bold Vision of the CHIPS and Science Act Isn’t Getting the Funding It Needs,” Brookings, May 17, 2023, https://www.brookings.edu/blog/the-avenue/2023/05/17/the-bold-vision-of-the-chips-and-science-act-isnt-getting-the-funding-it-needs/.

68 See, e.g.: Gabrielle Athanasia and Jillian Cota, “The U.S. Should Strengthen STEM Education to Remain Globally Competitive,” Center for Strategic and International Studies, April 1, 2022, https://www.csis.org/blogs/perspectives-innovation/us-should-strengthen-stem-education-remain-globally-competitive.

69 On per-student university funding at state level, see: Mary Ellen Flannery, “State Funding for Higher Education Still Lagging,” NEA Today, October 25, 2022, https://www.nea.org/advocating-for-change/new-from-nea/state-funding-higher-education-still-lagging

70 Matt Fieldman, “5 Things We Learned in Germany,” NIST Manufacturing Innovation Blog, December 14, 2022, https://www.nist.gov/blogs/manufacturing-innovation-blog/5-things-we-learned-germany.

71 For a review, see: Peter Engelke and Robert A. Manning, Keeping America’s Innovative Edge, Atlantic Council, April 2017, https://www.atlanticcouncil.org/in-depth-research-reports/report/keeping-america-s-innovative-edge-2/.

72 To date, Congress has allocated only 5 percent of the funds called for in the piece of the CHIPS Act that funds the tech hubs. Madeleine Ngo, “CHIPS Act Funding for Science and Research Falls Short,” New York Times, May 30, 2023, https://www.nytimes.com/2023/05/30/us/politics/chips-act-science-funding.html; Mark Muro, et al., “Breaking Down an $80 Billion Surge in Place-Based Industrial Policy,” Brookings, December 15, 2022, https://www.brookings.edu/blog/the-avenue/2022/12/15/breaking-down-an-80-billion-surge-in-place-based-industrial-policy/.

73 Shai Bernstein, et al., “The Contribution of High-Skilled Immigrants to Innovation in the United States,” National Bureau of Economic Research, December 2022, 3, https://www.nber.org/papers/w30797.

74 Miranda Dixon-Luinenburg, “America Has an Innovation Problem. The H-1B Visa Backlog Is Making It Worse,” Vox, July 13, 2022, https://www.vox.com/future-perfect/23177446/immigrants-tech-companies-united-states-innovation-h1b-visas-immigration.

75 “Protecting U.S. Technological Advantage,” 98–99.

76 Matt Hourihan, “CHIPS And Science Highlights: National Strategy,” Federation of American Scientists, August 9, 2022, https://fas.org/publication/chips-national-strategy/.

77 “Press Release: Bennet, Sasse, Warner Unveil Legislation to Strengthen U.S. Technology Competitiveness,” Office of Michael Bennet, June 9, 2022, https://www.bennet.senate.gov/public/index.cfm/2022/6/bennet-sasse-warner-unveil-legislation-to-strengthen-u-s-technology-competitiveness.

78 Tarun Chhabra, et al., “Open-Source Intelligence for S&T Analysis,” Center for Security and Emerging Technology (CSET),Georgetown University Walsh School of Foreign Service, September 2020, https://cset.georgetown.edu/publication/open-source-intelligence-for-st-analysis/.

79 Emily Weinstein, “The Role of Taiwan in the U.S. Semiconductor Supply Chain Strategy,” National Bureau of Asian Research, January 21, 2023, https://www.nbr.org/publication/the-role-of-taiwan-in-the-u-s-semiconductor-supply-chain-strategy/.

80 Daniel Flatley, “US Treasury Hires Economists to Study Consequences of Sanctions,” Bloomberg, May 17, 2023, https://www.bloomberg.com/news/articles/2023-05-18/us-treasury-hires-economists-to-study-consequences-of-sanctions?sref=a9fBmPFG.

81 Kevin Wolf and Emily S. Weinstein, “COCOM’s daughter?” World ECR, May 13, 2022, 25, https://cset.georgetown.edu/wp-content/uploads/WorldECR-109-pp24-28-Article1-Wolf-Weinstein.pdf.

The post Global Strategy 2023: Winning the tech race with China appeared first on Atlantic Council.

Russian War Report Special Edition: Prigozhin and Wagner forces mutiny against Moscow

Digital Forensic Research Lab — Sat, 24 Jun 2023 17:04:28 +0000

On the evening of Friday, June 23, Wagner Group founder Yevgeny Prigozhin effectively broke ties with Moscow and initiated a mutiny against the Russian military, successfully occupying Rostov. Russian President Vladimir Putin condemned Prigozhin’s actions in an address to the nation as Russian authorities secured Moscow and reportedly engaged Wagner forces around Rostov. At the time of writing on the afternoon of Saturday, June 24, Prigozhin appears to have accepted a pause in further escalation, stating that Wagner forces will return to base. Today’s special edition of the Russian War Report provides an overview of the last thirty-six hours, including details on how Prigozhin’s rhetoric escalated into open conflict, open-source analysis of the latest footage, and a review of some of the competing narratives on Telegram and across the Russian information ecosystem.

Tracking narratives

Putin calls Prigozhin’s “criminal adventure” an “armed mutiny” and “treason”

Security

Wagner forces enter Rostov, occupy Russian Southern Military District headquarters

Wagner forces emerge south of Moscow in Lipetsk

Explosion at oil depot in Russian city of Voronezh

Media policy

Amid chaos in the Russian information space the Kremlin attempts to limit information on Prigozhin

How Prigozhin used Telegram to declare war on the Russian Ministry of Defense – and then suddenly pull back

The Russian-founded messaging platform Telegram, which became a primary tool circulating pro-Kremlin narratives throughout Russia’s war in Ukraine, achieved an unprecedented level of influence on June 23, with Prigozhin wielding it to vent his rage at the Russian defense establishment and launch a mercenary mutiny. For months, Prigozhin has engaged in rhetorical warfare against his rivals in the Kremlin, in particular Russian Defense Minister Sergei Shoigu and Armed Forces Chief of Staff Gen. Valery Gerasimov. The Wagner founder blamed them for ineptitude over the course of the war in Ukraine, including a months-long public argument about supplying his forces with adequate munitions during its siege of Bakhmut.

Prigozhin’s one-man war against the Russian Ministry of Defense (MoD) reached new heights in a series of Telegram posts that began on Friday, June 23, and continued into Saturday. At 10:50 am Moscow time, he posted a thirty-minute video to his Prigozhin Press Service Telegram channel excoriating the MoD, accusing its leadership of deceiving Putin and the Russian public in early 2022 into believing that Ukrainian aggression was imminent, and that Russia had no choice but to invade Ukraine.

Sitting in a chair in front of a Wagner Group flag pinned to an otherwise blank wall, Prigozhin proceeded to make his case against the MoD and its entire war effort. “Right now, the [MoD] is trying to deceive society and the president and tell a story that there was insane aggression from the Ukrainian side and they were going to attack us together with the whole NATO bloc,” Prigozhin said effectively undermining the Kremlin’s entire case for war. “Therefore, on February 24, the so-called special operation was launched for completely different reasons.” He described Russia’s invasion of Ukraine as a “monstrous shame show” and an “incompetently planned operation” conducted by “a bunch of creatures” and “mentally ill scum” who “don’t have the balls” to fight aggressively with the necessary decisiveness to win the war, including their unwillingness to use tactical nuclear weapons. “The grandfathers are rather weak. They cannot get out of their comfort zone,” he added.

“A handful of dipshits decided for some reason that they were so cunning that no one would realize what they were doing with their military exercises, and nobody would stop them when they went to Kyiv,” Prigozhin said. He went on to blame Shoigu for killing thousands of capable Russian soldiers, and he directed his ire at Russian oligarchs enriching themselves on the war while seeking to return former Russian President Dmitry Medvedev to power. “Our sacred war against those who wrong the Russian people has turned into racketeering, into theft,” he said.

Prigozhin later added that he would follow up the video with a second “interview,” but this would turn out to be a gross understatement, as the initial video was merely the first of more than a dozen messages he would post to his Prigozhin Press Service Telegram channel over the next thirty-six hours.

Later in the day at 5:10 pm Moscow time, Prigozhin amped up his criticism of the MoD even further with a Telegram audio post in which he accused it of committing “genocide” against Russians. Calling out Shoigu and Gerasimov directly, Prigozhin said “they should be held responsible for the genocide of the Russian people, the murder of tens of thousands of Russian citizens, and the transfer of Russian territories to the enemy.”

As angry audio clips of Prigozhin continued to appear into the evening, multiple pro-Wagner Telegram channels circulated a video around 9:00 pm Moscow time purporting to document the aftermath of a Russian airstrike on a Wagner encampment. The video shows scenes of a wooded area lined with stone paths subjected to a moderate amount debris and several fires burning in trenches; a body is briefly seen towards the end of the clip. It is unclear where or when the footage was filmed, and it brought to mind similar suspicious footage contextually devoid footage circulated prior to the February 2022 invasion accusing Ukraine of engaging in sabotage and other aggression against Russia.

The drama continues. Prigozhin publishes a video which he claims shows the aftermath of a rocket attack by the Russian ministry of defence on a Wagner camp. “Many of our guys died…We will make a decision how to respond to this evil. The next move is ours” pic.twitter.com/o7l14yVBMX
— Pjotr Sauer (@PjotrSauer) June 23, 2023

Within ten minutes, Prigozhin posted another angry statement, this time accusing the MoD of attacking his forces at the camp. “Today, seeing that we aren’t broken, they decided to launch rocket attacks on our rear camps,” he exclaimed. “A huge number of fighters were killed, our comrades in arms. We’ll decide how to respond to this atrocity. The ball’s in our court.”

Approximately fifteen minutes later, Prigozhin effectively declared war against the MoD in another Telegram audio clip. “The Wagner Group commanders’ council has made a decision,” he announced. “The evil that the country’s military leadership is carrying out must be stopped. They neglect soldiers’ lives. They’ve forgotten the word ‘justice’ and we’re bringing it back. Those who destroyed our guys today, those who destroyed many tens of thousands of Russian soldiers’ lives will be punished.” Later, he described his forces as “25,000 strong,” adding, “We’re going to get to the bottom of the lawlessness in this country.”

As Prigozhin continued posting additional threats and taunts on Telegram, the MoD described the alleged footage circulated on pro-Wagner channels as fake, while Russia’s National Anti-Terrorism Committee announced that the Federal Security Service, or FSB, would initiate a criminal case against Prigozhin “on the fact of calling for an armed rebellion.”

Prigozhin continued posting on and off throughout Saturday as his forces advanced north in the direction of Moscow. Then just before 8:30pm local time, he uploaded another message, stating he would return Wagner forces to their camps. It remains unclear whether he intends to keep that promise.

Prigozhin just now: "They wanted to disband Wagner. We set out on June 23 for the "March of Justice". In a day we marched just short of 200 km from Moscow. During this time, we have not shed a single drop of the blood of our fighters. Now is the moment when blood can be shed.…
— Mary Ilyushina (@maryilyushina) June 24, 2023

—Andy Carvin, managing editor, Washington, DC

Putin calls Prigozhin’s “criminal adventure” an “armed mutiny” and “treason”

After spending Friday night away from cameras, Putin released a televised statement late Saturday morning. Addressing the Russian public as well as the armed forces and security personnel “who are now fighting in their combat positions, repulsing enemy attacks,” Putin described Prigozhin’s actions as a “criminal adventure” and an “armed mutiny.”

“Today, Russia is waging a tough struggle for its future, repelling the aggression of neo-Nazis and their patrons,” he stated. “The entire military, economic, and informational machine of the West is directed against us. We are fighting for the lives and security of our people, for our sovereignty and independence, for the right to be and remain Russia, a state with a thousand-year history.”

“This battle, when the fate of our nation is being decided, requires consolidation of all forces,” Putin continued. “It requires unity, consolidation, and a sense of responsibility, and everything that weakens us, any strife that our external enemies can use and do so to subvert us from within, must be discarded. Therefore, any actions that split our nation are essentially a betrayal of our people, of our comrades-in-arms who are now fighting at the frontline. This is a knife in the back of our country and our people.”

Comparing the mutiny to 1917, when “Russians were killing Russians and brothers were killing brothers,” Putin declared, “We will not allow this to happen again. We will protect our people and our statehood from any threats, including from internal betrayal…. Inflated ambitions and personal interests have led to treason—treason against our country, our people and the common cause which Wagner Group soldiers, and commanders were fighting and dying for.”

“Once again, any internal revolt is a deadly threat to our statehood and our nation. It is a blow to Russia, to our people,” he continued. “Our actions to defend the fatherland from this threat will be harsh. All those who have consciously chosen the path of betrayal, planned an armed mutiny, and taken the path of blackmail and terrorism, will inevitably be punished and will answer before the law and our people…. Those who staged the mutiny and took up arms against their comrades—they have betrayed Russia and will be brought to account. I urge those who are being dragged into this crime not to make a fatal and tragic mistake but make the only right choice: to stop taking part in criminal actions.”

“I am certain that we will preserve and defend what we hold dear and sacred, and together with our motherland we will overcome any hardships and become even stronger,” Putin concluded.

—Andy Carvin, managing editor, Washington, DC

Wagner forces enter Rostov, occupy Russian Southern Military District headquarters

Over the course of Prigozhin’s Telegram posts, he boasted that his “25,000 strong” Wagner forces had marched across the border from Ukraine into Russia before claiming they had shot down a Russian armed forces helicopter before entering the city of Rostov. For many hours overnight, he provided no evidence to back his claims. This finally began to change as footage emerged on Russian Telegram, ultimately confirming that Prigozhin had indeed occupied Rostov.

At 3:47 am Moscow time, the pro-Wagner channel VChK-OGPU posted a video in which a helicopter can be heard circling over Rostov at night. The channel noted, however, “No one has yet seen the video of the Wagner PMC column and the battles with the Ministry of Defense.” Two minutes later, the channel changed its tune by sharing a second video appearing to show rocket fire and bursts of assault rifles, describing it as the “first video reportedly showing fighting between PMC Wagner and Ministry of Defense units.” The footage circulated widely on Telegram but remained unverified.

Less than twenty minutes later, at 4:09 am, VChK-OGPU shared a third clip showing what appeared to be a convoy of Wagner tanks, trucks, and other vehicles crossing a checkpoint without any opposition. Unlike the previous clips, however, the footage was easily visible, as it appeared to have been recorded during the pre-dawn twilight. According to open-source sun-tracking data, the sun rose in Rostov this morning at 4:25 am, with twilight commencing at 3:50 am, putting the video’s release squarely in the middle of pre-dawn twilight. The exact location of the footage is still under review and cannot be confirmed.

At 5:01 am, not long after sunrise, the Verum Regnum Telegram channel circulated video clips of what appeared to show Wagner forces arriving in central Rostov, just outside the MoD’s Southern Military District headquarters at the intersection of Pushkinskaya Ulitsa and Budonnovskiy Prospekt. One of the videos appeared to show forces beginning to set up a perimeter around the MoD building.

Telegram footage allegedly of Wagner forces in central Rostov. (Source: Verum Regnum/archive)

Top: Highlights from the video showing a tank in front of the southwest corner of Pushkinskaya Ulitsa and Budonnovskiy Prospekt (top left) and a man recording footage on his phone in front of the intersection’s northwest corner in front of the MoD’s Southern Military District building (top right). Bottom: Google Street View of the same intersection facing westward, where both corners are visible. (Source: Verum Regnum/archive, top left and top right; Google Street View/archive, bottom)

A second clip showed how that presence had expanded with the placement of additional armored vehicles blocking the entire intersection from vehicle traffic.

Wagner soldiers (left) and armored vehicles (center and right) block the intersection in front of the Southern Military District building in Rostov. (Source: Verum Regnum/archive)

Around 7:30 am Moscow time, a pair of videos appeared on the WAGNER Z GROUP/Z PMC WAGNER’Z Telegram channel and Prigozhin’s press channel respectively. The first video showed Prigozhin and his entourage entering the inner courtyard of the Southern Military District building. Prigozhin is later seen bragging about his successes with Deputy Defense Minister Yunus-bek Yevkurov while demanding that Yevkurov speak to him respectfully. In the second video, he addressed the camera and bragged that he had captured Rostov without firing a single shot.

Just wow. A video has surfaced showing Prigozhin at the Southern Military District HQ in Rostov-on-Don talking to (and HUMILIATING) Deputy Defense Minister Yunus-bek Yevkurov. He threatens to blockade Rostov and head for Moscow!

I have extreme trouble understanding Yevkurov and… pic.twitter.com/jGr9gaLB1i
— Kevin Rothrock (@KevinRothrock) June 24, 2023

#UPDATE Wagner chief Yevgeny Prigozhin, leading a mutiny to bring down Moscow's top brass, said Saturday his fighters captured the army HQ in Russia's Rostov-on-Don "without firing a single shot" and claimed to have the support of locals. pic.twitter.com/5F0uC0pDFQ
— AFP News Agency (@AFP) June 24, 2023

Later, prior to 2:00 pm Moscow time, new footage emerged showing people running from the neighborhood of the MoD building. Initial reports suggested it was a Russian Armed Forces attack within the vicinity, but this has not been confirmed.

https://twitter.com/maria_drutska/status/1672560729256329216

The many civilians running from the sound of an explosion were likely due to the crowds that came out to observe Wagner’s occupation of the MoD building. In one video, people can be seen chatting with Wagner soldiers and thanking them.

Rostov – people approaching the mercenaries to thank them and shake hands. pic.twitter.com/teLqMGtMWh
— WarTranslated (Dmitri) (@wartranslated) June 24, 2023

—Andy Carvin, managing editor, Washington, DC

Wagner forces emerge south of Moscow in Lipetsk

The governor of Lipetsk, Igor Artamonov, announced Saturday afternoon that Wagner forces had entered the region, approximately 400 km south of Moscow. The Associated Press noted that the governor added, “The situation is under control.” Meanwhile, footage emerged that appeared to show excavators destroying the highway between Lipetsk and Moscow.

Digging up the road to make roadblocks. Lipetsk. pic.twitter.com/ObDcEHFPOo
— Michael Weiss (@michaeldweiss) June 24, 2023

At the time of writing there were conflicting reports as to whether the Wagner convoy had traveled from Rostov or was comprised of defectors from the Russian Armed Forces.

—Andy Carvin, managing editor, Washington, DC

Explosion at oil depot in Russian city of Voronezh

On June 24, videos depicting an explosion at an oil depot in the region of Voronezh were widely circulated online. The DFRLab identified the precise location of the explosion and confirmed the videos as authentic.

The video published online was captured from buildings in close proximity to the Leroy Merlin store in Voronezh, as clearly observed in the footage. The DFRLab also corroborated the location of the oil depot Red Flag Oil Combine (Комбинат Красное знамя) and identified approximate coordinates for the area where the video was recorded. Below, the screenshot on the left is extracted from the video, while the image on the right is from Google Maps, illustrating the precise positions of the oil depot, store, and the recorded video.

Photo shows the locations of oil depot, store, recorded video, marked as blue, yellow, red respectively. (Source: Left Twitter/archive, Right Google Maps/archive)

Additional footage documented the shelling of a residential area in Voronezh. The footage reveals visible damage to cars. In order to verify the location of the building, the DFRLab utilized reverse image search via Google and Yandex, then cross-referenced the results with Google Maps, verifying the location of the shelling.

Imagery from Google Maps (left) shows the location of residential area in Voronezh (center and right). (Source: Google Maps/archive left; RtrDonetsk/archive, center; @christogrozev/archive, right)

The location of residential area as seen on Yandex Maps. (Source: Yandex/archive)

—Sayyara Mammadova, research associate, Warsaw, Poland

—Valentin Châtelet, research associate, Brussels, Belgium

Amid chaos in the Russian information space the Kremlin attempts to limit information on Prigozhin

According to TASS, Russian social network VKontakte (VK) and search engine Yandex are blocking content related to Prigozhin. Reportedly, instead of Prigozhin’s statement that was published on June 23 at 9:52 pm Moscow time, a VK page for Prigozhin’s Concord company displayed a message that the material was blocked on the territory of Russia on the basis of the decision of the Prosecutor General’s Office. At the time of the writing, Prigozhin’s posts on Concord VK page were available, though none of them correspond to 9:52 pm Moscow time. TASS added that the Yandex search results for Prigozhin notifies a reader that some of the search results are hidden in accordance with federal law. Using a virtual private network (VPN), the DFRLab replicated the search of the content mentioned by TASS and found that they are accessible from other locations. The restrictions seem to be geofenced to Russia.

Separately, TASS reported that there are Telegram-access disruptions detected in various Russian cities, including Moscow, St. Petersburg, Voronezh, and Volgograd Oblasts.

Russia’s internet regulator Roskomnadzor warned that the government can place internet performance restrictions in locations where counter-terrorist operations might take place, such as Moscow, Voronezh, or Rostov. Roskomnadzor also added that the use of Telegram is not limited for now.

Meanwhile, the Telegram channel Faridaily reported that residents of Moscow and the surrounding region are receiving calls from unknown mobile numbers with messages from Wagner. According to the Telegram post, one person received a call on their Viber messenger with a recording of Prigozhin’s appeal about “restoring justice.” Another person received a call on behalf of Wagner with an automated voice encouraging them to join Wagner when their units move toward Moscow.

Meanwhile, footage from Russian state media Rossiya 24 surfaced online showing a confused news anchor. Apparently lacking instructions from the Kremlin on how to report about the armed insurrection in Russia, they said, “Next we are going for short commercial and then… commercial.”

—Eto Buziashvili, research associate, Tbilisi, Georgia

The post Russian War Report Special Edition: Prigozhin and Wagner forces mutiny against Moscow appeared first on Atlantic Council.

Russian War Report: Wagner attempts to draft gamers as drone pilots

Digital Forensic Research Lab — Thu, 22 Jun 2023 18:12:27 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Ukrainian counteroffensive sees advances in Zaporizhzhia and eastern Ukraine

Wagner attempts to draft gamers as UAV pilots

Tracking narratives

Deripaska blames hackers after his website briefly takes credit for potential war crime

Rumors of alleged death of popular pro-Kremlin war correspondent gain traction on Twitter

Ukrainian counteroffensive sees advances in Zaporizhzhia and eastern Ukraine

On June 19, Ukrainian forces launched counteroffensive actions in at least three areas and appear to have made gains in Zaporizhzhia and eastern Ukraine. The Telegram channel of Russian military blogger WarGonzo reported that Ukrainian forces continued attacks northwest, northeast, and southwest of Bakhmut and advanced near Krasnopolivka. Ukrainian Deputy Defense Minister Hanna Maliar announced that over the past week Ukrainian troops advanced up to seven kilometers in the direction of Zaporizhzhia and retook 113 square kilometers of territory. Russian Telegram channels also reported that fighting was ongoing south and southwest of Orikhiv on June 19. Zaporizhzhia and Donetsk oblasts continue to be the most active areas of the frontline, as the Ukrainian army attempts to advance in the directions of Novodarivka, Pryutne, Makarivka, Rivnopil, Novodanylivka, and Robotyne.

On June 17, the Russian Ministry of Defense claimed that Ukrainian forces conducted ground attacks west and south of Kreminna. It also stated that the Russian army had repelled Ukrainian attacks on the Avdiivka-Donetsk sector. Meanwhile, Ukrainian forces continued operations around Velyka Novosilka near the border between Donetsk and Zaporizhzhia oblasts.

According to Ukrainian forces, Russian forces conducted offensive actions in Donetsk and Luhansk oblasts. The Ukrainian military reported forty-five combat engagements with Russian forces near Yampolivka, Torske, Hryhorivka, Spirne, Avdiyivka, Krasnohorivka, Marinka, Pobieda, Novomykhailivka, and Donetsk’s Dibrova and Orikhovo-Vasylivka. According to Ukraine, the Russian army continued to shell villages in the direction of Marinka, Zaporizhzhia, Kherson, Lyman, and Kupiansk. Ukraine also alleged that Russian forces launched Kalibr cruise missiles from a submarine in the Black Sea and Shahed drones from the eastern coast of the Sea of Azov.

On June 20, Kyrylo Budanov, chief of the Main Directorate of Intelligence for the Ministry of Defense of Ukraine, alleged that Russian troops mined the Zaporizhzhia nuclear power plant’s cooling pond, which is necessary for the safe operation of the plant. According to Budanov, if Russia triggers an explosion, there is a “high probability that there will be significant problems.” Budanov did not provide any evidence to support the allegation, and the statement cannot be independently verified at this time. If true, however, it would put the nuclear plant at greater risk of a significant accident. The power plant complex, Europe’s largest, has been under occupation since February 2022.

On January 22, the governor of Russian-occupied Crimea accused Ukraine of targeting a bridge that connects the peninsula to Kherson Oblast, near the village of Chonhar. In a Telegram post, Vladimir Sal’do alleged that Ukraine struck the bridge with “British Storm Shadow missiles,” creating a hole in the middle of the bridge.

As fierce hostilities continue in eastern and southern Ukraine, there are signs of a new wave of arrests in Russia, including of people with ties to Ukraine. On June 20, Russian state media outlet RIA Novosti announced that a woman of Ukrainian origin was detained in Saransk and charged with treason.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Wagner attempts to draft gamers as UAV pilots

A June 19 Telegram post from Russian opposition news outlet Verstka claimed that Wagner Group is encouraging gamers to apply to serve as unmanned aerial vehicle pilots in the war against Ukraine. The media outlet reported that no prior military experience was required to apply for the position. Posts from Wagner emerged on Vkontakte the same day, inviting gamers with experience in “manipulating joysticks in flight simulators” to enroll.

Wagner ad recruiting gamers as UAV pilots. (Source: VK)

Verstka, which contacted a Wagner recruiter as part of its reporting, stated that the campaign aims to recruit soldiers to pilot “copters and more serious machines.” In this particular context, “copters” (коптеры) is a reference to commercial drones that are sold to the public and have been widely used in the war against Ukraine. A May 19 investigation published by the Organized Crime and Corruption Reporting Project found that Chinese manufacturers have reportedly continued to provide Russian armed forces with DJI drones through third parties in Kazakhstan.

Verstka also noted that in 2022, the Russian defense ministry attempted to recruit gamers with a targeted ad campaign that invited them to play “with real rules, with no cheat codes or saves.”

—Valentin Châtelet, research associate, Brussels, Belgium

Deripaska blames hackers after his website briefly takes credit for potential war crime

The Russian-language website of Russian industrialist and US-sanctioned oligarch Oleg Deripaska briefly displayed an article appearing to take credit for deporting Ukrainian children to Russian-occupied Crimea in partnership with Kremlin official Maria Lvova-Belova, who is already facing an International Criminal Court arrest warrant for allegedly deporting children.

Yaroslav Trofimov, chief foreign affairs correspondent at the Wall Street Journal, noted the article’s appearance and disappearance in a June 15 tweet. Trofimov shared screengrabs of the article, which by that time had already been deleted from Deripaska’s Russian-language website, deripaska.ru. A complete copy of the article can be found at the Internet Archive.

Later in the article, it added, “Separately, the Fund and personally Oleg Vladimirovich [Deripaska] express their gratitude to Maria Lvova-Belova and her project ‘In Hands to Children,’ which not only provided methodological materials, but also found an opportunity to send employees for psychological work with affected babies.” In March 2023, the ICC issued an arrest warrant for Lvova-Belova and Russian President Vladimir Putin, alleging they are responsible for unlawful deportation and transport of children from Russian-occupied parts of Ukraine to the Russian Federation.

In a response to Russian independent news outlet Meduza, which also covered the incident, a team of representatives for Deripaska called the article a “gross fake press-release” and blamed hackers for the article’s appearance. “The team added that Deripaska ‘unequivocally condemns the separation of children from their parents’ and that he is ‘one of the very few prominent Russian industrialists who openly criticizes the fratricidal war and consistently advocates for peace in Ukraine, as well as a reduction in global military spending,’” Meduza noted.

—Eto Buziashvili, research associate, Tbilisi, Georgia

Rumors of alleged death of popular pro-Kremlin war correspondent gain traction on Twitter

Rumors are spreading online that claim Ukrainian forces killed pro-Kremlin war correspondent Semyon Pegov, who operates an influential group of social media accounts under the name Wargonzo. The rumor first spread on Twitter on June 19 following the release of a graphic video from the 73rd Naval Center of Operations documenting how Ukrainian special forces unit had shot Russian soldiers in trenches. On June 19, Pegov’s Twitter account disregarded the allegations as fake. Wargonzo’s Telegram account has continued to operate as usual.

DFRLab analysis conducted with the social media monitoring software Meltwater Explore revealed that the most retweeted tweet came from the pro-Ukraine Twitter account @GloOouD, which stated, “LOOKS LIKE RUSSIAN TERRORISTS AND WAR REPORTER SEMEN PEGOV WAS KILLED BY UKRAINIAN SPECIAL FORCES.” The account shared a screenshot of a low-quality video frame depicting a red-bearded man that bears resemblance to Pegov.

Screenshot of @GloOouD’s tweet suggesting that Semyon Pegov was killed by Ukrainian special forces. (Source: @GloOouD/archive)

The DFRLab confirmed that the video frame depicting Pegov’s look-alike was extracted from the graphic video posted posted by the 73rd Naval Center of Operations. The video’s metadata indicates the clip was created on June 18, 2023, at 22:16:07 GMT+0300. However, the video shows events occurring in daylight.

Pegov’s most recent public appearance was on June 13 during a meeting between Putin and Russian war correspondents. The Kremlin-controlled Channel One Russia broadcast the meeting on June 18.

Comparison of the red-bearded man from the 73rd Naval Center of Operations’ video and Pegov talking at a press conference. (Source: @ukr_sof/archive, top; Perviy Kanal/archive, bottom)

—Nika Aleksejeva, resident fellow, Riga, Latvia

The post Russian War Report: Wagner attempts to draft gamers as drone pilots appeared first on Atlantic Council.

Ukraine’s counteroffensive is a marathon not a blitzkrieg

Peter Dickinson — Thu, 22 Jun 2023 17:44:48 +0000

Less than two weeks since he first confirmed that Ukraine’s long-awaited counteroffensive was finally underway, Ukrainian President Volodymyr Zelenskyy already finds himself forced to hit back at criticism over the pace of military operations. “Some people believe this is a Hollywood movie and expect results now. It’s not,” he told the BBC on June 21. “Whatever some might want, including attempts to pressure us, with all due respect, we will advance on the battlefield the way we deem best.”

Zelenskyy’s comments reflect frustration in Kyiv over reports in the mainstream international media and widespread claims on social media platforms suggesting Ukraine’s counteroffensive is already floundering. Ukrainian presidential advisor Mykhailo Podolyak was one of many Ukrainian commentators to suggest this trend is part of a coordinated Kremlin disinformation operation. In a June 20 post, he accused Moscow of fueling media hysteria about the alleged failure of Ukraine’s counteroffensive in order to secure a ceasefire and “freeze the conflict at any cost.”

Kremlin-tied or Russia-friendly sources are likely to be behind at least some of the recent criticism over the initial pace of Ukraine’s counteroffensive. At the same time, negative assessments are also a consequence of the unrealistically high expectations that built up in the half-year period prior to the start of the campaign.

In the final months of 2022, the Ukrainian military stunned the watching world by liberating large areas of the country from Russian occupation. A lightning September offensive saw most of northeastern Ukraine’s Kharkiv region de-occupied, while a more methodical push in the south eventually resulted in the liberation of Kherson. These successes encouraged many to expect similarly rapid progress during the current campaign. In reality, Ukraine’s summer 2023 counteroffensive represents a far greater challenge in almost every sense.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Ukraine must overcome a vast Russian invasion force strengthened by 300,000 mobilized troops that is dug in behind successive lines of sophisticated defensive fortifications stretching for over one thousand kilometers. They must do so without air superiority and while outgunned by Russian artillery at many points along the front. Nor can they count on the element of surprise. This incredibly ambitious task would challenge the world’s most powerful militaries. Understandably, Ukrainian commanders are adopting a methodical approach to the campaign.

Progress so far has been very slow but steady. During the first few weeks of the counteroffensive, Ukraine claims to have liberated at least eight settlements. While most represent sparsely populated frontline villages with little strategic value, the sight of the Ukrainian flag raised in liberated communities provides all Ukrainians with a massive morale boost. Meanwhile, the big battles still lie ahead.

Eurasia Center events

Deadly Russian barrage targets residential building in Kryvyi Rih as fighting continues in south and east

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

For now, the Ukrainian military is focusing on probing attacks at numerous points along the front in order to identify weaknesses and thin out Russian defenses. Ukraine is also carrying out a comprehensive campaign of airstrikes against Russian military and logistical targets deep inside occupied territory. Britain’s May 2023 decision to provide Ukraine with long-range Storm Shadow cruise missiles is playing an important role in these air attacks, making it possible to hit targets virtually anywhere in occupied Ukraine. For example, Storm Shadow missiles are believed to have been used in the June 22 attack on a strategically important bridge connecting Crimea with Russian-occupied southern Ukraine.

These tactics are reminiscent of the early stages of last year’s ultimately triumphant Ukrainian campaign to liberate Kherson. At the beginning of August 2022, Ukraine very publicly signaled the start of a counteroffensive to free the southern port city and surrounding region. Progress was initially slow, leading to widespread criticism and pessimistic forecasts. However, Ukraine’s strategy of systematically targeting key bridges across the Dnipro River which Russian troops relied upon for resupply eventually paid off. Hemmed in and cut off, Russian commanders ordered a humiliating retreat in early November.

While the Kherson counteroffensive was on a far smaller scale than the current operation, it offers perhaps the best guide to Ukraine’s current objectives and envisioned timeline. The campaign to liberate Kherson involved tens of thousands of troops and took approximately three months to complete. Today’s counteroffensive involves hundreds of thousands of troops on both sides, with an area equal to a medium-sized European country at stake. It may be months before Ukraine’s commanders feel the conditions are right to attempt a major push to achieve a comprehensive breakthrough.

Ukraine’s international partners seem to appreciate the need for patience and are now emphasizing a long-term commitment to Ukraine that goes far beyond the current counteroffensive. At the Ukraine Recovery Conference in London on June 21, British Prime Minister Rishi Sunak reiterated his promise to “stand with Ukraine for as long as it takes.” Other Western leaders have made similar pledges in recent weeks.

These statements are particularly important at a time when Russian hopes of rescuing their faltering invasion increasingly hinge on a weakening of Western resolve and a reduction in support for Ukraine. Despite the many setbacks of the past sixteen months, Putin and other senior regime figures in Moscow are apparently still convinced they can ultimately outlast the democratic world in Ukraine. European and American leaders are attempting to dampen such expectations by signaling the strength of their commitment to Ukrainian victory.

As international anxiety grows over the perceived lack of progress in Ukraine’s big summer counteroffensive, it is vital that this message of Western unity and resolution remains clear and unambiguous. The campaign to defeat Russia’s invasion is a marathon not a blitzkrieg, but it has every chance of success as long as Ukraine and the country’s partners are unwavering in their commitment.

Peter Dickinson is the editor of the Atlantic Council’s UkraineAlert service.

The world’s regulatory superpower is taking on a regulatory nightmare: artificial intelligence

Atlantic Council experts — Thu, 15 Jun 2023 23:02:29 +0000

The humans are still in charge—for now. The European Parliament, the legislative branch of the European Union (EU), passed a draft law on Wednesday intended to restrict and add transparency requirements to the use of artificial intelligence (AI) in the twenty-seven-member bloc. In the AI Act, lawmakers zeroed in on concerns about biometric surveillance and disclosures for generative AI such as ChatGPT. The legislation is not final. But it could have far-reaching implications since the EU’s large size and single market can affect business decisions for companies based elsewhere—a phenomenon known as “the Brussels effect.”

Below, Atlantic Council experts share their genuine intelligence by answering the pressing questions about what’s in the legislation and what’s next.

1. What are the most significant aspects of this draft law?

The European Parliament’s version of the AI Act would prohibit use of the technology within the EU for controversial purposes like real-time remote biometric identification in public places and predictive policing. Member state law enforcement agencies are sure to push back against aspects of these bans, since some of them are already using these technologies for public security reasons. The final version could well be more accommodating of member states’ security interests.

—Kenneth Propp is a nonresident senior fellow with the Atlantic Council’s Europe Center and former legal counselor at the US Mission to the European Union in Brussels.

The most significant aspect of the draft AI Act is that it exists and has been voted on positively by the European Parliament. This is the only serious legislative attempt to date to deal with the rapidly evolving technology of AI and specifically to address some of the anticipated risks, both due to the technology itself and to the ways people use it. For example, a government agency might use AI to identify wrongdoing among welfare recipients, but due to learned bias it misidentifies thousands of people as participating in welfare fraud (this happened in the Netherlands in 2020). Or a fake video showing a political candidate in a compromising position is released just prior to the election. Or a government uses AI to track citizens and determine whether they exhibit “disloyal” behavior.

To address these concerns, EU policymakers have designed a risk-management framework, in which higher-risk applications would receive more scrutiny. A few uses of AI—social scoring, real-time facial recognition surveillance—would be banned, but most companies deploying AI, even the higher-risk cases, would have to file extensive records on training and uses. Above all, this is a law about transparency and redress: humans should know when they are interacting with AI, and if AI makes decisions about them, they should have a right of redress to a fellow human. In the case of generative AI, such as ChatGPT, the act requires that images be marked as coming from AI and the AI developer should list the copyrighted works on which the AI trained.

Of course, the act is not yet finished. Next, there will be negotiations between parliament and the EU member states, and we can expect significant opposition to certain bans from European law enforcement institutions. Implementation will bring other challenges, especially in protecting trade secrets while examining how algorithms might steer users toward extreme views or criminal fraudsters. But if expectations hold, by the end of 2023 Europe will have the first substantive law on AI in the world.

—Frances Burwell is a distinguished fellow at the Atlantic Council’s Europe Center and a senior director at McLarty Associates.

There are numerous significant aspects of this law, but there are two and a half that really stand out. The first is establishing a risk-based policy where lawmakers identify certain uses as presenting unacceptable risk (for example, social scoring, behavioral manipulation of certain groups, and biometric identification by groups including police). Second, generative AI systems would be regulated and required to disclose any copyrighted data that was used to train the generative model, and any content AI outputs would need to carry a notice or label that it was created with AI. It’s also interesting what’s included as guidance for parliament to “ensure that AI systems are overseen by people, are safe, transparent, traceable, non-discriminatory, and environmentally friendly.” This gives parliament a wide mandate that could see everything from data provenance to data center energy use be regulated under this draft law.

—Steven Tiell is a nonresident senior fellow with the Atlantic Council’s GeoTech Center. He is a strategy executive with wide technology expertise and particular depth in data ethics and responsible innovation for artificial intelligence.

2. What impact would it have on the industry?

Much as the EU’s General Data Protection Regulation (GDPR) became a globally motivating force in the business community, this law will do the same. The burden on companies to maintain and keep separate infrastructure exclusively for the EU is much higher than the cost of compliance. And the cost (and range) of noncompliance for companies (and individuals) has risen—prohibited uses, those deemed to have unacceptable risk, will incur a fine up to forty million euros or 7 percent of worldwide annual turnover (total global revenue) for the preceding financial year, whichever is greater. Violations of human-rights laws or any type of discrimination perpetrated by an AI will incur fines up to twenty million euros or 4 percent of worldwide turnover. Other noncompliance offenses, including from foundational models (again, the draft regulation affects generative AI), are subjected to fines of up to ten million euros or 2 percent of worldwide annual turnover. And those supplying false, incomplete, or misleading information to regulators can be fined up to five million euros or 1 percent of worldwide annual turnover. These fines are a big stick to encourage compliance.

—Steven Tiell

As I wrote for Lawfare when the European Commission proposed the AI Act two years ago, the proposed AI regulation is “a direct challenge to Silicon Valley’s common view that law should leave emerging technology alone.” At the same time, though the legislation is lengthy and complex, it is far from the traditional caricature of EU measures as heavy-handed, top-down enactments. Rather, as I wrote then, the proposal “sets out a nuanced regulatory structure that bans some uses of AI, heavily regulates high-risk uses, and lightly regulates less risky AI systems.” The European Parliament has added some onerous requirements, such as a murky human-rights impact assessment of AI systems, but my earlier assessment remains generally true.

It’s also worth noting that other EU laws, such as the GDPR adopted in 2016, will have an important and still-evolving impact on the deployment of AI within EU territory. For example, earlier this week Ireland’s data protection commission delayed Google’s request to deploy Bard, its AI chatbot, because the company had failed to file a data protection impact assessment, as required by the GDPR. Scrutiny of AI products by multiple European regulatory authorities employing precautionary approaches likely will mean that Europe will lag in seeing some new AI products.

—Kenneth Propp

3. How might this process shape how the rest of the world regulates AI?

It will have an impact on the rest of the world, but not simply by becoming the foundation for other AI acts. Most significantly, the EU act puts certain restrictions on governmental use of AI in order to protect democracy and a citizen’s fundamental rights. Authoritarian regimes will not follow this path. The AI Act is thus likely to become a marker, differentiating between those governments that value democracy more than technology, versus those that seek to use technology to control their publics.

—Frances Burwell

Major countries across the globe from Brazil to South Korea are in the process of developing their own AI legislation. The US Congress is slowly moving in the same direction with a forthcoming bill being developed by Senate Majority Leader Chuck Schumer likely to have important influence. If the EU sticks to its timetable of adopting the AI Act by the end of the year, its legislation could shape other countries’ efforts significantly by virtue of being early out of the gate and comprehensive in nature. Countries more concerned with promoting AI innovation, such as the United Kingdom, may stake out a lighter-touch approach than the EU, however.

—Kenneth Propp

The world’s businesses will comply with the EU’s AI Act if they have any meaningful amount of business in the EU and governments in the rest of the world are aware of this. Compliance with the EU’s AI Act will be table stakes. It can be assumed that many future regulations will mimic many components, big and small, of the EU’s AI Act, but where they deviate will be interesting. Expect to see other regulators emboldened by the fines and seek commensurate remuneration for violations in their countries. Other countries might extend more of the auditing requirements to things such as maintaining outputs from generative models. Consumer protections in different countries will be more variable as well. And it will be interesting to see if countries such as the United States and United Kingdom pivot their legislation toward being more risk-based as opposed to principles-based.

—Steven Tiell

4. What are the chances of this becoming law, and how long will it take?

Unlike in the United States, where congressional passage of legislation is typically the decisive step, the European Parliament’s adoption on Wednesday of the AI Act only prepares the way for a negotiation with the EU’s member states to arrive at the final text. Legislative proposals can shift substantially during such closed-door “trilogues” (so named because the European Commission as well as the Council of the European Union also participate). The institutions aim for a final result by the end of 2023, during Spain’s presidency of the Council, but legislation of this complexity and impact easily could take longer to finalize.

—Kenneth Propp

Based on this week’s vote, there are strong signals of overwhelming support for this draft law. The next step is trilogue negotiations among the parliament, the Council of the European Union, and the European Commission, and these negotiations will determine the law’s final form. There are strong odds these negotiations will finish by the end of the year. At that point, the act will take about two years to transpose to EU member states for implementation, similar to what happened with GDPR. Also similar to GDPR, it could take at least that long for member states to develop the expertise to assume their role as market regulators.

—Steven Tiell

5. What are some alternative visions for regulating AI that we may see?

In general, we see principles-based, risk-based, and rights-based legislation. Depending on the government and significance of the law, different approaches might be applied. The EU’s AI Act is somewhat unique and interesting as it started life as a principles-based approach, but through its evolution became primarily risk-based. Draft legislation in the United States and the United Kingdom is principles-based today. Time will tell if these governments are influenced by the EU’s approach.

—Steven Tiell

The post The world’s regulatory superpower is taking on a regulatory nightmare: artificial intelligence appeared first on Atlantic Council.

Russian War Report: Anti-Ukrainian counteroffensive narratives fail to go viral

Digital Forensic Research Lab — Thu, 15 Jun 2023 18:59:00 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Putin confirms Russian conscripts are protecting Belgorod Oblast against raids

Tracking narratives

Narrative targeting Ukraine’s counteroffensive fails to gain traction on Twitter

Deadly Russian barrage targets residential building in Kryvyi Rih as fighting continues in south and east

On June 13, Russia attacked a residential building in Kryvyi Rih, killing at least twelve people and injuring at least thirty-four. Rescue operations continued the morning of June 14.

Elsewhere, the Air Force of the Armed Forces of Ukraine said at least three people were killed and thirteen wounded after Russia launched Kalibr cruise missiles against Odesa on the night of June 13. The air force said it shot down three of four Kalibr cruise missiles and nine of ten Shahed drones. In addition, shelling in Karyerne, in Kherson Oblast, killed a nine-year-old girl, according to the Prosecutor General’s Office.

Further, a Donbas Telegram channel citing Governor Pavlo Kyrylenko reported at least two people killed and two others wounded after Russian missile strikes in Kramatorsk. In the Dnipropetrovsk region, Governor Serhiy Lysak said three Shahed drones were shot down, while in Svitlovodsk, Kirovohrad Oblast, a Shahed drone reportedly struck an unnamed “infrastructure object.” Russian Tu-22M3 bombers also launched Kh-22 missiles against targets in Donetsk Oblast. Meanwhile, shelling was reported in Russia’s Kursk region, targeting Glushkovo, Korovyakovka, Tetkino, and Popovo-Lezhachi. A police station in Glushkovo was reportedly damaged.

The General Staff of the Armed Forces of Ukraine reported on June 13 twenty-eight clashes between its forces and the Russian army. Near Bakhmut, Russian forces attempted to carry out attacks in the areas of Orikhovo-Vasylivka, Ivanivske, and Bila Hora. Attacks were also reported in the direction of Lyman near Vesele and Rozdolivka.

The office of Ukrainian President Volodymyr Zelenskyy said that evacuations are planned in Armyansk, a Russian-occupied town in north Crimea, prompted by the collapse of the Nova Kakhovka dam. Operations at the Titan titanium dioxide plant in Armyansk were critically disrupted as a result of the dam collapse. The presidential office said an attack against the Titan plant could release up to two hundred tons of ammonia into the air, posing a significant threat to north Crimea and south Kherson Oblast. Flooding is also silting up the North Crimean Canal; Reuters noted that the canal has traditionally supplied 85 percent of Crimea’s water.

Ukrainian volunteer Roman Donik reported on June 13 that the 47th Mechanized Brigade of the Armed Forces of Ukraine, known as Magura, is advancing through continuous minefields. Ukraine’s current de-mining equipment is reportedly insufficient for handling the density of the minefields. Despite the risks, the soldiers of the brigade are moving forward on foot. The following day, Speaker of the General Staff of the Armed Forces of Ukraine Andriy Kovalev announced that Ukrainian forces had advanced in various areas in the direction of Berdyansk at a distance of 200 to 1,400 meters. Currently, the main battles are taking place in Makarivka, Novodanylivka, and Novopokrovka.

The investigative unit of Radio Free Europe/Radio Liberty’s Ukraine service reported that satellite imagery shows Russia transferred twenty helicopters to the Berdyansk airfield after the launch of Ukraine’s counteroffensive in the direction of Zaporizhzhia. Currently, there are at least twenty-seven Russian military helicopters at the occupied airfield, as well as five Ka-52 units, nine Mi-8 or Mi-24 units, and thirteen Ka-29 units. According to the report, these aircraft are designed to support Russian ground forces with the operational transfer of troops or equipment closer to the battlefield, in addition to possible evacuation operations.

According to Mykola Kolesnyk, a Ukrainian paramilitary leader, a Russian ammunition depot was hit in occupied Staromlynivka by the aerial reconnaissance unit of the 129th Territorial Defense Forces Brigade and the artillery unit of the 55th Brigade of the Armed Forces of Ukraine. Footage from the 53rd Brigade of Ukraine’s Armed Forces shows strikes against Russian equipment, warehouses, and bases.

Meanwhile, US Secretary of State Antony Blinken announced a new military assistance package for Ukraine, which will include additional munitions for national advanced surface-to-air missile systems (NASAMS), Stinger anti-aircraft systems, missiles for high mobility artillery rocket systems (HIMARS), 155mm and 105mm artillery shells, fifteen Bradley infantry fighting vehicles, ten Stryker armored personnel carriers, Javelin anti-armor systems, and more than 22 million rounds of small arms ammunitions and grenades, in addition to demining and communications systems. Meanwhile, the United Kingdom announced a new $116 million aid package for Ukraine, which will include a radar system to track Russian missiles, artillery, and ammunition.

Lastly, Danish military instructors will train Ukrainian crews on German Leopard 1A5 tanks, according to a Danish media. Denmark is scheduled to send Ukraine eighty restored Leopard 1A5DK tanks this month. The machines were bought by the private German company FFG after they were withdrawn from the Danish army in 2005. Denmark and Germany allocated $3.2 million to repair and modernize the tanks. In early February, the German company Krauss-Maffei Wegmann began preparing the tanks for delivery to Ukraine.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

Putin confirms Russian conscripts are protecting Belgorod Oblast against raids

In a June 13 address, Russian President Vladimir Putin spoke about the situation in Russian regions bordering Ukraine. Since May 22, Belgorod Oblast has been the target of two incursions allegedly led by the Russian Volunteer Corps, an anti-Putin military unit made of Russian pro-Ukrainian partisans. In a meeting with Russian military bloggers and war correspondents, Putin reportedly said, “If this continues, then we will need to examine the question—and I say this carefully—of creating on Ukraine’s territory a sanitary zone at such a distance from where it could be impossible to reach our territory.” While this appears to be the first time the term “sanitary zone” has been used in reference to the war in Ukraine, the Russian president is likely referring to the creation of a demilitarized buffer zone in Ukraine.

In sharing an anecdote about a battalion commander in Belgorod Oblast, Putin confirmed Russian conscripts had been deployed to the region. When asked how many mobilized soldiers and conscripts were under his command, the commander reportedly replied, “They’re all conscripts,” adding, “None of them shivered!”

Russia’s spring conscription kicked off on March 30, 2023, with future recruits called to undergo military preparation. Although Putin declared in March 2022 that no conscript would fight in the war, suspicions were raised following the reported death of three conscripts after a June 1 attack against Belgorod. The three soldiers served in the 43rd Railway Brigade. In a VKontakte post, a Russian official said the conscripted soldiers had been relocated from the Sverdlovsk region to Belgorod. According to pro-Russian media outlet Lenta, Russian MP Leonid Slutsky reportedly proposed a legal mechanism so that “conscripts, fighting the enemy in the Belgorod Oblast, could be recognized as participants of combat operations and receive all the payments due under the law.”

—Valentin Châtelet, research associate, Brussels, Belgium

Narrative targeting Ukraine’s counteroffensive fails to gain traction on Twitter

A small number of influential Twitter accounts are spreading a narrative that frames the Ukrainian counteroffensive as unsuccessful. The DFRLab conducted a query using the social media analysis platform Meltwater Explore to identify tweets that mention the Ukrainian counteroffensive. It returned 352,000 results from 118,000 users, which averages almost three tweets per user. The results indicate organic traffic.

Chart comparing the sentiment of tweets about Ukraine’s counter-offense, determined by number of tweets, average number of retweets, and total retweets of top 100 most retweeted posts. (Source: @nikaaleksejeva/DFRLab via Meltwater Explore)

Three of the five most-retweeted tweets claimed the counteroffensive was unsuccessful. All three tweets came from @KimDotcom, a controversial hacker, entrepreneur, and activist currently based in New Zealand. In his tweets, he suggested that sanctions against Russia do not work, implied that Ukrainian soldiers are suffering enormous casualties, and amplified a tweet from the Russian Ministry of Foreign Affairs allegedly showing destroyed Western military vehicles. The second most-active account declaring the counteroffensive a failure was the anonymous account @WarMonitors, which shared allegedly destroyed Western military equipment and praised Russian equipment.

—Nika Aleksejeva, resident fellow, Riga, Latvia

The post Russian War Report: Anti-Ukrainian counteroffensive narratives fail to go viral appeared first on Atlantic Council.

Activists and experts assemble in Costa Rica to protect human rights in the digital age

Digital Forensic Research Lab — Wed, 07 Jun 2023 20:21:18 +0000

Will the world’s human-rights defenders be able to match the pace of quickly moving technological challenges arising from artificial intelligence, information wars, and more?

Rights activists, tech leaders, and other stakeholders are meeting at RightsCon Costa Rica on June 5-8 to collectively set an agenda for advancing human rights in this digital age.

Our experts at the Digital Forensic Research Lab are coordinating part of that effort, with a slate of RightsCon events as part of their 360/Open Summit: Around the World global programming. Below are highlights from the events at RightsCon, which cover digital frameworks in Africa, disinformation in Ukraine, online harassment of women globally, and more.

The latest from San José

Rethinking transparency reporting

Human rights must be central in the African Union’s Digital Transformation Strategy

Day two wraps with a warning about dangerous threats, from militant accelerationism to violence toward women

What’s behind today’s militant accelerationism?

The digital ecosystem’s impact on women’s political participation

Day one wraps with recommendations for Africa’s digital transformation, Venezuela’s digital connectivity, and an inclusionary web

What does a trustworthy web look like?

Mapping—and addressing—Venezuela’s information desert

Where open-source intelligence meets human-rights advocacy

Rethinking transparency reporting

On Day 3 of RightsCon Costa Rica, Rose Jackson, director of the DFRLab’s Democracy & Tech Initiative, joined panelists Frederike Kaltheuner, director for technology and human rights at Human Rights Watch, and David Green, civil liberties director at Electronic Frontier Foundation, for a panel on rethinking transparency reporting. The discussion was led and moderated by Gemma Shields, Online Safety Policy Lead at the United Kingdom’s Office of Communications (Ofcom).

Shields opened the session by describing the online safety bill currently making its way through the UK parliament and the role of Ofcom in its implementation. The bill will give new powers to Ofcom to test mandatory platform transparency reporting requirements. Through these efforts, Ofcom hopes that “good, effective meaningful transparency reporting might encourage proactive action from the platforms,” Shields explained.

During the discussion, the panelists discussed what will be central to implementation of the online safety bill, including what effective transparency reporting looks like. Kaltheuner emphasized the complexity of defining meaningful transparency when the use cases vary across end users, regulators, civil society, journalists, and academics. Green underscored the importance of centering user needs in the conversation and the need to tailor reporting mandates to specific platforms.

Jackson noted that it is a strategic imperative for the UK government to consult experts from the global majority and consider how regulations and norms could be potentially used for harm by non-democratic actors. As Jackson put it, “what happens in the most unprotected spaces is the beta test for what will show up in your backyard.” She also highlighted the importance of global civil society engaging with the UK Online Safety Bill and European transparency regulations, such as the Digital Services Act, because these policies are first movers in codifying more regulation, and future policies will refer back to these efforts.

Human rights must be central in the African Union’s Digital Transformation Strategy

The DFRLab gathered stakeholders from the policy-making, democracy, rights, and tech communities across the African continent to discuss the African Union’s Digital Transformation Strategy. Participants compared notes and identified opportunities for increasing the strategy’s human-rights focus as it approaches its mid-mandate review. Participants also agreed that trusted conveners, such as watchdog agencies within national governments, can play a critical facilitating role in ensuring effective communication between experts, users, and civil society on one hand and policymakers and elected officials on the other. Discussion of particular concerns with the Strategy or recommendations to increasingly center human rights in it will be continued in future gatherings.

Day two wraps with a warning about dangerous threats, from militant accelerationism to violence toward women

The DFRLab kicked off day two at RightsCon with a conversation on how Russian information operations, deployed ahead of the full-scale invasion of Ukraine, were used to build false justifications for the war, deny responsibility for the war of aggression, and mask Russia’s military build-up. The panel also highlighted two DFRLab reports, released in February 2023, that examine Russia’s justifications for the war and Russia’s attempts to undermine Ukraine’s resistance and support from the international community.

Transcript

Jun 8, 2023

Mapping the last decade of Russia’s disinformation and influence campaign in Ukraine

By Atlantic Council

Since its full-scale invasion of Ukraine, Russia has continued its information operations, targeting more than just Ukraine, say speakers at a RightsCon event hosted by the Digital Forensic Research Lab.

Disinformation Russia

While at RightsCon, the DFRLab participated in a discussion on militant accelerationism, its impact on minority communities, and how bad actors can be held accountable. The event, hosted by the United Kingdom’s Office of Communications and Slovakia’s Council of Media Services, featured panelists who discussed the ways in which policy can hold all voices, including those of the powerful, accountable. During the panel, DFRLab Research Fellow Meghan Conroy discussed how such violent narratives have become increasingly commonplace in some American ideologies and how extremist individuals and groups sympathetic to these narratives have been mobilized.

To close out the day, the DFRLab and the National Democratic Institute co-hosted a panel featuring global experts from civil society, government, and industry on how the threat of violence and harassment online has impacted the potential for women to participate in politics. As noted by the panelists, abuse suffered online is meant to strictly intimidate and silence those who want to get involved, and it is, therefore, all the more important that these very women, and those already established, stand up and speak out so as to serve as role models and protect diversity and equity in politics, tech, and beyond.

What’s behind today’s militant accelerationism?

By Meghan Conroy

While at RightsCon, I—a DFRLab research fellow and co-founder of the Accelerationism Research Consortium—joined an event hosted by the UK Office of Communications and Slovakia’s Council of Media Services on militant accelerationism.

My co-panelists and I provided an overview of militant accelerationism and an explanation of the marginalized groups that have been targets of militant accelerationist violence. I discussed accelerationist narratives that have not only permeated mainstream discourse but have also mobilized extremists to violence. Hannah Rose, research fellow and PhD candidate at King’s College London’s International Centre for the Study of Radicalization, zeroed in on the role of conspiracy theories in enabling the propagation of these extreme worldviews.

Stanislav Matějka, head of the Analytical Department at the Slovakian Council of Media Services, delved into the October 2022 attack in Bratislava. He flagged the role of larger, more mainstream platforms as well as filesharing services in enabling the spread of harmful content preceding the attack. Murtaza Shaikh, principal at the UK Office of Communications for illegal harms and hate and terrorism, highlighted the office’s work on the May 2022 attack in Buffalo, New York. He raised that these attacks result, in part, from majority populations framing themselves as under threat by minority populations, and then taking up arms against those minority populations.

Attendees then broke into groups to discuss regulatory solutions and highlight obstacles that may stand in the way of those solutions’ implementation or effectiveness. Key takeaways included the following:

Powerful voices need to be held to account. Politicians, influencers, and large platforms have played an outsized role in enabling the mainstreaming and broad reach of these worldviews.
Bad actors will accuse platforms and regulators of censorship, regardless of the extent to which content is moderated. As aforementioned, they’ll often position themselves as victims of oppression, and doing so in the context of content moderation policies is no different—even if the accusations are not rooted in reality.
Regulators must capitalize on existing expertise. Ahost of experts who monitor these actors, groups, and narratives across platforms, as well as their offline activities, can help regulators and platforms craft creative, adaptive, and effective policies to tackle the nebulous set of problems linked to militant accelerationism.

This conversation spurred some initial ideas that are geared toward generating more substantial discussion. Introducing those unfamiliar with understudied and misunderstood concepts, like militant accelerationism, is of the utmost importance to permit more effective combatting of online harms and their offline manifestations—especially those that have proven deadly.

Meghan Conroy is a US research fellow with the Atlantic Council’s Digital Forensic Research Lab.

The digital ecosystem’s impact on women’s political participation

By Abigail Wollam

The DFRLab and the National Democratic Institute (NDI) co-hosted a panel that brought together four global experts from civil society, government, and industry to discuss a shared and prevalent issue: The threat of digital violence and harassment that women face online, and the impact that it has on women’s participation in political life.

The panel was facilitated by Moira Whelan, director for democracy and technology at NDI; she opened the conversation by highlighting how critical these conversations are, outlining the threat to democracy posed by digital violence. She noted that as online harassment towards women becomes more prevalent, women are self-censoring and removing themselves from online spaces. “Targeted misogynistic abuse is designed to silence voices,” added panelist Julia Inman Grant, the eSafety commissioner of Australia.

Both Neema Lugangira (chairperson for the African Parliamentary Network on Internet Governance and member of parliament in Tanzania) and Tracy Chou (founder and chief executive officer of Block Party) spoke about their experiences with online harassment and how those experiences spurred their actions in the space. Lugangira found, through her experience as a female politician in Tanzania, that the more outspoken or visible a woman is, the more abuse she gets. She observed that women might be less inspired to participate in political life because they see the abuse other women face—and the lack of defense or support these women get from other people. “I decided that since we’re a group that nobody speaks for… I’m going to speak for women in politics,” said Lugangira.

Chou said that she faced online harassment when she became an activist for diversity, equity, and inclusion in the tech community. She wanted to address the problem that she was facing herself and founded Block Party, a company that builds tools to combat online harassment.

Despite these challenges, the panelists discussed potential solutions and ways forward. Australia is leading by example with its eSafety commissioner and Online Safety Act, which provide Australians with an avenue through which to report online abuses and receive assistance. Fernanda Martins, director of InternetLab, discussed the need to change how marginalized communities that face gendered abuse are seen and talked about; instead of talking about the community as a problem, it’s important to see them as part of the solution and bring them into the discussions.

Abigail Wollam is an assistant director at the Atlantic Council’s DFRLab

Transcript

Jun 8, 2023

The international community must protect women politicians from abuse online. Here’s how.

By Atlantic Council

At RightsCon, human-rights advocates and tech leaders who have faced harassment online detail their experiences—and ways the international community can support women moving forward.

Disinformation Resilience & Society

.@rightscon Day 2 in the books! Stay tuned, still more to come with @DFRLab #360OS. pic.twitter.com/V8KapT1PVb
— DFRLab (@DFRLab) June 7, 2023

Day one wraps with recommendations for Africa’s digital transformation, Venezuela’s digital connectivity, and an inclusionary web

This year at RightsCon Costa Rica, the DFRLab previewed its forthcoming Task Force for a Trustworthy Future Web report and gathered human-rights defenders and tech leaders to talk about digital frameworks in Africa, disinformation in Latin America and Ukraine, and the impact online harassment has on women in political life, and what’s to come with the European Union’s Digital Services Act.

Transcript

Jun 8, 2023

The European Commission’s Rita Wezenbeek on what comes next in implementing the Digital Services Act and Digital Markets Act

By Atlantic Council

At a DFRLab RightsCon event, Wezenbeek spoke about the need to get everyone involved in the implementation of the DSA and DMA.

Disinformation European Union

The programming kicked off on June 5 with the Digital Sherlocks training program in San José, which marked the first time the session was conducted in both English and Spanish. The workshop aimed to provide human-rights defenders with the tools and skills they need to build movements that are resilient to disinformation.

On June 6, the programming opened with a meeting on centering human rights in the African Union’s Digital Transformation Strategy. The DFRLab gathered stakeholders from democracy, rights, and tech communities across the African continent to discuss the African Union’s Digital Transformation Strategy. Participants compared notes and identified opportunities for impact as the strategy approaches its mid-mandate review.

Next, the DFRLab, Venezuela Inteligente, and Access Now hosted a session on strengthening Venezuela’s digital information ecosystem, a coalition-building meeting with twenty organizations. The discussion drew from a DFRLab analysis of Venezuela’s needs and capabilities related to the country’s media ecosystems and digital security, literacy, and connectivity. The speakers emphasized ways to serve vulnerable groups.

Following these discussions, the DFRLab participated a dialogue previewing findings from the Task Force for a Trustworthy Future Web. The DFRLab’s Task Force is convening a broad cross-section of industry, civil-society, and government leaders to set a clear and action-oriented agenda for future online ecosystems. As the Task Force wraps up its report, members discussed one of the group’s major findings: the importance of inclusionary design in product, policy, and regulatory development. To close out the first day of DFRLab programming at RightsCon Costa Rica, the task force notified the audience that it will be launching its report in the coming weeks.

What does a trustworthy web look like?

By Jacqueline Malaret and Abigail Wollam

The DFRLab’s Task Force for a Trustworthy Future Web is charting a clear and action-oriented roadmap for future online ecosystems to protect users’ rights, support innovation, and center trust and safety principles. As the Task Force is wrapping up its report, members joined Task Force Director Kat Duffy to discuss one of the Task Force’s major findings—the importance of inclusionary design in product, policy, and regulatory development—on the first day of RightsCon Costa Rica.

In just eight weeks, Elon Musk took over Twitter, the cryptocurrency market crashed, ChatGPT launched, and major steps have been made in the development of augmented reality and virtual reality, fundamentally shifting the landscape of how we engage with technology. Framing the panel, Duffy highlighted how not only has technology changed at a breakneck pace, but the development and professionalization of the trust and safety industry have unfolded rapidly in tandem, bringing risks, harms, and opportunities to make the digital world safer for all.

Task Force for a Trustworthy Future Web

The Task Force for a Trustworthy Future Web will chart a clear and action-oriented roadmap for future online ecosystems to protect users’ rights, support innovation, and center trust and safety principles.

The three panelists—Agustina del Campo, director of the Center for Studies on Freedom of Expression; Nighat Dad, executive director of the Digital Rights Foundation; and Victoire Rio, a digital-rights advocate—agreed that the biggest risk, which could yield the greatest harm, is shaping industry practices through a Western-centric lens, without allowing space for the global majority. Excluding populations from the conversation around tech only solidifies the mistakes of the past and risks creating a knowledge gap. Additionally, the conversation touched on the risk of losing sight of the role of government, entrenching self-regulation as an industry norm, and absolving both companies and the state for harms that can occur because of the adoption of these technologies.

Where there is risk, there is also an opportunity to build safer and rights-respecting technologies. Panelists said that they found promise in the professionalization and organization of industry, which can create a space for dialogue and for civil society to engage and innovate in the field. They are also encouraged that more and more industry engagements are taking place within the structures of international law and universal human rights. The speakers were encouraged by new opportunities to shape regulation in a way that coalesces action around systemic and forward-looking solutions.

But how can industry, philanthropy, and civil society maximize these opportunities? There is an inherent need to support civil society that is already deeply engaged in this work and to help develop this field, particularly in the global majority. There is also a need to pursue research that can shift the narrative to incentivize investment in trust and safety teams and articulate a clear case for the existence of this work.

Jacqueline Malaret is an assistant director at the Atlantic Council’s DFRLab

Abigail Wollam is an assistant director at the Atlantic Council’s DFRLab

Mapping—and addressing—Venezuela’s information desert

By Iria Puyosa and Daniel Suárez Pérez

On June 6, the DFRLab, Venezuela Inteligente, and Access Now (which runs RightsCon) hosted a coalition-building meeting with twenty organizations that are currently working on strengthening Venezuela’s digital information ecosystem. The discussion was built on an analysis, conducted by the DFRLab, of the country’s media ecosystems and digital security, literacy, and connectivity; the speakers focused on ways to serve vulnerable groups such as grassroots activists, human-rights defenders, border populations, and populations in regions afflicted by irregular armed groups.

The idea of developing a pilot project in an information desert combining four dimensions—connectivity, relevant information, security, and literacy—was discussed. Participants agreed that projects should combine technical solutions to increase access to connectivity and generate relevant information for communities, with a human-rights focus. In addition, projects should include a digital- and media-literacy component and continuous support for digital security.

Iria Puyosa is a senior research fellow at the Atlantic Council’s DFRLab

Daniel Suárez Pérez is a research associate for Latin America at the Atlantic Council’s DFRLab

What a great first day for @DFRLab’s #360OS at @rightscon Costa Rica! We’ll be in San José all week so stay tuned for more great content. pic.twitter.com/JGzIzp4sKD
— DFRLab (@DFRLab) June 5, 2023

Where open-source intelligence meets human-rights advocacy

By Ana Arriagada

On June 5, the DFRLab hosted a Digital Sherlocks workshop on strengthening human-rights advocacy through open-source intelligence (OSINT) and countering disinformation.

Learn more about the Digital Sherlocks program

The Digital Sherlocks program convenes a global community of researchers to build resilience against disinformation. Each semester, the program offers more than thirty free online trainings, ranging from basic to advanced levels, to cohorts drawn from universities, civil society, journalism, and academia. Through the Digital Sherlocks program, the DFRLab has trained at least 2,300 people in over 130 countries.

I co-led the workshop with DFRLab Associate Researchers Jean le Roux, Daniel Suárez Pérez, and Esteban Ponce de León.

In the session, attendees discussed the worrying rise of antidemocratic governments in Latin America—such as in Nicaragua and Guatemala—who are using open-source tools for digital surveillance and are criminalizing the work of journalists and human-rights defenders. When faced with these challenges, it becomes imperative for civil-society organizations to acquire and use investigative skills to produce well-documented reports and investigations.

During the workshop, DFRLab researchers shared their experiences investigating paid campaigns that spread disinformation or promote violence or online harassment. They recounted having used an array of tools to analyze the origin and behavior of these paid advertisements.

DFRLab researchers also discussed tools that helped them detect suspicious activity on platforms such as YouTube, where, for example, some gamer channels spread videos related to disinformation campaigns or political violence. The workshop attendees also discussed how policy changes at Twitter have made the platform increasingly challenging to investigate, but they added that open-source researchers are still investigating, thanks to the help of available tools and the researchers’ creative methodologies.

The workshop also showcased the DFRLab’s work with the Action Coalition on Meaningful Transparency (ACT). Attendees received a preview of ACT’s upcoming portal launch, for which the DFRLab has been offering guidance. The new resource will offer access to a repository of transparency reporting, policy documents, and analysis from companies, governments, and civil society. It will also include a registry of relevant actors and initiatives, and it will allow users to establish links between entries to see the connections between organizations, the initiatives they are involved in, and the reports they have published.

The workshop ended with the DFRLab explaining that social network analysis— the study of social relationships and structures using graph theory—is important because it allows for investigating suspicious activity or unnatural behavior exhibited by users on social media platforms.

Ana Arriagada is an assistant director for Latin America at the Atlantic Council’s DFRLab

The post Activists and experts assemble in Costa Rica to protect human rights in the digital age appeared first on Atlantic Council.

Ukraine’s Diia platform sets the global gold standard for e-government

Anatoly Motkin — Wed, 31 May 2023 01:30:31 +0000

Several thousand people gathered at the Warner Theater in Washington DC on May 23 for a special event dedicated to Ukraine’s award-winning e-governance platform Diia. “Ukrainians are not only fighting. For four years behind the scenes, they have been creating the future of democracy,” USAID Administrator Samantha Power commented at the event.

According to Power, users of Diia can digitally access the kinds of state services that US citizens can only dream of, including crossing the border using a smartphone application as a legal ID, obtaining a building permit, and starting a new business. The platform also reduces the potential for corruption by removing redundant bureaucracy, and helps the Ukrainian government respond to crises such as the Covid pandemic and the Russian invasion.

Since February 2022, the Diia platform has played a particularly important part in Ukraine’s response to Russia’s full-scale invasion. According to Ukraine’s Minister of Digital Transformation Mykhailo Fedorov, in the first days of the invasion the platform made it possible to provide evacuation documents along with the ability to report property damage. Other features have since been added. The e-enemy function allows any resident of Ukraine to report the location and movement of Russian troops. Radio and TV functions help to inform people who find themselves cut off from traditional media in areas where broadcasting infrastructure has been damaged or destroyed.

Today, the Diia ecosystem offers the world’s first digital passport and access to 14 other digital documents along with 25 public services. It is used by more than half the Ukrainian adult population. In addition to consumer-oriented functions, the system collects information for the national statistical office and serves as a digital platform for officials. Diia is widely seen as the world’s first next-generation e-government platform, and is credited with implementing what many see as a more human-centric government service model.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

In today’s increasingly digital environment, governments may find that they have a lot of siloed systems in place, with each system based on its own separate data, infrastructure, and even principles. As a result, people typically suffer from additional bureaucracy and need to deal repeatedly with different official organizations. Most e-government initiatives are characterized by the same problems worldwide, such as technical disparity of state systems, inappropriate data security and data protection systems, absence of unified interoperability, and inefficient interaction between different elements. Ukraine is pioneering efforts to identify more human-centric solutions to these common problems.

One of the main challenges on the path to building sustainable e-government is to combine user friendliness with a high level of cyber security. If we look at the corresponding indices such as the Online Services Index and Baseline Cyber Security Index, we see that only a handful of European countries have so far managed to achieve the right balance: Estonia, Denmark, France, Spain, and Lithuania. Beyond Europe, only Singapore and Malaysia currently meet the necessary standards.

Ukraine has a strong record in terms of security. Since the onset of the Russian invasion, the Diia system has repeatedly been attacked by Russian cyber forces and has been able to successfully resist these attacks. This is an indication that the Ukrainian platform has the necessary reserve of cyber security along with a robust and secure digital public infrastructure.

Eurasia Center events

Russian pro-war military bloggers criticize the handling of Belgorod incursion

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

The success of the IT industry in Ukraine over the past decade has already changed international perceptions of the country. Instead of being primarily seen as an exporter of metals and agricultural products, Ukraine is now increasingly viewed as a trusted provider of tech solutions. The Ministry of Digital Transformation is now working to make Diia the global role model for human-centric GovTech. According to Samantha Power, the Ukrainian authorities are interested in sharing their experience with the international community so that others can build digital infrastructure for their citizens based on the same human-centric principles.

USAID has announced a special program to support countries that, inspired by Diia, will develop their own e-government systems on its basis. This initiative will be launched initially in Colombia, Kosovo, and Zambia. Ukraine’s Diia system could soon be serving as a model throughout the transitional world.

As they develop their own e-government systems based on Ukraine’s experience and innovations, participating governments should be able to significantly reduce corruption tied to bureaucratic obstacles. By deploying local versions of Diia, transitional countries will also develop a large number of their own high-level IT specialists with expertise in e-government. This is an important initiative that other global development agencies may also see value in supporting.

Anatoly Motkin is president of the StrategEast Center for a New Economy, a non-profit organization with offices in the United States, Ukraine, Georgia, Kazakhstan, and Kyrgyzstan.

Russian media spins Australian solidarity rally for Julian Assange as an anti-NATO event

International response

US sanctions Armenian company for helping Russia evade sanctions

Belgorod raid sparks trolling activity on social media

Drone imagery from a burning border control outpost in the Russian region of Belgorod sparked a frenzy on social media this week. According to Riga-based Russian news outlet Meduza, members of the Russian Volunteer Corps and other Russian nationals crossed from Ukraine into Belgorod Oblast and attacked a border outpost in Grayvoron. The Russian Volunteer Corps, an anti-Putin military unit made of Russian pro-Ukrainian partisans, claimed responsibility for the attack; the Free Russia Legion also claimed responsibility.

An assessment by Russian news outlet RBC regarding the broader situation in Belgorod indicated an armed incursion, with shelling and artillery fire reported. On the evening of May 22, Russian government declared a state of counterterrorist emergency in Belgorod Oblast. Although the governor of the oblast did not officially issue an order to evacuate the civilian population immediately, footage and photographs posted on social media indicated that at least some residents evacuated to other areas in the region. Meduza also reported several drone strikes on the city of Belgorod itself.

Conflicting reports emerged on May 23 after Russian officials lifted the counterterrorist alert. While the Russian Ministry of Defense claimed to have “liquidated” around seventy “saboteurs,” reporting from the news outlet Mash indicated the deployment of additional Russian law enforcement in nearby Bryansk Oblast. In an effort to support their assertions of having eliminated the insurgency, Russian news outlets also released photos of military-class vehicles allegedly used by the insurgents stuck in the mud; some open-source analysts, however, questioned the authenticity of the photos. Russian media chased these reports with claims of destroyed Ukrainian tanks, while the Russian Volunteer Corps posted footage to Telegram seemingly showing intact military equipment.

Shortly after the news broke out, footage of a drone attack on the local Russian border outpost, APP Grayvoron, appeared on the outpost’s Google Maps profile, though it was later deleted. At the time of writing, it had been replaced with footage showing a convoy of vehicles, one flying the flag of the Russian Volunteer Corps.

The Google Maps profile for a Russian border outpost in Belgorod featured a video of a mechanized convoy flying the flag of the Russian Volunteer Corps. (Source: Google Maps/archive)

Simultaneously, trolling reviews appeared on the border outpost’s Google Maps profile, calling the border guards “friendly” and the facilities “understaffed.” These too have been deleted, though not before they were documented by the Saint Javelin Twitter account and other Twitter users.

Trolls post mocking reviews of Russia’s Belgorod border post. (Source: @SaintJavelin/archive)

Other trolls took to Twitter, where members of the NAFO meme movement, a pro-NATO and pro-Ukrainian community on the platform, renamed their account to “Government of The Bilhorod’s Peoples Republic” as a joking reference to the self-proclaimed Donetsk and Luhansk Peoples Republics. “Bilhorod” is the Ukrainian name for Belgorod.

NAFO meme account @nitro19820 changes its Twitter name and bio to joke that it now represented a new “People’s Republic” in Belgorod. (Source: @nitro19820/archive)

—Valentin Châtelet, research associate, Security, Brussels, Belgium

Russian pro-war military bloggers criticize the handling of Belgorod incursion

Following the apparent border incursion into Belgorod Oblast and subsequent attacks on the region, pro-war military bloggers condemned Moscow’s handling of the war in Ukraine, including its border defenses.

Telegram channel Vоенкор Котенок Z (“Milblogger Kitten Z”) criticized the Kremlin for being late in declaring a counterterrorism operation in Belgorod and not knowing how to fight “for real.” “There is a war, and in Russia … they are afraid to call the war a war,” stated the Telegram post.

The channel ДШРГ Русич (“DShRG Rusich”) questioned “commanders of all levels” on how the incursion happened. It also blamed Russia’s intelligence services for failing to reveal “plans of an enemy.” The channel added that as long as there is no photographic evidence of corpses or burned equipment, “the enemy has no losses, and the [Russian] propagandists crapped themselves a little, saying that everything is fine.”

The Kotsnews Telegram channel addressed pro-Kremlin pundits who dismissed military blogger concerns as “hysteria” by insisting that the threat to Russian territory is real and that there are uncomfortable questions around Russia’s defensive capabilities that nobody wants to ask. “What is happening with our technical equipment at the border, surveillance systems, tracking, motion detection?” the channel asked. “What about the mining of potentially dangerous areas? What about anti-tank weapons? Why did the enemy armored group calmly penetrate deep into our territory?”

As Russia’s war against Ukraine has dragged on, the frequency and intensity of pro-war military bloggers’ criticism have increased and become bolder. The DFRLab has previously covered how Russian military bloggers criticized Russian President Vladimir Putin and the Ministry of Defense.

—Eto Buziashvili, research associate, Tbilisi, Georgia

Russian media spins Australian solidarity rally for Julian Assange as an anti-NATO event

On May 20, a series of so-called “World Wide Freedom Rallies” took place in many cities around the world. The Telegram account for Simeon Boikov, a pro-Kremlin activist and blogger in Australia, claimed to have organized the Sydney edition of the rally, part of a decentralized movement that originated in 2021 to express dissatisfaction with COVID security measures. Boikov promoted a poster for the event on April 6, a day before the event announcement on the movement’s official Telegram channel.

The rally ostensibly focused on demanding the release of WikiLeaks founder Julian Assange, who is currently being held in London facing potential extradition to the United States. After the event, however, Boikov highlighted a speech by Assange’s father, John Shipton, in a video showing scenes from the rally and emphasized that Shipton was wearing a “double headed eagle and St George’s ribbons,” both of which are Russian symbols. Additional videos and images from the rally showed many people carrying Russian flags and wearing pro-Kremlin symbols.

Kremlin-controlled media outlets emphasized in their headlines not just the pro-Russia nature of the event, but also claims of anti-NATO sentiment, which appear to have been exaggerated. Reviewing footage from the event, the DFRLab identified only one instance of someone sporting anti-NATO messaging. Nonetheless, Russian media embraced the event as specifically anti-NATO, including state outlets Gazeta.ru, TASS, RIA Novosti, and Komsomolyskaya Pravda, and pro-Kremlin media such as News Front, Inforeactor, Ekonomika Segodnya. Additionally, The Eastern Herald, an Indian media outlet, and Belarus state-controlled television both framed the event as anti-NATO in their English-language publications.

—Nika Aleksejeva, resident fellow, Riga, Latvia

US sanctions Armenian company for helping Russia evade sanctions

On May 22, the US Department of Commerce announced that it had amended its list of sanctioned entities and individuals by adding seventy-one entities that the US government had determined to be acting “contrary to [US] national security or foreign policy interests.” Alongside Russian companies, one Kyrgyz company, Tro.Ya LLC, and one Armenian company, Medisar LLC, were included in the amended list. According to the Department of Commerce, both companies engaged in conduct that “prevented the successful accomplishment of an end-use check.” In other words, the Department of Commerce suspected that the final destination for the products was Russia but the companies themselves had obfuscated this information.

Medisar LLC, which was registered in Armenia in 2001, is an importer of chemicals and laboratory equipment. The company is one of the thousand largest taxpayers in Armenia, paying about one million dollars in taxes in 2022. It also has a longstanding trade history with Russian companies. On its website, Medisar indicates that one of its trading partners, dating back to 2011, is Russian company Minimed.

Screenshot from the Organized Crime and Corruption Reporting Project’s (OCCRP) Aleph database, made available through Friends of OCCRP access, about Medisar’s trade. The third and fourth companies on the list are both OOO Minimed, a Russian company with a long-term trading relationship with Medisar. (Source: DFRLab via OCCRP)

On May 20, Armenian investigative website Hetq reported that data obtained from the country’s customs service showed that in 2022, Medisar exported equipment from Armenia to Russia, including electronic integrated circuits, diodes, transistors, and similar semiconductor devices.

A company executive who did not want to be identified acknowledged to RFE/RL that Medisar imported chemicals and laboratory equipment from the United States and the European Union and re-exported them to Russia.

Medisar is the second-largest company registered in Armenia to be sanctioned by the United States. The US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the other firm, TAKO, in April. The company is in the wholesale of electronic and telecommunications equipment and parts. TAKO, spelled TACO in Armenia’s legal entities register, was registered in May 2022 in Armenia and is fully owned by a Russian citizen, according to public registry records.

On April 18, the New York Times reported that in 2022, Armenia imported 515 percent more chips and processors from the United States and 212 percent more from the European Union than in 2021, and that Armenia exported 97 percent of those same products to Russia.

During a May 22 press conference, Armenian Prime Minister Nikol Pashinyan said that despite Armenia’s “strategic” relationship with Russia and membership in the Russian-led Eurasian Economic Union, the country “cannot afford to come under Western sanctions.” Pashinyan underscored that if Armenia faced sanctions, “it wouldn’t be good for any of our allies, while we would ruin our relations with our Western partners.”

A joint “compliance note” issued on March 2 by the US Departments of the Treasury, Justice, and Commerce, titled “Cracking Down on Third-Party Intermediaries Used to Evade Russia-Related Sanctions and Export Controls,” mentioned Armenia, along with China, Turkey, and Uzbekistan, as “transshipment points commonly used to illegally redirect restricted items to Russia or Belarus.”

According to the Statistical Committee of the Republic of Armenia, Russian-Armenian trade soared in 2022, including exports to Russia, which nearly tripled to $2.4 billion.

—Ani Mejlumyan, research assistant, Yerevan, Armenia

The post Russian War Report: Belgorod incursion brings deluge of online mockery of Russia’s defenses appeared first on Atlantic Council.

Russian War Report: Russia cancels Victory Day parades and moves “Immortal Regiment” marches online

Digital Forensic Research Lab — Fri, 21 Apr 2023 18:33:06 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Russia escalates Avdiivka, Marinka front lines; Belgorod accidentally bombed by a Russian jet

Russia’s Bashkir battalions form a new motor rifle regiment as more are sent to Ukraine to replenish Russian forces

Russian mobilized soldiers report signs of coercion to join Wagner in support of Bakhmut offensive

Russia cancels Victory Day parades and moves “Immortal Regiment” marches online

Tracking narratives

Pro-Kremlin experts use false story to claim military upper hand over Ukraine and NATO

Documenting dissent

Wagner members claim killing of Ukrainian civilians

International response

US investigates ex-Navy officer allegedly behind notorious pro-Russia social media accounts

Russia escalates Avdiivka, Marinka front lines; Belgorod accidentally bombed by a Russian jet

The offensive actions of the Russian army in Eastern Ukraine continue, as well as the defensive efforts of the Ukrainian forces. In recent days, there has been an escalation of attacks on Ukrainian positions in the direction of Marinka, Avdiivka, and Bakhmut.

On April 17, the General Staff of the Armed Forces of Ukraine reported that more than seventy attacks by the Russian army were repulsed during the day. The most difficult areas to defend remain Bakhmut and Marinka. Offensive actions were registered in the direction of Avdiivka, with separate attacks carried out in the Kupiansk and Lyman areas. The Russian forces continued the assaults on Bakhmut and Marinka on April 18 and April 19 on par with offensive operations in the Avdiivka area, where Ukrainian forces repulsed attacks in the areas of six settlements. Between April 18-19, the Ukrainian army recorded more than sixty Russian attacks.

According to British intelligence’s April 18 assessment, even though heavy fighting continued in the directions of Avdiivka and Marinka, the Russian command still gave priority to the Bakhmut front. The front line there has become relatively stable, running along the railway line, as Ukraine’s soldiers are effectively resisting attempts by Russia to encircle the town. The question of sending reinforcements to Bakhmut is acute for both sides, since the Ukrainian command wants to attract as many units as possible for a future offensive, while the Russian army wants to form an operational reserve. On April 20, Russian forces reportedly attempted to advance near Kreminna and Serebryanske Forest, as well as Khromove, Vodyane, Pervomaiske, Pobieda, and Vuhledar.

On the night of April 20, the Russian army attacked the south and east of Ukraine with Shahed attack drones. Ten out of eleven drones were shot down, the Ukrainian East Air Command reported. Sirens for Russian attacks were reported in Chernihiv, Cherkasy, Kyiv, Odessa, Rivne, Sumy, Poltava, and other regions of Ukraine.

Meanwhile, Telegram users reported an explosion in Belgorod, Russia, near the Ukraine border, on the night of April 20-21. Images shared online show an explosion crater near a residential area of the city. There were reports moments before the explosion of Russian bombers launching a guided bomb in the direction of Kharkiv. At first, it was unclear whether the explosion was the result of a failed Russian attack that hit Belgorod instead of Kharkiv, or whether it was a drone attack from the Ukrainian side. Later, a Russian Ministry of Defense statement that was re-shared by Ukrainian sources said, “On the evening of April 20, during the flight of a Su-34 aircraft over the city of Belgorod, an abnormal derailment of aviation ammunition occurred.” The explosion was apparently large and caused material damage.

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russia’s Bashkir battalions form a new motor rifle regiment as more are sent to Ukraine to replenish Russian forces

Radiy Khabirov, head of the Republic of Bashkortostan, announced on April 10 that the republic’s volunteer formations would undergo reformation as part of the creation of a new motor rifle regiment. Like many ethnic regions of Russia, the Republic of Bashkorstostan has been subjected to targeted military recruitment. These volunteers, alongside contract soldiers and mobilized military personnel of the Russian reserve, are constantly sent to Ukraine to replenish the regular Russian forces.

According to the federal media outlet FedPress, the idea was suggested by the commanders of the two national battalions, “Northern Amurs” and “Dayan Murzin,” created in Bashkortostan at the beginning of March. The newest regiment would comprise several motor rifle divisions and an artillery division, totaling between 900 to 1,500 men. Moreover, Bashkortostan has recently been pushing for more servicemen to be deployed to Ukraine. During an April 12 ceremony in the regional capital city of Ufa, Bashkirs celebrated the creation of yet another volunteer formation before it was deployed to Ukraine. The new volunteer formation, “Vatan,” Bashkir for “Fatherland,” was created at the beginning of 2023; estimates indicate it could comprise around 720 men. This would bring the number of volunteer formations in the republic to six, including four volunteer formations named after war heroes and local figures, and two volunteer battalions like “Vatan” and “Northern Amurs.”

As the Russian State Duma recently approved a new e-drafting bill and is planning to conduct testing in Moscow and Saint Petersburg during its annual spring conscription, replenishment of military forces has become a top priority for the Kremlin. The DFRLab previously reported on regional ad campaigns targeting national minorities, including the Udmurt population. A new Bashkortostan-hosted recruitment website called BashBat – short for “Bashkir Battalion” – launched on April 17. The domain’s WHOIS record directly points to the Bashkir Ministry for Digital Transformation. Like the Udmurt portal Delomuzhchin.rf (деломужчин.рф), BashBat was advertised in the press using the local Udmurt language, as well as on the Russian federal resource portal for recruitment, Ob’yesnyayem, in both Russian and Bashkir.

–Valentin Châtelet, Research Associate, Security, Brussels, Belgium

Russian mobilized soldiers report signs of coercion to join Wagner in support of Bakhmut offensive

An April 14 article posted by independent Russian-language media outlet Astra reported that hundreds of Russian mobilized soldiers had re-enlisted with Wagner Group. News outlets inside Russia described the situation as “volunteer enrolment.” However, information posted by Twitter user @Tatarigami_UA and subsequent reporting indicate that these episodes might have occurred forcibly. The report by Astra pointed at a video where a mobilized soldier declared that Wagner had been training mobilized personnel. Satellite imagery released by that same account points at a military training facility in Kursk, where instructors are reportedly “experienced Wagner soldiers.”

Later reports indicated one hundred soldiers disappeared after being sent into Ukraine’s Luhansk Oblast and refusing to sign Wagner contracts. Astra’s leaked texts indicate the soldiers were forced to give up their phones and threatened by thirty Wagner representatives with rifles at the Stakhanov railway station. Other signs of coercion were brought to the attention of the Russian MoD after six mobilized soldiers from Yakutia informed their families they had been forcibly recruited by another PMC. In an April 19 post, Wagner Group financier Yevgeny Prigozhin denied these accusations.

Although user @Tatarigami_UA reports that the instructors are said to be part of a PMC called Volk (“Wolf”), the DFRLab could not confirm this. However, job ads analyzed in a previous DFRLab report mentioned instructors as “participants of the special military operation.” In their accusations of coerced re-enlistment, mobilized soldiers from the Sakha Republic also pointed to yet another subsidiary of the Wagner Group, called PMC Veteran.

–Valentin Châtelet, Research Associate, Security, Brussels, Belgium

Russia cancels Victory Day parades and moves “Immortal Regiment” marches online

Russia’s Ministry of Defense (MoD) canceled May 9 Victory Day parades in annexed Ukrainian territory and adjacent Russian territory because of security concerns. “Immortal Regiment” marches were moved from their usual offline space to online. Previously, Victory Day celebrations and parades have traditionally been a significant event in Russia.

Citing the Russia-installed head of annexed Sevastopol city Mikhail Razvozhaev, TASS reported on April 20 that it was the MoD’s decision to cancel the parade. Earlier, on April 12, Russia-installed head of Crimea Sergey Aksenov stated that parades were cancelled across annexed Crimea “due to security concerns.” Victory Day parades were also canceled in Ukraine-neighboring Russian regions of Kursk and Belgorod. In Krasnodar Krai the parade will only be held in the city of Novorossiysk. According to the governor of the Belgorod region, such a measure was necessary in order “not to provoke the enemy with a large accumulation of equipment and military personnel.”

UkraineAlert has named equipment shortages as one of the possible reasons behind the Kremlin’s decision to cancel parades. According to the report, “[N]umerous commentators have speculated that Moscow is increasingly short of tanks and is understandably eager to avoid highlighting the scale of the losses suffered by the Russian army in Ukraine.”

Similarly there will be no traditional organized march of the “Immortal Regiment” this year. The organizers have moved the march online, which previously happened twice during COVID pandemic years in 2020 and 2021. They told RBC that Russian regions will be posting “portraits of heroes” in interactive online formats.

Citing Russian Defense Minister Sergei Shoigu, Meduza reported that military parades are planned to be held in twenty-eight Russian cities, including Moscow, where “more than 10,000 military personnel are planned to participate,” with enhanced security measures.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

Pro-Kremlin experts use false story to claim military upper hand over Ukraine and NATO

Pro-Kremlin media continue to amplify a false story about the Russian army allegedly destroying a bunker in Lviv occupied by NATO officers with a Kinzhal supersonic missile. Snopes, the US fact-checking outlet, debunked the story as early as April 3, labeling it as “a lazy piece of obvious propaganda.” Russia previously attacked Ukraine with Kinzhal missiles on March 9 and hit two residential building in Lviv, according to Ukrainian fact-checking outlet StopFake, which debunked the story on April 19. There is no evidence of any underground NATO command center in Lviv. Both fact-checking outlets argued that it did not make sense to have such command center in Lviv, which around one hundred kilometers from Poland, a NATO member state.

The first mention of the rumor was a March 1 report published by “Cossack Colonel Yuri Kominyenko” on the fringe website Cairns News. According to Snopes, the Greek outlet Pronews made the claim “regain virality” starting on March 12. From April 14 to April 18 pro-Kremlin media outlets resurfaced the story by citing pro-Kremlin experts who voiced contradicting numbers of NATO’s alleged casualties. For instance, TopNews and Sibnet.ru cited Nikolay Sorokin, a pro-Kremlin political expert saying that “Kinzhal destroyed 300 officers from NATO countries.”

Ekonomika Segodnya, ZOV Kherson, Lenta.ru, and Tsargrad cited Viktor Baranets, an author on Komsomolyskaya Pravda, who asserted, “Kinzhal destroyed secret bunker with 200 NATO and Ukrainian Armed Forces’ officers.” Baranets also claimed with no evidence that the US embassy called the representatives of Ukrainian Ministry of Defense and Armed Forces to “reprimand” them for “poor control center security” and that “capitals of NATO countries are silent about the incident because they are ashamed to admit this biting slap from Moscow.”

Pravda.ru and RG.ru cited Anatoly Matveychuk, a military expert who declared, “Kinzhal destroyed 160 NATO and Ukrainian Armed Forces’ officers in Ukrainian bunker in Lviv.” Matveychuk reportedly suggested this led to Ukraine to cancel its plans for a spring counteroffensive.

—Nika Aleksejeva, Resident Fellow, Riga, Latvia

Wagner members claim killing of Ukrainian civilians

On April 17, a Russian human rights project released testimonies of two Russian former prisoners, Azamat Uldarov and Alexei Savichev, who allegedly fought in Ukraine within the ranks of Wagner Group. In a conversation with Gulagu.net, Savichev and Uldarov reported the killing of Ukrainian civilians, including children, allegedly on personal orders from Wagner founder Yevgeny Prigozhin. The Ukrainian Prosecutor General’s Office launched an investigation into Uldarov and Savichev’s confessions.

Savichev argued that Wagner mercenaries in Bakhmut received an order to kill everyone over fifteen years old; he admitted killing at least ten teenagers and more than twenty unarmed Ukrainians in February 2023. In addition, Savichev claimed that he personally witnessed the killing of about seventy Russian former prisoners who served in Wagner and refused to comply with orders. He also asserted that he blew up a pit full of bodies of dead and wounded citizens of Russia and Ukraine then subsequently set fire to the remnants of dead people to hide traces of the crime. Uldarov, meanwhile, said that he killed minors in Bakhmut and Soledar and admitted that one of his victims was a girl who was “five or six” years old.

Gulagu.net also published documents allegedly proving that Azamat Uldarov and Alexei Savichev were previously pardoned by presidential decree in September 2022 then sent to the front line in Ukraine. The founder of the Gulagu.net project, Vladimir Osechkin, argued that both of them are currently located on the territory of Russia and that they gave their testimony voluntarily.

Following the publication of these claims, Yevgeny Prigozhin publicly addressed Alexei Savichev on April 28 and stated that he had been searching for him over the previous twenty-four hours. Prigozhin demanded that Savichev contact Wagner and explain “why he spoke falsehoods, who was behind it, how he was blackmailed.” Prigozhin promised that Savichev will be “left alive and unharmed” if he is willing to explain in person what took place. The events discussed by the ex-prisoners have not been verified independently.

—Givi Gigitashvili, Research Associate, Warsaw, Poland

US investigates ex-Navy officer allegedly behind notorious pro-Russia social media accounts

The Wall Street Journal identified the individual allegedly behind the pro-Russian social media persona “Donbas Devushka” as Sarah Bils, a thirty-seven-year-old US Navy veteran from New Jersey who served as an aviation electronics technician at Whitby Island in Washington state. The US Department of Justice is currently investigating her for allegedly disseminating leaked classified documents.

Donbas Devushka allegedly presented herself to her followers as a Russian Jew from occupied Luhansk. Their Twitter and Telegram accounts largely grew after Russia invaded Ukraine in February of last year. The accounts continuously spread Kremlin propaganda, with their Telegram channel amplifying graphic content of possible war crimes by Wagner Group.

According a Bellingcat investigation, Donbas Devushka’s Telegram account was found to be the first to have shared leaked intelligence currently under investigation by the Justice Department and Pentagon. According to the Wall Street Journal, Bils played a key role in spreading the leaked documents, though she has denied these claims. Bils admitted she was the administrator of Donbas Devushka, however; she also said that there were fourteen other people involved in running the network but refused to name them.

Bils also ran a tropical fish business, which in part led to her discovery. During her stint in the US Navy, Bils imported tropical fish from Poland. According to Malcontent News, she appeared in a video from the Aquarium Co-op podcast; Malcontent and the pro-Ukrainian group North Atlantic Fella Organization (NAFO) then matched her voice and home décor with footage from the Donbas Devushka account.

—Ani Mejlumyan, Research Assistant, Armenia

The post Russian War Report: Russia cancels Victory Day parades and moves “Immortal Regiment” marches online appeared first on Atlantic Council.

Russia’s invasion of Ukraine is also being fought in cyberspace

Vera Mironova — Thu, 20 Apr 2023 16:30:09 +0000

The Russian invasion of Ukraine is the first modern war to feature a major cyber warfare component. While the conventional fighting in Ukraine often resembles the trench warfare of the early twentieth century, the evolving battle for cyber dominance is highly innovative and offers important insights into the future of international aggression.

The priority for Ukraine’s cyber forces is defense. This is something they have long been training for and are excelling at. Indeed, Estonian PM Kaja Kallas recently published an article in The Economist claiming that Ukraine is “giving the free world a masterclass on cyber defense.”

When Russian aggression against Ukraine began in 2014 with the invasion of Crimea and eastern Ukraine’s Donbas region, Russia also began launching cyber attacks. One of the first attacks was an attempt to falsify the results of Ukraine’s spring 2014 presidential election. The following year, an attempt was made to hack into Ukraine’s electricity grid. In 2017, Russia launched a far larger malware attack against Ukraine known as NotPetya that Western governments rated as the most destructive cyber attack ever conducted.

In preparation for the full-scale invasion of 2022, Russia sought to access Ukraine’s government IT platforms. One of the goals was to obtain the personal information of Ukrainians, particularly those working in military and law enforcement. These efforts, which peaked in January 2022 in the weeks prior to the invasion, failed to seriously disrupt Ukraine’s state institutions but provided the country’s cyber security specialists with further important experience. “With their nonstop attacks, Russia has effectively been training us since 2014. So by February 2022, we were ready and knew everything about their capabilities,” commented one Ukrainian cyber security specialist involved in defending critical infrastructure who was speaking anonymously as they were not authorized to discuss details.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Ukrainian specialists say that while Russian hackers previously tried to disguise their origins, many now no longer even attempt to hide their IP addresses. Instead, attacks have become far larger in scale and more indiscriminate in nature, with the apparent goal of seeking to infiltrate as many systems as possible. However, the defenders of Ukraine’s cyberspace claim Russia’s reliance on the same malware and tactics makes it easier to detect them.

The growing importance of digital technologies within the Ukrainian military has presented Russia with a expanding range of high-value targets. However, efforts to access platforms like Ukraine’s Delta situational awareness system have so far proved unsuccessful. Speaking off the record, Ukrainian specialists charged with protecting Delta say Russian hackers have used a variety of different methods. “They tried phishing attacks, but this only resulted in our colleagues having to work two extra hours to block them. They have also created fake interfaces to gain passwords and login details.”

Ukrainian security measures that immediately detect and block unauthorized users requesting information have proved effective for the Delta system and similar platforms. Russian hackers have had more success targeting the messaging platforms and situation reports of various individual Ukrainian military units. However, due to the fast-changing nature of the situation along the front lines, this information tends to become outdated very quickly and therefore is not regarded as a major security threat.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Ukraine’s cyber efforts are not exclusively focused on defending the country against Russian attack. Ukrainians have also been conducting counterattacks of their own against Russian targets. One of the challenges they have encountered is the comparatively low level of digitalization in modern Russian society compared to Ukraine. “We could hack into Russia’s railway IT systems, for example, but what information would this give us? We would be able to access train timetables and that’s all. Everything else is still done with paper and pens,” notes one Ukrainian hacker.

This has limited the scope of Ukrainian cyber attacks. Targets have included the financial data of Russian military personnel via Russian banks, while hackers have penetrated cartographic and geographic information systems that serve as important infrastructure elements of the Ukraine invasion. Ukrainian cyber attacks have also played a role in psychological warfare efforts, with Russian television and radio broadcasts hacked and replaced with content revealing suppressed details of the invasion including Russian military casualties and war crimes against Ukrainian civilians.

While Ukraine’s partners throughout the democratic world have provided the country with significant military aid, the international community has also played a role on the cyber front. Many individual foreign volunteers have joined the IT Army of Ukraine initiative, which counts more than 200,000 participants. Foreign hacker groups are credited with conducting a number of offensive operations against Russian targets. However, the large number of people involved also poses significant security challenges. Some critics argue that the practice of making Russian targets public globally provides advance warning and undermines the effectiveness of cyber attacks.

Russia has attempted to replicate Ukraine’s IT Army initiative with what they have called the Cyber Army of Russia, but this is believed to have attracted fewer international recruits. Nevertheless, Russia’s volunteer cyber force is thought to have been behind a number of attacks on diverse targets including Ukrainian government platforms and sites representing the country’s sexual minorities and cultural institutions.

The cyber front of the Russo-Ukrainian War is highly dynamic and continues to evolve. With a combination of state and non-state actors, it is a vast and complex battlefield full of gray zones and new frontiers. Both combatant countries have powerful domestic IT industries and strong reputations as hacker hubs, making the cyber front a particularly fascinating aspect of the wider war. The lessons learned are already informing our knowledge of cyber warfare and are likely to remain a key subject of study in the coming decades for anyone interested in cyber security.

Vera Mironova is an associate fellow at Harvard University’s Davis Center and author of Conflict Field Notes. You can follow her on Twitter at @vera_mironov.

Russia’s heaviest losses in recent months are believed to have occurred in battles for control over strategic towns in eastern Ukraine such as Bakhmut and Vuhledar, with Ukraine claiming to have killed or wounded tens of thousands of Russian soldiers. While unconfirmed, these figures are supported by extensive battlefield footage, much of which appears to show Russian troops engaged in reckless frontal assaults on entrenched defensive positions.

The human wave tactics on display in eastern Ukraine reflect Russia’s narrowing military options following a year of embarrassing battlefield setbacks. The Russian military entered the current war with a reputation as the world’s number two army, but has performed remarkably poorly in Ukraine. With many of his most experienced units and elite regiments decimated, Putin now hopes to grind down Ukraine’s resources and outlast the country’s Western backers by relying on superior numbers. In the final months of 2022, he bolstered his invasion force with an additional 300,000 troops via Russia’s first mobilization since World War II.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Human wave tactics are not new and typically involve soldiers conducting direct attacks in large numbers with the objective of overwhelming an opposing force. Such troops are often regarded as “single-use soldiers,” with each wave suffering heavy casualties as it attempts to move the front lines further forward. This is not the first time Russian troops have been called upon to conduct such attacks. During WWII, Soviet commanders often ordered Red Army soldiers into frontal assaults that resulted in exceptionally high death tolls.

In the present war against Ukraine, the Kremlin may see human wave tactics as an effective way of overcoming determined Ukrainian resistance. It allows Russia to wear down Ukraine’s numerically fewer but battle-hardened troops, and can be implemented using a combination of easily replaced forces including recently mobilized soldiers and former convicts serving in the Wagner private military company.

This approach allows Russia’s more experienced soldiers to be held in reserve and used to exploit emerging weak points in the Ukrainian defenses. So-called “blocking units” are also reportedly being deployed behind the front lines to ensure Russian troops do not try to flee. According to numerous battlefield accounts, any Russian soldier who attempts to retreat from a human wave attack faces the prospect of being shot by their own side.

Although grisly, Russia’s human wave tactics are producing results. However, any advances during the past three months in Bakhmut and at other points along the 600-mile front line have been modest in scale and have come at a high cost. In an interview with Current Time on the front lines of Bakhmut, one Ukrainian soldier described the horrors of Russia’s frontal assaults. “The Russian soldiers face certain death in these attacks, but they are not retreating,” he commented. “You can shoot his head off, but his comrade will keep coming. Their own commanders will kill them if they don’t attack.”

Eurasia Center events

Identifying potential host sites for Russian tactical nuclear weapons

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

The brutality of Russia’s human wave attacks is leading to growing signs of demoralization among front line troops. Since the beginning of 2023, dozens of video appeals have been posted to social media featuring Russian soldiers in Ukraine complaining to Putin or other state officials about human wave tactics and high death tolls. Russian media outlet Verstka reported that since early February, Russian soldiers from at least 16 different regions of the country have recorded video messages in which they criticize their military commanders for using them as cannon fodder.

Footage has also emerged of Russian soldiers refusing to follow orders after suffering heavy losses during the recent winter offensive in eastern Ukraine. While details remain unconfirmed, most of these incidents appear to have involved recently mobilized Russian troops who found themselves rushed into battle, often after having received minimal training.

In a further worrying sign for the Kremlin, Ukrainian officials have reported a record number of calls in March 2023 to the country’s “I Want to Live” initiative, which helps Russian troops surrender to the Ukrainian military. All this points to the conclusion that human wave attacks could be compounding Russian morale issues and further accelerating the buckling of front line offensives.

At this stage, there appears to be little prospect of a sudden collapse throughout the Russian military comparable to the disintegration of Afghanistan’s security forces during the 2021 US withdrawal. While the demoralization issues facing the Russian army appear significant, recent steps to introduce draconian penalties for Russian soldiers found guilty of disobedience, desertion, or surrender represent a powerful deterrent. The continued domestic strength of the Putin regime and its control over the information space also serve to hold Russia’s army together in Ukraine.

The Kremlin may now have recognized that it must address widespread anger and alarm over the military’s use of human waves. In early April, Russian General Rustam Muradov was reportedly dismissed from his post as commander of the Eastern Group of Forces in Ukraine following his disastrous handling of the recent failed assault on Vuhledar, which resulted in “exceptionally heavy casualties.” Muradov had been widely criticized by his own troops along with many members of Russia’s vocal pro-war blogger community, making him an unofficial symbol of the army’s human wave tactics.

If confirmed, Muradov’s departure may indicate a coming change in tactics. This would arguably be long overdue. If Russia is hoping to outlast Ukraine in a war of attrition, Putin’s generals will need to move beyond a reliance on costly human waves and demoralizing frontal assaults.

Olivia Yanchik is a program assistant at the Atlantic Council’s Eurasia Center.

Documenting dissent

Individuals linked to Russian army form ‘angry patriots club’

Tracking narratives

Russian propaganda reaches Ukrainian users via Facebook ads

International response

Poland and Ukraine sign cooperation deal for production of tank shells

Belarus accuses Ukraine of plotting terrorist attack against Russian consulate

On April 4, Belarusian state-controlled TV channel ONT aired a documentary titled “Loud failures of the Ukrainian special services in Belarus. Gaspar did not get in touch.” Reports from Belarus’ State Security Committee (KGB) informed much of the program, which asserted that, under the leadership of Ukrainian special services, a network of Russian and Belarusian citizens planned several terrorist attacks in the Belarusian city of Grodno. The alleged perpetrators reportedly planned to target several facilities, including the Consulate General of Russia, a military enlistment office opposite Zhiliber Park, a military unit in southern Grodno, and two oil depots.

The KGB claimed that Vyacheslav Rozum, an alleged employee of the Main Directorate of Intelligence in the Ukrainian defense ministry, planned the attacks. Ukrainian authorities had not commented on the accusations at the time of writing. According to the documentary, Rozum asked Russian citizen Daniil Krinari, known as Kovalevsky, to form a network of people to carry out terrorist acts. Krinari was reportedly arrested in Grodno in December 2022 and extradited to Russia at the request of the Russian Federal Security Service (FSB). He was charged in Russia for cooperating with Ukraine and acting in the interests of Ukraine. The Belarusian KGB asserted that, before his extradition, Krinari managed to recruit at least two people, Russian citizen Alexei Kulikov and Belarusian citizen Vadim Patsenko. Kulikov had allegedly fled Russia in 2022 to avoid conscription and moved to Belarus.

The ONT documentary includes interviews with Kulikov and Patsenko, who argue that Rozum asked them to take photos and videos of the target facilities in Grodno. Moreover, Patsenko argued that Vyacheslav tasked him with blowing up an oil depot with a drone. The program claims Ukrainian special services promised Kulikov and Patsenko $10,000 each. While Patsenko and Kulikov allege that Ukrainian security services were involved in the operation, the ONT program does not include concrete evidence to prove this claim.

The documentary also contains an interview with Nikolai Shvets, the main suspect behind a February 26, 2023, attack on an AWACS A-50 Russian military aircraft at Machulishchy airfield in Belarus. Shvets is reported to be a Russian-Ukrainian dual citizen and served in the Ukrainian army. In the ONT interview, he claimed he was working with a person from the Ukrainian security service while planning the sabotage. The Belarusian independent media outlet Nasha Niva reported that Maxim Lopatin, one of arrested suspects in the Machulishchy attack, had a broken jaw when he filmed the ONT doumentary. Nasha Niva suggested that he was possibly beaten by Belarusian law enforcement authorities. Belarus arrested more than twenty people in connection to the February aircraft incident and announced on April 3 that the suspects were charged with committing an act of terrorism, for which the maximum sentence is capital punishment. However, the ONT program again provides no concrete evidence linking Shvets to Ukrainian security services.

In addition, the ONT documentary aired on the same day that Alyaksandr Lukashenka met Sergey Naryshkin, the head of Russia’s Foreign Intelligence Service, in Minsk to discuss joint counterterrorism measures undertaken by Belarus and Russia.

—Givi Gigitashvili, Research Associate, Warsaw, Poland

Identifying potential host sites for Russian tactical nuclear weapons

On March 28, Belarus confirmed it would accept Russian tactical nuclear weapons. The announcement came after Russian President Vladimir Putin announced on March 25 plans to store tactical nuclear weapons in Belarus, promising to build a nuclear weapons storage facility in the country. Putin made the comments after the United Kingdom said it would supply Ukraine with ammunition containing depleted uranium. “The heavy metal is used in weapons because it can penetrate tanks and armour more easily due to its density, amongst other properties,” Reutersreported. On April 4, Russian Minister of Defense Sergei Shoigu reported the transfer of Iskander-M tactical missiles, which are nuclear capable and have been utilized by the Russian military against Ukraine.

Two days after the start of Russia’s invasion of Ukraine, on February 26, 2022, Belarus approved via referendum constitutional amendments to remove the country’s non-nuclear status. The constitutional change allows Belarus to host nuclear weapons for foreign states.

Amidst the speculation surrounding Russia’s nuclear deployment to Belarus, the most pressing questions concern the potential location of airfields capable of nuclear deployment and which type of equipment is nuclear capable in terms of maintenance and modernization efforts.

Along with the confirmed transfer of the Iskander-M missiles (a mobile, short-range ballistic missile system with a range of up to 500 kilometers), Sukhoi Su-25 fighter jets are also a top contender in the Russian and Belarusian aviation arsenals. This aircraft is capable of carrying two nuclear bombs, which the Russian military categorizes as “special aviation bombs.” In June 2022, Belarusian President Alyaksandr Lukashenka personally called on Putin to help upgrade and retrofit the Belarusian Su-25 fleet to be nuclear-capable. This resulted in a long-term project to enable Belarusian nuclear capabilities, legalize hosting Russian nuclear technology and nuclear-capable craft, enable joint-training programs for aviation sorties, and direct training for Belarusian pilots.

In conjunction with the Su-25’s capabilities against Ukraine’s current air defence networks and Russia’s non-strategic nuclear policy, Belarus’ acceptance of Russian tactical nuclear weapons can be viewed as escalatory. Video footage showed the Su-25’s capacity to evade Ukraine’s man-portable air defence system (MANPAD).

Промах двох ракет ПЗРК по російському штурмовику Су-25. pic.twitter.com/81PCZNpC21
— Ridnа_Vilnа #Rescue_Azovstal_Defenders (@ua_ridna_vilna) September 11, 2022

Video footage from the cockpit of a SU-25 aircraft demonstrating its maneuverability and evasion of MANPAD systems. (Source: ua_ridna_vilna/archive)

On April 2, the Russian envoy to Minsk announced that the nuclear weapons deployment would occur along Belarus’ western border. The exact location has not been specified, but Belarus has a number of bases along its western border, including Osovtsy, Ross, and Bereza. However, Lida is a primary staging base for the Belarusian fleet of SU-25s, and open-source researchers have confirmed a large presence of the aircraft on the base. Currently, Osovtsy is not one of the highly utilized bases in Belarus, but its proximity to the western border, especially in terms of proximity to Poland and the northern border of Ukraine, makes it a primary location to watch for potential signs of development, land-clearing operations, and heightened military activity.

Map showing Belarus’ western border and highlighting the locations of the Lida, Ross, and Osovtsy airbases. (Source: DFRLab via Google Maps)

—Kateryna Halstead, Research Assistant, Bologna, Italy

Individuals linked to Russian army form ‘angry patriots club’

On April 1, former Russian army commander Igor Strelkov (also known as Igor Girkin) published a video announcing the formation of the “angry patriots club” (Клуб рассерженных патриотов). According to Strelkov, the club aims “to help Russian armed forces” and “meet the stormy wind that will soon whip our faces as one team.” In the video, Strelkov says that Russia “is moving toward military defeat” because “we got into a long, protracted war for which our economy turned out to be completely unprepared. Neither the army nor the political system was ready for it.” In a Telegram post, Strelkov said the club “was created two weeks ago. So far, organizational issues have not been resolved publicly.” Strelkov previously played a crucial role in forming a separatist movement in the Donbas region.

The video also featured a statement from Pavel Gubarev, who in 2014 proclaimed himself the commander of the Donbas People’s Militia. In the video, he says, “We are angry that we are going from one defeat to another, and nothing changes.” He called the system in Russia “thievish and corrupt” and said the Russian elite are “elite in catastrophe.”

The video further featured Vladimir Grubnik, who in 2015 was arrested in Ukraine in connection to an explosion near a Security Service of Ukraine (SBU) building in Odesa; in 2019, he was part of a prisoner exchange and returned to the Russian forces in Donbas. Grubnik said that defeat would lead to Russia falling apart.

Vladimir Kucherenko, an Odesa-born Russian propagandist better known by his pen name Maksim Kalashnikov, said, “We are not afraid to criticize the actions of the government. Why? Because it can somehow help victory. Otherwise, they will do nothing, they will not move.” He called the Russian elite “looters,” “resource grabbers,” and “corrupts.” He predicted the war would turn into “carnage to death” and that the “corrupt Russian elites” would organize a coup that would “betray the country” by agreeing to Russia’s “separation” and “giving up of nuclear arms” in order to “earn the forgiveness of the West.” In 2015, the Ukrainian Ministry of Culture included Kucherenko in the list of Russians “threatening national security.”

Another figure in the video is Maksim Klimov, a pro-Kremlin military expert, who said, “The authorities do not know the real situation.” He added, “They do not hear nor see what is happening in the special military operation zone.” Klimov also did not rule out Russia’s defeat.

The video gained some traction online, garnering 177,000 views on YouTube at the time of writing and 623,600 views and 2,500 shares on Strekov’s Telegram channel. According to TGStat, most of the shares on Telegram came from private accounts. Many Ukrainian media outlets reported on the newly founded club. The DFRLab did not identify any mainstream Russian media outlets reporting on the club besides Kommersant, a Kremlin-approved media outlet focused on business.

—Nika Aleksejeva, Resident Fellow, Riga, Latvia

Russian propaganda reaches Ukrainian users via Facebook ads

This week, the Center for Strategic Communications and Information Security (CSCIS) and Ukrainian civil society members reported that Facebook advertising campaigns are being used to spread negative content about Ukraine. The ads range from posts that claim “Romania wants to annex Ukrainian territories” to videos that claim “This is the end. There are no men to fight for Ukraine.” While these campaigns were quickly de-platformed and the pages sharing them were banned, the DFRLab was able to investigate some of the ads via the Facebook Ad Library. The DFRLab previously reported on Facebook ads promoting pro-Russia disinformation to Ukrainian users.

The ads included links to the website luxurybigisland.net, with some ads sharing variations of the URL, such as luxurybigisland.net/rbk or luxurybigisland.net/pravda. The website was built using the Russian website builder Tilda, and its the landing page featured German text that translates to, “Nothing that can’t be removed. We care for your textiles as gently as possible with the utmost care, iron and steam, so that you can enjoy your clothes for a long time. We care.” The same phrase appeared on the now-defunct Tilda-made website google-seo-top.com and the website of a German textile care company. Registration data for luxurybigisland.net is redacted, but WhoIs data for google-seo-top.com shows that the website was registered in Russia. Both luxurybigisland.net and google-seo-top.com include metadata, shown in Google results, that states, in German, “the USA are against the entire world.”

A composite image of a Google search result showing google-seo-top.com (top) and an archive of luxurybigisland.net (bottom) sharing an identical German phrase in their metadata. (Source: Google/Google cache, top; Luxurybigisland.net/archive, bottom)

One URL shared in the ads, luxurybigisland.net/pravda, remained online at the time of writing. The URL redirects to a forged article mimicking the Ukrainian news outlet Pravda. The article shared in the ads never appeared on the authentic Pravda website, but its byline cited a genuine journalist working at the outlet. The DFRLab confirmed the article was a forgery by reviewing the journalist’s author page on the authentic Pravda website, reviewing Pravda’s archived section, conducting a Google search for the forged headline, and then a more specific website search via Google.

Visually the forged website is identical to the authentic one and even features links to contact information copied from the original website. However, the forged website’s image format is different. The text of the forged article claims that the Ukrainian economy is heavily damaged and that “continuation of the war will lead to even greater losses in the economy.” The data shared in the article appears to be copied from multiple media sources and is not false, but the article’s framing contains pro-Russian sentiments as it calls for Ukraine’s surrender.

A second forged article, discovered by CSCIS, was shared on the now-offline URL luxurybigisland.net/RBK. The article mimicked the website of the reputable Ukrainian outlet RBC.

Meta itself has taken – and continues to take – action against similar cross-platform, pro-Russia networks that push users to websites designed to impersonate legitimate news organizations. The DFRLab could not tie its identified assets to those previous Meta actions, but there is some probability that they were related given the similarity of behavior.

A Facebook page with “Cripto” in its name shared some of the ads. The DFRLab identified another Facebook page with the word Cripto in the name sharing pro-Kremlin narratives via Facebook ads. The ads pushed a false story claiming there was a “riot in Kyiv over losses.” CSCIS previously debunked another narrative pushed by a similarly named page that also fomented anti-Ukrainian military sentiment.

A composite image of two ads from pages with “cripto” in the name. The first, at left, is the Facebook page identified by the DFRLab, while the second, at right, is an earlier ad previously identified by CSCIS. (Source: Cripto ukijed, left; Cripto nucergeq, right)

—Roman Osadchuk, Research Associate

Poland and Ukraine sign cooperation deal for production of tank shells

During Ukrainian President Volodymyr Zelenskyy’s visit to Poland, Polish manufacturer Polska Grupa Zbrojeniowa and Ukroboronprom signed a cooperation agreement for the joint production of 125-mm tank ammunition. The agreement assumes that the deployment of new production lines will be in Polish cities and the agreement indicates that they plan to produce a large amount of ammunition for 125-mm guns. The decision to start production in Poland was made due to the high risks of Russian missile attacks on production facilities if they were to be based in Ukraine. In place of locating the production in the country, the Ukrainian side will provide technologies and highly qualified specialists with experience in production. This will be the second factory that will produce 125-mm tank shells.

The supply of shells is of particular importance to Ukrainian forces, which are preparing a counter-offensive in southern and eastern Ukraine as heavy fighting with the Russian army continues in the Bakhmut and Donetsk regions.

Separately, German manufacturer Rheinmetall is building a service center for Western military equipment used by Ukraine’s armed forces in Romania, Reuters reported on April 2. The construction for the center is already underway in the Romanian city of Satu Mare, close to the country’s border with Ukraine. The hub is expected to open later this month.

This development is happening against the background of diplomatic activity and statements. Ukraine is not ready to sign any peace agreement with Russian President Vladimir Putin, but the war could end as early as this year, according to an April 5 interview with Ukraine’s Minister of Defense Oleksii Rezniko, who said, “I think this war will end soon. Of course, I would like it not to start, but I personally believe in this year as a year of victory.”

Rezniko also commented on a statement made in March by Czech Republic President Petr Pavel, who claimed that Ukraine had only one chance to conduct a successful counter-offensive this year. “I think that the president of the Czech Republic now speaks more like a military man than a politician, and the logic of the military is such that they constantly calculate the worst options. But even if this is his assessment, it is subjective, and he still lays down useful for us. The message is that European countries should unite more powerfully and strengthen assistance to Ukraine,” said Reznikov. Later, Andriy Sybiha, an adviser to Zelenskyy, told the Financial Times that Kyiv is willing to discuss the future of Crimea with Moscow if its forces reach the border of the Russian-occupied peninsula.

—Ruslan Trad, resident fellow for security research, Sofia, Bulgaria

The post Russian War Report: Belarus accuses Ukraine of plotting terrorist attack appeared first on Atlantic Council.

Anti-war Russians struggle to be heard

Christopher Isajiw — Thu, 06 Apr 2023 18:12:04 +0000

Ever since the full-scale invasion of Ukraine began on February 24, 2022, the Putin regime has worked hard to present the impression of overwhelming Russian domestic support for the war effort. This has involved everything from celebrity endorsements and relentless pro-war coverage in the Kremlin-controlled mainstream Russian media, to online flash mobs and carefully choreographed mass rallies in central Moscow.

Meanwhile, a ruthless clampdown has made it increasingly difficult and dangerous for dissenting voices to be heard. Nevertheless, opposition figures continue to question the true levels of public backing for the invasion, while insisting that large numbers of Russians are either opposed or indifferent. The real situation within Russian society is certainly far more complex than the Kremlin would like us to believe, but today’s suffocating atmosphere means there is little reason to expect an increase in visible anti-war activity any time soon.

Officially at least, Putin’s approval rating has increased significantly since the start of the full-scale invasion just over one year ago. According to Russia’s only internationally respected independent pollster, the Levada Center, the Russian President’s rating rose from 71% on the eve of the invasion to 82% in March 2023. The same source indicates consistently high levels of support for the invasion of Ukraine, with over 70% of respondents expressing their approval in every single survey conducted throughout the past thirteen months.

These figures point to strong levels of public support for the war but they must be viewed in context. Critics question the validity of any public opinion polling in a dictatorship such as Putin’s Russia, where people are legally obliged to call the invasion a “Special Military Operation” and can face criminal prosecution for social media posts. This is worth keeping in mind when analyzing surveys of Russian opinion.

Many poll respondents may be inclined to demonstrate their patriotism and their support for the Russian military while being less enthusiastic about the invasion itself or the Kremlin’s war aims. Others may have become swept up in the relentless flow of pro-war propaganda or cut off from alternative sources of information. It is also important to acknowledge that a large majority of people refuse to participate in polling of this nature. They may choose to decline for a wide range of reasons, but it is possible that many simply prefer not to share anti-war opinions with strangers.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

What evidence is there of anti-war sentiment in today’s Russia? When the invasion of Ukraine began in February 2022, efforts to claim strong public backing for the war were hampered by a series of protests in cities across the country involving mainly young Russians. However, these public demonstrations failed to reach any kind of critical mass and were fairly rapidly suppressed by the authorities with large numbers of detentions.

Other Russians have voted with their feet. A mass exodus of Russian nationals began during the first weeks of the war, with a second wave starting in September 2022 in the wake of Russia’s first mobilization since World War II. Hundreds of thousands of military-age Russian men fled to neighboring countries in the last four months of the year, leading in some cases to massive queues at border crossings.

This outflow of people has had a considerable negative demographic impact on Russia, but it would not be accurate to claim that everyone who has left the country during the past year holds anti-war views. Many chose to leave in order to avoid military service, while others feared the inconvenience of wartime conditions. Thousands of wealthy Russians have relocated to destinations like Dubai, where they can manage their Russian businesses while distancing themselves physically and psychologically from the war.

For those who remain in Russia, it is still possible to live a fairly normal life despite the imposition of sanctions and the departure of many high-profile Western brands. Meanwhile, some members of Russia’s billionaire elite are believed to oppose the war, but most see their fortunes as tied to Putin and are fearful of the consequences if they break with the regime publicly.

There are indications that the war is becoming less and less popular among the very troops charged with leading the invasion. The refusal of many contract soldiers to extend their service has forced the Russian authorities to introduce legislative changes, while in recent months there has been a sharp increase in video addresses on social media featuring mobilized Russian soldiers complaining about suicidal tactics and high death tolls. At the same time, there is little indication yet that mounting demoralization on the front lines is shaping the public mood back in Russia itself.

Eurasia Center events

Online Event Mon, March 27, 2023 • 1:30 pm ET

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

What of Russia’s beleaguered political opposition? For more than twenty years, the Putin regime has sought to silence any genuine opposition forces via increasingly direct means. These efforts have intensified since the onset of the Ukraine invasion, with independent media outlets shut down and many of the country’s relatively few remaining opposition figures either jailed or forced to flee. Some have attempted to speak out against the war while in exile, with others who left Russia in previous years such as Gary Kasparov and Mikhail Khodorkovsky serving as vocal opponents of the invasion.

The most prominent opposition figure in today’s Russia, Alexei Navalny, remains in prison. Navalny has managed to issue a number of statements from jail condemning the war. In February 2023, he published a fifteen-point plan calling for the Russian military to withdraw completely from Ukraine and arguing that Russia must accept Ukraine’s internationally recognized borders. While many have welcomed Navalny’s unambiguous opposition to the invasion, others remain wary due to his ties to Russian nationalism and earlier reluctance to back the return of Crimea to Ukraine.

At this point, extreme Russian nationalism appears to pose a far greater threat to the Putin regime than liberal anti-war sentiment. A new class of pro-war bloggers has emerged over the past year and has become a powerful force within the more active segments of Russian society. Hardliners such as Wagner chief Yevgeny Prigozhin and Chechen leader Ramzan Kadyrov have gained in stature thanks to their prominent roles in the invasion and have engaged in rare public criticism of key establishment figures.

The authoritarian nature of the Putin regime makes it almost impossible to accurately gauge levels of anti-war sentiment in today’s Russia. It may take a decisive military defeat before many of those who oppose the war dare to speak up and demand change. In a sense, this is exactly what Putin is fighting against. He invaded Ukraine primarily because he feared Ukrainian democracy would serve as a catalyst for similar demands inside Russia itself. So far, he has managed to prevent anti-war or pro-democracy movements from gaining momentum. However, if his invading army’s battlefield fortunes continue to deteriorate in Ukraine, those who dream of a different Russia may finally find their voices.

Christopher Isajiw is an international relations commentator and business development consultant to private, governmental, and non-governmental organizations.

The DFRLab hosts the US Deputy Secretary of State Wendy Sherman along with civil society and industry experts for a discussion on the Freedom Online Coalition and how the world’s democratic tech alliance advances human rights online.

Africa East Asia Europe & Eurasia Indo-Pacific

Ahead of the Biden administration’s second Summit for Democracy, US Deputy Secretary of State Wendy Sherman gave a sneak peek at what to expect from the US government on its commitments to protecting online rights and freedoms.

The event, hosted by the Atlantic Council’s Digital Forensic Research Lab on Monday, came on the same day that US President Joe Biden signed an executive order restricting the US government’s use of commercial spyware that may be abused by foreign governments or enable human-rights abuses overseas.

But there’s more in store for this week, Sherman said, as the United States settles into its role as chair of the Freedom Online Coalition (FOC)—a democratic tech alliance of thirty-six countries working together to support human rights online. As chair, the United States needs “to reinforce rules of the road for cyberspace that mirror and match the ideals of the rules-based international order,” said Sherman. She broke that down into four top priorities for the FOC:

Protecting fundamental freedoms online, especially for often-targeted human-rights defenders
Building resilience against digital authoritarians who use technology to achieve their aims
Building a consensus on policies designed to limit abuses of emerging technologies such as artificial intelligence (AI)
Expanding digital inclusion

“The FOC’s absolutely vital work can feel like a continuous game of catch-up,” said Sherman. But, she added, “we have to set standards that meet this moment… we have to address what we see in front of us and equip ourselves with the building blocks to tackle what we cannot predict.”

Below are more highlights from the event, during which a panel of stakeholders also outlined the FOC’s role in ensuring that the internet and emerging technologies—including AI—adhere to democratic principles.

Deepening fundamental freedoms

Sherman explained that the FOC will aim to combat government-initiated internet shutdowns and ensure that people can “keep using technology to advance the reach of freedom.”
Boye Adegoke, senior manager of grants and program strategy at the Paradigm Initiative, recounted how technology was supposed to help improve transparency in Nigeria’s recent elections. But instead, the election results came in inconsistently and after long periods of time. Meanwhile, the government triggered internet shutdowns around the election period. “Bad actors… manipulate technology to make sure that the opinions and the wishes of the people do not matter at the end of the day,” he said.
“It’s very important to continue to communicate the work that the FOC is doing… so that more and more people become aware” of internet shutdowns and can therefore prepare for the lapses in internet service and in freely flowing, accurate information, Adegoke said.
On a practical level, once industry partners expose where disruptions are taking place, the FOC offers a mechanism by which democratic “governments can work together to sort of pressure other governments to say these [actions] aren’t acceptable,” Starzak argued.
The FOC also provides a place for dialogue on human rights in the online space, said Alissa Starzak, vice president and global head of public policy at Cloudfare. Adegoke, who also serves in the FOC advisory network, stressed that “human rights [are] rarely at the center of the issues,” so the FOC offers an opportunity to mainstream that conversation into policymakers’ discussions on technology.

Building resilience against digital authoritarianism

“Where all of [us FOC countries] may strive to ensure technology delivers for our citizens, autocratic regimes are finding another means of expression,” Sherman explained, adding that those autocratic regimes are using technologies to “divide and disenfranchise; to censor and suppress; to limit freedoms, foment fear, and violate human dignity.” New technologies are essentially “an avenue of control” for authoritarians, she explained.
At the FOC, “we will focus on building resilience against the rise of digital authoritarianism,” Sherman said, which has “disproportionate and chilling impacts on journalists, activists, women, and LGBTI+ individuals” who are often directly targeted for challenging the government or expressing themselves.
One of the practices digital authoritarians often abuse is surveillance. Sherman said that as part of the Summit for Democracy, the FOC and other partners will lay out guiding principles for the responsible use of surveillance tech.
Adegoke recounted how officials in Nigeria justified their use of surveillance tech by saying that the United States also used the technology. “It’s very important to have some sort of guiding principle” from the United States, he said.
After Biden signed the spyware executive order, Juan Carlos Lara, executive director at Derechos Digitales, said he expects other countries “to follow suit and hopefully to expand the idea of bans on spyware or bans on surveillance technology” that inherently pose risks to human rights.

Addressing artificial intelligence

“The advent of AI is arriving with a level of speed and sophistication we haven’t witnessed before,” warned Sherman. “Who creates it, who controls it, [and] who manipulates it will help define the next phase of the intersection between technology and democracy.”
Some governments, Sherman pointed out, have used AI to automate their censorship and suppression practices. “FOC members must build a consensus around policies to limit these abuses,” she argued.
Speaking from an industry perspective, Starzak acknowledged that sometimes private companies and governments “are in two different lanes” when it comes to figuring out how they should use AI. But setting norms for both good and bad AI use, she explained, could help get industry and the public sector in the same lane, moving toward a world in which AI is used in compliance with democratic principles.
Lara, who also serves in the FOC advisory network, explained that the FOC has a task force to specifically determine those norms on government use of AI and to identify the ways in which AI contributes to the promise—or peril—of technology in societies worldwide.

Improving digital inclusion

“The internet should be open and secure for everyone,” said Sherman. That includes “closing the gender gap online” by “expanding digital literacy” and “promoting access to safe online spaces” that make robust civic participation possible for all. Sherman noted that the FOC will specifically focus on digital inclusion for women and girls, LGBTI+ people, and people with disabilities.
Starzak added that in the global effort to cultivate an internet that “builds prosperity,” access to the free flow of information for all is “good for the economy and good for the people.” Attaining that version of the internet will require a “set of controls” to protect people and their freedoms online, she added.
Ultimately, there are major benefits to be had from expanded connectivity. According to Sherman, it “can drive economic growth, raise standards of living, create jobs, and fuel innovative solutions” for global challenges such as climate change, food insecurity, and good governance.

Katherine Walla is an associate director of editorial at the Atlantic Council.

Watch the full event

The post What to expect from the world’s democratic tech alliance as the Summit for Democracy unfolds appeared first on Atlantic Council.

Wendy Sherman on the United States’ priorities as it takes the helm of the Freedom Online Coalition

Atlantic Council — Tue, 28 Mar 2023 14:22:55 +0000

Watch the event

Live from the Freedom Online Coalition: How the FOC works for people around the world

Africa East Asia Europe & Eurasia Indo-Pacific

Event transcript

Uncorrected transcript: Check against delivery

Introduction
Rose Jackson
Director, Democracy & Tech Initiative, Digital Forensic Research Lab

Opening Remarks
Wendy Sherman
Deputy Secretary of State, US Department of State

Panelists
Boye Adegoke
Senior Manager, Grants and Program Strategy, Paradigm Initiative

Juan Carlos Lara
Executive Director, Derechos Digitales

Alissa Starzak
Vice President, Global Head of Public Policy, Cloudflare

Moderator
Khushbu Shah
Nonresident Fellow, Digital Forensic Research Lab

ROSE JACKSON: Hello. My name is Rose Jackson, and I’m the director of the Democracy + Tech Initiative here at the Atlantic Council in Washington, DC.

I’m honored to welcome you here today for this special event, streaming to you in the middle of the Freedom Online Coalition, or the FOC’s first strategy and coordination meeting of the year.

For those of you watching at home or many screens elsewhere, I’m joined here in this room by representatives from thirty-one countries and civil-society and industry leaders who make up the FOC’s advisory network. They’ve just wrapped up the first half of their meeting and wanted to bring some of the conversation from behind closed doors to the community working everywhere to ensure the digital world is a rights-respecting one.

It’s a particularly important moment for us to be having this conversation. As we get ready for the second Summit for Democracy later this week, the world’s reliance and focus on the internet has grown, while agreement [on] how to further build and manage it frays.

I think at this point it’s a bit of a throwaway line that the digital tools mediate every aspect of our lives. But the fact that most of the world has no choice but to do business, engage with their governments, or stay connected with friends and family through the internet makes the rules and norms around how that internet functions a matter of great importance. And even more because the internet is systemic and interconnected, whether it is built and imbued with the universal human rights we expect offline will determine whether our societies can rely on those rights anywhere.

Antidemocratic laws have a tendency of getting copied. Troubling norms are established in silence. And a splintering of approach makes it easier for authoritarians to justify their sovereign policies used to shutter dissent, criminalize speech, and surveil everyone. These are the core democratic questions of our time, and ensuring that the digital ecosystem is a rights-respecting one requires democracies [to row] in the same direction in their foreign policy and domestic actions.

The now twelve-year-old FOC, as the world’s only democratic tech alliance, presents an important space for democratic governments to leverage their shared power to this end, in collaboration with civil society and industry around the world.

We were encouraged last year when Secretary of State Antony Blinken announced at our open summit conference in Brussels that the US would take over as chair of the FOC in 2023 as part of its commitment to reinvest in the coalition and its success. Just over an hour ago, the US announced a new executive order limiting its own use of commercial spyware on the basis of risks to US national security and threats to human rights everywhere really brings home the stakes and potential of this work.

So today we’re honored to have Deputy Secretary of State Wendy Sherman here to share more about the US government’s commitment to these issues and its plans for the coming year as chair.

We’ll then turn to a panel of civil-society and industry leaders from around the world to hear more about how they view the role and importance of the FOC in taking action on everything from internet shutdowns to surveillance tech and generative AI. That session will be led by our nonresident fellow and the former managing editor of Rest of World Khushbu Shah.

Now, before I turn to the deputy secretary, I want to thank the FOC support unit, the US State Department, and our Democracy and Tech team here for making this event possible. And I encourage you in Zoomland to comment on and engage liberally with the content of today’s event on your favorite social media platforms, following at @DFRLab, and using the hashtags #SummitforDemocracy, #S4D too, or #PartnersforDemocracy.

For those tuning in remotely in need of closed captioning, please view today’s program on our YouTube channel through the link provided in the chat.

It is now my distinct honor to pass the podium to Deputy Secretary of State Wendy Sherman, who needs no introduction as one of our nation’s most experienced and talented diplomats.

Deputy Secretary, thank you so much for joining us.

WENDY SHERMAN: Good afternoon. It’s terrific to be with you, and thank you, Rose, for your introduction and for all of the terrific work that the Freedom Online Coalition is doing.

It is fitting to be here at the Atlantic Council for this event because your mission sums up our purpose perfectly: shaping the global future together. That is our fundamental charge in the field of technology and democracy: how we use modern innovations to forge a better future.

That’s what the DFRLab strives to achieve, through your research and advocacy, and that’s what the Freedom Online Coalition, its members, observers, and advisory network seek to accomplish through our work. Thank you for your partnership.

More than five decades ago—seems like a long time ago, but really very short—the internet found its origins in the form of the first online message ever sent, all of two letters in length, delivered from a professor at UCLA to colleagues at Stanford. It was part of a project conceived in university labs and facilitated by government. It was an effort meant to test the outer limits of rapidly evolving technologies and tap into the transformative power of swiftly growing computer networks.

What these pioneers intended at the time was actually to devise a system that could allow people to communicate in the event of a nuclear attack or another catastrophic event. Yet what they created changed everything—how we live and work, how we participate in our economy and in our politics, how we organize movements, how we consume media, read books, order groceries, pay bills, run businesses, conduct research, learn, write, and do nearly everything we can think of.

Change didn’t happen overnight, of course, and that change came with both promise and peril. This was a remarkable feat of scientific discovery, and it upended life as we know it for better, and sometimes, worse.

Over the years, as we went from search engines to social media, we started to face complicated questions as leaders, as parents and grandparents, as members of the global community—questions about how the internet can best be used, how it should be governed, who might misuse it, how it impacts our children’s mental and emotional health, who could access it, and how we can ensure that access is equitable—benefitting people in big cities, rural areas, and everywhere in between. Big-picture questions arose about these tectonic shifts. What would they mean for our values and our systems of governance? Whether it’s the internet as we understand it today or artificial intelligence revolutionizing our world tomorrow, will digital tools create more democracy or less? Will they be deployed to maximize human rights or limit them? Will they be used to enlarge the circle of freedom or constraint and contract it?

For the United States, the Freedom Online Coalition, and like-minded partners, the answer should point in a clear direction. At a basic level, the internet should be open and secure for everyone. It should be a force for free enterprise and free expression. It should be a vast forum that increases connectivity, that expands people’s ability to exercise their rights, that facilitates unfettered access to knowledge and unprecedented opportunities for billions.

Meeting that standard, however, is not simple. Change that happens this fast in society and reaches this far into our lives rarely yields a straightforward response, especially when there are those who seek to manipulate technology for nefarious ends. The fact is where all of us may strive to ensure technology delivers for our citizens, autocratic regimes are finding another means of expression. Where democracies seek to tap into the power of the internet to lift individuals up to their highest potential, authoritarian governments seek to deploy these technologies to divide and disenfranchise, to censor and suppress, to limit freedoms, [to] foment fear and [to] violate human dignity. They view the internet not as a network of empowerment but as an avenue of control. From Cuba and Venezuela to Iran, Russia, the PRC, and beyond, they see new ways to crush dissent through internet shutdowns, virtual blackouts, restricted networks, blocked websites, and more.

Here in the United States, alongside many of you, we have acted to sustain connections to internet-based services and the free flow of information across the globe, so no one is cut off from each other, the outside world, or cut off from the truth. Yet even with these steps, none of us are perfect. Every day, almost everywhere we look, democracies grapple with how to harness data for positive ends, while preserving privacy; how to bring out the best in modern innovations without amplifying their worst possibilities; how to protect the most vulnerable online while defending the liberties we hold dear. It isn’t an easy task, and in many respects, as I’ve said, it’s only getting harder. The growth of surveillance capabilities is forcing us to constantly reevaluate how to strike the balance between using technologies for public safety and preserving personal liberties.

The advent of AI is arriving with a level of speed and sophistication we haven’t witnessed before. It will not be five decades before we know the impact of AI. That impact is happening now. Who creates it, who controls it, [and] who manipulates it will help define the next phase of the intersection between technology and democracy. By the time we realize AI’s massive reach and potential, the internet’s influence might really pale in comparison. The digital sphere is an evolving and is evolving at a pace we can’t fully fathom and in ways at least I can’t completely imagine. Frankly, we have to accept the fact that the FOC’s absolutely vital work can feel like a continuous game of catchup. We have to acknowledge that the guidelines we adopt today might seem outdated as soon as tomorrow.

Now let me be perfectly clear: I am not saying we should throw up our hands and give up. To the contrary, I’m suggesting that this is a massive challenge we have to confront and a generational change we have to embrace. We have to set standards that meet this moment and that lay the foundation for whatever comes next. We have to address what we see in front of us and equip ourselves with the building blocks to tackle what we cannot predict.

To put a spin on a famous phrase, with the great power of these digital tools comes great responsibility to use that power for good. That duty falls on all our shoulders and the stakes could not be higher for internet freedom, for our common prosperity, for global progress, because expanded connectivity, getting the two billion unconnected people online can drive economic growth, raise standards of living, create jobs, and fuel innovative solutions for everything from combating climate change to reducing food insecurity, to improving public health, to promoting good governance and sustainable development.

So we need to double down on what we stand for: an affirmative, cohesive, values-driven, rights-respecting vision for democracy in a digital era. We need to reinforce rules of the road for cyberspace that mirror and match the ideals of the rules-based international order. We need to be ready to adapt our legal and policy approaches for emerging technologies. We need the FOC—alongside partners in civil society, industry, and elsewhere—to remain an essential vehicle for keeping the digital sphere open, secure, interoperable, and reliable.

The United States believes in this cause as a central plank of our democracy and of our diplomacy. That’s why Secretary Blinken established our department’s Bureau of Cyberspace and Digital Policy, and made digital freedom one of its core priorities. That’s why the Biden-Harris administration spearheaded and signed into and onto the principles in the Declaration for the Future of the Internet alongside sixty-one countries ready to advance a positive vision for digital technologies. That’s why we released core principles for tech-platform accountability last fall and why the president called on Congress to take bipartisan action in January.

That’s why we are committed to using our turn as FOC chair as a platform to advance a series of key goals.

First, we will deepen efforts to protect fundamental freedoms, including human rights defenders online and offline, many of whom speak out at grave risk to their own lives and to their families’ safety. We will do so by countering disruptions to internet access, combating internet shutdowns, and ensuring everyone’s ability to keep using technology to advance the reach of freedom.

Second, we will focus on building resilience against the rise of digital authoritarianism, the proliferation of commercial spyware, and the misuse of technology, which we know has disproportionate and chilling impacts on journalists, activists, women, and LGBTQI+ individuals. To that end, just a few hours ago President Biden issued an executive order that for the first time will prohibit our government’s use of commercial spyware that poses a risk to our national security or that’s been misused by foreign actors to enable human rights abuses overseas.

On top of that step, as part of this week’s Summit for Democracy, the members of the FOC and other partners will lay out a set of guiding principles on government use of surveillance technologies. These principles describe responsible practices for the use of surveillance tech. They reflect democratic values and the rule of law, adherence to international obligations, strive to address the disparate effect on certain communities, and minimize the data collected.

Our third objective as FOC chair focuses on artificial intelligence and the way emerging technologies respect human rights. As some try to apply AI to help automate censorship of content and suppression of free expression, FOC members must build a consensus around policies to limit these abuses.

Finally, we will strengthen our efforts on digital inclusion—on closing the gender gap online; on expanding digital literacy and skill-building; on promoting access to safe online spaces and robust civic participation for all, particularly women and girls, LGBTQI+ persons, those with disabilities, and more.

Here’s the bottom line: The FOC’s work is essential and its impact will boil down to what we do as a coalition to advance a simple but powerful idea, preserving and promoting the value of openness. The internet, the Web, the online universe is at its best when it is open for creativity and collaboration, open for innovation and ideas, open for communication and community, debate, discourse, disagreement, and diplomacy.

The same is true for democracy—a system of governance, a social contract, and a societal structure is strongest when defined by open spaces to vote, deliberate, gather, demonstrate, organize, and advocate. This openness could not be more important, because when the digital world is transparent, when democracy is done right, that’s when everyone has a stake in our collective success. That’s what makes everyone strive for a society that is free and fair in our politics and in cyberspace. That’s what we will give—that’s what we’ll give everyone reason to keep tapping into the positive potential of technology to forge a future of endless possibility and boundless prosperity for all.

So good luck with all your remaining work; lots ahead. And thank you so much for everything that you all do. Thank you.

KHUSHBU SHAH: Hello, everybody. Thank you so much for joining us. I’m Khushbu Shah, a journalist and a nonresident fellow at the Atlantic Council’s DFRLab.

We’re grateful to have these three experts here with us today to discuss rights in the digital world and the Freedom Online Coalition’s role in those rights. I’ll introduce you to these three experts.

This is Adeboye Adegoke, who is the senior manager of grants and program strategy at Paradigm Initiative. We have Alissa Starzak, the vice president and global head of public policy at Cloudflare, and Juan Carlos, known as J.C., Lara, who’s the executive director of Derechos Digitales. And so I will mention that both J.C. and Adeboye are also on the FOC’s Advisory Network, which was created as a strong mechanism for ongoing multi-stakeholder engagement.

And so I’ll start with the thirty-thousand-foot view. So we’ve heard—we’ve just heard about the FOC and its continued mission with the United States at the helm as chair this year in an increasingly interconnected and online world. More than five billion people are online around the world. That’s the majority of people [on] this planet. We spend nearly half of our time that we’re awake online, around more than 40 percent.

We as a global group of internet users have evolved in our use of the internet, as you’ve heard, since the creation of the FOC in 2011.

So Adeboye, why do you think now suddenly so many people are suddenly focused on technology as a key democratic issue? And speaking, you know, from your own personal experience in Nigeria, should we be?

ADEBOYE ADEGOKE: Yeah. I mean, I think the reasons are very clear, not just [looking out] to any region of the world, but, you know, generally speaking, I mean, the Cambridge Analytica, you know, issue comes to mind.

But also just speaking, you know, very specifically to my experience, on my reality as a Nigerian and as an African, I mean, we just concluded our general elections, and technology was made to play a huge role in ensuring transparency, you know, the integrity of the elections, which unfortunately didn’t achieve that objective.

But besides that, there are also a lot of concerns around how technology could be manipulated or has been manipulated in order to literally alter potential outcomes of elections. We’re seeing issues of microtargeting; you know, misinformation campaigns around [the] election period to demarcate, you know, certain candidates.

But what’s even most concerning for me is how technology has been sometimes manipulated to totally alter the outcome of the election. And I’ll give you a very clear example in terms of the just-concluded general elections in Nigeria. So technology was supposed to play a big role. Results were supposed to be transmitted to a central server right from the point of voting. But unfortunately, those results were not transmitted.

In fact, as a matter of fact, three or four days after the election, 50 percent of the results were not uploaded. As of the time that the election results were announced, those results were—less than 50 percent of the results had been transmitted, which then begin to, you know, lead to questioning of the integrity of those outcomes. These are supposed to be—elections are supposed to be transmitted, like, on the spot. So, you know, it becomes concerning.

The electoral panel [gave] an excuse that there was a technical glitch around, you know, their server and all of that. But then the question is, was there actually a technical glitch, or was there a compromise or a manipulation by certain, you know, bad actors to be able to alter the outcome of the election? [This] used to be the order of the day in many supposedly, you know, democratic countries, especially from the part of the world that I come from, where people really doubt whether what they see as the outcomes of their election is the actual outcome or somebody just writing something that they want.

So technology has become a big issue in elections. On one side, technology has the potential to improve on [the] integrity of elections. But on the other side, bad actors also have the tendency to manipulate technology to make sure that the opinions or the wishes of the people do not matter at the end of the day. So that’s very important here.

KHUSHBU SHAH: And you just touched on my next question for Alissa and J.C. So, as you mentioned, digital authoritarians have used tech to abuse human rights, limit internet freedoms. We’re seeing this in Russia and Myanmar, Sudan, and Libya. Those are some examples. [The] deputy secretary mentioned a few others. For example, in early 2022, at the start of its invasion of Ukraine, Russia suppressed domestic dissent by closing or forcing into exile the handful of remaining independent media outlets. In at least fifty-three countries, users have faced legal repercussions for expressing themselves online, often leading to prison terms, according to a report from Freedom House. It’s a trend that leaves people on the frontlines defenseless, you know, of course, including journalists and activists alike.

And so, J.C., what have you seen globally? What are the key issues we must keep an eye on? And what—and what are some practical steps to mitigate some of these issues?

JUAN CARLOS LARA: Yeah. I think it’s difficult to think about the practical steps without first addressing what those issues are. And I think Boye was pointing out basically what has been a problem as perceived in many in the body politic, or many even activists throughout the world. But I think it’s important to also note that these broader issues about the threats to democracy, about the threats to human rights, [they] manifest sometimes differently. And that includes how they are seen in my region, in Latin America, where, for instance, the way in which you see censorship might differ from country to country.

While some have been able to pass laws, authoritarian laws that restrict speech and that restrict how expression is represented online and how it’s penalized, some other countries have resorted to the use of existing censorship tools. Like, for instance, some governments [are] using [Digital Millennium Copyright Act] notice and technical mechanisms to delete or to remove some content from the online sphere. So that also becomes a problematic issue.

So when we speak about, like, how do we go into, like, the practical ways to address this, we really need to identify… some low-level practices [that] connect with the higher-level standards that we aspire to for democracies; and how bigger commitments to the rule of law and to fair elections and to addressing and facing human rights threats goes to the lower level of what are actually doing in governments, what people are actually doing when they are presented with the possibility of exercising some power that can affect the human rights of the population in general. So to summarize a bit of that point, we still see a lot of censorship, surveillance, internet blockings, and also, increasingly, the use of emerging technologies as things that might be threatening to human rights.

And while some of those are not necessarily exclusive to the online sphere, they are certainly been evolving—they have been evolving [for] several years. So we really need to address how those are represented today.

KHUSHBU SHAH: Thank you. Alissa, as our industry expert I want to ask you the same question. And especially I want you to maybe touch upon what J.C. was saying about low-level practices that might be practical.

ALISSA STARZAK: You know, I think I actually want to step back and think about all of this, because I think—I think one of the challenges that we’ve seen, and we certainly heard this in Deputy Secretary Sherman’s remarks—is that technology brings opportunities and risks. And some of the challenges, I think, that we’ve touched on are part of the benefit that we saw initially. So the drawbacks that come from having broad access is that you can cut it off.

And I think that as we go forward, thinking about the Freedom Online Coalition and sort of how this all fits together, the idea is to have conversations about what it looks like long term, what are the drawbacks that come from those low-level areas, making sure that there is an opportunity for activists to bring up the things that are coming up, for industry, sort of folks in my world, to do the same. And making sure that there’s an opportunity for governments to hear it in something that actually looks collaborative.

And so I think that’s our big challenge. We have to find a way to make sure [that] those conversations are robust, that there is dialogue between all of us, and [that] we can both identify the risks that come from low-level practices like that and then also figure out how to mitigate them.

KHUSHBU SHAH: Thank you. And so, back to you—both of you. I’d like to hear from you both about, as part of civil society—we can start with you, Adegoke—what role as an organization, such as the Freedom Online Coalition, what kind of role can it play in all of these issues that we’re talking about as it expands and it grows in its own network?

ADEBOYE ADEGOKE: Yeah. So I think the work of the Freedom Online Coalition is very critical in such a time as this. So when you look at most international or global [platforms] where conversations around technology, its impact, are being discussed, human rights is rarely at the center of the issues. And I think that is where the advocacy comes in terms of highlighting and spotlighting, you know, the relevance of human rights of this issue. And as a matter of fact, not just relevance but the importance of human rights to this issue.

I think the work of the FOC is relevant even more to the Global South than probably it is to the Global North because in the Global South you—our engagement with technology, and I mean at the government level, is only from the—it’s likely from the perspective of… economics and… security. [Human rights] is, sadly, in an early part of the conversation. So, you know, with a platform like the FOC, it’s an opportunity to mainstream human rights into the technology, you know, conversation generally, and it’s a great thing that some of us from that part of the world are able to engage at this level and also bring those lessons back to our work, you know, domestically in terms of how we engage the policy process in our countries.

And that’s why it’s very important for the work of FOC to be expanded to—you know, to have real impact in terms of how it is deliberate—in terms of how it is—it is deliberate in influencing not just regional processes, but also national processes, because the end goal—and I think the beauty of all the beautiful work that is being done by the coalition—is to see how that reflects on what governments, in terms of how governments are engaging technology, in terms of how governments are consciously taking into cognizance the human rights implication of, you know, new emerging technologies and even existing technologies. So I think the FOC is very, very important stakeholder in technology conversation globally.

KHUSHBU SHAH: J.C., I want to ask you the same question, especially as Chile recently joined the FOC in recent years. And love to hear what you think.

JUAN CARLOS LARA: Yeah. I think it’s important to also note what Boye was saying in the larger context of when this has happened for the FOC. Since its creation, we have seen what has happened in terms of shutdowns, in terms of war, in terms of surveillance revelations. So it’s important to also connect what the likemindedness of certain governments and the high-level principles have to do with the practice of those same governments, as well as their policy positions both in foreign policy forums and internally, as the deputy secretary was mentioning.

I think it’s—that vital role that Boye was highlighting, it’s a key role but it’s a work in progress constantly. In which way? Throughout the process of the FOC meeting and producing documents and statements, that’s when the advisory network that Boye and myself are members of was created. Throughout that work, we’ve been able to see what happens inside the coalition and what—the discussions they’re having to some degree, because I understand that some of them might be behind closed doors, and what those—how the process of those statements comes to be.

So we have seen that very important role [in] how it’s produced and how it’s presented by the governments and their dignitaries. However, I still think that it’s a work in progress because we still need to be able to connect that with the practice of governments, including those that are members of the coalition, including my own government that recently joined, and how that is presented in internal policy. And at the same time, I think that key role still has a big room—a big role to play in terms of creating those principles; in terms of developing them into increasingly detailed points of action for the countries that are members of; but also then trying to influence other countries, those that are not members of the coalition, in order to create, like, better standards for human rights for all of internet users.

KHUSHBU SHAH: Any thoughts, Alissa?

ALISSA STARZAK: Yeah. You know, I think J.C. touched on something that is—that is probably relevant for everyone who’s ever worked in government which is the reality that governments are complicated and there isn’t one voice, often, and there frequently what you see is that the people who are focused on one issue may not have the same position as people who are working on it from a different angle. And I think the interesting thing for me about the FOC is not that you have to change that as a fundamental reality, but that it’s an opportunity for people to talk about a particular issue with a focus on human rights and take that position back. So everybody sitting in this room who has an understanding of what human rights online might look like, to be able to say, hey, this is relevant to my government in these ways if you’re a government actor, or for civil society to be able to present a position, that is really meaningful because it means that there’s a voice into each of your governments. It doesn’t mean that you’re going to come out with a definitive position that’s always going to work for everyone or that it’s going to solve all the problems, but it’s a forum. And it’s a forum that’s focused on human rights, and it’s focused on the intersection of those two, which really matters.

So, from an FOC perspective, I think it’s an opportunity. It’s not going to ever be the be all and end all. I think we all probably recognize that. But you need—I think we need a forum like this that really does focus on human rights.

KHUSHBU SHAH: An excellent point and brings me to my next question for you three. Let’s talk specifics, speaking of human rights: internet shutdowns. So we’ve mentioned Russia. Iran comes to mind as well during recent months, during protests, and recently, very recently, the Indian government cut tens of millions of people off in the state of Punjab as they search for a Sikh separatist.

So what else can this look like, J.C.? Those are some really sort of very basic, very obvious examples of internet shutdowns. And how can the FOC and its network of partners support keeping people online?

JUAN CARLOS LARA: Yes, thank you for that question because specifically for Latin America, the way in which shutdowns may present themselves is not necessarily a huge cutting off of the internet for many people. It sometimes presents in other ways, like, for instance, we have seen the case of one country in South America in which their telecommunication networks has been basically abandoned, and therefore, all of the possibilities of using the internet are lost not because the government has decided to cut the cable, but rather because it’s let it rot, or because it presents in the form of partially and locally focused cutting off services for certain platforms.

I think the idea of internet shutdowns has provided awareness about the problems that come with losing access to the internet, but that also can be taken by governments to be able to say they have not shut access to the internet; it’s just that there’s either too much demand in a certain area or that a certain service has failed to continue working, or that it’s simply failures by telecommunication companies, or that a certain platform has not complied with its legal or judicial obligations and therefore it needs to be taken off the internet. So it’s important that when we speak about shutdowns we consider the broader picture and not just the idea of cutting off all of the internet.

KHUSHBU SHAH: Adeboye, I’d like to hear what your thoughts are on this in the context of Nigeria.

ADEBOYE ADEGOKE: Yeah. It’s really very interesting. And to the point, you know, he was making about, you know, in terms of when we talk about shutdown, I think the work around [understanding shutdowns] has been great and it’s really helped the world to understand what is happening globally. But just as he said, I think there are also some other forms of exclusion that [happen] because of government actions and inactions that probably wouldn’t fall on that thematic topic of shutdown, but it, in a way, is some sort of exclusionary, you know, policy.

So an example is in some remote areas in Nigeria, for example, for most of the technology companies who are laying cables, providing internet services, it doesn’t make a lot of business sense for them to be, you know, present in those locations. And to make the matter worse for them, the authorities, the local governments, those are imposing huge taxes on those companies to be able to lay their fiber cables into those communities, which means that for the businesses, for the companies it doesn’t make any economic sense to invest in such locations. And so, by extension, those [kinds] of people are shut down from the internet; they are not able to assess communication network and all of that.

But I also think it’s very important to highlight the fact that—I mean, I come from the continent where internet is shut down for the silliest reason that you can imagine. I mean, there have been [shutdowns] because [the] government was trying to prevent students cheating in exams, you know? Shutdowns are common during elections, you know? [Shutdowns] happen because [the] government was trying to prevent gossip. So it’s the silliest of reasons why there have been internet [shutdowns] in the area, you know, in the part of the world that I am from.

But what I think—in the context of the work that the FOC does, I think something that comes to mind is how we are working to prevent future [shutdowns]. I spoke about the election that just ended in Nigeria. One of the things that we did was to, shortly before the election, organize, like, a stakeholder meeting of government representative, of fact checkers, of, you know, the platforms, the digital companies, civil society [organizations], and electoral [observers]… to say that, OK, election is—if you are from Africa, any time election is coming you are expecting a shutdown. So it’s to have a conversation and say: Election is coming. There is going to be a lot of misinformation. There’s going to be heightened risk online. But what do we need to do to ensure that we don’t have to shut down the internet?

So, for Nigeria, we were able to have that conversation a few weeks before the election, and luckily the [internet was] not shut down. So I mean, I would describe that as a win. But just to emphasize that it is helpful when you engage in a platform like the FOC to understand the dimensions that [shutdowns] take across the world. It kind of helps you to prepare for—especially if you were in the kind of tradition that we were to prepare for potential shutdown. And also I think it’s also good to spotlight the work that Access Now has done with respect to spotlighting the issue of shutdown because it helps to get their perspective.

So, for example, I’m from Nigeria. We have never really experienced widespread shutdown in Nigeria, but because we are seeing it happen in our sister—in our neighboring countries—we are kind of conscious of that and were able to engage ahead of elections to see, oh, during election in Uganda, [the] internet was shut down. In Ethiopia, [the] internet was shut down. So it’s likely [the] internet will be shut down in Nigeria. And then to say to the authority: No, you know what? We don’t have to shut down the internet. This is what we can do. This is the mechanism on [the] ground to identify risk online and address those risks. And also, holding technology platform accountable to make sure that they put mechanism in place, to make sure they communicate those mechanisms clearly during elections.

So it’s interesting how much work needs to go into that, but I think it’s… important work. And I think for the FOC, it’s also—it’s also very important to continue to communicate the work that the FOC is doing in that regard so that more and more people become aware of it, and sort of more people are prepared, you know, to mitigate it, especially where you feel is the highest risk of shutdown.

KHUSHBU SHAH: Thank you. I’m going to jump across to the other side of that spectrum, to surveillance tech, to the—to the almost literally—the opposite, and I wanted to start with the news that Deputy Secretary Sherman mentioned, with the news that the Biden administration announced just this afternoon, a new executive order that would broadly ban US federal agencies from using commercially developed spyware that poses threats to human rights and national security.

The deputy secretary also mentioned, Alissa, some guiding principles that they were going to announce later this week with the FOC. What are some—what are some things—what are some principles or what are some ambitions that you would hope to see later this week?

ALISSA STARZAK: So I think there’s a lot coming is my guess. Certainly the surveillance tech piece is an important component, but I think there are lots of broad guidelines.

I actually want to go back to shutdowns for a second, if you don’t mind…. Because I think it’s a really interesting example of how the FOC can work well together and how you take all of the different pieces—even at this table—of what—how you sort of help work on an internet problem or challenge, right? So you have a world where you have activists on the ground who see particular challenges who would then work with their local government. You have industry partners like Cloudflare who can actually show what’s happening. So are there—is there a shutdown? Is there a network disruption? So you can take the industry component of it, and that provides some information for governments, and then governments can work together to sort of pressure other governments to say these aren’t acceptable. These are—these norms—you can’t—no, you can’t shut down because you are worried about gossip, and cheating, and an exam, right? There’s a set of broad international norms that become relevant in that space, and I think you take that as your example. So you have the players—you have the government to government, you have the civil society to government, you have the industry which provides information to government and civil society. And those are the pieces that can get you to a slightly better place.

And so when I look at the norms coming out later this week, what I’m going to be looking for are that same kind of triangulation of using all of the players in the space to come to a better—to come to a better outcome. So whether that’s surveillance tech, sort of understanding from civil society how it has been used, how you can understand it from other tech companies, how you can sort of mitigate against those abuses, working with governments to sort of address their own use of it to make sure that that doesn’t become a forum—all of those pieces are what you want from that model. And I think—so that’s what I’m looking for in the principles that come out. If they have that triangulation, I’m going to be—I’m going to be very happy.

KHUSHBU SHAH: What would you both be looking for, as well? J.C., I’ll start with you.

JUAN CARLOS LARA: Yeah, as part of the [FOC advisory network], of course, there might be some idea of what’s coming in when we speak about principles for governments for the use of surveillance capabilities.

However, there are two things that I think are very important to consider for this type of issue: first of all is that which principles and which rules are adopted by the states. I mean, it’s a very good—it’s very good news that we have this executive order as a first step towards thinking how states refrain from using surveillance technology disproportionately or indiscriminately. That’s a good sign in general. That’s a very good first step. But secondly, within this same idea, we would expect other countries to follow suit and hopefully to expand the idea of bans on spyware or bans on surveillance technology that by itself may pose grave risks to human rights, and not just in the case of this, or that, or the fact that it’s commercial spyware, which is a very important threat including for countries in Latin America who are regular customers for certain spyware producers and vendors.

But separately from that, I think it’s very important to also understand how this ties into the purposes of the Freedom Online Coalition and its principles, and how to have further principles that hopefully pick up on the learnings that we have had for several years of discussion on the deployment of surveillance technologies, especially by academia and civil society. If those are picked up by the governments themselves as principle, we expect that to exist in practice.

One of the key parts of the discussion on commercial spyware is that I can easily think of a couple of Latin American countries that are regular customers. And one of them is an FOC member. That’s very problematic, when we speak about whether they are abiding by these principles and by human rights obligations or not, and therefore whether these principles will generate any kinds of restraint in the use and the procurement of such surveillance tools.

KHUSHBU SHAH: So I want to follow up on that. Do you think that there—what are the dangers and gaps of having this conversation without proposing privacy legislation? I want to ask both of our—

JUAN CARLOS LARA: Oh, very briefly. Of course, enforcement and the fact that rules may not have the institutional framework to operate I think is a key challenge. That is also tied to capacities, like having people with enough knowledge and have enough, of course, exchange of information between governments. And resources. I think it’s very important that governments are also able to enact the laws that they put in the books, that they are able to enforce them, but also to train every operator, every official that might be in contact with any of these issues. So that kind of principle may not just be adopted as a common practice, but also in the enforcement of the law, so get into the books. Among other things, I think capacities and resources are, like—and collaboration—are key for those things.

KHUSHBU SHAH: Alissa, as our industry expert, I’d like to ask you that same question.

ALISSA STARZAK: You know, I think one of the interesting things about the commercial spyware example is that there is a—there is a government aspect on sort of restricting other people from doing certain things, and then there is one that is a restriction on themselves. And so I think that’s what the executive order is trying to tackle. And I think that the restricting others piece, and sort of building agreement between governments that this is the appropriate thing to do, is—it’s clearly with the objective here, right?

So, no, it’s not that every government does this. I think that there’s a reality of surveillance foreign or domestic, depending on what it looks like. But thinking about building rulesets of when it’s not OK, because I think there is—there can be agreement if we work together on what that ruleset looks like. So we—again, this is the—we have to sort of strive for a better set of rules across the board on when we use certain technologies. And I think—clearly, I think what we’ve heard, the executive order, it’s the first step in that process. Let’s build something bigger than ourselves. Let’s build something that we can work across governments for. And I think that’s a really important first step.

ADEBOYE ADEGOKE: OK. Yeah, so—yeah, so, I think, yeah, the executive order, it’s a good thing. Because I was, you know, thinking to myself, you know, looking back to many years ago when in my—in our work when we started to engage our government regarding the issue of surveillance and, you know, human rights implications and all of that, I recall very vividly a minister at the time—a government minister at the time saying that even the US government is doing it. Why are you telling us not to do it? So I think it’s very important.

Leadership is very key. The founding members of the FOC, if you look FOC, the principles and all of that, those tests are beautiful. Those tests are great. But then there has to be a demonstration of—you know, of application of those tests even by the governments leading, you know, the FOC so that it makes the work of people like us easier, to say these are the best examples around and you don’t get the kind of feedback you get many years ago; like, oh, even the US government is doing it. So I think the executive order is a very good place to start from, to say, OK, so this is what the US government is doing right now and this is how it wants to define their engagement with spyware.

But, of course, like, you know, he said, it has to be, you know, expanded beyond just, you know, concerns around spyware. It has to be expanded to different ways in which advanced technology [is] applied in government. I come from a country that has had to deal with the issues of, you know, terrorism very significantly in the past ten years, thereabout, and so every justification you need for surveillance tech is just on the table. So whenever you want to have the human rights conversation, somebody’s telling you that, you want terrorists to kill all of us? You know? So it’s very important to have some sort of guiding principle.

Yeah, we understand [the] importance of surveillance to security challenges. We understand how it can be deployed for good uses. But we also understand that there are risks to human-rights defenders, to journalists, you know, to people who hold [governments] accountable. And those have to be factored into how these technologies are deployed.

And in terms of, you know, peculiar issues that we have to face, basically you are dealing with issues around oversight. You are dealing with issues around transparency. You are dealing with issues around [a] lack of privacy frameworks, et cetera. So you see African governments, you know, acquiring similar technologies, trying, you know, in the—I don’t want to say in the guise, because there are actually real problems where those technologies might be justified. But then, because of the lack of these principles, these issues around transparency, oversight, legal oversight, human-rights considerations, it then becomes problematic, because this too then become—it’s true that it is used against human-rights defenders. It’s true that it is used against opposition political parties. It’s true that it is used against activists and dissidents in the society.

So it’s very important to say that we look at the principle that has been developed by the FOC, but we want to see FOC government demonstrate leadership in terms of how they apply those principles to the reality. It makes our work easier if that happens, to use that as an example, you know, to engage our government in terms of how this is—how it is done. And I think these examples help a lot. It makes the work very easy—I mean, much easier; not very easy.

KHUSHBU SHAH: Well, you mentioned a good example; so the US. So you reminded me of the biometric data that countries share in Central and North America as they monitor refugees, asylum seekers, migrants. Even the US partakes. And so, you know, what can democracies do to address the issue when they’re sometimes the ones leveraging these same tools? Obviously, it’s not the same as commercial spyware, but—so what are the boundaries of surveillance and appropriate behavior of governments?

J.C., can I throw that question to you?

JUAN CARLOS LARA: Happy to. And we saw a statement by several civil-society organizations on the use of biometric data with [regard] to migrants. And I think it’s very important that we address that as a problem.

I really appreciated that Boye mentioned, like, countries leading by example, because that’s something that we are often expecting from countries that commit themselves to high-level principles and that sign on to human-rights instruments, that sign declarations by the Human Rights Council and the General Assembly of the [United Nations] or some regional forums, including to the point of signing on to FOC principles.

I think that it’s very problematic that things like biometric data are being used—are being collected from people that are in situations of vulnerability, as is the case of very—many migrants and many people that are fleeing from situations of extreme poverty and violence. And I think it’s very problematic also that also leads to [the] exchange of information between governments without proper legal safeguards that prevent that data from falling into the hands of the wrong people, or even that prevent that data from being collected from people that are not consenting to it or without legal authorization.

I think it’s very problematic that countries are allowing themselves to do that under the idea that this is an emergency situation without proper care for the human rights of the people who are suffering from that emergency and that situations of migrations are being treated like something that must be stopped or contained or controlled in some way, rather than addressing the underlying issues or rather than also trying to promote forms of addressing the problems that come with it without violating human rights or without infringing upon their own commitments to human dignity and to human privacy and to the freedom of movement of people.

I think it’s—that it’s part of observing legal frameworks and refraining from collecting data that they are not allowed to, but also to obeying their own human-rights commitments. And that often leads to refraining from taking certain action. And in that regard, I think the discussions that there might be on any kind of emergency still needs to take a few steps back and see what countries are supposed to do and what obligations they are supposed to abide [by] because of their previous commitments.

KHUSHBU SHAH: So thinking about what you’ve just said—and I’m going to take a step back. Alissa, I’m going to ask you kind of a difficult question. We’ve been talking about specific examples of human rights and what it means to have online rights in the digital world. So what does it mean in 2023? As we’re talking about all of this, all these issues around the world, what does it mean to have freedom online and rights in the digital world?

ALISSA STARZAK: Oh, easy question. It’s really easy. Don’t worry; we’ve got that. Freedom Online’s got it; you’ve just got to come to their meetings.

No, I think—I think it’s a really hard question, right? I think that we have—you know, we’ve built something that is big. We’ve built something where we have sort of expectations about access to information, about the free flow of information across borders. And I think that, you know, what we’re looking at now is finding ways to maintain it in a world where we see the problems that sometimes come with it.

So when I look at the—at the what does it mean to have rights online, we want to—we want to have that thing that we aspire to, I think that Deputy Secretary Sherman mentioned, the sort of idea that the internet builds prosperity, that the access to the free flow of information is a good thing that’s good for the economy and good for the people. But then we have to figure out how we build the set of controls that go along with it that are—that protect people, and I think that’s where the rule of law does come into play.

So thinking about how we build standards that are respect—that respect human rights in the—when we’re collecting all of the information of what’s happening online, right, like, maybe we shouldn’t be collecting all of that information. Maybe we should be thinking of other ways of addressing the concerns. Maybe we should be building [a] framework that countries can use that are not us, right, or that people at least don’t point to the things that a country does and say, well, if they can do this, I can do this, right, using it for very different purposes.

And I think—I think that’s the kind of thing that we’re moving—we want to move towards, but that doesn’t really answer the underlying question is the problem, right? So what are the rights online? We want as many rights as possible online while protecting security and safety, which is, you know, also—they’re also individual rights. And it’s always a balance.

KHUSHBU SHAH: It seems like what you’re touching on—J.C., would you like to—

JUAN CARLOS LARA: No. Believe me.

KHUSHBU SHAH: Well, it seems like what you’re talking about—and we’re touching—we’ve, like, talked around this—is, like, there’s a—there’s a sense of impunity, right, when you’re on—like in the virtual world, and that has led to what we’ve talked about for the last forty minutes, right, misinformation/disinformation. And if you think about what we’ve all been talking about for the last few weeks, which is AI—and I know there have been some moments of levity. I was thinking about—I was telling Alissa about how there was an image of the pope wearing a white puffer jacket that’s been being shown around the internets, and I think someone pointed out that it was fake, that it was AI-generated. And so that’s one example. Maybe it’s kind of a fun example, but it’s also a little bit alarming.

And I think about the conversation we’re having, and what I really want to ask all of you is, so, how might these tools—like the AI, the issue of AI—further help or hurt [human rights] activists and democracies as we’re going into uncharted territories, as we’re seeing sort of the impact of it in real time as this conversation around it evolves and how it’s utilized by journalists, by activists, by politicians, by academics? And what should the FOC do—I know I’m asking you again—what can the FOC do? What should we aim for to set the online world on the right path for this uncharted territory? I don’t know who wants to start and attempt.

ADEBOYE ADEGOKE: OK, I’ll start. Yeah.

So I think it’s great that, you know, the FOC has, you know, different task [forces] working on different thematic issues, and I know there is a task force on the issue of artificial intelligence and human rights. So I think for me that’s a starting point, you know, providing core leadership on how emerging technology generally impacts… human rights. I think that’s the starting point in terms of what we need to do because, like the deputy secretary said, you know, technology’s moving at such a pace that we can barely catch up on it. So we cannot—we cannot afford to wait one minute, one second before we start to work on this issue and begin to, you know, investigate the human rights implications of all of those issues. So it’s great that the FOC’s doing that work.

I would just say that it’s very important for—and I think this [speaks] generally to the capacities of the FOC. I think the FOC needs to be further capacitated so that this work can be made to bear in real-life issues, in regional, in national engagement so that some of the hard work that has been put into those processes can really reflect in real, you know, national and regional processes.

ALISSA STARZAK: Yeah. So I definitely agree with that.

I think—I think on all of these issues I think we have a reality of trying to figure out what governments do and then what private companies do, or what sort of happens in industry, and sometimes those are in two different lanes. But in some ways figuring out what governments are allowed to do, so thinking about the sort of negative potential uses of AI may be a good start for thinking about what shouldn’t happen generally. Because if you can set a set of norms, if you can start with a set of norms about what acceptable behavior looks like and where you’re trying to go to, you’re at least moving in the direction of the world that you think you want together, right?

So understanding that you shouldn’t be generating it for the purpose of misinformation or, you know, that—for a variety of other things, at least gets you started. It’s a long—it’s going to be a long road, a long, complicated road. But I think there’s some things that can be done there in the FOC context.

JUAN CARLOS LARA: Yes. And I have to agree with both of you. Specifically, because the idea that we have a Freedom Online Coalition to set standards, or to set principles, and a taskforce that can devote some resources, some time, and discussion to that, can also identify where this is actually the part of the promise and which is the part of the peril. And how governments are going to react in a way that promotes prosperity, that promotes interactivity, and promotes commerce—exercise of human rights, the rights of individuals and groups—and which sides of it become problematic from the side of the use of AI tools, for instance, for detecting certain speech for censorship or for identifying people in the public sphere, because they’re working out on the streets, or to collect and process people without consent.

I think because that type of expertise and that type of high political debate can be held at the FOC, that can promote the type of norms that we need in order to understand, like, what’s the role of governments in order to steer this somewhere. Or whether they should refrain from doing certain actions that might—with the good intention of preventing the spread of AI-generated misinformation or disinformation—that may end up stopping these important tools to be used creatively or to be used in constructive ways, or in ways that can allow more people to be active participants of the digital economy.

KHUSHBU SHAH: Thank you. Well, I want to thank all three of you for this robust conversation around the FOC and the work that it’s engaging in. I want to thank Deputy Secretary Sherman and our host here at the Atlantic Council for this excellent conversation. And so if you’re interested in learning more about the FOC, there’s a great primer on it on the DFRLab website. I recommend you check it out. I read it. It’s excellent. It’s at the bottom of the DFRLab’s registration page for this event.

Watch the full event

The post Wendy Sherman on the United States’ priorities as it takes the helm of the Freedom Online Coalition appeared first on Atlantic Council.

The 5×5—Conflict in Ukraine’s information environment

Simon Handler — Wed, 22 Mar 2023 04:01:00 +0000

Just over one year ago, on February 24, 2022, Russia launched a full-scale invasion of neighboring Ukraine. The ensuing conflict, Europe’s largest since World War II, has not only besieged Ukraine physically, but also through the information environment. Through kinetic, cyber, and influence operations, Russia has placed Ukraine’s digital and physical information infrastructure—including its cell towers, networks, data, and the ideas that traverse them—in its crosshairs as it seeks to cripple Ukraine’s defenses and bring its population under Russian control.

Given the privately owned underpinnings of the cyber and information domains by technology companies, a range of local and global companies have played a significant role in defending the information environment in Ukraine. From Ukrainian telecommunications operators to global cloud and satellite internet providers, the private sector has been woven into Ukrainian defense and resilience. For example, Google’s Threat Analysis Group reported having disrupted over 1,950 instances in 2022 of Russian information operations aimed at degrading support for Ukraine, undermining its government, and building support for the war within Russia. The present conflict in Ukraine offers lessons for states as well as private companies on why public-private cooperation is essential to building resilience in this space, and how these entities can work together more effectively.

We brought together a group of experts to provide insights on the war being waged through the Ukrainian information environment and take away lessons for the United States and its allies for the future.

#1 How has conflict in the information environment associated with the war in Ukraine compared to your prior expectations?

Nika Aleksejeva, resident fellow, Baltics, Digital Forensic Research Lab (DFRLab), Atlantic Council:

“As the war in Ukraine started, everyone was expecting to see Russia conducting offensive information influence operations targeting Europe. Yes, we have identified and researched Russia’s coordinated information influence campaigns on Meta’s platforms and Telegram. These campaigns targeted primarily European countries, and their execution was unprofessional, sloppy, and without much engagement on respective platforms.”

Silas Cutler, senior director for cyber threat research, Institute for Security and Technology (IST):

“A remarkable aspect of this conflict has been how Ukraine has maintained communication with the rest of the world. In the days leading up to the conflict, there was a significant concern that Russia would disrupt Ukraine’s ability to report on events as they unfolded. Instead of losing communication, Ukraine has thrived while continuously highlighting through social media its ingenuity within the conflict space. Both the mobilization of its technical workforce through the volunteer IT_Army and its ability to leverage consumer technology, such as drones, have shown the incredible resilience and creativity of the Ukrainian people.”

Roman Osadchuk, research associate, Eurasia, Digital Forensic Research Lab (DFRLab), Atlantic Council:

“The information environment was chaotic and tense even before the invasion, as Russia waged a hybrid war since at least the annexation of Crimea and war in Eastern Ukraine in 2014. Therefore, the after-invasion dynamic did not bring significant surprises, but intensified tension and resistance from Ukrainian civil society and government toward Russia’s attempts to explain its unprovoked invasion and muddle the water around its war crimes. The only things that exceeded expectations were the abuse of fact-checking toolbox WarOnFakes and the intensified globalization of the Kremlin’s attempts to tailor messages about the war to their favor globally.”

Emma Schroeder, associate director, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council:

“The information environment has been a central space and pathway throughout which this war is being fought. Russian forces are reaching through that space to attack and spread misinformation, as well as attacking the physical infrastructure underpinning this environment. The behavior, while novel in its scale, is the continuation of Russian strategy in Crimea, and is very much living up to expectations set in that context. What has surpassed expectations is the effectiveness of Ukrainian defenses, in coordination with allies and private sector partners. The degree to which the international community has sprung forward to provide aid and assistance is incredible, especially in the information environment where such global involvement can be so immediate and transformative.”

Gavin Wilde, senior fellow, Technology and International Affairs Program, Carnegie Endowment for International Peace:

“The volume and intensity of cyber and information operations has roughly been in line with my prior expectations, though the degree of private and commercial activity was something that I might not have predicted a year ago. From self-selecting out of the Russian market to swarming to defend Ukrainian networks and infrastructure, the outpouring of support from Western technology and cybersecurity firms was not on my bingo card. Sustaining it and modeling for similar crises are now key.”

#2 What risks do private companies assume in offering support or partnership to states engaged in active conflict?

Aleksejeva: “Fewer and fewer businesses are betting on Russia’s successful economical future. Additionally, supporting Russia in this conflict in any way is morally unacceptable for most Western companies. Chinese and Iranian companies are different. As for Ukraine, supporting it is morally encouraged, but is limited by many practicalities, such as supply chain disruptions amid Russia’s attacks.”

Cutler: “By providing support during conflict, companies risk becoming a target themselves. Technology companies such as Microsoft, SentinelOne, and Cloudflare, which have publicly reported their support for Ukraine, have been historically targeted by Russian cyber operations and are already familiar with the increased risk. Organizations with pre-conflict commercial relationships may fall under new scrutiny by nationally-aligned hacktivist groups such as Killnet. This support for one side over the other—whether actual or perceived—may result in additional risk.”

Osadchuk: “An important risk of continuing business as usual [in Russia] is that it may damage a company’s public image and test its declared values, since the continuation of paying taxes within the country-aggressor makes the private company a sponsor of these actions. Another risk for a private company is financial, since the companies that leave a particular market are losing their profits, but this is incomparable to human suffering and losses caused by the aggression. In the case of a Russian invasion, one of the ways to stop the war is to cut funding for and, thus, undermine the Russian war machine and support Ukraine.”

Schroeder: “Private companies have long provided goods and services to combatants outside of the information environment. The international legal framework restricting combatants to targeting ‘military objects’ provides normative protection, as objects are defined as those ‘whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage’ in a manner proportional to the military gain foreseen by the operation. This definition, however, is still subject to the realities of conflict, wherein combatants will make those decisions to their own best advantage. In the information environment, this question becomes more complicated, as cyber products and services often do not fall neatly within standard categories and where private companies themselves own and operate the very infrastructure over and through which combatants engage. The United States and its allies, whether on a unilateral of supranational basis, work to better define the boundaries of civilian ‘participation’ in war and conflict, as the very nature of the space means that their involvement will only increase.”

Wilde: “On one hand, it is important not to falsely mirror onto others the constraints of international legal and normative frameworks around armed conflict to which responsible states strive to adhere. Like Russia, some states show no scruples about violating these frameworks in letter or spirit, and seem unlikely to be inhibited by claims of neutrality from companies offering support to victimized states. That said, clarity about where goods and services might be used for civilian versus military objectives is advisable to avoid the thresholds of ‘direct participation’ in war outlined in International Humanitarian Law.”

#3 What useful lessons should the United States and its allies take away from the successes and/or failures of cyber and information operations in Ukraine?

Aleksejeva: “As for cyber operations, so far, we have not seen successful disruptions achieved by Russia of Ukraine and its Western allies. Yes, we are seeing constant attacks, but cyber defense is much more developed on both sides than before 2014. As for information operations, the United States and its allies should become less self-centered and have a clear view of Russia’s influence activities in the so-called Global South where much of the narratives are rooted in anti-Western sentiment.”

Cutler: “Prior to the start of the conflict, it was strongly believed that a cyber operation, specifically against energy and communication sectors, would act as a precursor to kinetic action. While a WannaCry or NotPetya-scale attack did not occur, the AcidRain attack against the Viasat satellite communication network and other attacks targeting Ukraine’s energy sector highlight that cyber operations of varying effectiveness will play a role in the lead up to a military conflict.”

Osadchuk: “First, cyber operations coordinate with other attack types, like kinetic operations on the ground, disinformation, and influence operations. Therefore, cyberattacks might be a precursor of an upcoming missile strike, information operation, or any other action in the physical and informational dimensions, so allies could use cyber to model and analyze multi-domain operations. Finally, preparation for and resilience to information and cyber operations are vital in mitigating the consequences of such attacks; thus, updating defense doctrines and improving cyber infrastructure and social resilience are necessary.”

Schroeder: “Expectations for operations in this environment have exposed clear fractures in the ways that different communities define as success in a wartime operation. Specifically, there is a tendency to equate success with direct or kinetic battlefield impact. One of the biggest lessons that has been both a success and a failure throughout this war is the role that this environment can play. Those at war, from ancient to modern times, have leveraged every asset at their disposal and chosen the tool they see as the best fit for each challenge that arises—cyber is no different. While there is ongoing debate surrounding this question, if cyber operations have not been effective on a battlefield, that does not mean that cyber is ineffective, just that expectations were misplaced. Understanding the myriad roles that cyber can and does play in defense, national security, and conflict is key to creating an effective cross-domain force.

Wilde: “Foremost is the need to check the assumption that these operations can have decisive utility, particularly in a kinetic wartime context. Moscow placed great faith in its ability to convert widespread digital and societal disruption into geopolitical advantage, only to find years of effort backfiring catastrophically. In other contexts, better trained and resourced militaries might be able to blend cyber and information operations into combined arms campaigns more effectively to achieve discrete objectives. However, it is worth reevaluating the degree to which we assume offensive cyber and information operations can reliably be counted on to play pivotal roles in hot war.”

A parallel terrain: Public-private defense of the Ukrainian information environment

Untangling the Russian web: Spies, proxies, and spectrums of Russian cyber behavior

Hackers, Hoodies, and Helmets: Technology and the changing face of Russian private military contractors

#4 How do comparisons to other domains of conflict help and/or hurt understanding of conflict in the information domain?

Aleksejeva: “Unlike conventional warfare, information warfare uses information and psychological operations during peace time as well. By masking behind sock puppet or anonymous social media accounts, information influence operations might be perceived as legitimate internal issues that polarize society. A country might be unaware that it is under attack. At the same time, as the goal of conventional warfare is to break an adversary’s defense line, information warfare fights societal resilience by breaking its unity. ‘Divide and rule’ is one of the basic information warfare strategies.”

Cutler: “When looking at the role of cyber in this conflict, I think it is critical to examine the history of Hacktivist movements. This can be incredibly useful for understanding the influences and capabilities of groups like the IT_Army and Killnet.”

Osadchuk: “The information domain sometimes reflects the kinetic events on the ground, so comparing these two is helpful and could serve as a behavior predictor. For instance, when the Armed Forces of Ukraine liberate new territories, they also expose war crimes, civilian casualties, and damages inflicted by occupation forces. In reaction to these revelations, the Kremlin propaganda machine usually launches multiple campaigns to distance themselves, blame the victim, or even denounce allegations as staged to muddy the waters for certain observers.”

Schroeder: “It is often tricky to carry comparisons over different environments and context, but the practice persists because, well, that is just what people do—look for patterns. The ability to carry over patterns and lessons is essential, especially in new environments and with the constant developments of new tools and technologies. Where these comparisons cause problems is when they are used not as a starting point, but as a predetermined answer.”

Wilde: “It is problematic, in my view, to consider information a warfighting ‘domain,’ particularly because its physical and metaphorical boundaries are endlessly vague and evolving—certainly relative to air, land, sea, and space. The complexities and contingencies in the information environment are infinitely more than those in the latter domains. However talented we may be at collecting and analyzing millions of relevant datapoints with advanced technology, these capabilities may lend us a false sense of our ability to control or subvert the information environment during wartime—from hearts and minds to bits and bytes.”

#5 What conditions might make the current conflict exceptional and not generalizable?

Aleksejeva: “This war is neither ideological nor a war for territories and resources. Russia does not have any ideology that backs up its invasion of Ukraine. It also has a hard time maintaining control of its occupied territories. Instead, Russia has many disinformation-based narratives or stories that justify the invasion to as many Russian citizens as possible including Kremlin officials. Narratives are general and diverse enough, so everyone can find an explanation of the current invasion—be it the alleged rebirth of Nazism in Ukraine, the fight against US hegemony, or the alleged historical right to bring Ukraine back to Russia’s sphere of influence. Though local, the war has global impact and makes countries around the world pick sides. Online and social media platforms, machine translation tools, and big data products provide a great opportunity to bombard any internet user in any part of the world with pro-Russia massaging often tailored to echo historical, racial, and economic resentments especially rooted in colonial past.”

Cutler: “During the Gulf War, CNN and other cable news networks were able to provide live coverage of military action as it was unfolding. Now, real-time information from conflict areas is more broadly accessible. Telegram and social media have directly shaped the information and narratives from the conflict zone.”

Osadchuk: “The main difference is the enormous amount of war content, ranging from professional pictures and amateur videos after missile strikes to drone footage of artillery salvos and bodycam footage of fighting in the frontline trenches—all making this conflict the most documented. Second, this war demonstrates the need for drones, satellite imagery, and open-source intelligence for successful operations, which distances it from previous conflicts and wars. Finally, it is exceptional due to the participation of Ukrainian civil society in developing applications, like the one alerting people about incoming shelling or helping find shelter; launching crowdfunding campaigns for vehicles, medical equipment, and even satellite image services; and debunking Russian disinformation on social media.”

Schroeder: “One of the key lessons we can take from this war is the centrality of the global private sector to conflict in and through the information environment. From expedited construction of cloud infrastructure for the Ukrainian government to Ukrainian telecommunications companies defending and restoring services along the front lines to distributed satellite devices, providing flexible connectivity to civilians and soldiers alike, private companies have undoubtedly played an important role in shaping both the capabilities of the Ukrainian state and the information battlespace itself. While we do not entirely understand the incentives that drove these actions, an undeniable motivation that will be difficult to replicate in other contexts is the combination of Russian outright aggression and comparative economic weakness. Companies and their directors felt motivated to act due to the first and, likely, free to act due to the second. Private sector centrality is unlikely to diminish and, in future conflicts, it will be imperative for combatants to understand the opportunities and dependencies that exist in this space within their own unique context.”

Wilde: “My sense is that post-war, transatlantic dynamics—from shared norms to politico-military ties—lent significant tailwinds to marshal resource and support to Ukraine (though not as quickly or amply from some quarters as I had hoped). The shared memory of the fight for self-determination in Central and Eastern Europe in the late 1980s to early 1990s still has deep resonance among the publics and capitals of the West. These are unique dynamics, and the degree to which they could be replicated in other theaters of potential conflict is a pretty open question.”

The post The 5×5—Conflict in Ukraine’s information environment appeared first on Atlantic Council.

Amid Pakistan’s political and economic turmoil, risks to curbs on digital freedoms grow

Uzair Younus — Mon, 06 Mar 2023 17:57:22 +0000

On March 5, 2023, the Pakistan Media Regulatory Authority (PEMRA) banned television channels in the country from broadcasting former prime minister Imran Khan’s speeches and news conferences, arguing that he was “attacking the state’s institutions and promoting hatred.” Only hours later, Khan challenged the decision through the Lahore High Court, arguing that the ban was “in excess of the jurisdiction vested in it and without having regard to the constitutional rights guaranteed under Articles 19 and 19-A of the Constitution.”

These developments come amid ongoing instability in the country, with the former prime minister continuing to criticize retired army chief General Qamar Javed Bajwa, who Khan argues played a role in ousting him from power in April 2022. Khan has stated a desire to engage with Pakistan’s current military chief General Asim Munir “for the betterment of the country.”

This is not the first time that television channels have been barred from airing speeches made by Khan or other political leaders: a similar order banning his speeches was issued in November 2022; former prime minister Nawaz Sharif’s speeches were banned in October 2020; and former president Asif Ali Zardari’s interview was taken off air in July 2019.

Growing polarization and instability in the country have increased the likelihood that as elections draw near, curbs on speech, largely limited thus far to television channels, may extend to internet platforms like YouTube, Facebook, and Twitter.

For example, on September 6, 2022, YouTube encountered disruptions across Pakistan ahead of Khan’s speech at a rally. This was not the first such disruption—NetBlocks confirmed that a similar disruption also occurred on August 21, 2022, when Imran Khan was making another public speech. In addition, Wikipedia was blocked (and subsequently unblocked) by the Pakistan Telecommunications Authority (PTA) a few weeks ago for its failure to “remove or block allegedly sacrilegious content.”

Other notable examples in the recent past include TikTok, which has been banned and unbanned on numerous occasions, and YouTube, which was blocked in the country back in 2012 and was only unblocked by the PTA more than three years later.

These developments make clear that the PTA indeed has the capability to disrupt internet services across Pakistan on a whim, something that journalist Abid Hussain pointed out as far back as April 2021 on Twitter. To further control access to the internet, the PTA has also been seeking to limit the use of virtual private networks in the country.

As the conflict between the current government, the military establishment, and Imran Khan’s Pakistan Tehreek-i-Insaf party sharpens ahead of elections—Punjab, Pakistan’s most populous province, is expected to go to elections on April 30—further curbs on expression and disruptions to the internet, especially platforms like YouTube, Twitter, WhatsApp, and Facebook, cannot be ruled out.

In recent months, US companies and US government stakeholders have often chosen not to react to these developments, preferring to adopt a wait-and-watch approach. In addition, they have followed a strategy to engage privately and discreetly, hoping to positively influence government stakeholders through private conversations.

As the crisis in Pakistan deepens, it is time for diplomatic and business stakeholders with an interest in strengthening its democracy and maintaining a largely open internet in the country to shift their approach.

Given the evolving situation, these stakeholders should consider the following steps to proactively deter further curbs on expression on the internet in Pakistan:

Enhance level of engagement with domestic civil society: Recent weeks have seen a flurry of concerning developments in Pakistan, with the recent PEMRA order being the key development. US companies and diplomats must deepen conversations with civil society stakeholders, especially the digital rights community that has been voicing these concerns for years.

Proactively communicate concerns to Pakistani government officials: Ongoing diplomatic conversations between Islamabad and Washington have focused on the potential for deepening investment in the country’s technology sector. The PTA’s recent and past actions, however, undermine confidence in Pakistan’s internet economy and it is important that the negative economic impact of arbitrary bans and disruptions to the internet is clearly communicated to Pakistani stakeholders.

Build new alliances with the technology and content creator ecosystem: In private conversations, members of Pakistan’s burgeoning technology and content creation ecosystem continue to express growing concern over curbs on freedom of expression. These stakeholders are domestic allies for companies like Meta, Google, and Twitter. However, limited interactions and collaboration with these stakeholders mean that more often than not, a united front is not presented to deter Pakistani government stakeholders from taking adverse actions that curb expression, undermine democracy, and hurt confidence in the country’s digital economy.

The coming months will be a challenging period for Pakistan’s flawed and floundering democracy. This challenge will be compounded by the state’s own capabilities and predilections to curb expression both in the traditional media and the internet.

With the PTI and Imran Khan possessing a strong advantage in their ability to digitally percolate party messaging through Pakistani society, the government and its institutions may be incentivized to take drastic measures to disrupt internet services and platforms that allow Khan to bypass television channels who may not air his speeches. As elections draw near, the likelihood of such actions is increasing. For this reason, it is important for US stakeholders—including private sector companies—to proactively monitor the evolving situation and develop strategies to deter such actions.

Doing so may perhaps safeguard Pakistan’s internet economy, its democracy, and the global reputation of internet platforms that are vital to public discourse within and outside Pakistan.

Uzair Younus is director of the Pakistan Initiative at the Atlantic Council’s South Asia Center. He also is the Vice President at The Asia Group.

The South Asia Center is the hub for the Atlantic Council’s analysis of the political, social, geographical, and cultural diversity of the region. At the intersection of South Asia and its geopolitics, SAC cultivates dialogue to shape policy and forge ties between the region and the global community.

Nonresident Senior Fellow

SouthAsiaSource Mar 4, 2023

Can Swift Retort still inspire swift reforms?

By Ali Hasanain

After Operation Swift Retort four years ago, I argued that if Pakistan really wants to compete with India, it must focus on rapid economic growth. Regrettably, our national leadership has had other priorities, and we have fallen further behind.

Economy & Business India

New Atlanticist Dec 21, 2022

Pakistan’s foreign minister pitches more global aid and investment—and ‘less chaos’

By Nick Fouriezos

Foreign Minister Bilawal Bhutto Zardari spoke at an Atlantic Council Front Page event in Washington about how the international community can help Pakistan tackle its challenges.

Climate Change & Climate Action Economy & Business

New Atlanticist Oct 15, 2020

Why Pakistan’s TikTok ban is a bad sign for investors

By Kalsoom Lakhani

Banning content is different from banning platforms. In a conservative country like Pakistan, clear delineations around content standards not only guides players navigating this landscape, it also helps ease the risk of investors looking to operate in the country.

Digital Policy Inclusive Growth

Critical connectivity: Reducing the price of data in African markets

Aubrey Hruby — Fri, 03 Mar 2023 20:35:27 +0000

Download Pdf

This report is part of an ongoing partnership on the Power of African Creative Industries between The Policy Center for the New South (PCNS) and the Atlantic Council’s Africa Center.

“Critical connectivity: Reducing the price of data in African markets,” by Africa Center Senior Fellow Aubrey Hruby, analyzes the current state of the digital transformation in Africa and outlines how affordable and accessible data is imperative for further development. Finally, it provides concrete recommendations to the key actors and facilitators of the transition outlined in the Digital Transformation with Africa; a new initiative the Biden administration announced at the 2022 US-Africa Leaders Summit, which emphasizes the importance of reducing data costs in Africa to spur growth and employment.

In outlining why data remains so costly and inaccessible across Africa, Hruby profiles four main detriments: infrastructure, competition, policy, and consumption patterns. Through case studies and success stories from other developing nations who struggled with high-priced data and implemented successful mitigation measures, Hruby develops a framework for reform and showcases how key changes can rapidly reduce data costs, spur development, and transform entire industries. Her recommendations directly address the current US administration, African governments seeking to build and benefit from a digital economy, and global development finance institutions (DFIs) that are already investing and making much needed transformative inroads into African markets.

Throughout the 21st century, African markets have unleashed the globe’s most significant digital revolution, and they are poised to continue doing so over the next few decades as the world’s youngest population reaches maturity. Currently, 40 percent of the continent’s total population is under the age of 15 and represents 27 percent of the entire world population. From 2000 to 2010, the African mobile phone market grew at a rate of 44 percent per year, bringing the number of subscriptions to around 700 million, more than in both the European Union and the United States combined. For African creative and mobile industries, which are emerging at the forefront of this digital revolution, infrastructure and technological systems are critical to the sector’s continued growth. The African Continental Free Trade Area connects 1.3 billion people across fifty-five countries with a combined GDP of over $3 trillion. Digital infrastructure is a vital economic opportunity and a crucial security issue for African nations and their partners.

The African vision is increasingly shaped by the digital tools and platforms African consumers use and the new opportunities that have emerged in a growing start-up ecosystem. According to the UN, the digital economy is set to expand in Africa by 57 percent between 2020 and 2025. With projections by the Alliance for Affordable Internet forecasting that the continent’s digital economy will grow six times over by 2050 to $712 billion and the fact that African startups raised more than $4 billion in venture capital in 2021, it is clear that this sector is booming. Undoubtedly the future is digital, and Africa must be able to access this future affordably if it is to share in the benefits of this global revolution.

The Atlantic Council is the only DC global think tank to have placed African creative industries at the center of its security and prosperity work. The Africa Center’s focus on the creative industries was launched by the Africa Creative Industries Summit of Washington in October 2021 at the Smithsonian National Museum of African Art and was opened by a message from Vice President Kamala Harris. The program is now fully supported by strong sponsors and partners, from ADS Group and Afreximbank to OSF and OCP, allowing the Atlantic Council to continue its leadership in the field by hosting events such as the Sports Business Forum, held in Dakar, and the financial engineering task force for African creative industries. This work was crowned by the Africa Center’s partnership with the US Department of State and its participation in the organization of the African and Young Leaders Diaspora Forum on the first official day of the US-Africa Leaders Summit of December 2022 at the African American Museum of History and Culture in Washington.

Report author

Fellow

Aubrey Hruby

Africa Center

Economy & Business Future of Work

The Africa Center works to promote dynamic geopolitical partnerships with African states and to redirect US and European policy priorities toward strengthening security and bolstering economic growth and prosperity on the continent.

DFRLab confirms increased Russian air force activity as Kremlin strives to achieve air dominance

AfricaSource Jun 16, 2022

Better data is the key to unlocking major investment in Africa

By Tom Koch

As COVID-19 and the war in Ukraine continue to hurt the African continent, many countries will require significant investment to revitalize their economies. But a persistent attribute of many African markets will continue to be a barrier to private investment: a relative lack of data. This drives up diligence costs, creates difficulties in valuing assets, […]

Africa Digital Policy

New Atlanticist Dec 5, 2022

Can the US and Africa usher in a new era for globalization?

By Katherine Walla

US Trade Representative Katherine Tai discussed the future of US-Africa trade with the African Continental Free Trade Area’s secretary-general, Wamkele Mene, at an exclusive Atlantic Council event.

Africa Trade

AfricaSource Jul 8, 2022

Europe’s Green Deal plan is Africa’s green finance opportunity

By Emilie Bel

Can natural gas and nuclear power be green? “Sometimes, and for a limited period of time,” said the European Parliament on July 6, as part of an ongoing negotiation over the EU taxonomy, a key component of the European Green Deal (EGD). The EGD is the European Union’s ambitious plan to create the first emissions-neutral […]

Africa Climate Change & Climate Action

The post Critical connectivity: Reducing the price of data in African markets appeared first on Atlantic Council.

Russian War Report: DFRLab confirms increased Russian air force activity as Kremlin strives to achieve air dominance

Digital Forensic Research Lab — Fri, 03 Mar 2023 18:18:49 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Russian army continues to pressure Ukraine in Bakhmut

Tracking narratives

Volunteer Russian unit fighting for Ukraine reportedly infiltrates Bryansk

Kremlin-linked Telegram networks coordinated to spread disinformation around the world

Media policy

Report examines Russia’s decentralized approach to internet censorship

DFRLab confirms increased Russian air force activity as Kremlin strives to achieve air dominance

The DFRLab confirmed that the Russian General Staff has intensified its air power in recent weeks across airfields in Crimea and Rostov Oblast. Satellite imagery collected by the DFRLab throughout February indicates that Russian air forces have increased their aerial activity at the Saki military airbase in western Crimea. Several MiG and Sukhoi class fighter aircraft have been identified in standby positions or on the runway.

DFRLab satellite analysis shows increased Russian aerial activity on the Saki military airbase in western Crimea. (Source: DFRLab via Planet.com)

The DFRLab’s findings are consistent with those published by open-source researcher Brady Africk, who identified seven different instances of aircraft located in the south of Ukraine on Sentinel-2 satellite imagery. The European Space Agency’s satellite imagery also serves as open-source evidence of the aircraft’s direction, located in the different color bands of Sentinel-2.

Screenshot of a tweet from Brady Africk, who identified seven different instances of aircraft located in the south of Ukraine on Sentinel-2 satellite imagery. (Source: Twitter/archive)

In addition, explosions reported at the Yeysk military air base in Krasnodar Krai further suggest the Russian army has been increasingly intensifying its air maneuvers. Geolocated footage of a Sukhoi-25 fighter aircraft near Luhansk indicated that further maneuvers can be expected from Russia’s western air base of Millerovo. The DFRLab also assessed that air activity possibly occurred during the last week of February at a seemingly deserted airfield south of Luhansk. Satellite imagery shows that although the meteorological conditions in January and February were mostly snowy, the main runway and several pads dedicated to aircrafts and helicopters were consistently clear of snow. Satellite imagery has not yet detected aircraft at the site, however, so it is unclear what class of aircraft is currently deployed in this airfield. Nevertheless, the operation of MiG and Sukhoi class fighters could be responsible for the melting snow on the pads.

Google Earth imagery from 2021 showed the airbase in dire condition, which could support the claim of its low military activity.

Satellite imagery of the Southern Luhansk air base. Source: DFRLab via Planet.com

As battles intensify to seize Bakhmut, the southern air base near Luhansk could serve as a strategic advantage for the Russian armed forces as it requires less fuel and maneuvers.

Meanwhile, Ukrainian forces continue to target strategic Russian installations on the southern front. On March 1, the Russian defense ministry claimed it had downed more than ten Ukrainian unmanned aerial vehicles (UAVs) in an attack against occupied Crimea. This comes as unverified reports suggested a Ukrainian UJ-22 drone was also downed on February 28 between Moscow and Ryazan. Ukrainian presidential advisor Mykhailo Podolyak denied the accusation and said Ukraine is not launching attacks on Russian soil; he claimed the increased aerial strikes on infrastructure were the result of “internal attacks.” Open-source evidence suggests explosions near Yalta and Bakhchysarai, Crimea, could have resulted from other projectiles, not exclusively drone strikes.

—Valentin Châtelet, Research Associate, Security, Brussels, Belgium

Russian army continues to pressure Ukraine in Bakhmut

Russian forces continue their efforts to encircle and capture the eastern Ukrainian city of Bakhmut. Interviewed by Reuters on February 28, the commander of Ukraine’s ground forces described the situation as “extremely tense.” Russian troops, including Wagner units, are attempting to cut Ukraine’s supply lines to the city in a bid to force troops to surrender or withdraw.

On February 28, pro-Russia sources shared a video showing Russian Su-25 fighter jets deployed over Bakhmut. The lack of adequate air support has been among the primary sources of friction between the Russian General Staff and the units fighting in Bakhmut. Footage from Ukraine’s 93rd Separate Mechanized Brigade shows fighting escalating, but Ukrainian forces appeared to be holding off the advance at the time of writing. On February 27 and 28, Ukrainian soldiers repelled more than sixty attacks, including on the villages of Yahidne and Berkhivka, north of Bakhmut. According to a pro-Russia blogger’s Telegram channel, Wagner units are advancing north of Bakhmut, but Ukraine’s army has not retreated. Amid heavy fighting, Wagner reportedly advanced on February 27 towards the AZOM metallurgical plant in north Bakhmut.

Rybar, a Russian Telegram channel believed to be linked to the defense ministry, claimed on March 2 that Wagner’s troops had reached the western suburbs of Bakhmut and clashed with Ukrainian forces in the hills north of the area. According to Rybar, Russian troops approached the road between Chasiv Yar and Bakhmut. On March 2, The Insider reported that Bakhmut was under operative siege as Ukraine’s army repelled attacks in Orikhovo, Vasylivka, Dubovo, Khromove, and Ivanivske.

Meanwhile, NATO Secretary-General Jens Stoltenberg told a Helsinki summit on February 28 that the end of the war in Ukraine “would not lead to normalization” of relations with Russia.

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Volunteer Russian unit fighting for Ukraine reportedly infiltrates Bryansk

Russian government figures, Kremlin media, and pro-Russia Telegram channels are heavily focused on an alleged March 2 incursion by pro-Ukraine forces in the Russian village of Sushany, Bryansk oblast, approximately one kilometer away from Ukraine’s north-central border with Russia. DW News and Radio Free Europe reported that members of the Russian RDK volunteer corps crossed into Russia and were active in the Bryansk area at the time of publishing.

Google satellite imagery shows the village of Sushany. (Source: DFRLab via Google Maps)

According to DW News, RDK is “a unit of volunteers from Russia who have been fighting on the side of Ukraine since August 2022.” Initially, Ukrainian authorities dismissed the claims of an insurgency in the Russian village as a Russian false-flag operation. However, a video published on the official RDK Telegram channel showed fighters holding the unit flag and indicating a Russian government building behind them. In the video, and later in follow-up interviews, members of the unit adamantly denied claims spread by Russia that they had attacked the civilian population. They stated that the infiltration into Russian territory was done to sabotage Russian military targets. Additional reporting confirmed that RDK leader Denis Nikitin appeared in the video.

A screengrab from the RDK Telegram video shows a sign for the Health Services building of Liubechane village, approximately 17 km north of Sushany, on the Russian border. (Source: Telegram)

Russian Telegram channels and media did not distinguish that the volunteer troops are of Russian origin; instead they reported that a group of “Ukrainian saboteurs” had infiltrated sovereign Russian territory. The governor of Bryansk announced on March 2 that “saboteurs” had attacked the civilian population, killed a man, and taken hostages. President Vladimir Putin described the incident as a “terrorist attack” and condemned the alleged unprovoked shelling of a civilian vehicle. The Kremlin said it was closely monitoring the situation and continued to label the alleged insurgents as “Ukrainian militants.” It also tasked the Federal Security Service with conducting counterterrorism operations in response to the situation in Bryansk.

Russia also suggested that the Center of the Psychological Operations of the Ukrainian Armed Forces (Центринформационно-психологических операций ВСУ) may have been responsible for the “attacks on civilians and infrastructure” in Bryansk, again making no distinction between the RDK and the official Ukrainian military. Echoing the Kremlin’s “terrorism” claim, far-right nationalist State Duma member Aleksey Zhuravlyov labeled the Ukrainian military and political leadership as “terrorists” in official public statements and called for an escalation of the “special military operation” into open war.

As the conflict along the eastern flank intensifies, escalatory narratives involving northern regions of Ukraine could serve as a critical Kremlin tool for conducting operations into the northern border, where Russian forces could tap into already stationed and mobilized Belarusian troops, military bases, and equipment, along with their own units left behind following joint military training exercises between Russia and Belarus.

—Kateryna Halstead, Research Assistant, Bologna, Italy

Kremlin-linked Telegram networks coordinated to spread disinformation around the world

The DFRLab recently discovered fifty-six pro-Kremlin Telegram channels that targeted twenty countries with pro-Kremlin disinformation. Three networks of similarly named accounts — Surf Noise, Info Defense, and Node of Time — targeted users worldwide, including in Europe, Asia, South America, and the Middle East. The operation primarily relied on volunteer work. It focused on translating and spreading pro-Russia disinformation, as well as amplifying reports from Kremlin media outlets, state organizations, and state actors.

The DFRLab found clear coordination between the three networks, but the approach to capturing a global audience was unsophisticated. The DFRLab consulted its global team of researchers to examine the accuracy of translations and found that the quality of translations was poor.

—Nika Aleksejeva, Research Fellow, Riga, Latvia

—Sayyara Mammadova, Research Assistant, Warsaw, Poland

Report examines Russia’s decentralized approach to internet censorship

Russian digital rights organization Roskomsvaboda collaborated with the Open Observatory of Network Interference (OONI) to publish a report examining “a year of military censorship in Russia.” The report reviews censored topics, websites, and services, as well as the legislative mechanisms used to enforce the censorship.

According to the report, Russia blocked 494 domains over the course of 2022. These fell into twenty-eight categories, with news media representing the largest category, followed by social networks, human rights organizations, and circumvention tools.

The report found that “more than 247,492 URLs were added to Roskomnadzor’s registry of banned websites” in the past year. However, the orders to ban content did not only come from Russia’s internet regulator. Other Russian agencies that requested websites be blocked include the federal tax service, Russian courts, and the prosecutor general’s office, among others. The report’s authors found over 3,500 instances of an entity anonymously requesting a website block.

While blocking requests are centralized through Roskomnadzor’s registry, the implementation of internet censorship in Russia is decentralized, the report concluded. The authors found forty-eight of the 494 blocked domains were absent in Roskomnadzor’s registry. The report suggested that some internet providers in Russia can block content not listed in Roskomnadzor’s registry.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

The post Russian War Report: DFRLab confirms increased Russian air force activity as Kremlin strives to achieve air dominance appeared first on Atlantic Council.

A parallel terrain: Public-private defense of the Ukrainian information environment

Emma Schroeder and Sean Dack — Mon, 27 Feb 2023 05:01:00 +0000

Executive summary

In the year since the Russian invasion of Ukraine, the conventional assault and advances into Ukrainian territory have been paralleled by a simultaneous invasion of the Ukrainian information environment. This environment, composed of cyber infrastructure, both digital and physical, and the data, networks, and ideas that flow through and across it, is more than a domain through which the combatants engage or a set of tools by which combatants interact—it is a parallel territory that Russia is intent on severing from the global environment and claiming for itself.

Russian assaults on the Ukrainian information environment are conducted against, and through, largely privately owned infrastructure, and Ukrainian defense in this space is likewise bound up in cooperative efforts with those infrastructure owners and other technology companies providing aid and assistance. The role of private companies in this conflict seems likely to grow, along with the scale, complexity, and criticality of the information infrastructure they operate.

Examining and mitigating the risks related to the involvement of private technology companies in the war in Ukraine is crucial and looking forward, the United States government must also examine the same questions with regard to its own security and defense:

What is the complete incentive structure behind a company’s decision to provide products or services to a state at war?
How dependent are states on the privately held portions of the information environment, including infrastructure, tools, knowledge, data, skills, and more, for their own national security and defense?
How can the public and private sectors work together better as partners to understand and prepare these areas of reliance during peace and across the continuum of conflict in a sustained, rather than ad hoc, nature?

Russia’s war against Ukraine is not over and similar aggressions are likely to occur in new contexts and with new actors in the future. By learning these lessons now and strengthening the government’s ability to work cooperatively with the private sector in and through the information space, the United States will be more effective and resilient against future threats.

Introduction

Russia’s invasion of Ukraine in 2022 held none of the illusory cover of its 2014 operation; instead of “little green men” unclaimed by Moscow, Putin built up his forces on Ukraine’s border for the entire international community to see. His ambitions were clear: To remove and replace the elected government of Ukraine with a figurehead who would pull the country back under Russia’s hold, whether through literal absorption of the state or by subsuming the entire Ukrainian population under Russia’s political and information control. In the year since the Russian invasion, Ukraine’s defense has held back the Russian war machine with far greater strength than many thought possible in the early months of 2022. President Zelenskyy, the Ukrainian government, and the Ukrainian people have repeatedly repelled Russian attempts to topple the state, buttressed in part by the outpouring of assistance from not just allied states, but also local and transnational private sector companies.

Amidst the largest conventional land war in Europe since the fall of the Third Reich, both Russia and Ukraine have directed considerable effort toward the conflict’s information environment, defined as the physical and digital infrastructure over and through which information moves, the tools used to interact with that information, and information itself. This is not only a domain through which combatants engage, but a parallel territory that the Kremlin seeks to contest and claim. Russian efforts in this realm, to destroy or replace Ukraine’s underpinning infrastructure and inhibit the accessibility and reach of infrastructure and tools within the environment, are countered by a Ukrainian defense that prioritizes openness and accessibility.

The information environment, and all the components therein, is not a state or military dominated environment; it is largely owned, operated, and populated by private organizations and individuals around the globe. The Ukrainian information environment, referring to Ukrainian infrastructure operators, service providers, and users, is linked to and part of a global environment of state and non-state actors where the infrastructure and the terrain is largely private. Russian operations within the Ukrainian information environment are conducted against, and through, this privately owned infrastructure, and the Ukrainian defense is likewise bound up in cooperative efforts with those infrastructure owners and other technology companies that are providing aid and assistance. These efforts have contributed materially, and in some cases uniquely, to Ukraine’s defense.

The centrality of this environment to the conduct of this war, raises important questions about the degree to which states and societies are dependent on information infrastructure and functionalities owned and operated by private actors, and especially transnational private actors. Although private sector involvement in the war in Ukraine has generally been positive, the fact that the conduct of war and other responsibilities in the realm of statehood are reliant on private actors leads to new challenges for these companies, for the Ukrainian government, and for the United States and allies.

The United States government must improve its understanding of, and facility for, joint public-private action to contest over and through the information environment. The recommendations in this report are intended to facilitate the ability of US technology companies to send necessary aid to Ukraine, ensure that the US government has a complete picture of US private-sector involvement in the war in Ukraine, and contribute more effectively to the resilience of the Ukrainian information environment. First, the US government should issue a directive providing assurance and clarification as to the legality of private sector cyber, information, capacity building, and technical aid to Ukraine. Second, a task force pulling from agencies and offices across government should coordinate to track past, current, and future aid from the private sector in these areas to create a better map of US collaboration with Ukraine across the public and private sectors. Third, the US government should increase its facilitation of private technology aid by providing logistical and financial support.

These recommendations, focused on Ukraine’s defense, are borne of and provoke larger questions that will only become more important to tackle. The information environment and attempts to control it have long been a facet of conflict, but the centrality of privately owned and operated technology—and the primacy of some private sector security capabilities in relation to all but a handful of states—pose increasingly novel challenges to the United States and allied policymaking communities. Especially in future conflicts, the risks associated with private sector action in defense of, or directly against, a combatant could be significantly greater and multifaceted, rendering existing cooperative models insufficient.

The Russian information offensive

The Russian Federation Ministry of Foreign Affairs defines information space—of which cyberspace is a part—as “the sphere of activity connected with the formation, creation, conversion, transfer, use, and storage of information and which has an effect on individual and social consciousness, the information infrastructure, and information itself.¹ Isolating the Ukrainian information space is key to both the short- and long-term plans of the Russian government. In the short term, the Kremlin pursues efforts to control both the flow and content of communications across the occupied areas.² In the longer term, occupation of the information environment represents an integral step in Russian plans to occupy and claim control over the Ukrainian population.

In distinct opposition to the global nature of the information environment, over the past decade or so, the Kremlin has produced successive legislation “to impose ‘sovereignty’ over the infrastructure, content, and data traversing Russia’s ‘information space,’” creating a sectioned-off portion of the internet now known as RuNet.³ Within this space, the Russian government has greater control over what information Russian citizens see and a greater ability to monitor what Russian citizens do online.⁴ This exclusionary interpretation is an exercise in regime security against what the Kremlin perceives as constant Western information warfare against it.⁵ As Gavin Wilde, senior fellow with the Carnegie Endowment for International Peace, writes, the Russian government views the information environment “as an ecosystem to be decisively dominated.”⁶

To the Kremlin, domination of the information environment in Ukraine is an essential step toward pulling the nation into its fold and under its control. Just as Putin views information domination as critical to his regime’s exercise of power within Russia, in Ukraine, Russian forces systematically conduct offensives against the Ukrainian information environment in an attempt to create a similar model of influence and control that would further enable physical domination. This strategy is evident across the Kremlin’s efforts to weaken the Ukrainian state for the last decade at least. In the 2014 and 2022 invasions, occupied, annexed, and newly “independent” regions of Ukraine were variously cut off from the wider information space and pulled into the restricted Russian information space.

The Crimean precedent – 2014

The Russian invasion of Ukraine did not begin in 2022, but in 2014. Examining this earlier Russian incursion illustrates the pattern of Russian offensive behavior in and through the information environment going back nearly a decade—a combination of physical, cyber, financial, and informational maneuvers that largely target or move through private information infrastructure. In 2014, although obfuscated behind a carefully constructed veil of legitimacy, Russian forces specifically targeted Ukrainian information infrastructure to separate the Crimean population from the Ukrainian information environment, and thereby the global information environment, and filled that vacuum with Russian infrastructure and information.

The Russian invasion of eastern Ukraine in 2014 was a direct response to the year-long Euromaidan Revolution, which took place across Ukraine in protest of then-President Viktor Yanukovych’s decision to spurn closer relations with the European Union and ignore growing calls to counter Russian influence and corruption within the Ukrainian government. These protests were organized, mobilized, and sustained partially through coordination, information exchange, and message amplification over social media sites like Facebook, Twitter, YouTube, and Ustream—as well as traditional media.⁷ In February 2014, after Yanukovych fled to Russia, the Ukrainian parliament established a new acting government and announced that elections for a new president would be held in May. Tensions immediately heightened, as Russian forces began operating in Crimea with the approval of Federal Assembly of Russia at the request of “President” Yanukovych, although Putin denied that they were anything other than “local self-defense forces.”⁸ On March 21, Putin signed the annexation of Crimea.⁹

During the February 2014 invasion of Crimea, the seizure and co-option of Ukrainian physical information infrastructure was a priority. Reportedly, among the first targets of Russian special forces was the Simferopol Internet Exchange Point (IXP), a network facility that enables internet traffic exchange.¹⁰ Ukraine’s state-owned telecommunications company Ukrtelecom reported that armed men seized its offices in Crimea and tampered with fiber-optic internet and telephone cables.¹¹ Following the raid, the company lost the “technical capacity to provide connection between the peninsula and the rest of Ukraine and probably across the peninsula, too.”¹² Around the same time, the head of the Security Service of Ukraine (SBU), Valentyn Nalivaichenko, reported that the mobile phones of Ukrainian parliament members, including his own, were blocked from connecting through Ukrtelecom networks in Crimea.¹³

Over the next three years, and through the “progressive centralization of routing paths and monopolization of Internet Service market in Crimea … the topology of Crimean networks has evolved to a singular state where paths bound to the peninsula converge to two ISPs (Rosetelecom and Fiord),” owned and operated by Russia.¹⁴ Russian forces manipulated the Border Gateway Protocol (BGP)—the system that helps connects user traffic flowing from ISPs to the wider internet—modifying routes to force Crimean internet traffic through Russian systems, “drawing a kind of ‘digital frontline’ consistent with the military one.”¹⁵ Residents of Crimea found their choices increasingly limited, until their internet service could only route through Russia, instead of Ukraine, subject to the same level of censorship and internet controls as in Russia. The Russian Federal Security Service (FSB) monitored communications from residents of Crimea, both within the peninsula and with people in Ukraine and beyond.¹⁶ Collaboration between ISPs operating in Crimea through Russian servers and the FSB appears to be a crucial piece of this wider monitoring effort. This claim was partially confirmed by a 2018 Russian decree that forbade internet providers from publicly sharing any information regarding their cooperation with “the authorized state bodies carrying out search and investigative activities to ensure the security of the Russian Federation.”¹⁷

From March to June 2014, Russian state-owned telecom company Rostelcom began and completed construction of the Kerch Strait cable, measuring 46 kilometers (about 28.5 miles) and costing somewhere between $11 and $25 million, to connect the Crimean internet with the Russian RuNet.¹⁸ Rostelcom, using a local agent in Crimea called Miranda Media, became the main transit network for several Crimean internet service providers (ISPs), including KCT, ACS-Group, CrimeaCom, and CRELCOM in a short period of time.¹⁹ There was a slower transition of customers from the Ukrainian company Datagroup to Russian ISPs, but nonetheless, the number of Datagroup customers in Crimea greatly decreased throughout 2014. According to one ISP interviewed by Romain Fontugne, Ksenia Ermoshina, and Emile Aben, “the Kerch Strait cable was used first of all for voice communication … The traffic capacity of this cable was rather weak for commercial communications.”²⁰ But by the end of 2017, remnant usage of Ukrainian ISPs had virtually disappeared, following the completion of a second, better internet cable through the Kerch Strait and a series of restrictions placed on Russian social media platforms, news outlets, and a major search engine by Ukrainian President Poroshenko.²¹The combination of the new restrictions, and the improved service of Russian ISPs encouraged more Crimeans to move away from Ukrainian ISPs.

Russia’s efforts to control the information environment within Crimea, and the Russian government’s ability to monitor communications and restrict access to non-Russian approved servers, severely curtailed freedom of expression and belief—earning the region zero out of four in this category from Freedom House.²² Through physical, and formerly private, information infrastructure, Russia was able to largely take control of the information environment within Crimea.

A parallel occupation – 2022

Digital information infrastructure

Just as in 2014, one of the first priorities of invading Russian forces in 2022 was the assault of key Ukrainian information infrastructure, including digital infrastructure. Before, during, and following the invasion, Russian and Russian-aligned forces targeted Ukrainian digital infrastructure through cyber operations, ranging in type, target, and sophistication. Through some combination of Ukrainian preparedness, partner intervention, and Russian planning shortfalls, among other factors, large-scale cyber operations disrupting Ukrainian critical infrastructure, such as those seen previously in 2015 with BlackEnergy and NotPetya, did not materialize.²³ This could be because such cyber operations require significant time and resources, and similar ends can be more cheaply achieved through direct, physical means. Russian cyber operators, however, have not been idle.

Preceding the physical invasion, there was a spate of activity attributed to both Russian and Russian-aligned organizations targeting a combination of state and private organizations.²⁴ From January 13 to 14, for example, hackers briefly took control of seventy Ukrainian government websites, including the Ministries of Defense and Foreign Affairs, adding threatening messages to the top of these official sites.²⁵ The following day, January 15, Microsoft’s Threat Intelligence Center reported the discovery of wiper malware, disguised as ransomware, in dozens of Ukrainian government systems, including agencies which “provide critical executive branch or emergency response function,” and an information technology firm that services those agencies.²⁶ A month later, on February 15, Russian hackers targeted several websites with distributed denial of service (DDoS) attacks, forcing Ukrainian defense ministry and armed forces websites, as well as those of PrivatBank and Oschadbank, offline.²⁷ Around the same time, according to Microsoft’s special report on Ukraine, “likely” Russian actors were discovered in the networks of unidentified critical infrastructure in Odessa and Sumy.²⁸ The day before the invasion, cybersecurity companies ESET and Symantec reported that a new destructive wiper was spreading across Ukrainian, Latvian, and Lithuanian networks, as a second round of DDoS attacks again took down a spate of government and financial institution websites.“²⁹ This activity centered around information—with defacements sending a clear threat to the Ukrainian government and population, DDoS attacks impairing accurate communication, and wiper malware degrading Ukrainian data—and gaining access to Ukrainian data for Russia. Although many of these operations targeted Ukrainian government networks, the attacks moved through or against privately operated infrastructure and, notably, the first public notification and detailing of several of these operations was undertaken by transnational technology companies.

After February 24, Russian cyber activity continued and the targets included a number of private information infrastructure operators. A March hack of Ukrtelecom—Ukraine’s largest landline operator, which also provides internet and mobile services to civilians and the Ukrainian government and military—resulted in a collapse of the company’s network to just 13 percent capacity, the most severe disruption in service the firm recorded since the invasion began.³⁰ Another such operation targeted Triolan—a Ukrainian telecommunications provider—on February 24 in tandem with the physical offensive and a second time on March 9. These incursions on the Triolan network took down key nodes and caused widespread service outages. Following the March 9 attack, the company was able to restore service, but these efforts were complicated by the need to physically access some of the equipment located in active conflict zones.³¹ These attacks against Ukraine-based information infrastructure companies caused service outages that were concurrent with the physical invasion and afterwards, restricted communications among Ukrainians and impeded the population’s ability to respond to current and truthful information.

This unacceptable cyberattack is yet another example of Russia’s continued pattern of irresponsible behaviour in cyberspace, which also formed an integral part of its illegal and unjustified invasion of Ukraine.¹

Council of the European Union

These types of operations, however, were not restricted to Ukraine-based information infrastructure. A significant opening salvo in Russia’s invasion was a cyber operation directed against ViaSat, a private American-based satellite internet company that provides services to users throughout the world, including the Ukrainian military.³² Instead of targeting the satellites in orbit, Russia targeted the modems in ViaSat’s KA-SAT satellite broadband network that connected users with the internet.³³ Specifically, Russia exploited a “misconfiguration in a VPN [virtual private network] appliance to gain remote access to the trusted management segment of the KA-SAT network.”³⁴ From there, the attackers were able to move laterally though the network to the segment used to manage and operate the broader system.³⁵ They then “overwrote key data in flash memory on the modems,” making it impossible for the modems to access the broader network.³⁶ Overall, the effects of the hack were short-lived, with ViaSat reporting the restoration of connectivity within a few days after shipping approximately 30,000 new modems to affected customers.³⁷

SentinelOne, a cybersecurity firm, identified the malware used to wipe the modems and routers of the information they needed to operate.³⁸ The firm assessed “with medium-confidence“ that AcidRain, the malware used in the attack, had ”developmental similarities” with an older malware, VPNFilter, that the Federal Bureau of Investigation and the US Department of Justice have previously linked to the Russian government.³⁹ The United States, United Kingdom, and European Union all subsequently attributed the ViaSat hack to Russian-state backed actors.⁴⁰

The effectiveness of the operation is debated, although the logic of the attack is straightforward. Russia wanted to constrain, or preferably eliminate, an important channel of communication for the Ukrainian military during the initial stages of the invasion. Traditional, land-based radios, which the Ukrainian military relies on for most of their communications, only work over a limited geographic range, therefore making it more difficult to use advanced, long-range weapons systems.⁴¹ It should be expected that landline and conventional telephony would suffer outages during the opening phases of the war and struggle to keep up with rapidly moving forces.

Initially, it was widely reported that the Russian strike on ViaSat was effective. On March 15, a senior Ukrainian cybersecurity official, Viktor Zhora, was quoted saying that the attack on ViaSat caused “a really huge loss in communications in the very beginning of the war.⁴² When asked follow-up questions about his quote, Zhora said at the time that he was unable to elaborate, leading journalists and industry experts to believe that the attack had impacted the Ukrainian military’s ability to communicate.⁴³ However, several months later, on September 26, Zhora revised his initial comments, stating that the hack would have impacted military communications if satellite communications had been the Ukrainian military’s principal medium of communication. However, Zhora stated that the Ukrainian military instead relies on landlines for communication, with satellites as a back-up method. He went on to say that “in the case land lines were destroyed, that could be a serious issue in the first hours of war.”⁴⁴ The tension, and potential contradictions, in Zhora’s comments underlines the inherent complications in analyzing cyber operations during war: long-term consequences can be difficult to infer from short-term effects, and countries seek to actively control the narratives surrounding conflict.

The effectiveness of the ViaSat hack boils down to how the Ukrainian military communicates, and how adaptable it was in the early hours of the invasion. However, it is apparent how such a hack could impact military effectiveness. If Russia, or any other belligerent, was able to simultaneously disrupt satellite communications while also jamming or destroying landlines, forces on the frontlines would be at best poorly connected with their superiors. In such a scenario, an army would be cut off from commanders in other locations and would not be able to report back or receive new directives; they would be stranded until communications could be restored.

The ViaSat hack had a military objective: to disrupt Ukrainian military access to satellite communications. But the effects were not limited to this objective. The operation had spillover effects that rippled across Europe. In Germany, nearly 6,000 wind turbines were taken offline, with roughly 2,000 of those turbines remaining offline for nearly a month after the initial hack due to the loss of remote connectivity.⁴⁵ In France, modems used by emergency services vehicles, including firetrucks and ambulances, were also affected.⁴⁶

ViaSat is not a purely military target. It is a civilian firm that counts the Ukrainian military as a customer. The targeting of civilian infrastructure with dual civilian and military capability and use has occurred throughout history and has been the center of debate in international law, especially when there are cross-border spillover effects in non-combatant countries. Both the principle of proportionality and international humanitarian law require the aggressor to target only military objects, defined as objects “whose total or partial destruction, capture or neutralization, in the circumstances ruling at the time, offers a definite military advantage” in a manner proportional to the military gain foreseen by the operation. ⁴⁷ What this means in practice, however, is that the aggressor determines whether they deem a target to be a military object and a beneficial target and, therefore, what is legitimate. Konstantin Vorontsov, the Head of the Russian Delegation to the United Nations, attempted to justify Russian actions in October 2022 by saying that the use of civilian space infrastructure to aid the Ukrainian war effort may be a violation of the Outer Space Treaty, thereby rendering this infrastructure a legitimate military target.⁴⁸ Similar operations like that against ViaSat are likely to be the new norm in modern warfare. As Mauro Vignati, the adviser on new digital technologies of warfare at the Red Cross, said in November 2022, insofar as private companies own and operate the information infrastructure of the domain, including infrastructure acting as military assets, “when war start[s], those companies, they are inside the battlefield.”⁴⁹

Physical information infrastructure

In February 2022, as Russian forces moved to seize airfields and key physical assets in Ukraine, they simultaneously assaulted the physical information infrastructure operating within and beneath the Ukrainian information environment. Russian forces targeted this infrastructure, largely privately operated, by taking control of assets where possible and destroying them where not, including through a series of Russian air strikes targeting Ukrainian servers, cables, and cell phone towers.⁵⁰ As of June 2022, about 15 percent of Ukrainian information infrastructure had been damaged or destroyed; by July, 12.2 percent of homes had lost access to mobile communication services, 11 percent of base stations for mobile operators were out of service, and approximately 20 percent of the country’s telecommunications infrastructure was damaged or destroyed.⁵¹ By August “the number of users connecting to the Internet in Ukraine [had] shrunk by at least 16 percent nationwide.”⁵²

In some areas of Ukraine, digital blackouts were enforced by Russian troops to cut the local population off from the highly contested information space. In Mariupol, the last cell tower connecting the city with the outside world was tirelessly tended by two Kyivstar engineers, who kept it alive with backup generators that they manually refilled with gasoline. Once the Russians entered the city, however, the Ukrainian soldiers who had been protecting the cell tower location left to engage with the enemy, leaving the Kyivstar engineers alone to tend to their charge. For three days the engineers withstood the bombing of the city until March 21, when Russian troops disconnected the tower and it went silent.⁵³

Russian forces coerced Ukrainian occupied territories onto Russian ISPs, once again through Rostelcom’s local agent Miranda Media, and onto Russian mobile service providers.⁵⁴ Information infrastructure in Ukraine is made up of overlapping networks of mobile service and ISPs, a legacy of the country’s complicated post-Soviet modernization process. This complexity may have been a boon for its resilience. Russian forces, observed digital-rights researcher Samuel Woodhams, “couldn’t go into one office and take down a whole region … There were hundreds of these offices and the actual hardware was quite geographically separated.⁵⁵ Across eastern Ukraine, including Kherson, Mlitopol, and Mariupol, the Russians aimed to subjugate the physical territory, constituent populations, and Ukrainian information space. In Kherson, Russian forces entered the offices of a Ukrainian ISP and at gunpoint, forced staff to transfer control to them.⁵⁶

Russian bombardment of telecommunications antennas in Kiev (Attribution: Mvs.gov.ua)

Routing the internet and communications access of occupied territories through Russia meant that Moscow could suppress communications to and from these occupied areas, especially through social media and Ukrainian news sites, sever access to essential services in Ukraine, and flood the populations with its own propaganda, as was proved in Crimea in 2014. Moving forward, Russia could use this dependency to “disconnect, throttle, or restrict access to the internet” in occupied territories, cutting off the occupied population from the Ukrainian government and the wider Ukrainian and international community.⁵⁷

The Kremlin’s primary purpose in the invasion of Ukraine was and is to remove the Ukrainian government and, likely, install a pro-Russian puppet government to bring to an end an independent Ukraine.⁵⁸ Therefore, isolating the information environment of occupied populations, in concert with anti-Ukrainian government disinformation, such as the multiple false allegations that President Zelenskyy had fled the country and abandoned the Ukrainian people,⁵⁹ were a means to sway the allegiances, or at least dilute the active resistance, of the Ukrainian people.⁶⁰ Without connectivity to alternative outlets, the occupying Russians could promote false and largely uncontested claims about the progress of the war. In early May 2022 for example, when Kherson lost connectivity for three days, the deputy of the Kherson Regional Council, Serhiy Khlan, reported that the Russians “began to spread propaganda that they were in fact winning and had captured almost all of Mykolaiv.”⁶¹

Russia used its assault on the information environment to undermine the legitimacy of the Ukrainian government and its ability to fulfill its governmental duties to the Ukrainian people. Whether through complete connectivity blackouts or through the restrictions imposed by Russian networks, the Russians blocked any communications from the Ukrainian government to occupied populations—not least President Zelenskyy’s June 13, 2022 address, intended most for those very populations, in which he promised to liberate all occupied Ukrainian land and reassured those populations that they had not been forgotten. Zelenskyy acknowledged the Russian barrier between himself and Ukrainians in occupied territories, saying, “They are trying to make people not just know nothing about Ukraine… They are trying to make them stop even thinking about returning to normal life, forcing them to reconcile.”⁶²

Isolating occupied populations from the Ukrainian information space is intended, in large part, said Stas Prybytko, the head of mobile broadband development within the Ukrainian Ministry of Digital Transformation, to “block them from communicating with their families in other cities and keep them from receiving truthful information.”⁶³ Throughout 2022, so much of what the international community knew about the war came—through Twitter, TikTok, Telegram, and more—from Ukrainians themselves. From videos of the indiscriminate Russian shelling of civilian neighborhoods to recordings tracking Russian troop movements, Ukrainians used their personal devices to capture and communicate the progress of the war directly to living rooms, board rooms, and government offices around the world.⁶⁴The power of this distributed information collection and open-source intelligence relies upon mobile and internet access. The accounts that were shared after Ukrainian towns and cities were liberated from Russian occupation lay bare just how much suffering, arrest, torture, and murder was kept hidden from international view by the purposeful isolation of the information environment and the constant surveillance of Ukrainians’ personal devices.⁶⁵ The war in Ukraine has highlighted the growing impact of distributed open source intelligence during the conduct of war that is carried out by civilians in Ukraine and by the wider open source research community though various social media and messaging platforms.⁶⁶

Narrative Warfare: How the Kremlin and Russian news outlets justified a war of aggression against Ukraine

Undermining Ukraine: How the Kremlin employs information operations to erode global confidence in Ukraine

Russian operations against, especially transnational, digital infrastructure companies can mostly be categorized as disruption, degradation, and information gathering, which saw Russian or Russian-aligned hackers moving in and through the Ukrainian information environment. The attacks against Ukrainian physical infrastructure, however, are of a slightly different character. Invading forces employed physically mediated cyberattacks, a method defined by Herb Lin as “attacks that compromise cyber functionality through the use of or the threat of physical force” to pursue the complete destruction or seizure and occupation of this infrastructure.⁶⁷ Both ends begin with the same purpose: to create a vacuum of information between the Ukrainian government, the Ukrainian people, and the global population, effectively ending the connection between the Ukrainian information environment and the global environment. But the seizure of this infrastructure takes things a step beyond: to occupy the Ukrainian information environment and pull its infrastructure and its people into an isolated, controlled Russian information space.

Reclaiming the Ukrainian information environment

Preparation of the environment

The Russian assault on the Ukrainian information environment is far from unanswered. Russian efforts have been countered by the Ukrainian government in concert with allied states and with technology companies located both within and outside Ukraine. Russia’s aim to pull occupied Ukrainian territory onto Russian networks to be controlled and monitored has been well understood, and Ukraine has been hardening its information infrastructure since the initial 2014 invasion. Ukraine released its Cyber Security Strategy in 2016, which laid out the government’s priorities in this space, including the defense against the range of active cyber threats they face, with an emphasis on the “cyber protection of information infrastructure.”⁶⁸ The government initially focused on centralizing its networks in Kyiv to make it more difficult “for Russian hackers to penetrate computers that store critical data and provide services such as pension benefits, or to use formerly government-run networks in the occupied territories to launch cyberattacks on Kyiv.”⁶⁹

As part of its digitalization and security efforts, the Ukrainian government also sought out new partners, both public and private, to build and bolster its threat detection and response capabilities. Before and since the 2022 invasion, the Ukrainian government has worked with partner governments and an array of technology companies around the world to create resilience through increased connectivity and digitalization.

Bolstering Ukrainian connectivity

Since the 2014 invasion and annexation of Crimea, Ukraine-serving telecommunications operators have developed plans to prepare for future Russian aggression. Lifecell, the third largest Ukrainian mobile telephone operator, prepared its network for an anticipated Russian attack. The company shifted their office archives, documentation, and critical network equipment from eastern to western Ukraine, where it would be better insulated from violence, added additional network redundancy, and increased the coordination and response capabilities of their staff.⁷⁰ Similarly, Kyivstar and Vodafone Ukraine increased their network bandwidth to withstand extreme demand. In October 2021, these three companies initiated an infrastructure sharing agreement to expand LTE (Long Term Evolution) networks into rural Ukraine and, in cooperation with the Ukrainian government, expanded the 4G telecommunications network to bring “mobile network coverage to an estimated 91.6 per cent of the population.”⁷¹

The expansion and improvement of Ukrainian telecommunications continued through international partnerships as well. Datagroup, for example, announced a $20 million partnership in 2021 with Cisco, a US-based digital communications company, to modernize and expand the bandwidth of its extensive networks.⁷² Since the February 2022 invasion, Cisco has also worked with the French government to provide over $5 million of secure, wireless networking equipment and software, including firewalls, for free to the Ukrainian government.⁷³

This network expansion is an integral part of the Ukrainian government’s digitalization plans for the country, championed by President Zelenskyy. Rather than the invasion putting an end to these efforts, Deputy Prime Minister and Minister for Digital Transformation Mykhailo Fedorov claimed that during the war “digitalization became the foundation of all our life. The economy continues to work … due to digitalization.⁷⁴ The digital provision of government services has created an alternate pathway for Ukrainians to engage in the economy and with their government. The flagship government initiative Diia, launched in February 2020, is a digital portal through which the 21.7 million Ukrainian users can access legal identification, make social services payments, register a business, and even register property damage from Russian missile strikes.⁷⁵ The Russian advance and consequent physical destruction that displaced Ukrainians means that the ability to provide government services through alternate and resilient means is more essential than ever, placing an additional premium on defending Ukrainian information infrastructure.

Backing up a government

As Russian forces built up along Ukraine’s borders, Ukrainian network centralization may have increased risk, despite the country’s improved defense capabilities. In preparation for the cyber and physical attacks against the country’s information infrastructure, Fedorov moved to amend Ukrainian data protection laws to allow the government to store and process data in the cloud and worked closely with several technology companies, including Microsoft, Amazon Web Services, and Google, to effect the transfer of critical government data to infrastructure hosted outside the country.⁷⁶ Cloud computing describes “a collection of technologies and organizational processes which enable ubiquitous, on-demand access to a shared pool of configurable computing resources.”⁷⁷ Cloud computing is dominated by the four hyperscalers—Amazon, Microsoft, Google, and Alibaba—that provide computing and storage at enterprise scale and are responsible for the operation and security of data centers all around the world, any of which could host customer data according to local laws and regulations.⁷⁸

According to its April 2022 Ukraine war report, Microsoft “committed at no charge a total of $107 million of technology services to support this effort” and renewed the relationship in November, promising to ensure that “government agencies, critical infrastructure and other sectors in Ukraine can continue to run their digital infrastructure and serve citizens through the Microsoft Cloud” at a value of about $100 million.⁷⁹ Amazon and Google have also committed to supporting cloud services for the Ukrainian government, for select companies, and for humanitarian organizations focused on aiding Ukraine.⁸⁰ In accordance with the Ukrainian government’s concerns, Russian missile attacks targeted the Ukrainian government’s main data center in Kyiv soon after the invasion, partially destroying the facility, and cyberattacks aggressively tested Ukrainian networks.⁸¹

Unlike other lines of aid provided by the international community to strengthen the defense of the Ukrainian information environment, cloud services are provided only by the private sector.⁸² While this aid has had a transformative effect on Ukrainian defense, that transformative quality has also raised concerns. Microsoft, in its special report on Ukraine, several times cites its cloud services as one of the determining factors that limited the effect of Russian cyber and kinetic attacks on Ukrainian government data centers, and details how their services, in particular, were instrumental in this defense.⁸³ In this same report, Microsoft claims to be most worried about those states and organizations that do not use cloud services, and provides corroborating data.⁸⁴ Microsoft and other technology companies offering their services at a reduced rate, or for free, are acting—at least in part—out of a belief in the rightness of the Ukrainian cause. However, they are still private companies with responsibilities to shareholders or board members, and they still must seek profit. Services provided, especially establishing information infrastructure like Cloud services, are likely to establish long-term business relationships with the Ukrainian government and potentially with other governments and clients, who see the effectiveness of those services illustrated through the defense of Ukraine.

Mounting an elastic defense

Working for wireless

Alongside and parallel to the Ukrainian efforts to defend and reclaim occupied physical territory is the fight for Ukrainian connectivity. Ukrainian telecommunications companies have been integral to preserving connectivity to the extent possible. In March 2022, Ukrainian telecom operators Kyivstar, Vodafone Ukraine, and Lifecell made the decision to provide free national mobile roaming services across mobile provider networks, creating redundancy and resilience in the mobile network to combat frequent service outages.⁸⁵ The free mobile service provided by these companies is valued at more than UAH 980 million (USD 26.8 million).⁸⁶ In addition, Kyivstar in July 2022 committed to the allocation of UAH 300 million (about USD 8.2 mil) for the modernization of Ukraine’s information infrastructure in cooperation with the Ukrainian Ministry of Digital transformation.⁸⁷ The statements that accompanied the commitments from Kyivstar and Lifecell—both headquartered in Ukraine—emphasized each company’s dedication to Ukrainian defense and their role in it, regardless of the short-term financial impact.⁸⁸ These are Ukrainian companies with Ukrainian infrastructure and Ukrainian customers, and their fate is tied inextricably to the outcome of this war.

As Russian forces advanced and attempted to seize control of information infrastructure, in at least one instance, Ukrainian internet and mobile service employees sabotaged their own equipment first. Facing threats of imprisonment and death from occupying Russians, employees in several Ukrtelecom facilities withstood pressure to share technical network details and instead deleted key files from the systems. According to Ukrtelecom Chief Executive Officer Yuriy Kurmaz, “The Russians tried to connect their control boards and some equipment to our networks, but they were not able to reconfigure it because we completely destroyed the software.”⁸⁹ Without functional infrastructure, Russian forces struggled to pull those areas onto Russian networks.

The destruction of telecommunications infrastructure has meant that these areas and many others along the war front are, in some areas, without reliable information infrastructure, either wireless or wired. While the Ukrainian government and a bevy of local and international private sector companies battle for control of on-the-ground internet and communications infrastructure, they also pursued new pathways to connectivity.

Searching for satellite

Two days after the invasion, Deputy Prime Minister Fedorov tweeted at Elon Musk, the Chief Executive Officer of SpaceX, that “while you try to colonize Mars — Russia try [sic] to occupy Ukraine! While your rockets successfully land from space — Russian rockets attack Ukrainian civil people! We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand.”⁹⁰ Just another two days later, Fedorov confirmed the arrival of the first shipment of Starlink stations.⁹¹

Starlink, a network of low-orbit satellites working in constellations operated by SpaceX, relies on satellite receivers no larger than a backpack that are easily installed and transported. Because Russian targeting of cellular towers made communications coverage unreliable, says Fedorov, the government “made a decision to use satellite communication for such emergencies” from American companies like SpaceX.⁹² Starlink has proven more resilient than any other alternative throughout the war. Due to the low orbit of Starlink satellites, they can broadcast to their receivers at relatively higher power than satellites in higher orbits. There has been little reporting on successful Russian efforts to jam Starlink transmissions, and the Starlink base stations—the physical, earthbound infrastructure that communicates directly with the satellites—are located on NATO territory, ensuring any direct attack on them would be a significant escalation in the war.⁹³

Starlink has been employed across sectors almost since the war began. President Zelenskyy has used the devices himself when delivering addresses to the Ukrainian people, as well as to foreign governments and populations.⁹⁴ Fedorov has said that sustained missile strikes against energy and communication infrastructure have been effectively countered through the deployment of Starlink devices that can restore connection where it is most needed. He even called the system “an essential part of critical infrastructure.”⁹⁵

Starlink has also found direct military applications. The portability of these devices means that Ukrainian troops can often, though not always, stay connected to command elements and peer units while deployed.⁹⁶ Ukrainian soldiers have also used internet connections to coordinate attacks on Russian targets with artillery-battery commanders.⁹⁷ The Aerorozvidka, a specialist air reconnaissance unit within the Ukrainian military that conducts hundreds of information gathering missions every day, has used Starlink devices in areas of Ukraine without functional communications infrastructure to “monitor and coordinate unmanned aerial vehicles, enabling soldiers to fire anti-tank weapons with targeted precision.”⁹⁸ Reports have also suggested that a Starlink device was integrated into an unmanned surface vehicle discovered near Sevastopol, potentially used by the Ukrainian military for reconnaissance or even to carry and deliver munitions.⁹⁹ According to one Ukrainian soldier, “Starlink is our oxygen,” and were it to disappear, “our army would collapse into chaos.”¹⁰⁰

The initial package of Starlink devices included 3,667 terminals donated by SpaceX and 1,333 terminals purchased by the United States Agency for International Development (USAID).¹⁰¹ SpaceX initially offered free Starlink service for all the devices, although the offer has already been walked back by Musk, and then reversed again. CNN obtained proof of a letter sent by Musk to the Pentagon in September 2022 stating that SpaceX would be unable to continue funding Starlink service in Ukraine. The letter requested that the Pentagon pay what would amount to “more than $120 million for the rest of the year and could cost close to $400 million for the next 12 months.” It also clarified that the vast majority of the 20,000 Starlink devices sent to Ukraine were financed at least in part by outside funders like the United States, United Kingdom, and Polish governments.¹⁰²

After the letter was sent, but before it became public, Musk got into a Twitter spat with Ukrainian diplomat Adrij Melnyk after the former wrote a tweet on October 3 proposing terms of peace between Russia and Ukraine. Musk’s proposal included Ukraine renouncing its claims to Crimea and pledging to remain neutral, with the only apparent concession from Russia a promise to ensure water supply in Crimea. The plan was rejected by the public poll Musk included in the tweet, and Melnyk replied and tagged Musk, saying “Fuck off is my very diplomatic reply to you @elonmusk.”¹⁰³ After CNN released the SpaceX letter to the Pentagon, Musk seemingly doubled down on his decision to reduce SpaceX funding at first. He responded on October 14 to a tweet summarizing the incident, justifying possible reduced SpaceX assistance stating, “We’re just following his [Melnyk’s] recommendation,” even though the letter was sent before the Twitter exchange. Musk then tweeted the following day, “The hell with it … even though Starlink is still losing money & other companies are getting billions of taxpayer $, we’ll just keep funding Ukraine govt for free.”¹⁰⁴ Two days later, in response to a Politico tweet reporting that the Pentagon was considering covering the Starlink service costs, Musk stated that “SpaceX has already withdrawn its request for funding.”¹⁰⁵ Musk’s characterization of SpaceX’s contribution to the war effort has sparked confusion and reprimand, with his public remarks often implying that his company is entirely footing the bill when in fact, tens of millions of dollars’ worth of terminals and service are being covered by several governments every month.

The Starlink saga, however, was not over yet. Several weeks later in late October, 1,300 Starlink terminals in Ukraine, purchased in March 2020 by a British company for use in Ukrainian combat-related operations, were disconnected, allegedly due to lack of funding, causing a communications outage for the Ukrainian military.¹⁰⁶ Although operation was restored, the entire narrative eroded confidence in SpaceX as a guarantor of flexible connectivity in Ukraine. In November 2022, Federov noted that while Ukraine has no intention of breaking off its relationship with Starlink, the government is exploring working with other satellite communications operators.¹⁰⁷ Starlink is not the only satellite communications network of its kind, but its competitors have not yet reached the same level of operation. Satellite communications company OneWeb, based in London with ties to the British military, is just now launching its satellite constellation, after the Russian invasion of Ukraine required the company to change its launch partner from Roscosmos to SpaceX.¹⁰⁸ The US Space Development Agency, within the United States Space Force, will launch the first low earth orbit satellites of the new National Defense Space Architecture in March 2023. Other more traditional satellite companies cannot provide the same flexibility as Starlink’s small, transportable receivers.

UA Support Forces use Starlink (Attribution: Mil.gov.ua)

With the market effectively cornered for the moment, SpaceX can dictate the terms, including the physical bounds, of Starlink’s operations, thereby wielding immense influence on the battlefield. Starlink devices used by advancing Ukrainian forces near the front, for example, have reported inconsistent reliability.¹⁰⁹ Indeed CNN reported on February 9^th that this bounding was a deliberate attempt to separate the devices from direct military use, as SpaceX President Gwynne Shotwell explained “our intent was never to have them use it for offensive purposes.”¹¹⁰ The bounding decision, similar to the rationale behind the company’s decision to refuse to activate Starlink service in Crimea, was likely made to contain escalation, especially escalation by means of SpaceX devices.¹¹¹

But SpaceX is not the only satellite company making decisions to bound the area of operation of their products to avoid playing—or being perceived to play—a role in potential escalation. On March 16, 2022, Minister Fedorov tweeted at DJI, a Chinese drone producer, “@DJIGlobal are you sure you want to be a partner in these murders? Block your products that are helping russia to kill the Ukrainians!”¹¹² DJI responded directly to the tweet the same day, saying “If the Ukrainian government formally requests that DJI set up geofencing throughout Ukraine, we will arrange it,” but pointed out that such geofencing would inhibit all users of their product in Ukraine, not just Russians.¹¹³

While Russia continues to bombard the Ukrainian electrical grid, Starlink terminals have grown more expensive for new Ukrainian consumers, increasing from $385 earlier this year to $700, although it is unclear if this price increase also affected government purchasers.¹¹⁴ According to Andrew Cavalier, a technology industry analyst with ABI Research, the indispensability of the devices gives “Musk and Starlink a major head start [against its competitors] that its use in the Russia–Ukraine war will only consolidate.”¹¹⁵ Indeed, the valuation of SpaceX was $127 million in May 2022, and the company raised $2 billion in the first seven months of 2022.¹¹⁶ For SpaceX, the war in Ukraine has been an impressive showcase of Starlink’s capabilities and has proven the worth of its services to future customers. The company recently launched a new initiative, Starshield, intended to leverage “SpaceX’s Starlink technology and launch capability to support national security efforts. While Starlink is designed for consumer and commercial use, Starshield is designed for government use.”¹¹⁷ It is clear that SpaceX intends to capitalize on the very public success of its Starlink network in Ukraine.

Reclaiming Territory

The Russian assault is not over, but Ukraine has reclaimed “54 percent of the land Russia has captured since the beginning of the war” and the front line has remained relatively stable since November 2022.¹¹⁸ Videos and reports from reclaimed territory show the exultation of the liberated population. As Ukrainian military forces reclaim formerly occupied areas, the parallel reclamation of the information environment, by or with Ukrainian and transnational information infrastructure operators, follows quickly.

In newly liberated areas, Starlink terminals are often the first tool for establishing connectivity. In Kherson, the first regional capital that fell to the Russian invasion and reclaimed by Ukrainian troops on November 11, 2022, residents lined up in public spaces to connect to the internet through Starlink.¹¹⁹ The Ministry of Digital Transformation provided Starlink devices to the largest service providers, Vodaphone and Kyivstar, to facilitate communication while their engineers repaired the necessary infrastructure for reestablishing mobile and internet service.¹²⁰ A week after Kherson was recaptured, five Kyivstar base stations were made operational and Vodaphone had reestablished coverage over most of the city.¹²¹

Due to the importance of reclaiming the information space, operators are working just behind Ukrainian soldiers to reconnect populations in reclaimed territories to the Ukrainian and global information environment as quickly as possible, which means working in very dangerous conditions. In the Sumy region, a Ukrtelecom vehicle pulling up to a television tower drove over a land mine, injuring three of the passengers and killing the driver.¹²² Stanislav Prybytko, the head of the mobile broadband department in the Ukrainian Ministry of Digital Transformation, says “It’s still very dangerous to do this work, but we can’t wait to do this, because there are a lot of citizens in liberated villages who urgently need to connect.”¹²³ Prybytko and his eleven-person team have been central to the Ukrainian effort to stitch Ukrainian connectivity back together. The team works across a public-private collaborative, coordinating with various government officials and mobile service providers to repair critical nodes in the network and to reestablish communications and connectivity.¹²⁴ According to Ukrainian government figures, 80 percent of liberated settlements have partially restored internet connection, and more than 1,400 base stations have been rebuilt by Ukrainian mobile operators since April 2022.¹²⁵

Key Takeaways

The information environment is a key domain through which this war is being contested. The Russian government has demonstrated for over a decade the importance it places on control of the information environment, both domestically and as part of campaigns to expand the Russian sphere of influence abroad. Yet, despite this Russian focus, the Ukrainian government has demonstrated incredible resilience against physical assaults, cyberattacks, and disinformation campaigns against and within the Ukrainian information environment and has committed to further interlacing government services and digital platforms.

The centrality of this environment to the conduct of this war means that private actors are necessarily enmeshed in the conflict. As providers of products and services used for Ukrainian defense, these companies are an important part of the buttressing structure of that defense. The centrality of private companies in the conduct of the war in Ukraine brings to light new and increasingly important questions about what it means for companies to act as information infrastructure during wartime, including:

What is the complete incentive structure behind a company’s decision to provide products or services to a state at war?
How dependent are states on the privately held portions of the information environment, including infrastructure, tools, knowledge, data, skills, and more, for their own national security and defense?
How can the public and private sectors work together better as partners to understand and prepare these areas of reliance during peace and across the continuum of conflict in a sustained, rather than ad hoc, nature?

Incentives

The war in Ukraine spurred an exceptional degree of cooperation and aid from private companies within Ukraine and from around the globe. Much of public messaging around the private sector’s assistance of Ukrainian defense centers around the conviction of company leadership and staff that they were compelled by a responsibility to act. This is certainly one factor in their decision. But the depth of private actor involvement in this conflict demands a more nuanced understanding of the full picture of incentives and disincentives that drive a company’s decision to enter into new, or expand upon existing, business relationships with and in a country at war. What risks, for example, do companies undertake in a war in which Russia has already demonstrated its conviction that private companies are viable military targets? The ViaSat hack was a reminder of the uncertainty that surrounds the designation of dual-use technology, and the impact that such designations have in practice. What role did public recognition play in companies’ decisions to provide products and services, and how might this recognition influence future earnings potential? For example, while their remarks differed in tone, both Elon Musk on Twitter and Microsoft in its special report on Ukraine publicly claimed partial credit for the defense of Ukraine.

As the war continues into its second year, these questions are important to maintaining Ukraine’s cooperation with these entities. With a better understanding of existing and potential incentives, the companies, the United States, and its allies can make the decision to responsibly aid Ukraine much easier.

Dependencies

Private companies play an important role in armed conflict, operating much of the infrastructure that supports the information environment through which both state and non-state actors compete for control. The war in Ukraine has illustrated the willingness of private actors, from Ukrainian telecommunications companies to transnational cloud and satellite companies, to participate as partners in the defense of Ukraine. State dependence on privately held physical infrastructure is not unique to the information environment, but state dependence on infrastructure that is headquartered and operated extraterritorially is a particular feature.

Prior to and throughout the war, the Ukrainian government has coordinated successfully with local telecommunication companies to expand, preserve, and restore mobile, radio, and internet connectivity to its population. This connectivity preserved what Russia was attempting to dismantle—a free and open Ukrainian information environment through which the Ukrainian government and population can communicate and coordinate. The Ukrainian government has relied on these companies to provide service and connectivity, working alongside them before and during the war to improve infrastructure and to communicate priorities. These companies are truly engaging as partners in Ukrainian defense, especially because this information infrastructure is not just a medium through which Russia launches attacks but an environment that Russia is attempting to seize control of. This dependence has not been unidirectional—the companies themselves are inextricably linked to this conflict through their infrastructure, employees, and customers in Ukraine. Each is dependent to some degree on the other and during times of crisis, their incentives create a dynamic of mutual need.

The Ukrainian government has also relied on a variety of transnational companies though the provision of technology products or services and information infrastructure. As examined in this report, two areas where the involvement of these companies has been especially impactful are cloud services and satellite internet services. Cloud services have preserved data integrity and security by moving information to data centers distributed around the world, outside of Ukrainian territory and under the cyber-protection of those cloud service companies. Satellite services have enabled flexible and resilient connectivity, once again located and run primarily outside of Ukraine. These companies can provide essential services within the information environment and the physical environment of Ukraine, but are not fundamentally reliant on the integrity of the country. This dynamic is heightened by the fact that cloud service providers like Microsoft, Amazon Web Services, Google, and satellite internet service providers like Space X’s Starlink are operating within a market with global reach and very few competitors. While these companies and others have made the laudable decision to contribute to Ukrainian defense, the fact is that had they not, there are only a few, if any, other companies with comparable capabilities and infrastructure at scale. Additionally, there’s very little Ukraine or even the US government could have done to directly provide the same capabilities and infrastructure.

Coordination

Built into the discussions around dependency and incentives is the need for government and the private companies who own and operate information infrastructure to coordinate with each other from a more extensive foundation. While coordination with Ukrainian companies and some transnational companies emerged from sustained effort, many instances of private sector involvement were forged on an ad hoc basis and therefore could not be planned on in advance. The ad hoc approach can produce rapid results, as seen by Minister Fedorov’s tweet at Elon Musk and receipt of Starlink devices just days later. While this approach has been wielded by the Ukrainian government, and the Ministry for Digital Transformation in particular, to great effect, this very same example illustrates the complexity of transforming ad hoc aid into sustainable partnerships. Sustainability is especially important when states are facing threats outside of open war, across the continuum of insecurity and conflict where many of these capabilities and infrastructures will continue to be relied upon. Security and defense in the information environment requires states to work in coordination with a diverse range of local and transnational private actors.

Recommendations

Key recommendations from this paper ask the US government, in coordination with the Ukrainian government, to better understand the incentives that surround private sector involvement, to delineate states’ dependency on private information infrastructure, and to improve long-term public-private coordination through three pathways:

Define support parameters. Clarify how private technology companies can and should provide aid
Track support. Create a living database to track the patterns of technological aid to Ukraine from US private companies
Facilitate support requests. Add to the resilience of the Ukrainian information environment by facilitating US private aid.

Define support parameters

Private information infrastructure companies will continue to play a key role in this war. However, there are a number of unresolved questions regarding the decisions these companies are making about if, and how, to provide support to the Ukrainian government to sustain its defense. A significant barrier may be the lack of clarity about the risks of partnership in wartime, which may disincentivize action or may alter existing partnerships. Recent SpaceX statements surrounding the bounding of Starlink use is an example, at least in part, of just such a risk calculous in action. The US government and its allies should release a public directive clarifying how companies can ensure that their involvement is in line with US and international law—especially for dual-use technologies. Reaffirming, with consistent guidelines, how the United States defines civilian participation in times of war will be crucial for ensuring that such actions do not unintentionally legitimize private entities as belligerents and legitimate targets in wartime. At the direction of the National Security Advisor, the US Attorney General and Secretary of State, working through the Office of the Legal Advisor at the State Department, should issue public guidance on how US companies can provide essential aid to Ukraine while avoiding the designation of legitimate military target or combatant under the best available interpretation of prevailing law.

Track support

While a large amount of support for Ukraine has been given directly by or coordinated through governments, many private companies have started providing technological support directly to the Ukrainian government. Some private companies, especially those with offices or customers in Ukraine, got in touch directly with, or were contacted by, various Ukrainian government offices, often with specific requests depending on the company’s products and services.¹²⁶

However, the US government does not have a full and complete picture of this assistance, which limits the ability of US policymakers to track the implications of changing types of support or the nature of the conflict. Policymakers should have access to not only what kind of support is being provided by private US companies, but also the projected period of involvement, what types of support are being requested and denied by companies (in which case, where the US government may be able to act as an alternative provider), and what types of support are being supplied by private sector actors without a significant government equity or involvement. A more fulsome mapping of this assistance and its dependency structure would make it possible for policymakers and others to assess its impact and effectiveness. This data, were it or some version of it publicly available, would also help private companies providing the support to better understand how their contributions fit within the wider context of US assistance and to communicate the effect their products or services are having to stakeholders and shareholders. Such information may play a role in a company’s decision to partner or abstain in the future.

The US government should create a collaborative task force to track US-based private sector support to Ukraine. Because of the wide equities across the US government in this area, this team should be led by the State Department’s Bureau of Cyberspace and Digital Policy and include representatives from USAID, the Department of Defense’s Cyber Policy Office, the National Security Agency’s Collaboration Center, and the Cybersecurity and Infrastructure Security’s Joint Cyber Defense Collaborative. This task force should initially focus on creating a picture of public-private support to Ukraine from entities within the United States, but its remit could extend to work with allies and partners, creating a fulsome picture of international public-private support.

Facilitate support requests

Tracking the technical support that is requested, promised, and delivered to the Ukrainian government is an important first step toward gaining a better understanding of the evolving shape of the critical role that the private sector is increasingly playing in conflict. But closer tracking, perhaps by an associated body, could go further by acting as a process facilitator. Government offices and agencies have long been facilitators of private aid, but now states are increasingly able to interact with, and request support from, private companies directly, especially for smaller quantities or more specific products and services. While this pathway can be more direct and efficient, it also requires a near constant churn of request, provision, and renewal actions from private companies and Ukrainian government officials.

Private organizations have stepped into this breach, including the Cyber Defense Assistance Collaboration (CDAC), founded by Greg Rattray and Matthew Murray, now a part of the US-based non-profit CRDF Global. CDAC works with a number of US private technology companies, as well as the National Security and Defense Council of Ukraine and the Ukrainian think tank Global Cyber Cooperative Center, to match the specific needs of Ukrainian government and state-owned enterprises with needed products and services offered by companies working in coordination.¹²⁷

The growth and reach of this effort demonstrate the potential impact that a government-housed, or even a government-sponsored mechanism, could have in increasing the capacity to facilitate requests from the Ukrainian government, decreasing the number of bureaucratic steps required by Ukrainian government officials while increasing the amount and quality of support they receive. In addition, government facilitation would ease progress toward the previously stated recommendations by building in clarity around what kind of support can be provided and putting facilitation and aid tracking within a single process. As discussed above, this facilitation should start with a focus on US public-private support, but can grow to work alongside similar allied efforts. This could include, for example, coordination with the United Kingdom’s Foreign, Commonwealth and Development Office (FCDO) program, which “enables Ukrainian agencies to access the services of commercial cybersecurity companies.”¹²⁸ Crucially, this task force, helmed by the State Department’s Bureau of Cyberspace and Digital Policy, would act as a facilitator, not as a restricting body. Its mission in this task would be to make connections and provide information.

In line with tracking, US government facilitation would enable government entities to communicate where assistance can be most useful, such as shoring up key vulnerabilities or ensuring that essential defense activities are not dependent on a single private sector entity, and ideally, avoiding dependency on a single source of private sector assistance. A company’s financial situation or philanthropic priorities are always subject to change, and the US government should be aware of such risks and create resilience through redundancy.

Central to this resilience will be the provision of support to bolster key nodes in the Ukrainian telecommunications infrastructure network against not just cyber attacks but also against physical assault, including things like firewalls, mine clearing equipment, and power generators. Aiding the Ukrainian government in the search for another reliable partner for satellite communication devices that offer similar flexibility as Starlink is also necessary, and a representative from the Pentagon has confirmed that such a process is underway, following Musk’s various and contradictory statements regarding the future of SpaceX’s aid to Ukraine back in October.¹²⁹ Regardless, the entire SpaceX experience illustrates the need to address single dependencies in advance whenever possible.

A roadblock to ensuring assistance redundancy is the financial ability of companies to provide products and services to the Ukrainian government without charge or to the degree necessary. While the US government does provide funding for private technological assistance (as in the Starlink example), creating a pool of funding that is tied to the aforementioned task force and overseen by the State Department’s Bureau of Cyberspace and Digital Policy, would enable increased flexibility for companies to cover areas of single dependence, even in instances that would require piecemeal rather than one-to-one redundancy. As previously discussed, many companies are providing support out of a belief that it is the right thing to do, both for their customers and as members of a global society. However, depending on whether that support is paid or provided for free, or publicly or privately given, a mechanism that provides government clarity on private sector support, tracks the landscape of US private support to Ukraine, and facilitates support requests would make it easier for companies to make the decision to start or continue to provide support when weighed against the costs and potential risks of offering assistance.

Looking forward and inward

The questions that have emerged from Ukraine’s experience of defense in and through the information environment are not limited to this context. Private companies have a role in armed conflict and that role seems likely to grow, along with the scale, complexity, and criticality of the information infrastructures they own and operate. Companies will, in some capacity, be participants in the battlespace. This is being demonstrated in real time, exposing gaps that the United States and its allies and partners must address in advance of future conflicts.

Russia’s war on Ukraine has created an environment in which both public and private assistance in support of Ukrainian information infrastructure is motivated by a common aversion toward Russian aggression, as well as a commitment to the stability and protection of the Ukrainian government and people. This war is not over and despite any hopes to the contrary, similar aggressions will occur in new contexts, and with new actors in the future. It is crucial that in conjunction with examining and mitigating the risks related to the involvement of private technology companies in the war in Ukraine, the US government also examines these questions regarding its own national security and defense.

The information environment is increasingly central to not just warfighting but also to the practice of governance and the daily life of populations around the world. Governments and populations live in part within that environment and therefore atop infrastructure that is owned and operated by the private sector. As adversaries seek to reshape the information environment to their own advantage, US and allied public and private sectors must confront the challenges of their existing interdependence. This includes defining in what form national security and defense plans in and through the information environment are dependent upon private companies, developing a better understanding of the differing incentive structures that guide private sector decision-making, and working in coordination with private companies to create a more resilient information infrastructure network through redundancy and diversification. It is difficult to know what forms future conflict and future adversaries will take, or the incentives that may exist for companies in those new contexts, but by better understanding the key role that private information and technology companies already play in this domain, the United States and allies can better prepare for future threats.

About the Authors

Emma Schroeder is an associate director with the Atlantic Council’s Cyber Statecraft Initiative, within the Digital Forensic Research Lab, and leads the team’s work studying conflict in and through cyberspace. Her focus in this role is on developing statecraft and strategy for cyberspace that is useful for both policymakers and practitioners. Schroeder holds an MA in History of War from King’s College London’s War Studies Department and also attained her BA in International Relations & History from the George Washington University’s Elliott School of International Affairs.

Sean Dack was a Young Global Professional with the Cyber Statecraft Initiative during the fall of 2022. He is now a Researcher at the NATO Parliamentary Assembly, where he focuses on the long-term strategic and economic implications of Russia’s invasion of Ukraine. Dack graduated from Johns Hopkins School of Advanced International Studies in December 2022 with his MA in Strategic Studies and International Economics.

Acknowledgements

The authors thank Justin Sherman, Gregory Rattray, and Gavin Wilde for their comments on earlier drafts of this document, and Trey Herr and the Cyber Statecraft team for their support. The authors also thank all the participants, who shall remain anonymous, in multiple Chatham House Rule discussions and one-on-one conversations about the issue.

Satellite imagery indicates a build-up of air defense missile systems in southern Russia

1 ”The Ministry of Foreign Affairs of the Russian Federation, Convention on International Information Security (2011), https://carnegieendowment.org/files/RUSSIAN-DRAFT-CONVENTION-ON-INTERNATIONAL-INFORMATION-SECURITY.pdf.

2 To learn more about Russian disinformation efforts against Ukraine and its allies, check out the Russian Narratives Reports from the Atlantic Council’s Digital Forensic Research Lab: Nika Aleksejeva et al., Andy Carvin ed., “Narrative Warfare: How the Kremlin and Russian News Outlets Justified a War of Aggression against Ukraine,” Atlantic Council, February 22, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/report/narrative-warfare/; Roman Osadchuk et al., Andy Carvin ed., “Undermining Ukraine: How the Kremlin Employs Information Operations to Erode Global Confidence in Ukraine,” Atlantic Council, February 22, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/report/undermining-ukraine/.

3 Previously, the term RuNet described Russian language portions of the global internet accessible anywhere in the world. However, since Russia passed a domestic internet law in May 2019, RuNet has come to refer to a technically isolated version of the internet that services users within the borders of Russia. Gavin Wilde and Justin Sherman, No Water’s Edge: Russia’s Information War and Regime Security, Carnegie Endowment for International Peace, January 4, 2023, https://carnegieendowment.org/2023/01/04/no-water-s-edge-russia-s-information-war-and-regime-security-pub-88644; Justin Sherman, Reassessing Runet: Russian Internet Isolation and Implications for Russian Cyber Behavior, Atlantic Council, July 7, 2022, https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/reassessing-runet-russian-internet-isolation-and-implications-for-russian-cyber-behavior/.

4 Adam Satariano and Valerie Hopkins, “Russia, Blocked from the Global Internet, Plunges into Digital Isolation,” New York Times, March 7, 2022, https://www.nytimes.com/2022/03/07/technology/russia-ukraine-internet-isolation.html.

5 Gavin Wilde and Justin Sherman, No Water’s Edge: Russia’s Information War and Regime Security, Carnegie Endowment for International Peace, January 4, 2023, https://carnegieendowment.org/2023/01/04/no-water-s-edge-russia-s-information-war-and-regime-security-pub-88644; Stephen Blank, “Russian Information Warfare as Domestic Counterinsurgency,” American Foreign Policy Interests 35, no. 1 (2013): 31–44, https://doi.org/10.1080/10803920.2013.757946.

6 Gavin Wilde, Cyber Operations in Ukraine: Russia’s Unmet Expectations, Carnegie Endowment for International Peace, December 12, 2022, https://carnegieendowment.org/2022/12/12/cyber-operations-in-ukraine-russia-s-unmet-expectations-pub-88607.

7 Tetyana Bohdanova, “Unexpected Revolution: The Role of Social Media in Ukraine’s Euromaidan Uprising,” European View 13, no. 1: (2014), https://doi.org/10.1007/s12290-014-0296-4; Megan MacDuffee Metzger, and Joshua A. Tucker. “Social Media and EuroMaidan: A Review Essay,” Slavic Review 76, no. 1 (2017): 169–91, doi:10.1017/slr.2017.16.

8 Jonathon Cosgrove, “The Russian Invasion of the Crimean Peninsula 2014–2015: A Post-Cold War Nuclear Crisis Case Study,” Johns Hopkins (2020), 11–13, https://www.jhuapl.edu/Content/documents/RussianInvasionCrimeanPeninsula.pdf.

9 Steven Pifer, Ukraine: Six Years after the Maidan, Brookings, February 21, 2020, https://www.brookings.edu/blog/order-from-chaos/2020/02/21/ukraine-six-years-after-the-maidan/.

10 Kenneth Geers, ed., Cyber War in Perspective: Russian Aggression Against Ukraine (Tallinn: NATO CCD COE Publications, 2015), 9; Keir Giles, “Russia and Its Neighbours: Old Attitudes, New Capabilities,” in Geers, Cyber War in Perspective, 25; ‘Кримські регіональні підрозділи ПАТ «Укртелеком» офіційно повідомляють про блокування невідомими декількох вузлів зв’язку на півострові’ [Ukrtelekom officially reports blocking of communications nodes on peninsula by unknown actors], Ukrtelekom, February 28, 2014, http://www.ukrtelecom.ua/presscenter/news/official?id=120327.

11 Pavel Polityuk and Jim Finkle, “Ukraine Says Communications Hit, MPs Phones Blocked,” Reuters, March 4, 2014, https://www.reuters.com/article/ukraine-crisis-cybersecurity/ukraine-says-communications-hit-mps-phones-blocked-idINL6N0M12CF20140304.

12 Jen Weedon, “Beyond ‘Cyber War’: Russia’s Use of Strategic Cyber Espionage and Information Operations in Ukraine,” in Geers, Cyber War in Perspective, 76; Liisa Past, “Missing in Action: Rhetoric on Cyber Warfare,” in Geers, Cyber War in Perspective, 91; “Ukrtelecom’s Crimean Sub-Branches Officially Report that Unknown People Have Seized Several Telecommunications Nodes in the Crimea,” Ukrtelecom, February 28, 2014, http://en.ukrtelecom.ua/about/news?id=120467; “Feb. 28 Updates on the Crisis in Ukraine,” New York Times, February 28, 2014, https://archive.nytimes.com/thelede.blogs.nytimes.com/2014/02/28/latest-updates-tensions-in-ukraine/?_r=0; “The Crimean Regional Units of PJSC ‘Ukrtelecom’ Officially Inform About the Blocking by Unknown Persons of Several Communication Nodes on the Peninsula,” Ukrtelecom, February 28, 2014, https://web.archive.org/web/20140305001208/, http://www.ukrtelecom.ua/presscenter/news/official?id=120327.

13 Polityuk and Finkle, “Ukraine Says Communications Hit”; John Leyden, “Cyber Battle Apparently under Way in Russia–Ukraine Conflict,” The Register, April 25, 2018, https://www.theregister.com/2014/03/04/ukraine_cyber_conflict/.

14 Fontugne, Ermoshina, and Aben, “The Internet in Crimea.”

15 Frédérick Douzet et al., “Measuring the Fragmentation of the Internet: The Case of the Border Gateway Protocol (BGP) During the Ukrainian Crisis,” 2020 12th International Conference on Cyber Conflict (CyCon), Tallinn, Estonia, May 26–29, 2020, 157-182, doi: 10.23919/CyCon49761.2020.9131726; Paul Mozur et al., “‘They Are Watching’: Inside Russia’s Vast Surveillance State,” New York Times, September 22, 2022, https://www.nytimes.com/interactive/2022/09/22/technology/russia-putin-surveillance-spying.html.

16 Yaropolk Brynykh and Anastasiia Lykholat, “Occupied Crimea: Victims and Oppressors,” Freedom House, August 30, 2018, https://freedomhouse.org/article/occupied-crimea-victims-and-oppressors.

17 Halya Coynash, “Internet Providers Forced to Conceal Total FSB Surveillance in Occupied Crimea and Russia,” Kyiv Post, February 2, 2018, https://www.kyivpost.com/article/opinion/op-ed/halya-coynash-internet-providers-forced-conceal-total-fsb-surveillance-occupied-crimea-russia.html.

18 Joseph Cox, “Russia Built an Underwater Cable to Bring Its Internet to Newly Annexed Crimea,” VICE, August 1, 2014, https://www.vice.com/en/article/ypw35k/russia-built-an-underwater-cable-to-bring-its-internet-to-newly-annexed-crimea.

19 Cox, “Russia Built an Underwater Cable.”

20 Romain Fontugne, Ksenia Ermoshina, and Emile Aben, “The Internet in Crimea: A Case Study on Routing Interregnum,” 2020 IFIP Networking Conference, Paris, France, June 22–25, 2020, https://hal.archives-ouvertes.fr/hal-03100247/document.

21 Sebastian Moss, “How Russia Took over the Internet in Crimea and Eastern Ukraine,” Data Center Dynamics, January 12, 2023, https://www.datacenterdynamics.com/en/analysis/how-russia-took-over-the-internet-in-crimea-and-eastern-ukraine/; “Ukraine: Freedom on the Net 2018 Country Report,” Freedom House, 2019, https://freedomhouse.org/country/ukraine/freedom-net/2018.

22 “Crimea: Freedom in the World 2020 Country Report,” Freedom House, https://freedomhouse.org/country/crimea/freedom-world/2020.

23 Kim Zetter, “Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid,” Wired, March 3, 2016, https://www.wired.com/2016/03/inside-cunning-unprecedented-hack-ukraines-power-grid/; Andy Greenberg, “The Untold Story of Notpetya, the Most Devastating Cyberattack in History,” Wired, August 22, 2018, https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/.

24 “Special Report: Ukraine An Overview of Russia’s Cyberattack Activity in Ukraine,” Microsoft Digital Security Unit, April 27, 2022, https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd; Kyle Fendorf and Jessie Miller, “Tracking Cyber Operations and Actors in the Russia–Ukraine War,” Council on Foreign Relations, March 24, 2022, https://www.cfr.org/blog/tracking-cyber-operations-and-actors-russia-ukraine-war.

25 Jakub Przetacznik and Simona Tarpova, “Russia’s War on Ukraine: Timeline of Cyber-Attacks,” European Parliament, June 2022, https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/733549/EPRS_BRI(2022)733549_EN.pdf; Catalin Cimpanu, “Hackers Deface Ukrainian Government Websites,” The Record, January 14, 2022, https://therecord.media/hackers-deface-ukrainian-government-websites/.

26 Tom Burt, “Malware Attacks Targeting Ukraine Government,” Microsoft, January 15, 2022, https://blogs.microsoft.com/on-the-issues/2022/01/15/mstic-malware-cyberattacks-ukraine-government/.

27 Roman Osadchuk, Russian Hybrid Threats Report: Evacuations Begin in Ukrainian Breakaway Regions, Atlantic Council, February 18, 2022, https://www.atlanticcouncil.org/blogs/new-atlanticist/russian-hybrid-threats-report-evacuations-begin-in-ukrainian-breakaway-regions/#cyberattack; Sean Lyngaas and Tim Lister, “Cyberattack Hits Websites of Ukraine Defense Ministry and Armed Forces,” CNN, February 15, 2022, https://www.cnn.com/2022/02/15/world/ukraine-cyberattack-intl/index.html.

28 Microsoft, “Special Report Ukraine.”

29 ESET Research: Ukraine Hit by Destructive Attacks Before and During the Russian Invasion with HermeticWiper and IsaacWiper,” ESET, March 1, 2022, https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-ukraine-hit-by-destructive-attacks-before-and-during-the-russian-invasion-with-hermet/; “Ukraine: Disk-Wiping Attacks Precede Russian Invasion,” Symantec Threat Hunter Team, February 24, 2022, https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia; “Ukraine Computers Hit by Data-Wiping Software as Russia Launched Invasion,” Reuters, February 24, 2022, https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/.

30 Britney Nguyen, “Telecom Workers in Occupied Parts of Ukraine Destroyed Software to Avoid Russian Control over Data and Communications,” Business Insider, June 22, 2022, https://www.businessinsider.com/telecom-workers-ukraine-destroyed-software-avoid-russian-control-2022-6; Net Blocks (@netblocks), “Confirmed: A major internet disruption has been registered across #Ukraine on national provider #Ukrtelecom; real-time network data show connectivity collapsing …,” Twitter, March 28, 2022, 10:38 a.m., https://twitter.com/netblocks/status/1508453511176065033; Net Blocks (@netblocks), “Update: Ukraine’s national internet provider Ukrtelecom has confirmed a cyberattack on its core infrastructure. Real-time network data show an ongoing and …,” Twitter, March 28, 2022 11:25 a.m., https://twitter.com/netblocks/status/1508465391244304389; Andrea Peterson, “Traffic at Major Ukrainian Internet Service Provider Ukrtelecom Disrupted,” The Record, March 28, 2022, https://therecord.media/traffic-at-major-ukrainian-internet-service-provider-ukrtelecom-disrupted/; James Andrew Lewis, Cyber War and Ukraine, Center for Strategic and International Studies, January 10, 2023, https://www.csis.org/analysis/cyber-war-and-ukraine.

31 Thomas Brewster, “As Russia Invaded, Hackers Broke into A Ukrainian Internet Provider. Then Did It Again As Bombs Rained Down,” Forbes, March 10, 2022, https://www.forbes.com/sites/thomasbrewster/2022/03/10/cyberattack-on-major-ukraine-internet-provider-causes-major-outages/?sh=51d16b9c6573.

32 “Global Communications: Services, Solutions and Satellite Internet,” ViaSat, accessed November 14, 2022, http://data.danetsoft.com/viasat.com; Matt Burgess, “A Mysterious Satellite Hack Has Victims Far beyond Ukraine,” Wired, March 23, 2022, https://www.wired.com/story/viasat-internet-hack-ukraine-russia/.

33 Michael Kan, “ViaSat Hack Tied to Data-Wiping Malware Designed to Shut down Modems,” PCMag, March 31, 2022, https://www.pcmag.com/news/viasat-hack-tied-to-data-wiping-malware-designed-to-shut-down-modems.

34 “Ka-Sat Network Cyber Attack Overview,” ViaSat, September 12, 2022, https://news.viasat.com/blog/corporate/ka-sat-network-cyber-attack-overview.

35 Lee Mathews, “ViaSat Reveals How Russian Hackers Knocked Thousands of Ukrainians Offline,” Forbes, March 31, 2022, https://www.forbes.com/sites/leemathews/2022/03/31/viasat-reveals-how-russian-hackers-knocked-thousands-of-ukrainians-offline/?sh=4683638b60d6; ViaSat, “Ka-Sat Network.”

36 ViaSat, “Ka-Sat Network.”

37 Andrea Valentina, “Why the Viasat Hack Still Echoes,” Aerospace America, November 2022, https://aerospaceamerica.aiaa.org/features/why-the-viasat-hack-still-echoes.

38 Juan Andres Guerrero-Saade and Max van Amerongen, “Acidrain: A Modem Wiper Rains down on Europe,” SentinelOne, April 1, 2022, https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/.

39 Guerrero-Saade and Van Amerongen, “Acidrain.”

40 Joe Uchill, “UK, US, and EU Attribute Viasat Hack Against Ukraine to Russia,” SC Media, June 23, 2022, https://www.scmagazine.com/analysis/threat-intelligence/uk-us-and-eu-attribute-viasat-hack-against-ukraine-to-russia; David E. Sanger and Kate Conger, “Russia Was Behind Cyberattack in Run-Up to Ukraine War, Investigation Finds,” New York Times, May 10, 2022, https://www.nytimes.com/2022/05/10/us/politics/russia-cyberattack-ukraine-war.html.

41 Kim Zetter, “ViaSat Hack ‘Did Not’ Have Huge Impact on Ukrainian Military Communications, Official Says,” Zero Day, September 26, 2022, https://zetter.substack.com/p/viasat-hack-did-not-have-huge-impact; “Satellite Outage Caused ‘Huge Loss in Communications’ at War’s Outset—Ukrainian Official,” Reuters, March 15, 2022, https://www.reuters.com/world/satellite-outage-caused-huge-loss-communications-wars-outset-ukrainian-official-2022-03-15/.

42 ”Reuters, “Satellite Outage.”

43 Sean Lyngaas, “US Satellite Operator Says Persistent Cyberattack at Beginning of Ukraine War Affected Tens of Thousands of Customers, CNN, March 30, 2022, https://www.cnn.com/2022/03/30/politics/ukraine-cyberattack-viasat-satellite/index.html.

44 Zetter, “ViaSat Hack.”

45 Burgess, “A Mysterious Satellite Hack” Zetter, “ViaSat Hack”; Valentino, “Why the ViaSat Hack.”

46 Jurgita Lapienytė, “ViaSat Hack Impacted French Critical Services,” CyberNews, August 22, 2022, https://cybernews.com/news/viasat-hack-impacted-french-critical-services/.

47 International Committee of the Red Cross, Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts (Protocol I), 1125 UNTS 3 (June 8, 1977), accessed January 18, 2023, https://www.refworld.org/docid/3ae6b36b4.html; Zhanna L. Malekos Smith, “No ‘Bright-Line Rule’ Shines on Targeting Commercial Satellites,” The Hill, November 28, 2022, https://thehill.com/opinion/cybersecurity/3747182-no-bright-line-rule-shines-on-targeting-commercial-satellites/; Anaïs Maroonian, “Proportionality in International Humanitarian Law: A Principle and a Rule,” Lieber Institute West Point, October 24, 2022, https://lieber.westpoint.edu/proportionality-international-humanitarian-law-principle-rule/#:~:text=The%20rule%20of%20proportionality%20requires,destruction%20of%20a%20military%20objective; Travis Normand and Jessica Poarch, “4 Basic Principles,” The Law of Armed Conflict, January 1, 2017, https://loacblog.com/loac-basics/4-basic-principles/.

48 “Statement by Deputy Head of the Russian Delegation Mr. Konstantin Vorontsov at the Thematic Discussion on Outer Space (Disarmament Aspects) in the First Committee of the 77th Session of the Unga,” Permanent Mission of the Russian Federation to the United Nations, October 26, 2022, https://russiaun.ru/en/news/261022_v.

49 Mauro Vignati, “LABScon Replay: Are Digital Technologies Eroding the Principle of Distinction in War?” SentinelOne, November 16, 2022, https://www.sentinelone.com/labs/are-digital-technologies-eroding-the-principle-of-distinction-in-war/.

50 Matt Burgess, “Russia Is Taking over Ukraine’s Internet,” Wired, June 15, 2022, https://www.wired.com/story/ukraine-russia-internet-takeover/.

51 Nino Kuninidze et al., “Interim Assessment on Damages to Telecommunication Infrastructure and Resilience of the ICT Ecosystem in Ukraine.”

52 Adam Satariano and Scott Reinhard, “How Russia Took Over Ukraine’s Internet in Occupied Territories,” The New York Times, August 9, 2022, https://www.nytimes.com/interactive/2022/08/09/technology/ukraine-internet-russia-censorship.html; https://time.com/6222111/ukraine-internet-russia-reclaimed-territory/

53 Thomas Brewster, “The Last Days of Mariupol’s Internet,” Forbes, March 31, 2022, https://www.forbes.com/sites/thomasbrewster/2022/03/31/the-last-days-of-mariupols-internet/.

54 Matt Burgess, “Russia Is Taking over Ukraine’s Internet,” Wired, June 15, 2022, https://www.wired.com/story/ukraine-russia-internet-takeover/; Satariano and Reinhard, “How Russia Took.”

55 ”Vera Bergengruen, “The Battle for Control over Ukraine’s Internet,” Time, October 18, 2022, https://time.com/6222111/ukraine-internet-russia-reclaimed-territory/.

56 Herbert Lin, “Russian Cyber Operations in the Invasion of Ukraine,” Cyber Defense Review (Fall 2022): 35, https://cyberdefensereview.army.mil/Portals/6/Documents/2022_fall/02_Lin.pdf, Herb Lin, “The Emergence of Physically Mediated Cyberattacks?,” Lawfare, May 21, 2022, https://www.lawfareblog.com/emergence-physically-mediated-cyberattacks; “Invaders Use Blackmailing and Intimidation to Force Ukrainian Internet Service Providers to Connect to Russian Networks,” State Service of Special Communications and Information Protection of Ukraine, May 13, 2022, https://cip.gov.ua/en/news/okupanti-shantazhem-i-pogrozami-zmushuyut-ukrayinskikh-provaideriv-pidklyuchatisya-do-rosiiskikh-merezh; Satariano and Reinhard, “How Russia Took.”

57 Gian M. Volpicelli, “How Ukraine’s Internet Can Fend off Russian Attacks,” Wired, March 1, 2022, https://www.wired.com/story/internet-ukraine-russia-cyberattacks/; Satariano and Reinhard, “How Russia Took.”

58 David R. Marples, “Russia’s War Goals in Ukraine,” Canadian Slavonic Papers 64, no. 2–3 (March 2022): 207–219, https://doi.org/10.1080/00085006.2022.2107837.

59 David Klepper, “Russian Propaganda ‘Outgunned’ by Social Media Rebuttals,” AP News, March 4, 2022, https://apnews.com/article/russia-ukraine-volodymyr-zelenskyy-kyiv-technology-misinformation-5e884b85f8dbb54d16f5f10d105fe850; Marc Champion and Daryna Krasnolutska, “Ukraine’s TV Comedian President Volodymyr Zelenskyy Finds His Role as Wartime Leader,” Japan Times, June 7, 2022, https://www.japantimes.co.jp/news/2022/02/26/world/volodymyr-zelenskyy-wartime-president/;“Российское Телевидение Сообщило Об ‘Бегстве Зеленского’ Из Киева, Но Умолчало Про Жертвы Среди Гражданских,” Агентство, October 10, 2022, https://web.archive.org/web/20221010195154/https://www.agents.media/propaganda-obstreli/.

60 To learn more about Russian disinformation efforts against Ukraine and its allies, check out the Russian Narratives Reports from the Atlantic Council’s Digital Forensic Research Lab: Nika Aleksejeva et al., Andy Carvin ed., “Narrative Warfare: How the Kremlin and Russian News Outlets Justified a War of Aggression against Ukraine,” Atlantic Council, February 22, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/report/narrative-warfare/; Roman Osadchuk et al., Andy Carvin ed., “Undermining Ukraine: How the Kremlin Employs Information Operations to Erode Global Confidence in Ukraine,” Atlantic Council, February 22, 2023, https://www.atlanticcouncil.org/in-depth-research-reports/report/undermining-ukraine/.

61 Олександр Янковський, “‘Бояться Спротиву’. Для Чого РФ Захоплює Мобільний Зв’язок Та Інтернет На Херсонщині?,” Радіо Свобода, May 7, 2022, https://www.radiosvoboda.org/a/novyny-pryazovya-khersonshchyna-okupatsiya-rosiya-mobilnyy-zvyazok-internet/31838946.html.

62 Volodymyr Zelenskyy, “Tell People in the Occupied Territories about Ukraine, That the Ukrainian Army Will Definitely Come—Address by President Volodymyr Zelenskyy,” President of Ukraine Official Website, June 13, 2022, https://www.president.gov.ua/en/news/govorit-lyudyam-na-okupovanih-teritoriyah-pro-ukrayinu-pro-t-75801.

63 Satariano and Reinhard, “How Russia Took.”

64 Michael Sheldon, “Geolocating Russia’s Indiscriminate Shelling of Kharkiv,” DFRLab, March 1, 2022, https://medium.com/dfrlab/geolocating-russias-indiscriminate-shelling-of-kharkiv-deaccc830846; Michael Sheldon, “Kharkiv Neighborhood Experienced Ongoing Shelling Prior to February 28 Attack,” DFRLab, February 28, 2022, https://medium.com/dfrlab/kharkiv-neighborhood-experienced-ongoing-shelling-prior-to-february-28-attack-f767230ad6f6; https://maphub.net/Cen4infoRes/russian-ukraine-monitor; Michael Sheldon (@Michael1Sheldon), “Damage to civilian houses in the Zalyutino neighborhood of Kharkiv. https://t.me/c/1347456995/38991 …,” Twitter, February 27, 2022, 4:15 p.m., https://twitter.com/Michael1Sheldon/status/1498044130416594947; Michael Sheldon, “Missile Systems and Tanks Spotted in Russian Far East, Heading West,” DFRLab, January 27, 2022, https://medium.com/dfrlab/missile-systems-and-tanks-spotted-in-russian-far-east-heading-west-6d2a4fe7717a; Jay in Kyiv (@JayinKyiv), “Not yet 24 hours after Ukraine devastated Russian positions in Kherson, a massive Russian convoy is now leaving Melitopol to replace them. This is on Alekseev …,” Twitter, July 12, 2022, 7:50 a.m., https://twitter.com/JayinKyiv/status/1546824416218193921; “Eyes on Russia Map,” Centre for Information Resilience, https://eyesonrussia.org/.

65 Katerina Sergatskova, What You Should Know About Life in the Occupied Areas in Ukraine, Wilson Center, September 14, 2022, https://www.wilsoncenter.org/blog-post/what-you-should-know-about-life-occupied-areas-ukraine; Jonathan Landay, “Village near Kherson Rejoices at Russian Rout, Recalls Life under Occupation,” Reuters, November 12, 2022, https://www.reuters.com/world/europe/village-near-kherson-rejoices-russian-rout-recalls-life-under-occupation-2022-11-11/.

66 Andrew Salerno-Garthwaite, “OSINT in Ukraine: Civilians in the Kill Chain and the Information Space,” Global Defence Technology 137 (2022), https://defence.nridigital.com/global_defence_technology_oct22/osint_in_ukraine; “How Has Open-Source Intelligence Influenced the War in Ukraine?” Economist, August 30, 2022, https://www.economist.com/ukraine-osint-pod; Gillian Tett, “Inside Ukraine’s Open-Source War,” Financial Times, July 22, 2022, https://www.ft.com/content/297d3300-1a65-4793-982b-1ba2372241a3; Amy Zegart, “Open Secrets,” Foreign Affairs, January 7, 2023, https://www.foreignaffairs.com/world/open-secrets-ukraine-intelligence-revolution-amy-zegart?utm_source=twitter_posts&utm_campaign=tw_daily_soc&utm_medium=social.

67 Lin, “The Emergence.”

68 “Cyber Security Strategy of Ukraine,” Presidential Decree of Ukraine, March 15, 2016, https://ccdcoe.org/uploads/2018/10/NationalCyberSecurityStrategy_Ukraine.pdf.

69 Eric Geller, “Ukraine Prepares to Remove Data from Russia’s Reach,” POLITICO, February 22, 2022, https://www.politico.com/news/2022/02/22/ukraine-centralized-its-data-after-the-last-russian-invasion-now-it-may-need-to-evacuate-it-00010777.

70 Kuninidze et al., “Interim Assessment.”

71 Kuninidze et al., “Interim Assessment.”

72 “Datagroup to Invest $20 Million into a Large-Scale Network Modernization Project in Partnership with Cisco,” Datagroup, April 8, 2021, https://www.datagroup.ua/en/novyny/datagrup-investuye-20-mln-dolariv-u-masshtabnij-proyekt-iz-m-314.

73 Lauriane Giet, “Eutech4ukraine—Cisco’s Contribution to Bring Connectivity and Cybersecurity to Ukraine and Skills to Ukrainian Refugees,” Futurium, June 22, 2022, https://futurium.ec.europa.eu/en/digital-compass/tech4ukraine/your-support-ukraine/ciscos-contribution-bring-connectivity-and-cybersecurity-ukraine-and-skills-ukrainian-refugees; “Communiqué de Presse Solidarité Européenne Envers l’Ukraine: Nouveau Convoi d’Équipements Informatiques,” Government of France, May 25, 2022, https://minefi.hosting.augure.com/Augure_Minefi/r/ContenuEnLigne/Download?id=4FFB30F8-F59C-45A0-979E-379E3CEC18AF&filename=06%20-%20Solidarit%C3%A9%20europ%C3%A9enne%20envers%20l%E2%80%99Ukraine%20-%20nouveau%20convoi%20d%E2%80%99%C3%A9quipements%20informatiques.pdf.

74 ”Atlantic Council, “Ukraine’s Digital Resilience: A conversation with Deputy Prime Minister of Ukraine Mykhailo Fedorov,” December 2, 2022, YouTube video, https://www.youtube.com/watch?v=Vl75e0QU6uE.

75 “Digital Country—Official Website of Ukraine,” Ukraine Now (Government of Ukraine), accessed January 17, 2023, https://ukraine.ua/invest-trade/digitalization/; Atlantic Council, “Ukraine’s Digital Resilience.”

76 Brad Smith, “Extending Our Vital Technology Support for Ukraine,” Microsoft, November 3, 2022, https://blogs.microsoft.com/on-the-issues/2022/11/03/our-tech-support-ukraine/; “How Amazon Is Assisting in Ukraine,” Amazon, March 1, 2022, https://www.aboutamazon.com/news/community/amazons-assistance-in-ukraine; Phil Venables, “How Google Cloud Is Helping Those Affected by War in Ukraine,” Google, March 3, 2022, https://cloud.google.com/blog/products/identity-security/how-google-cloud-is-helping-those-affected-by-war-in-ukraine.

77 Simon Handler, Lily Liu, and Trey Herr, Dude, Where’s My Cloud? A Guide for Wonks and Users, Atlantic Council, July 7, 2022, https://www.atlanticcouncil.org/in-depth-research-reports/report/dude-wheres-my-cloud-a-guide-for-wonks-and-users/.

78 Handler, Liu, and Herr, “Dude, Where’s My Cloud?”

79 Brad Smith, “Defending Ukraine: Early Lessons from the Cyber War,” Microsoft On the Issues, November 2, 2022, https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/; Smith, “Extending Our Vital Technology.”

80 Amazon, “How Amazon Is Assisting”; Sebastian Moss, “Ukraine Awards Microsoft and AWS Peace Prize for Cloud Services and Digital Support,” Data Center Dynamics, January 12, 2023, https://www.datacenterdynamics.com/en/news/ukraine-awards-microsoft-and-aws-peace-prize-for-cloud-services-digital-support/; Venables, “How Google Cloud”; Kent Walker, “Helping Ukraine,” Google, March 4, 2022, https://blog.google/inside-google/company-announcements/helping-ukraine/.

81 Catherine Stupp, “Ukraine Has Begun Moving Sensitive Data Outside Its Borders,” Wall Street Journal, June 14, 2022, https://www.wsj.com/articles/ukraine-has-begun-moving-sensitive-data-outside-its-borders-11655199002; Atlantic Council, “Ukraine’s Digital Resilience”; Smith, “Defending Ukraine.”

82 Nick Beecroft, Evaluating the International Support to Ukrainian Cyber Defense, Carnegie Endowment for International Peace, November 3, 2022, https://carnegieendowment.org/2022/11/03/evaluating-international-support-to-ukrainian-cyber-defense-pub-88322.

83 Smith, “Defending Ukraine,” 5, 6, 9.

84 Smith, “Defending Ukraine,” 3, 11.

85 Thomas Brewster, “Bombs and Hackers Are Battering Ukraine’s Internet Providers. ‘Hidden Heroes’ Risk Their Lives to Keep Their Country Online,” Forbes, March 15, 2022, https://www.forbes.com/sites/thomasbrewster/2022/03/15/internet-technicians-are-the-hidden-heroes-of-the-russia-ukraine-war/?sh=be5da1428844.

86 Kuninidze et al., “Interim Assessment,” 40.

87 Kuninidze et al., “Interim Assessment,”40; ““Київстар Виділяє 300 Мільйонів Гривень Для Відновлення Цифрової Інфраструктури України,” Київстар, July 4, 2022, https://kyivstar.ua/uk/mm/news-and-promotions/kyyivstar-vydilyaye-300-milyoniv-gryven-dlya-vidnovlennya-cyfrovoyi.

88 Київстар, “Київстар Виділяє”; “Mobile Connection Lifecell—Lifecell Ukraine,” Lifecell UA, accessed January 17, 2023, https://www.lifecell.ua/en/.

89 Ryan Gallagher, “Russia–Ukraine War: Telecom Workers Damage Own Equipment to Thwart Russia,” Bloomberg, June 21, 2022), https://www.bloomberg.com/news/articles/2022-06-21/ukrainian-telecom-workers-damage-own-equipment-to-thwart-russia.

90 Mykhailo Fedorov (@FedorovMykhailo), Twitter, February 26, 2022, 7:06 a.m., https://twitter.com/FedorovMykhailo/status/1497543633293266944?s=20&t=c9Uc7CDXEBr-e5-nd2hEtw.

91 Mykhailo Fedorov (@FedorovMykhailo), “Starlink — here. Thanks, @elonmusk,” Twitter, February 28, 2022, 3:19 p.m., https://twitter.com/FedorovMykhailo/status/1498392515262746630?s=20&t=vtCM9UqgWRkfxfrEHzYTGg.

92 Atlantic Council, “Ukraine’s Digital Resilience.”

93 “How Elon Musk’s Satellites Have Saved Ukraine and Changed Warfare,” Economist, January 5, 2023, https://www.economist.com/briefing/2023/01/05/how-elon-musks-satellites-have-saved-ukraine-and-changed-warfare.

94 Alexander Freund, “Ukraine Using Starlink for Drone Strikes,” Deutsche Welle, March 27, 2022, https://www.dw.com/en/ukraine-is-using-elon-musks-starlink-for-drone-strikes/a-61270528.

95 Mykhailo Fedorov (@FedorovMykhailo), “Over 100 cruise missiles attacked 🇺🇦 energy and communications infrastructure. But with Starlink we quickly restored the connection in critical areas. Starlink …,” Twitter, October 12, 2022 3:12 p.m., https://twitter.com/FedorovMykhailo/status/1580275214272802817.

96 Rishi Iyengar, “Why Ukraine Is Stuck with Elon (for Now),” Foreign Policy, November 22, 2022, https://foreignpolicy.com/2022/11/22/ukraine-internet-starlink-elon-musk-russia-war/.

97 Economist, “How Elon Musk’s.”

98 Freund, “Ukraine Using Starlink”; Nick Allen and James Titcomb, “Elon Musk’s Starlink Helping Ukraine to Win the Drone War,” Telegraph, March 18, 2022, https://www.telegraph.co.uk/world-news/2022/03/18/elon-musks-starlink-helping-ukraine-win-drone-war/; Charlie Parker, “Specialist Ukrainian Drone Unit Picks off Invading Russian Forces as They Sleep,” Times, March 18, 2022, https://www.thetimes.co.uk/article/specialist-drone-unit-picks-off-invading-forces-as-they-sleep-zlx3dj7bb.

99 Matthew Gault, “Mysterious Sea Drone Surfaces in Crimea,” Vice, September 26, 2022, https://www.vice.com/en/article/xgy4q7/mysterious-sea-drone-surfaces-in-crimea.

100 Economist, “How Elon Musk’s.”

101 Akash Sriram, “SpaceX, USAID Deliver 5,000 Satellite Internet Terminals to Ukraine Akash Sriram,” Reuters, April 6, 2022, https://www.reuters.com/technology/spacex-usaid-deliver-5000-satellite-internet-terminals-ukraine-2022-04-06/.

102 Alex Marquardt, “Exclusive: Musk’s Spacex Says It Can No Longer Pay for Critical Satellite Services in Ukraine, Asks Pentagon to Pick up the Tab,” CNN, October 14, 2022, https://www.cnn.com/2022/10/13/politics/elon-musk-spacex-starlink-ukraine.

103 Elon Musk (@elonmusk), “Ukraine-Russia Peace: – Redo elections of annexed regions under UN supervision. Russia leaves if that is will of the people. – Crimea formally part of Russia, as it has been since 1783 (until …” Twitter, October 3, 2022 12:15 p.m., https://twitter.com/elonmusk/status/1576969255031296000; Andrij Melnyk (@MelnykAndrij), Twitter, October 3, 2022, 12:46 p.m., https://twitter.com/MelnykAndrij/status/1576977000178208768.

104 Elon Musk (@elonmusk), Twitter, October 14, 2022, 3:14 a.m., https://twitter.com/elonmusk/status/1580819437824839681; Elon Musk (@elonmusk), Twitter, October 15, 2022, 2:06 p.m., https://twitter.com/elonmusk/status/1581345747777179651.

105 Elon Musk (@elonmusk), Twitter, October 17, 2022, 3:52 p.m., https://twitter.com/elonmusk/status/1582097354576265217; Sawyer Merrit (@SawyerMerritt), “BREAKING: The Pentagon is considering paying for @SpaceX ‘s Starlink satellite network — which has been a lifeline for Ukraine — from a fund that has been used …,” Twitter, October 17, 2022, 3:09 p.m., https://twitter.com/SawyerMerritt/status/1582086349305262080.

106 Alex Marquardt and Sean Lyngaas, “Ukraine Suffered a Comms Outage When 1,300 SpaceX Satellite Units Went Offline over Funding Issues” CNN, November 7, 2022, https://www.cnn.com/2022/11/04/politics/spacex-ukraine-elon-musk-starlink-internet-outage/; Iyengar, “Why Ukraine Is Stuck.”

107 Ryan Browne, “Ukraine Government Is Seeking Alternatives to Elon Musk’s Starlink, Vice PM Says,” CNBC, November 3, 2022, https://www.cnbc.com/2022/11/03/ukraine-government-seeking-alternatives-to-elon-musks-starlink.html.

108 William Harwood, “SpaceX Launches 40 OneWeb Broadband Satellites, Lighting up Overnight Sky,” CBS News, January 10, 2023, https://www.cbsnews.com/news/spacex-launches-40-oneweb-broadband-satellites-in-overnight-spectacle/.

109 Marquardt and Lyngaas, “Ukraine Suffered”; Mehul Srivastava et al., “Ukrainian Forces Report Starlink Outages During Push Against Russia,” Financial Times, October 7, 2022, https://www.ft.com/content/9a7b922b-2435-4ac7-acdb-0ec9a6dc8397.

110 Alex Marquardt and Kristin Fisher, “SpaceX admits blocking Ukrainian troops from using satellite technology,” CNN, February 9, https://www.cnn.com/2023/02/09/politics/spacex-ukrainian-troops-satellite-technology/index.html.

111 Charles R. Davis, “Elon Musk Blocked Ukraine from Using Starlink in Crimea over Concern that Putin Could Use Nuclear Weapons, Political Analyst Says,” Business Insider, October 11, 2022, https://www.businessinsider.com/elon-musk-blocks-starlink-in-crimea-amid-nuclear-fears-report-2022-10; Elon Musk (@elonmusk), Twitter, February 12, 2022, 4:00 p.m., https://twitter.com/elonmusk/status/1624876021433368578.

112 Mykhailo Fedorov (@FedorovMykhailo), “In 21 days of the war, russian troops has already killed 100 Ukrainian children. they are using DJI products in order to navigate their missile. @DJIGlobal are you sure you want to be a …,” Twitter, March 16, 2022, 8:14 a.m., https://twitter.com/fedorovmykhailo/status/1504068644195733504; Cat Zakrzewski, “4,000 Letters and Four Hours of Sleep: Ukrainian Leader Wages Digital War,” Washington Post, March 30, 2022, https://www.washingtonpost.com/technology/2022/03/30/mykhailo-fedorov-ukraine-digital-front/.

113 DJI Global (@DJIGlobal), “Dear Vice Prime Minister Federov: All DJI products are designed for civilian use and do not meet military specifications. The visibility given by AeroScope and further Remote ID …,” Twitter, March 16, 2022, 5:42 p.m., https://twitter.com/DJIGlobal/status/1504206884240183297.

114 Mehul Srivastava and Roman Olearchyk, “Starlink Prices in Ukraine Nearly Double as Mobile Networks Falter,” Financial Times, November 29, 2022, https://www.ft.com/content/f69b75cf-c36a-4ab3-9eb7-ad0aa00d230c.

115 Iyengar, “Why Ukraine Is Stuck.”

116 Michael Sheetz, “SpaceX Raises Another $250 Million in Equity, Lifts Total to $2 Billion in 2022,” CNBC, August 5, 2022, https://www.cnbc.com/2022/08/05/elon-musks-spacex-raises-250-million-in-equity.html.

117 “Starshield,” SpaceX, accessed January 17, 2023, https://www.spacex.com/starshield/; Micah Maidenberg and Drew FitzGerald, “Elon Musk’s Spacex Courts Military with New Starshield Project,” Wall Street Journal, December 8, 2022), https://www.wsj.com/articles/elon-musks-spacex-courts-military-with-new-starshield-project-11670511020.

118 “Maps: Tracking the Russian Invasion of Ukraine,” New York Times, February 14, 2022, https://www.nytimes.com/interactive/2022/world/europe/ukraine-maps.html#:~:text=Ukraine%20has%20reclaimed%2054%20percent,for%20the%20Study%20of%20War; Júlia Ledur, Laris Karklis, Ruby Mellen, Chris Alcantara, Aaron Steckelberg and Lauren Tierney, “Follow the 600-mile front line between Ukrainian and Russian forces,” The Washington Post, February 21, 2023, https://www.washingtonpost.com/world/interactive/2023/russia-ukraine-front-line-map/.

119 Jimmy Rushton (@JimmySecUK), “Ukrainian soldiers deploying a Starlink satellite internet system in liberated Kherson, allowing local residents to communicate with their relatives in other areas of Ukraine,” Twitter, November 12, 2022, 8:07 a.m., https://twitter.com/JimmySecUK/status/1591417328134402050; José Andrés (@chefjoseandres), “@elonmusk While I don’t agree with you about giving voice to people that brings the worst out of all of us, thanks for @SpaceXStarlink in Kherson, a city with no electricity, or in a train from …,” Twitter, November 20, 2022, 1:58 a.m., https://twitter.com/chefjoseandres/status/1594223613795762176.

120 Mykhailo Fedorov (@FedorovMykhailo), “Every front makes its contribution to the upcoming victory. These are Anatoliy, Viktor, Ivan and Andrii from @Vodafone_UA team, who work daily to restore mobile and Internet communications …,” Twitter, April 25, 2022, 1:13 p.m., https://twitter.com/FedorovMykhailo/status/1518639261624455168; Mykhailo Fedorov (@FedorovMykhailo), “Can you see a Starlink? But it’s here. While providers are repairing cable damages, Gostomel’s humanitarian headquarter works via the Starlink. Thanks to @SpaceX …,” Twitter, May 8, 2022, 9:48 a.m., https://twitter.com/FedorovMykhailo/status/1523298788794052615.

121 Thomas Brewster, “Ukraine’s Engineers Dodged Russian Mines to Get Kherson Back Online–with a Little Help from Elon Musk’s Satellites,” Forbes, November 18, 2022, https://www.forbes.com/sites/thomasbrewster/2022/11/18/ukraine-gets-kherson-online-after-russian-retreat-with-elon-musk-starlink-help/?sh=186e24b0ef1e.

122 Mark Didenko, ed., “Ukrtelecom Car Hits Landmine in Sumy Region, One Dead, Three Injured,” Yahoo!, October 2, 2022, https://www.yahoo.com/video/ukrtelecom-car-hits-landmine-sumy-104300649.html.

123 Vera Bergengruen, “The Battle for Control over Ukraine’s Internet,” Time, October 18, 2022, https://time.com/6222111/ukraine-internet-russia-reclaimed-territory/.

124 Bergengruen, “The Battle for Control over Ukraine’s Internet.”

125 Atlantic Council, “Ukraine’s Digital Resilience: A conversation with Deputy Prime Minister of Ukraine Mykhailo Fedorov,” December 2, 2022, YouTube video, https://www.youtube.com/watch?v=Vl75e0QU6uE; “Keeping connected: connectivity resilience in Ukraine,” EU4Digital, February 13, 2022, https://eufordigital.eu/keeping-connected-connectivity-resilience-in-ukraine/.

126 Greg Rattray, Geoff Brown, and Robert Taj Moore, “The Cyber Defense Assistance Imperative Lessons from Ukraine,” The Aspen Institute, February 16, 2023, https://www.aspeninstitute.org/wp-content/uploads/2023/02/Aspen-Digital_The-Cyber-Defense-Assistance-Imperative-Lessons-from-Ukraine.pdf, 8.

127 CRDF Global, “CRDF Global becomes Platform for Cyber Defense Assistance Collaborative (CDAC) for Ukraine,” News 19, November 14, 2022, https://whnt.com/business/press-releases/cision/20221114DC34776/crdf-global-becomes-platform-for-cyber-defense-assistance-collaborative-cdac-for-ukraine/; Dina Temple-Raston, “EXCLUSIVE: Rounding Up a Cyber Posse for Ukraine,” The Record, November 18, 2022, https://therecord.media/exclusive-rounding-up-a-cyber-posse-for-ukraine/; Rattray, Brown, and Moore, “The Cyber Defense Assistance Imperative Lessons from Ukraine.”

128 Beecroft, Evaluating the International Support.

129 Lee Hudson, “‘There’s Not Just SpaceX’: Pentagon Looks Beyond Starlink after Musk Says He May End Services in Ukraine,” POLITICO, October 14, 2022, https://www.politico.com/news/2022/10/14/starlink-ukraine-elon-musk-pentagon-00061896.

The post A parallel terrain: Public-private defense of the Ukrainian information environment appeared first on Atlantic Council.

Aziz in Dawn: Banistan: Ignorant leaders, absurd regulation

Atlantic Council — Fri, 10 Feb 2023 19:50:00 +0000

original source

The post Aziz in Dawn: Banistan: Ignorant leaders, absurd regulation appeared first on Atlantic Council.

Russian War Report: Satellite imagery indicates a build-up of air defense missile systems in southern Russia

Digital Forensic Research Lab — Fri, 03 Feb 2023 16:45:11 +0000

As Russia continues its assault on Ukraine, the Atlantic Council’s Digital Forensic Research Lab (DFRLab) is keeping a close eye on Russia’s movements across the military, cyber, and information domains. With more than seven years of experience monitoring the situation in Ukraine—as well as Russia’s use of propaganda and disinformation to undermine the United States, NATO, and the European Union—the DFRLab’s global team presents the latest installment of the Russian War Report.

Security

Ukraine defense minister warns of new Russian offensive

New Russian fortifications indicate a spring offensive could be on the horizon

Tracking narratives

Russia alleges US bioweapons created COVID, targets Ukrainians

Pro-Russia Telegram channels target Israel following Iran strike

Italy targeted by Russian accusations as Rome prepares new weapons package for Ukraine

Satellite imagery indicates a build-up of air defense missile systems in southern Russia

Satellite imagery reviewed by the DFRLab suggests a new build-up of air defense missile systems in Russia’s southern military region between Rostov-on-Don and Krasnodar. The DFRLab used radar imagery forensics to detect and approximate the relocation of air defense systems near the Azov Sea. As noted by University College London Professor Ollie Ballinger, missile batteries tend to cast recognizable turbulence signals on radar imagery when their systems are activated. This phenomenon has also been documented in the Middle East and the Baltic Sea.

The Sentinel-1 satellite of the European Space Agency collects satellite imagery using radar technology. As military systems also use radar electromagnetic wavelengths in the 5gHz range, referred to as the C-Band in NATO nomenclature, these are exploitable as open-source evidence for military activity and weapons deployment.

Radar imagery, captured between January 25 and January 30, 2023, shows air defense system interference patterns. Source: DFRLab via Sentinel-1 on 5Ghz Interference Locator via Google Earth Engine)

The DFRLab monitored for deployments of such systems near a field south of Oktyabrskaya in Russia’s Krasnodar Oblast. These systems were likely located close to a military airbase. While the DFRLab cannot confirm their presence in this area nor identify the exact systems, other interference signal patterns along the eastern border of Luhansk and Donetsk could also be interpreted as evidence of more electromagnetic radar-casting defense systems.

—Valentin Châtelet, Research Associate, Brussels, Belgium

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Ukraine defense minister warns of new Russian offensive

Ukrainian Defense Minister Oleksii Reznikov warned that Russia might attempt to launch a new offensive before the first anniversary of the Ukraine invasion on February 24. According to Reznikov, Russia is concentrating as many as 500,000 troops along Ukraine’s borders, significantly exceeding the declared 300,000 soldiers. Reznikov speculated that the offensive could come from the east and the south simultaneously. The minister also emphasized that military assistance from allies is needed to repel a possible attack.

Ukrainian military intelligence also stated that Ukraine expects a new wave of fighting in the next two months. Meanwhile, Russian President Vladimir Putin held a meeting to discuss the restoration of infrastructure in Crimea, Belgorod, Bryansk, and Kursk following Ukrainian shelling. He noted that his administration is prioritizing ending Ukrainian shelling along border regions.

On the evening of February 1, Russian forces struck the center of Kramatorsk with a rocket. Three civilians were killed and more than 20 people were injured. At least eight apartments were damaged, with one destroyed.

Meanwhile, Russian offensive operations have restarted in various locations. In the direction of Kupiansk, the Russian army shelled Dvorichna, Synkivka, Ivanivka, Kyslivka, Kotlyarivka, Tabayivka, Pischane, Novoselivske, and Stelmakhivka. The Russian army continued to attack villages and pressed Ukraine’s army positions toward Lyman, Zaporizhzhia, Kherson, Vuhledar, Avdiivka, and Bakhmut.

—Valentin Châtelet, Research Associate, Brussels, Belgium

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

New Russian fortifications indicate a spring offensive could be on the horizon

Russian armed forces have dug trenches in Zaporizhzhia and Kherson Oblasts that the DFRLab has reviewed extensively on social media and satellite imagery. The southern flank in the Russian-occupied Zaporizhzhia Oblast has seen a rise in the build-up of trenches and fortifications stretching from Polohy to Vesele. The DFRLab identified massive underground structures in three different locations, pointing at a Russian reinforcement in their southern positions.

On January 27, trenches stretching twenty-one kilometers and circling Berdyansk’s airport tipped off OSINT researchers to Russia’s expected escalation on the southern flank. The DFRLab identified and documented two other occurrences of defensive build-ups on the eastern bank of the Dnipro River.

Between mid-December and January 31, 2023, Russian soldiers dug up underground trenches in an odd-B shape in the vicinity of Vesele, a village forty kilometers northeast of Melitopol. The DFRLab identified two structures, along with other fortifications across neighboring fields north of Vesele. The other structure, located west of the underground trenches, seems to resemble a defense base immediately connected to the village by a road.

Satellite imagery captured on January 27, 2023, shows new fortifications and trenches north of Vesele. Source: DFRLab via Planet.com

In Mykhailivka, a city facing Zaporizhzhia from the other side of the riverbank, the DFRLab located similar trenches and fortifications. These stretch up to fifteen kilometers long, protecting the entire city near the front line.

—Valentin Châtelet, Research Associate, Brussels, Belgium

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russia alleges US bioweapons created COVID, targets Ukrainians

On January 30, Russia’s Ministry of Defense published a collection of conspiracy narratives alleging the United States operates a biological weapons program. The ministry published the initial text on the free and anonymous blogging platform telegra.ph, developed by Telegram for sharing long-form posts.

The post begins with allegations that the US is involved in the emergence and spread of COVID-19. It names various US agencies and Microsoft founder Bill Gates as key actors in the pandemic. The ministry claims to have acquired more than “20,000 documents, reference and analytical materials, as well as surveyed witnesses and participants of the US biological programs.” The post concludes that these materials “confirm that the Pentagon aimed at creating elements of a biological weapon, and testing it on the population of Ukraine and other countries along the perimeter of the Russian borders.”

The defense ministry shared some of its “evidence” via the cloud service Disk Yandex. The link contains three folders containing unverified documents. The folders are titled “virological studies,” “experiments on Ukrainian citizens and military,” and “Rift Valley fever epidemic.”

The Facebook account of the Russian embassy in the United States amplified the narrative and shared the documents. The documents also found their way to Kremlin propaganda platforms.

The DFRLab has tracked many instances of Russia spreading falsehoods about the US operating a biological weapons program since the start of the pandemic; Russia now employs similar narratives to justify its war against Ukraine.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

Pro-Russia Telegram channels target Israel following Iran strike

Pro-Russia Telegram channels targeted Israel following a suspected Israeli drone strike against an Iranian ammunition factory on January 28. A few weeks earlier, the United States sanctioned Iran’s defense and aviation sector for supplying Russia with drones that are being used against Ukraine.

The Telegram channels responded to the Iranian strike by spreading anti-Israel and antisemitic narratives. Russian military blogger Roman Saponkov endorsed calls for the “demilitarization of Israel.” The account Операция Z (“Operation Z”) used antisemitic expressions to describe Jewish people. Elsewhere, Kremlin propagandist Vladimir Solovyev shared a post accusing Israel of providing shelter to “Nazis from the ‘Azov’ terrorist group.” Other pro-war channels shared graphic photos with claims that Wagner had found the bodies of Israeli and Polish mercenaries fighting in Ukraine.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

Italy targeted by Russian accusations as Rome prepares new weapons package for Ukraine

Russia’s chief diplomat in Italy accused the country of engaging in anti-Russian discrimination, in an apparent attempt to pressure Italy to stop backing Ukraine and sway public opinion in favor of Russia. Earlier this week, Russian ambassador to Italy Sergey Razov published an open letter, ostensibly in response to comments made by Defense Minister Guido Minister Crosetto on why Ukraine needs international support. Razov accused the Italian government of putting in place “discriminatory restrictions” against Russian citizens. The letter was published on the Facebook account of the Russian embassy in Italy; at the time of writing, it had received more than 2,200 likes, 792 comments, and 698 reshares.

In January, Italian media outlet Decode39 reported that the Russian embassy in Italy had published a series of social media posts “targeting Italy’s supposed military supplies to Ukraine in a bid to cast doubt on Rome’s logistical support and its effectiveness on the battlefield.” The social media posts were widely reshared and amplified the Kremlin narrative that falsely paints Ukrainians as “neo-Nazis.”

Italy is poised to send a new package of military aid to Ukraine. “According to Defense Minister Crosetto, the package will contain air defense systems, namely Aspide surface-to-air missiles and the more advanced SAMP/T missile shield, of which some components will be supplied by Rome and others by Paris.

Mattia Caniglia, Associate Director for Capacity Building, Brussels

The post Russian War Report: Satellite imagery indicates a build-up of air defense missile systems in southern Russia appeared first on Atlantic Council.

The 5×5—China’s cyber operations

Simon Handler — Mon, 30 Jan 2023 05:01:00 +0000

On October 6, 2022, the Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency released a joint cybersecurity advisory outlining the top Common Vulnerabilities and Exposures that Chinese state-linked hacking groups have been actively exploiting since 2020 to target US and allied networks. Public reporting indicates that, for the better part of the past two decades, China has consistently engaged in offensive cyber operations, and as the scope of the country’s economic and political ambitions expanded, so has its cyber footprint. The number of China-sponsored and aligned hacking teams are growing, as they develop and deploy offensive cyber capabilities to serve the state’s interests—from economic to national security.

We brought together a group of experts to provide insights into China’s cyber behavior, its structure, and how its operations differ from those of other states.

#1 Is there a particular example that typifies the “Chinese” model of cyber operations?

Dakota Cary, nonresident fellow, Global China Hub, Atlantic Council; consultant, Krebs Stamos Group:

“China’s use of the 2021 Microsoft Exchange Server vulnerability to access email servers captures the essence of modern Chinese hacking operations. A small number of teams exploited a vulnerability in a critical system to collecting intelligence on their targets. After the vulnerability became public and their operation’s stealth was compromised, the number of hacking teams using the vulnerability exploded. China has established a mature operational segmentation and capabilities-sharing system, allowing teams to quickly distribute and use a vulnerability after its use was compromised.”

John Costello, former chief of staff, Office of the National Cyber Director:

“No. China’s approach has evolved too quickly; its actors too heterogenous and many. What has remained consistent over time is the principal focus of China’s cyber operations, which, in general, is the economic viability and growth of China’s domestic industry and advancement of its scientific research, development, and modernization efforts. China does conduct what some would call ‘legitimate’ cyber operations, but these are vastly overshadowed by campaigns that are clearly intended to obtain intellectual property, non-public research, or place Chinese interests in an advantageous economic position.”

Bulelani Jili, nonresident fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council:

“What is unique is how the party-state promotes surveillance technology and cyber operations abroad. It utilizes diplomatic exchanges, law enforcement cooperation, and training programs in the Global South. These initiatives not only advance the promotion of surveillance technologies and cyber tools but also support the government’s goals with regard to international norm-making in multilateral and regional institutions.”

Adam Kozy, independent analyst; CEO and founder, SinaCyber; former official with the FBI’s Cyber Team and Crowdstrike’s Asia-Pacific Analysis Team:

“There is not one typical example of Chinese cyber operations in my opinion, as operations have evolved over time and are uneven in their distribution of tooling, access to the vulnerability supply chain, and organization. However, one individual who typifies how the Chinese Communist Party (CCP) has co-opted domestic hacking talent for state-driven espionage purposes is Tan Dailin (谭戴林/aka WickedRose) of WICKED PANDA/APT41 fame. He first began as a patriotic hacker during his time at university in 2000-2002, conducting defacements during the US-Sino hacker war, but was talent spotted by his local People’s Liberation Army (PLA) branch, the Chengdu Military Region Technical Reconnaissance Bureau (TRB) and asked to compete in a hackathon. This was followed by an “internship” where he and his fellow hackers at the NCPH group taught attack/defense courses and appear to have played a role in the 2003-2006 initial Titan Rain attacks probing US and UK government systems. Tan and his friends continued to do contract work for gaming firms, hacking a variety of South Korean, Japanese, and US gaming firms, which gave them experience with high-level vulnerabilities that are able to manipulate at the kernel level and also afforded them stolen gaming certificates allowing their malware to evade antivirus detection. After a brief period where he was reportedly arrested by the Ministry of Public Security (MPS) for hacking other domestic Chinese groups, he reemerged with several new contracting entities that have been noted to work for the Ministry of State Security (MSS) in Chengdu. Tan has essentially made a very comfortable living out of being a cyber mercenary for the Chinese state, using his legacy hacking network to constantly improve and upgrade tools, develop new intrusion techniques, and stay relevant for over twenty years.”

Jen Roberts, program assistant, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council:

“While no one case study stands out to typify a “Chinese” model, Chinese cyber operations blend components of espionage and entrepreneurship and capitalize on China’s pervasiveness in the international economy. One example of this is the Nortel/Huawei example where espionage, at least in part, caused the collapse of the Canadian telecommunications company.”

#2 What role do non-state actors play in China’s approach to cyber operations?

Cary: “Chinese security services still have a marked preference for using contracted hacking teams. These groups often raise money from committing criminal acts, in addition to work on behalf of intelligence agencies. Whereas in the United States, the government may purchase vulnerabilities to use on an offensive mission or hire a few companies to conduct cyber defense on a network, the US government does not hire firms to conduct specific offensive operations. In China, the government may hire teams for both offensive and defensive work, including offensive hacking operations.”

Costello: “Non-state actors play a myriad number of roles. Most notably, Department of Justice and Federal Bureau of Investigation indictments show clear evidence of contractual relationships between the MSS and non-state actors conducting cyber intelligence operations. Less conventional, Chinese hacktivists have on occasion played a limited but substantive role in certain cases, such as cyberattacks against South Korea’s Lotte group during the US Terminal High Altitude Area Defense (THAAD) system kerfuffle in 2017. Hypothetically, China’s military strategy calls for a cyber defense militia; but the contours or reality of mobilization, training, and reliability are unclear. China’s concept of ‘people’s war’ in cyberspace—a familiar adoption of Maoist jargon for new concepts—has been discussed but has yet to be seen in practice in any meaningful form.”

Jili: “State investment and procurement of public security systems from private firms are driving the development of China’s surveillance ecosystem. Accordingly, private firm work and collaboration with the state are scaling Beijing’s means to conduct surveillance operations on targeted domestic populations that are perceived threats to regime stability. Crucially, given the financial incentives to collaborate with Beijing, private companies have limited reasons not to support state security prerogatives.”

Kozy: “This question has the issue of mirroring bias. We tend to view things from a United States and Western lens when evaluating whether someone is a state actor or not, because we have very defined lines around what an offensive cyber operator can do acting on behalf of the US government. China has thrived in this grey area, relying on patriotic hackers with tacit state approval at times, hackers with criminal businesses, as well as growing its domestic ability to recruit talented researchers from the private sector and universities. The CCP has historically compelled individuals who would be considered traditionally non-state-affiliated actors to aid campaigns when necessary. Under an authoritarian regime like the CCP, any individual who is in China or ethnically Chinese can become a state actor very quickly. Actors like Tan Dailin do constitute a different type of threat because the CCP effectively co-opts their talents, while turning a blind eye to their criminal, for-profit side businesses that are illegal and have worldwide impact.”

Roberts: “Chinese non-state actors are very involved in Chinese cyber operations. A wide variety of non-state entities, such as contractors and technology conglomerates (Alibaba, Huawei, etc.), have worked in tandem with the CCP on a variety of research, development, and execution of cyber operations. This relationship is fortified by Chinese disclosure laws and repercussions of violating them. While Russia’s relationship with non-state actors relies on the opaqueness of non-state groups’ relationships with the government, China’s relationship with non-state entities is much more transparent.”

#3 How do China’s cyber operations differ from those of other states in the region?

Cary: “China has the most hackers and bureaucrats on payroll in Asia. Its operations are not different in kind nor process, but scale. While Vietnam’s or India’s cyber operators are able to have some effect in China, they are not operating at the scale at which China is operating. The most significant differentiator—which is still only speculation—is that China likely collects from the backbone of the Internet via agreements or compromise of telecommunication giants like Huawei, China Unicom, etc., as well as accessing undersea cables.”

Costello: “Scale. The scale of China’s cyber operations dwarfs those of other countries in the region—the complexity and sheer range of targeting, and the number of domestic technology companies whose increasingly global reach may be utilized for intelligence gain and influence. As China’s influence and global reach expands, so too does its self-perceived need to protect and further expand its interests. Cyber serves as a low-risk and often successful tool to accomplish this in economic and security realms.”

Jili: “While most regional and global players’ cyber operations have a domestic bent, Beijing also actively promotes surveillance technology and practices abroad through diplomatic exchanges, law enforcement cooperation, and training programs. These efforts not only advance the proliferation of Chinese public security systems, but they also support the government’s goals concerning international norm-making in multilateral and regional institutions.”

Kozy: “China is by far the most aggressive cyber power in its region. It can be debated that Russian cyber operatives are still more advanced in terms of sophistication, but China aggressively conducts computer network exploitations against all of its regional neighbors with specific advanced persistent threat (APT) groups across the PLA and MSS having regional focuses. Some of its neighbors such as India, Vietnam, Japan, and South Korea have advanced capabilities of their own to combat this, but there are regular public references to successful Chinese cyber campaigns against these countries despite significant defensive spending. Regional countries without cyber capabilities likely have long-standing compromises of critical systems.”

Roberts: “China has a talent for extracting intellectual property and conducting large-scale espionage. While other threat actors in the region, like North Korea, also conduct espionage operations, North Korea’s primary focus is on operations that prioritize fiscal extraction to fund regime activity, while China seems much more intent on collecting data for a variety of purposes. Despite differing capacities, sophistication, and types of operations, the end goals for both states are not all that different—political survival.”

China’s surveillance ecosystem and the global spread of its tools

The 5×5—Russia’s cyber statecraft

The 5×5—The state of cybersecurity in the Middle East

#4 How have China’s offensive cyber operations changed since 2018?

Cary: “China’s emphasis on developing its domestic pipeline of software vulnerabilities is paying off. China has passed policies that co-opt private research on behalf of the security services, support public software vulnerability competitions, and invest in technology to automate software vulnerability discovery. Together, as outlined by Microsoft’s Threat Intelligence Center’s 2022 analysis, China is combining these forces to use more software vulnerabilities now than ever before.”

Costello: “China’s cyber operations have unsurprisingly grown in scale and sophistication. Actors are less ‘noisy’ and China’s tactical approach to cyber operations appears to have evolved towards more scalable operations, namely supply-chain attacks and targeting service providers. These tactics have the advantage of improving the return on investment for an operation or campaign, as they allow compromise of all customers who use the product or service while minimizing risk of discovery. Supply chain attacks or compromise through third-party services can also be more difficult to detect and identify. China’s cyber landscape is not homogenous, and there remains great variability in sophistication across the range of Chinese actors.

As reported by the Director of National Intelligence in the last few years, China has increasingly turned towards targeting US critical infrastructure, particular natural gas pipelines. This is an evolution, though whether it is ‘learning by doing,’ operational preparation of the battlespace, or nascent ventures by a more operationally-focused Strategic Support Force (reorganization into a Space and Cyber Corps from 2015-17) is unclear. Time will most certainly tell.”

Jili: “Since 2018, the party-state has been more active in utilizing platforms like BRICS (Brazil, Russia, India, China, and South Africa), an emerging markets organization, and the Forum on China-Africa Cooperation (FOCAC) to promote digital infrastructure products and investments in the Global South. Principally, through multilateral platforms like FOCAC, Beijing has promoted resolutions to increase aid and cooperation in areas like cybersecurity and cyber operations.”

Kozy: “Intrusions from China have continued unabated since 2018, with a select number of Chinese APTs having periods of inactivity due to COVID-19 shutdowns. The Cyber Security Law and National Intelligence Law, both enacted in 2017, provided additional legal authority for China’s intelligence services to access data and co-opt Chinese companies for use in vaguely worded national security investigations. Of note is China’s efforts to increase the number of domestic cybersecurity conferences and nationally recognized cybersecurity universities as part of ongoing recruitment pipelines for cyber talent. Though there was increased focus from the Western cybersecurity community on MSS-affiliated contractors after the formation of the PLA Strategic Support Force (PLASSF) in 2015, more PLA-affiliated APT groups have emerged since the pandemic with new tactics, techniques, and procedures. The new PLASSF organization means these entities may be compromising high-value targets and then assessing them for use for offensive cyber operations in wartime scenarios or cyber espionage operations.”

Roberts: “Since 2018, Chinese offensive cyber operations have increased in scale. China has reinvigorated its workforce capacity-building efforts to increase the overall quantity and quality of workers. It has tightened its legal regime, cracking down on external vulnerability disclosure. It has also begun significantly investing in disinformation campaigns, especially against Taiwan. This is evident by the Chinese influence in Taiwan’s 2018 and 2020 elections.”

#5 What domestic entities, partnerships, or roles exist in China’s model of cyber operations model that are not present in the United States or Western Europe?

Cary: “China’s emphasis on contracted hackers coincides with divergent levels of trust between the central government and some provincial-level MSS hacking teams. Some researchers maintain that one contracted hacking team pwns targets inside China to do internal security prior to visits by central government leaders. While there is scant evidence that these attitudes and beliefs make their way into operations against foreign targets, they do likely impact the distribution of responsibilities and operations in a way not seen in mature democracies. The politicization of intelligence services is particularly risky in China’s political system.”

Costello: “The extralegal influence of the CCP cannot be overstated. Though the National Security Law, National Intelligence Law, and other laws ostensibly establish a legal foundation for China’s security apparatus, the reality is that the party is not bound strictly to these laws—and they only demonstrate a public indicator of what power it may possess. The lack of any independent judiciary suggests unchecked power of the CCP to co-opt or compel assistance from any citizen or company for which it almost certainly has near-total leverage. While the suspicion of Chinese organizations can be overblown, the idea that the CCP has the power to utilize not each but any organization is sobering and the root of many of these concerns. The lack of rigorous rule of law, in these limited circumstances, is certainly a competitive advantage in the intelligence sphere.”

Jili: “Beijing has nurtured a tech industry and environment that actively support the party-state’s aims to bolster government surveillance and cyber capabilities. From large firms to startups, many companies work with the state to conduct vulnerability research, develop threat detection capabilities, and produce security and intelligence products. While these private firms rely on Chinese venture capital and state loans, they have grown to service a global customer base.”

Kozy: “Starting with the 2015 control of WooYun, China’s largest vulnerability site, the CCP has gained an incredible amount of control of the vulnerability supply chain within China, which affords its cyber actors access to high-value vulnerabilities for use in their campaigns. The aforementioned 2017 laws also made it easier for Chinese authorities to prevent domestic researchers from competing in cyber conferences overseas and improved access to companies doing vulnerability research in China. The CCP’s public crackdowns on Jack Ma, Ant Financial, and many others have shown that the CCP fears the influence its tech firms have and has quickly moved to keep its tech giants loyal to the party; a stark contrast to the relationships that the United States and European Union have with tech giants like Google, Facebook, etc.”

Roberts: “While corporate-government partnerships exist everywhere, what separates the United States and Western Europe from China is the scope and scale of the connective tissue that exists between the two entities. In China, this relationship has more explicit requirements in the cyber domain, especially when it comes to vulnerability disclosure.”

The post The 5×5—China’s cyber operations appeared first on Atlantic Council.

Putin is facing defeat in the information war

Peter Dickinson — Tue, 24 Jan 2023 21:36:06 +0000

As the world prepares to mark International Holocaust Remembrance Day on January 27, the European Union has accused Russia of “trampling on the memory” of the six million Jews who perished in the Holocaust. This rebuke came following controversial recent comments by Russian Foreign Minister Sergei Lavrov, who compared Western support for Ukraine to the Nazi genocide of European Jewry.

Speaking on January 18, Lavrov claimed a coalition of Western countries led by the United States was following in the footsteps of Napoleon and Hitler with the goal of destroying Russia. “They are waging war against our country with the same task: the final solution of the Russian question,” he said in direct reference to Hitler’s infamous “final solution” of the Jewish question.

Lavrov’s Holocaust comparison was met with widespread international criticism. In a strongly worded statement, EU foreign policy chief Josep Borrell said his Russian counterpart’s comments were “entirely misplaced, disrespectful, and trample on the memory of the six million Jewish people, and other victims, who were systematically murdered in the Holocaust. The Russian regime’s manipulation of the truth to justify their illegal war of aggression against Ukraine has reached another unacceptable and despicable low point.”

The Israeli Foreign Ministry branded Lavrov’s remarks “unacceptable,” while French diplomats said the Russian foreign minister’s attempt to compare international opposition to the invasion of Ukraine with the Holocaust was “outrageous and disgraceful.” Meanwhile, UK Foreign Secretary James Cleverly called Lavrov’s comments “totally abhorrent” while noting, “Russia is not the victim. Russia is the aggressor.”

In the US, national security spokesperson John Kirby expressed indignation at Lavrov’s attempt to draw parallels between the Nazi genocide and the response to Russia’s attack on Ukraine. “How dare he compare anything to the Holocaust, let alone a war that they started,” he told reporters at the White House. “It’s almost so absurd that it’s not worth responding to, other than the truly offensive manner in which he tried to cast us in terms of Hitler and the Holocaust.”

This was not Lavrov’s first flirtation with anti-Semitic historical distortions. During an appearance on Italian TV in spring 2022, Russia’s top diplomat sparked outrage by repeating the notorious anti-Semitic trope that Hitler was Jewish. When asked why Russia insists on calling Ukraine a “Nazi state” despite the fact that Ukrainian President Volodymyr Zelenskyy is Jewish, Lavrov replied that Nazi leader Adolf Hitler “also had Jewish blood.”

The fallout from Lavrov’s very public descent into the squalid world of anti-Semitic conspiracy theories was predictably severe. Following a chorus of international condemnation led by Israel, Vladimir Putin was eventually obliged to intervene. In early May, the Russian dictator called the Israeli Prime Minister to personally apologize on behalf of his foreign minister.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The international backlash over Lavrov’s blunders illustrates the limitations of the propaganda narratives developed by Moscow to justify the invasion of Ukraine. While captive audiences inside Russia have been largely convinced by attempts to blame hostilities on “Ukrainian Nazis” and the “Russophobic West,” these unsubstantiated arguments have proven far less persuasive internationally and have served to further undermine the Kremlin’s dwindling credibility.

Russian attempts to portray Ukrainians as Nazis are nothing new and can be traced back to Soviet wartime propaganda. The tactic has been enthusiastically revived by the Kremlin in recent years to dehumanize Ukrainians and legitimize attempts to extinguish Ukrainian independence. This plays well in modern Russia, where the Putin regime has fostered a cult-like reverence for the Soviet role in World War II that includes the demonizing of all opponents as “fascists.” However, the lack of any actual evidence to support these poisonous allegations has left outside observers deeply skeptical.

As Lavrov himself discovered during last year’s disastrous Italian TV interview, most people living beyond the suffocating confines of the Kremlin propaganda bubble regard the election of Ukraine’s Russian-speaking Jewish President Volodymyr Zelenskyy as convincing proof that Ukraine is anything but a Nazi state. Likewise, the consistent failure of Ukraine’s far right parties to secure more than 2% of the vote in national ballots makes a mockery of Moscow’s entire “Nazi Ukraine” narrative. In the eleven months since the full-scale invasion of Ukraine began, Russia has yet to identify any of the “Nazis” it claims to be fighting or define exactly what the stated war aim of “de-Nazification” means in practice.

Eurasia Center events

Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Lavrov’s lurid allegations of anti-Russian plots suffer from similar problems. While domestic audiences in Russia have been conditioned for decades to view their country as a blameless victim of irrational Western Russophobia, there is a growing consensus in the wider world that the international community has actually been much too slow to react to the mounting threats posed by Putin’s Russia.

Far from pursuing the destruction of Russia, the West responded to Moscow’s wars of aggression in Georgia and Ukraine with a series of misguided resets and endless policies of appeasement. Indeed, it was not until Putin launched the biggest European conflict since World War II last February that Western leaders finally and reluctantly acknowledged the necessity of countering the Kremlin. Even now, as Russia’s invasion approaches the one-year mark, the debate over Western support for Ukraine remains dominated by excessive caution and a debilitating desire to avoid escalation. These are self-evidently not the actions of an international coalition seeking “the final solution to the Russian question,” as Lavrov so absurdly claims.

It is still far too early for Ukraine to declare victory in the information war. Russian disinformation narratives continue to resonate on the vocal fringes of Western society while also appealing to widespread anti-Western sentiment in much of Asia, Africa, and South America. Nevertheless, the wholesale revulsion over Lavrov’s recent Holocaust remarks is a timely reminder of the increasingly unbridgeable gap separating Russia’s alternative reality from the real world.

Almost one year since the full-scale invasion of Ukraine began, only a handful of fellow pariah states are still prepared to stand with Russia on the global stage as international audiences reject Kremlin claims of phantom fascists and anti-Russian conspiracies. Instead, there is growing recognition that the war in Ukraine is an act of naked imperial aggression that threatens to destabilize the wider world.

Russia’s attack on Ukraine has been built on an unprecedented web of deceit and distortion. As these lies lose their power and the reality of Putin’s genocidal agenda becomes impossible to ignore, a consensus is emerging that the war in Ukraine will only end when Russia is decisively defeated.

Peter Dickinson is Editor of the Atlantic Council’s UkraineAlert Service.

Tracking narratives

Frenzy befalls French company accused of feeding Russian forces on New Year’s Eve

Former head of Russian space agency injured in Donetsk, mails shell fragment to French ambassador

Sputnik Lithuania’s former chief editor arrested

International response

New year brings new military aid for Ukraine

Ukrainian envoy to Georgia discusses deteriorating relations between nations

Russian forces claim control of strategic Soledar

Russia said on January 13 that its forces had taken control of the contested city of Soledar. Recent fighting has been concentrated in Soledar and Bakhmut, two cities in the Donetsk region that are strategically important to Ukrainian and Russian forces. Moscow has been trying to take control of the two cities since last summer. Over the past week, Russia has increased its presence on the fronts with the support of Wagner units. Russia wants control of the Soledar-Bakhmut axis to cut supply lines to the Ukrainian armed forces.

On January 10, Russian sources claimed that Wagner forces had advanced into Soledar. Interestingly, Wagner financier Yevgeny Prigozhin denied the claim and said the forces were still engaged in fighting. Wagner’s presence was established in a camp near Bakhmut. Soldiers from the Wagner Group and other special forces deployed to Bakhmut after other military units had failed to break through the Ukrainian defense.

On January 11, Ukrainian Deputy Defense Minister Anna Malyar said that heavy fighting was taking place in Soledar and that Russian forces had replaced the unit operating in the city with fresh troops and increased the number of Wagner soldiers among them. The same day, Prigozhin claimed that Wagner forces had taken control of Soledar. The Ukrainian defense ministry denied the allegation. On January 12, Ukrainian sources shared unconfirmed footage of soldiers driving on the main road connecting Bakhmut and Soledar with Sloviansk and Kostyantynivka to as evidence that the area remained under Ukrainian control.

Elsewhere, on January 11, the Kremlin announced that Valery Gerasimov would replace Sergei Surovikin as commander of Russian forces in Ukraine. The unexpected move could be interpreted as evidence of a struggle for influence in Russian military circles. Surovikin is considered close to Prigozhin’s entourage, which has criticized senior officers recently, including Gerasimov. Some analysts believe that the change signals a possible military escalation from Russia.

Furthermore, on January 8, Ukrainian forces repelled a Russian offensive the vicinity of Makiyivka and Stelmakhivka. Further north of Lysychansk, on January 11, Ukraine also repelled an attack on the city of Kreminna. In the neighboring Kharkiv region, aerial threats remain high. On the southern front, the city of Kherson and several cities across the Zaporizhzhia region remain targets of Russian attacks.

Lastly, a new Maxar satellite image from nearby Bakhmut exemplifies the brutality of war on the frontline in Donetsk. The image shows thousands of craters, indicating the intensity of the artillery shelling and exchange of fire between Ukrainian and Russian forces.

—Valentin Châtelet, Research Associate, Brussels, Belgium

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize

In December 2022, the Wagner Group organized a hackathon at its recently opened headquarters in St. Petersburg, for students, developers, analysts, and IT professionals. Wagner announced the hackathon on social media earlier that month. Organizers created the promotional website hakaton.wagnercentr.ru, but the website went offline soon after. A December 8 archive of the website, accessed via the Internet Archive Wayback Machine, revealed that the objective of the hackathon was to “create UAV [unmanned aerial vehicle] positioning systems using video recognition, searching for waypoints by landmarks in the absence of satellite navigation systems and external control.” Hackathon participants were asked to complete the following tasks: display the position of the UAV on the map at any time during the flight; direct the UAV to a point on the map indicated by the operator; provide a search for landmarks, in case of loss of visual reference points during the flight and returning the UAV to the point of departure, in case of a complete loss of communication with the operator.  

On December 9, Ukrainian programmers noticed that hakaton.wagnercentr.ru was hosted by Amazon Web Services and asked users to report the website to Amazon. Calls to report the channel also spread on Telegram, where the channel Empire Burns asked subscribers to report the website and provided instructions on how to do so. Empire Burns claims hakaton.wagnercentr.ru first went offline on December 9, which tallies with archival posts. However, there is no evidence that reporting the website to Amazon resulted in it being taken offline.  

Snapshots of hakaton.wagnercentr.ru from the Wayback Machine show the website was created in a Bitrix24 online workspace. A snapshot captured on December 13 shows an HTTP 301 status, which redirects visitors to Wagner’s main website, wagnercentr.ru. The Wagner website appears to be geo-restricted for visitors outside Russia.

On December 23, a Wagner Telegram channel posted about the hackathon, claiming more than 100 people applied. In the end, forty-three people divided into twelve teams attended. The two-person team GrAILab Development won first place, the team SR Data-Iskander won second place, and a team from the company Artistrazh received third place. Notably, one of Artistrazh’s co-founders is Igor Turashev, who is wanted by the FBI for his connection to computer malware that the bureau claims infected “tens of thousands of computers, in both North America and Europe, resulting in financial losses in the tens of millions of dollars.” Artistrazh’s team comprised four people who won 200,000 Russian rubles (USD $3,000). OSINT investigators at Molfar confirmed that the Igor Turashev who works at Artistrazh is the same one wanted by the FBI.

Wagner said that one of the key objectives of the hackathon was the development of IT projects to protect the interests of the Russian army, adding that the knowledge gained during the hackathon could already be applied to clear mines. Wagner said it had also invited some participants to collaborate further. The Wagner Center opened in St. Petersburg in early November 2022; the center’s mission is “to provide a comfortable environment for generating new ideas in order to improve Russia’s defense capability, including information.”

– Givi Gigitashvili, DFRLab Research Associate, Warsaw, Poland

Frenzy befalls French company accused of feeding Russian forces on New Year’s Eve

A VKontakte post showing baskets of canned goods produced by the French company Bonduelle being distributed to Russian soldiers on New Year’s Eve has sparked a media frenzy in France. The post alleges that Bonduelle sent Russian soldiers a congratulatory package, telling them to “come back with a win.” The post quotes Ekaterina Eliseeva, the head of Bonduelle’s EurAsia markets. According to a 2019 Forbes article, Eliseeva studied interpretation at an Russian state security academy. 

Bonduelle has issued several statements denying the social media post and calling it fake. However, Bonduelle does maintain operations in Russia “to ensure that the population has access to essential foodstuff.” 

French broadcaster TV 5 Monde discovered that Bonduelle’s Russia division participated in a non-profit effort called Basket of Kindness, sponsored by the Fund of Presidential Grants of Russia. Food and supplies were gathered by food banks to be delivered to vulnerable segments of the population. However, during the collection drive, Dmitry Zharikov, governor of the Russian city of Podolsk, posted on Telegram that the collections would also serve military families.  

The story was shared on national television in France and across several international outlets. The Ukrainian embassy in France criticized Bonduelle for continuing to operate in Russia, claiming it was “making profits in a terrorist country which kills Ukrainians.”

—Valentin Châtelet, Research Associate, Brussels, Belgium

Former head of Russian space agency injured in Donetsk, mails shell fragment to French ambassador

Dmitry Rogozin, former head of the Russian space agency Roscosmos, said he was wounded in Ukrainian shelling on December 21, 2022, at the Shesh hotel in Donetsk while “celebrating his birthday.” In response, Rogozin sent a letter to Pierre Lévy, the French ambassador to Russia, with a fragment of the shell.  

In the letter, Rogozin accused the French government of “betraying [Charles] De Gaulle’s cause and becoming a bloodthirsty state in Europe.” The shell fragment was extracted from Rogozin’s spine during surgery and allegedly came from a French CAESAR howitzer. Rogozin requested the fragment be sent to French President Emmanuel Macron. His message was relayed by Russian news agencies, and on Telegram by pro-Russian and French-speaking conspiracy channels. 

At the time of the attack, Rogozin was accompanied by two members of his voluntary unit, “Tsar’s wolves,” who were killed in the attack, according to reporting from RT, RIA Novosti, and others. 

– Valentin Châtelet, Research Associate, Brussels, Belgium

Sputnik Lithuania’s former chief editor arrested

On January 6, Marat Kasem, the former chief editor of Sputnik Lithuania, was arrested in Riga, Latvia, on suspicion of “providing economic resources” to a Kremlin propaganda resource under EU sanctions.

The following day, pro-Kremlin journalists held a small demonstration in support of Kasem in front of the Latvian embassy in Moscow. Russian journalist Dmitry Kiselyov and politician Maria Butina attended the event.

The demonstration was filmed by Sputnik and amplified with the Russian hashtag #свободуМаратуКасему (#freedomForMaratKasem) on Telegram channels operating in the Baltic states, including the pro-Russian BALTNEWS, Своих не бросаем! | Свободная Балтика!, and on Butina’s personal channel. The news of Kasem’s arrest also reached the Russian Duma’s Telegram channel, which re-shared Butina’s post.

– Valentin Châtelet, Research Associate, Brussels, Belgium

New year brings new military aid for Ukraine

International efforts in support of Ukraine are continuing in full force in 2023. On January 4, Norway announced it had sent Ukraine another 10,000 155mm artillery shells. These shells can be used in several types of artillery units, including the M109 self-propelled howitzer. On January 5, Germany confirmed it would provide Ukraine with Marder fighting vehicles and a Patriot anti-aircraft missile battery. German news outlet Spiegel also reported that talks are underway to supply Ukraine with additional Gepard anti-aircraft guns and ammunition.

In addition, UK Foreign Secretary James Cleverly said the British government would supply Ukraine with military equipment capable of delivering a “decisive” strike from a distance. At the end of 2022, UK Defense Secretary Ben Wallace discussed the possibility of transferring Storm Shadow cruise missiles, with a range of up to 250 kilometers. Finland also reported that it is preparing its twelfth package of military assistance to Ukraine.

US aid to Ukraine is also being reaffirmed with a $2.85 billion package on top of weapon deliveries. Additionally, the US plans to deliver fourteen vehicles equipped with anti-drone systems as part of its security assistance package. The company L3Harris is part of the Pentagon’s contract to develop anti-drone kits. This equipment would help protect Ukrainian civil infrastructure, which has been a frequent Russian target since October 2022.

On January 6, French President Emmanuel Macron announced that France would supply Ukraine with units of the light AMX-10RC armored reconnaissance vehicle. These vehicles were produced in 1970 and have been used in Afghanistan, the Gulf War, Mali, Kosovo, and Ivory Coast. The French defense ministry also announced that the country was to deliver twenty units of ACMAT Bastion armored personnel carriers.

On January 11, Ukrainian President Volodymyr Zelenskyy met with Presidents Andrzej Duda of Poland and Gitanas Nauseda of Lithuania in Lviv. During the visit, Duda announced that Poland would deliver fourteen units of the much-awaited German Leopard combat tanks, and Nauseda announced that his country would provide Ukraine with Zenit anti-aircraft systems.

Meanwhile, the largest manufacturer of containers for the transport of liquified natural gas has ceased operations in Russia. French engineering group Gaztransport & Technigaz (GTT) said it ended operations in Russia after reviewing the latest European sanctions package, which included a ban on engineering services for Russian firms. The group said its contract with Russian shipbuilding company Zvezda to supply fifteen icebreakers to transport liquefied natural gas was suspended effective January 8.

—Valentin Châtelet, Research Associate, Brussels, Belgium

—Ruslan Trad, Resident Fellow for Security Research, Sofia, Bulgaria

Ukrainian envoy to Georgia discusses deteriorating relations between nations

On January 9, Andrii Kasianov, the Ukrainian Chargé d’Affaires in Georgia, published an article discussing the deteriorating relationship between the two countries. The article stated that the top issues affecting relations were military aid to Ukraine, bilateral sanctions against Russia, visa policies for fleeing Russians, and the legal rights of Mikheil Saakashvili, the imprisoned third president of Georgia, who is also a Ukrainian citizen.

Kasianov noted that Tbilisi declined Kyiv’s request for military help, specifically for BUK missile systems, which were given to Georgia by Ukraine during Russia’s 2008 invasion. The diplomat said that the weapons request also included Javelin anti-tank systems supplied to Georgia by the United States.

“Despite the fact that the Georgian government categorically refused to provide military aid, Ukraine opposes the use of this issue in internal political disputes and rejects any accusations of attempts to draw Georgia into a war with the Russian Federation,” Kasianov said.

Since the Russian invasion of Ukraine, the Georgian Dream-led government has accused Ukraine, the US, and the EU of attempting to drag Georgia into a war with Russia.

—Eto Buziashvili, Research Associate, Tbilisi, Georgia

The post Russian War Report: Russian hacker wanted by the FBI reportedly wins Wagner hackathon prize appeared first on Atlantic Council.

Post-war Ukraine needs a smart digital transformation strategy

Anatoly Motkin — Thu, 12 Jan 2023 15:52:20 +0000

The Russian invasion of Ukraine is still far from over, but it is already clear that Ukraine has defended its independence and won the right to become a fully fledged member of the democratic world. This trajectory was further underlined in summer 2022 when Ukraine received official EU candidate nation status.

Ukraine’s future prosperity is not just a matter of ending the war and moving toward membership of the European Union, however. Ahead lies the complex reconstruction of the country’s entire economy and national infrastructure. In order for this to succeed, there can be no return to pre-war conditions. Instead, Ukraine has a once-in-a-lifetime opportunity to reinvent itself as one of the most modern nations on the planet.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Thanks to the unprecedented support of Ukraine’s international partners, today’s ambitious visions for a new Ukrainian economy are entirely feasible. This will in all likelihood be a green economy at the cutting edge of the digital revolution.

President Zelenskyy had already set Ukraine on the road to a digital future long before the horrors of Russia’s full-scale invasion. In the early days of his presidency in spring 2019, Zelenskyy identified digitalization as a national priority and vowed to create “a country in a smartphone.”

On the eve of the Russian invasion, Ukraine had already made significant progress in this direction. More than 10 million Ukrainians, or around one-third of the entire adult population, had installed the Diia app, which offered a range of public services and documents in digital format. The impact of this digitalization has been evident during the war, with Ukrainians frequently using virtual documents to identify themselves and pass checkpoints.

The tech sector had also established itself as a key engine of the economy in pre-war Ukraine. By the end of 2021, the IT industry was generating around $6.8 billion in annual export earnings, representing approximately 10% of Ukraine’s overall export revenues.

These developments are encouraging and indicate that Ukraine can seize the unique opportunities that may soon emerge. At the same time, the post-war transformation of the country will force the Ukrainian authorities and the domestic tech industry to think on a far larger scale than ever before. International investments alone will dwarf anything seen in Ukraine since the country regained independence in 1991.

Eurasia Center events

Nonresident Senior Fellow

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Ukraine’s IT industry certainly has the potential to rise to the coming challenges. On the eve of the invasion, there were more than 250,000 IT engineers in the country working for companies that developed advanced solutions for many of the world’s biggest brands. To harness this potential and position the country for future success, Ukraine’s Ministry of Digital Transformation must engage with the world’s leading experts to develop an effective digital transformation strategy.

This strategy must address a series of core issues such as mastering digital skills, engineering digital infrastructure, the digitalization of public services, and the digital transformation of Ukraine’s business environment. Ukraine must adapt its education system to make sure the emerging generation of young Ukrainians are equipped with the necessary English-language and tech skills to drive the country’s transformation forward. Teachers will need to have expert knowledge, while schools must have sufficient internet access and tech tools.

These innovations need to be applied evenly across the country to make sure progress is consistent and no regions are left behind. This is especially important for regions liberated from Russian occupation. Digitalization must also extend to every branch of public services including healthcare, housing, and municipal services.

Even this very brief overview highlights the vast proportions of the undertaking that lies ahead for Ukraine. The envisaged digital revolution will require the involvement of experts in a wide variety of fields including law, education, energy, medicine, and security as well as IT itself.

The experience of the past ten months leaves little room for doubt that the global community will be ready to support Ukraine’s post-war digital transformation. While the Ukrainian Ministry of Digital Transformation will have the task of coordinating the creation of a digital transformation strategy, the Ministry can call on the support of a range of national governments, international financial institutions such as the World Bank and the EBRD, global development agencies, and many of the world’s largest tech companies.

Today, while Ukraine’s heroic defense against Russian aggression is still underway, it is time to create a broad coalition of allies and establish expert working groups to develop a strategy development fund. The platform for this coalition can be the Digital for Freedom initiative already put forward by the Ministry of Digital Transformation in mid-2022.

Ukraine has already demonstrated that with enough military support, it can win the war. The country’s international partners must also be ready to begin the massive task of reconstruction as soon as circumstances allow. A comprehensive and ambitious digital transformation strategy can serve as one of the foundational documents for the coordination of efforts to make the new Ukraine an example of progress for the entire world.

Anatoly Motkin is president of the StrategEast Center, an independent institution working to develop Eurasia’s digital economy in collaboration with international financial institutions, development agencies, global tech companies, and Eurasian governments.

About the author

Fellow

Kenneth Propp

Europe Center

European Union Digital Policy

The post Propp in Lawfare: Gentlemen’s Rules for Reading Each Other’s Mail: The New OECD Principles on Government Access to Personal Data Held by Private Sector Entities appeared first on Atlantic Council.

Digitalization and transparency are vital for Ukraine’s reconstruction

Oleksandra Azarkhina — Mon, 02 Jan 2023 18:47:43 +0000

When you have become used to constant power cuts, regular air raid alerts, and the empty evening streets of Kyiv, a business trip to the United States can feel like being transported to another dimension entirely. However, when I visited Washington DC in the final weeks of 2022, I soon found that the situation in Ukraine was high on the local agenda.

During my brief time in the US, I held over 30 meetings with government officials as well as representatives of the defense, financial, and non-profit sectors. All were deeply immersed in the challenges facing Ukraine and were ready to offer genuine support. Topics of discussion included efforts to boost Ukrainian food exports, strengthen the country’s air defense systems, and facilitate the future reconstruction of Ukraine.

Every conversation also featured an anti-corruption component. This is essential in order to build the kind of transparent and effective partnerships that will help Ukraine move forward. Success will depend on a combination of the right systems and suitably qualified personnel.

Digital tools can play a key role in this process. Ukraine’s reputation as a digital innovator is already recognized across the Atlantic. Two years ago, Ukraine became the world’s first country to grant legal status to electronic passports for domestic use. Hundreds of public services for private citizens and businesses can already be accessed online. More recently, Ukraine occupied second place in Europe for data openness in the 2022 Open Data Maturity ranking.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Ukraine’s digital progress can serve as a solid basis for the country’s recovery. While in the US, I had the opportunity to present plans for a Digital Reconstruction Management System (DRMS), which will serve as a comprehensive online platform that will ensure successful simultaneous implementation of multiple projects across Ukraine. The DRMS will make it possible to manage every stage of Ukraine’s reconstruction projects while providing real-time online information including spending data.

The concept is based on the principle of maximum transparency and the publication of open data in accordance with international norms such as the Open Contracting Data Standard. This digital solution will drive the development of an entire ecosystem. It will create opportunities for businesses around the world to participate in procurement tenders for the reconstruction of Ukraine.

Additional tools will make it possible to monitor contractors, while NGOs will be able to analyze data and create risk indicators. This approach will make the coming reconstruction of Ukraine a model of open governance and open contracting for the entire world.

Ukraine’s digital reconstruction system is set to be launched in early 2023. This initiative is the result of cooperation between the Ukrainian authorities, civil society, and international institutions. It is being implemented together with RISE Ukraine, a coalition of international and Ukrainian NGOs.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

Personnel choices will also play a key role in the further evolution of Ukraine’s anti-corruption architecture. Appointing the right people will be critical to this process. In the months and years ahead, Ukraine should look to recruit from within the ranks of the country’s armed forces.

There are currently more people than ever in uniform defending Ukraine. This includes men and women from a variety of professional backgrounds, including many who took up arms following successful careers as civil servants and human rights defenders. According to my friends who are currently serving in the trenches, this experience fundamentally changes a person’s worldview and civic position.

Military veterans will be highly motivated to safeguard Ukraine’s development and the country’s democratic institutions. That is why it is so important for Ukraine to receive support from the US and other international partners for initiatives that will make it possible to integrate veterans into the country’s ongoing anti-corruption efforts.

The provisional idea is to select people with the relevant educational and professional background for training in the most effective approaches to combating corruption. Successful candidates can then join Ukrainian law enforcement and the country’s anti-corruption institutions.

I am confident that by combining digital transparency with a targeted approach to personnel, it will be possible to achieve historic change in Ukraine. This message clearly resonated with our American partners during my recent visit to the United States. Our pursuit of a common goal is a source of inspiration and one more reason to believe Ukraine will win the war.

Oleksandra Azarkhina is Ukraine’s Deputy Minister for Communities, Territories, and Infrastructure Development.

Vladimir Putin’s failing invasion is fueling the rise of Russia’s far right

Stanislav Shalunov — Wed, 14 Dec 2022 17:57:11 +0000

A new and significant political force is emerging in the shadows of Russia’s invasion of Ukraine. While Vladimir Putin has long cultivated an aggressive brand of Russian nationalism based on imperial identity, battlefield defeats in Ukraine are having a radicalizing effect on domestic audiences and placing the far right at the center of Russia’s shifting political landscape.

Like many dictators throughout history, Putin believed he could strengthen his position at home by waging a small, victorious war. However, he is now learning a painful lesson: if you stake your position as dictator on a quick victory but fail to deliver, you may suffer the fate of Khrushchev after the Cuban Missile Crisis or the Argentinian junta after their disastrous invasion of the Falklands. Losing a conflict that you are expected to win is so thoroughly demoralizing that it puts your entire reign at risk.

Many people now question why Putin embarked on such a reckless invasion at all. In fact, the Russian dictator has always been a betting man. His entire career has been marked by gambles that have paid off handsomely. However, with the full-scale invasion of Ukraine, his luck may finally have run out.

US President Joe Biden describes Putin as a rational actor who has miscalculated. This is probably true, but it is also important to recognize Putin’s miscalculation as a symptom of a flawed worldview that is disconnected from reality. In short, Putin fell into the same trap that eventually catches out many long-serving dictators; he drank his own Kool-Aid.

In a military context, believing in one’s own inflated prowess is catastrophically dangerous. Thanks to decades of propaganda, Russians take it for granted that their country is a military superpower. This myth has been shattered in Ukraine. Despite having less than one-third of Russia’s population, a far smaller economy, and being an emerging democracy rather than a militarized dictatorship, Ukraine has more than held its own for almost a year against the invading Russian army.

While the West has provided Ukraine with significant military aid, the extent of Western involvement in the war should not be overstated. So far, only about one percent of the relevant available Western weaponry has actually been sent to Ukraine. Key partners such as the US, UK, France, and Germany have resisted Ukrainian pleas for tanks, jets, and long-range missiles. Instead, they have provided anti-tank weapons, limited quantities of artillery, and shorter range missile systems. Nevertheless, this has proved sufficient to stop Russia’s offensive and liberate about half of the territory occupied by Putin’s troops during the initial stages of the invasion.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

Faced with mounting setbacks in Ukraine, Putin has become increasingly delusional. Rather than acknowledge Russia’s embarrassing defeats and catastrophic losses, he insists everything is going according to plan. This is creating opportunities for Russia’s far right forces, which do not suffer from the same limitations. While Kremlin officials absurdly attempt to portray retreats as “goodwill gestures,” the far right wins over the Russian public by speaking frankly about the country’s military disasters in Ukraine.

Until the invasion began in February 2022, the only political opposition in Russia was represented by jailed anti-corruption activist Alexei Navalny, who had attempted to play broadly by Western democratic rules. When the war started, the remnants of Russian civil society were ruthlessly stamped out. Prominent opposition figures were jailed or forced into exile, while new laws criminalized all forms of public dissent. These trends have intensified over the intervening nine months, extinguishing any lingering hopes of a serious democratic opposition to the Putin regime.

Instead, the most serious challenge to Putinism may come from a newly emerging political movement that is even further to the right on the political spectrum than Putin himself. At present, this is a disorganized but vocal movement that has found its voice in the many unofficial Russian “war correspondents” and social media accounts reporting on the invasion while bypassing the Russia’s Kremlin-controlled mainstream information space. Most write from a Russian nationalist perspective while employing ethnic slurs for Ukrainians. They are unambiguously pro-war and often apparently pro-Putin. However, their content is frequently at odds with Russia’s official propaganda and highly critical of the military officials leading the invasion.

Eurasia Center events

Ukraine’s advance in Kursk: What’s next and implications

Conflict Russia Security & Defense Ukraine

While there is currently no single nationalist leader, the most prominent figure among Russian ultra-nationalists is Yevgeny Prigozhin, the leader of the Wagner Group paramilitary force. Prigozhin once sought to distance himself from Wagner but has recently made his connection very public. He has released footage of his recruitment speeches and has opened a swanky head office in Saint Petersburg. This reflects the rising profile of Wagner itself. Formerly seen as a shadowy mercenary group used by the Kremlin in hybrid war hot spots such as Ukraine, Syria, and Africa to create a veneer of plausible deniability, Wagner has been one of the few Russian military units to perform credibly during the initial stages of the Ukraine invasion and has visibly grown in stature.

With his own public profile on the rise, Prigozhin has begun testing the boundaries by publicly deriding senior figures within the Russian military hierarchy. Meanwhile, his Wagner troops operate in Ukraine as an army-within-an-army, pursuing their own clearly defined battlefield objectives and openly positioning themselves as a military elite in contrast to the under-performing regular Russian army.

Wagner fighters have become the poster boys of the ultra-nationalists, who are themselves less prone to official delusions and more interested in the realities of hard power. Freedom from the constraints of the Kremlin propaganda machine is a major asset in their struggle for credibility among Russian audiences. This makes the far right a potentially formidable opponent in a future internal power struggle against the Putin regime.

It is hard to predict what the world could expect from a post-Putin Russia ruled by far right forces, but there is clearly little room for optimism. An ultra-nationalist successor regime would likely be even more inclined to wage war against Russia’s neighbors while ruthlessly targeting civilians. This extremism would be driven in part by the growing conviction within nationalist circles that Putin is failing in Ukraine precisely because he has not been ruthless enough in his leadership of the war.

Putin’s domestic position is not yet sufficiently weak to talk of an imminent fall from power, but it is already apparent that he is far weaker today than he was just one year ago. At the same time, the full-scale invasion of Ukraine has catapulted a wide range of formerly fringe nationalist figures into the Russian mainstream and transformed Yevgeny Prigozhin into a political heavyweight. This swing to the right has not yet been fully appreciated by many Western observers, but it offers alarming indications of where Russia may be heading politically and must be watched carefully in the months ahead.

Stanislav Shalunov is founder and CEO of NewNode and creator of FireChat.

#1 What organization, public or private, had the greatest impact on cybersecurity in 2022?

Rep. Jim Langevin, US Representative (D-RI); former commissioner, Cyberspace Solarium Commission:

“I think we have really seen the Joint Cyber Defense Collaborative (JCDC) come into its own this year. We saw CISA, through JCDC, lead impressive and coordinated cyber defense efforts in response to some of the most critical cyber emergencies the Nation faced in 2022, including the Log4Shell vulnerability and the heightened threat of Russian cyberattacks after its invasion of Ukraine.”

Wendy Nather, nonresident senior fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council; head of advisory CISOs, Cisco:

“I would argue that Twitter has had the most impact on cybersecurity. As a global nexus for public discourse, security research, threat intelligence sharing, media resources, and more, its recent implosion has disrupted essential communications and driven many cybersecurity stakeholders to seek connectivity elsewhere. We will probably continue to see the effects of this disruption well into 2023 and possibly beyond.”

Sarah Powazek, program director, Public Interest Cybersecurity, UC Berkeley Center for Long-Term Cybersecurity:

“CISA. The cross-sector performance goals and the sector-specific 100-Day Cyber Review Sprints this year are paving the way for a more complete understanding and encouragement of cybersecurity maturity in different industries. It is finally starting to feel like we have a federal home for nationwide cybersecurity defense.”

Megan Samford, nonresident senior fellow, Cyber Statecraft Initiative, Digital Forensic Research Lab (DFRLab), Atlantic Council; vice president and chief product security officer for energy management, Schneider Electric:

“I think all of us feel that it has to be the warfighting efforts that are going on in the background of the Ukraine war—these are the ‘known unknown’ efforts. If we take that off the table though, I would say it is not an organization at all, it is a standard (IEC 62443). As boring as it is to say that standards work, right now industry most needs time for the standards to be adopted to reach a minimum baseline. If we fail to achieve standardization, we will see regulation—both achieve the same things at different paces with different tradeoffs.”

Gavin Wilde, senior fellow, Technology and International Affairs Program, Carnegie Endowment for International Peace:

“The State Special Communications Service of Ukraine (SSSCIP), which has deftly defended and mitigated against Russian cyberattacks throughout Moscow’s war. SSSCIP’s ability to juggle those demands while coordinating and communicating with a vast array of state and commercial partners has improved the landscape for everyone.”

#2 What was the most impactful cyber policy or initiative of 2022?

Langevin: “The Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA. Its impact lies not only in its effect—which will dramatically improve the federal government’s visibility of cyber threats to critical infrastructure—but also in the example it has set for how Congress, the executive branch, and the private sector can effectively work together to craft major legislation that will make the country fundamentally safer in cyberspace.”

Nather: “I have to call out CISA’s election security support at this crucial point in our Nation’s fragile and chaotic state. It continues to provide excellent information and resources—particularly the wonderfully named “What to Expect When You are Expecting an Election” and video training to help election workers protect themselves and the democratic process. Reaching out directly to stakeholders and citizens with the education they need is every bit as important as the ‘public-private partnership’ efforts that most citizens never encounter.”

Powazek: “CISA’s State and Local Cybersecurity Grant Program and Tribal Cybersecurity Grant Program. The programs will dole out $1 billion in cyber funding to state, local, tribal, and territorial governments over four years, with at least 25 percent of those funds earmarked for rural areas. If that money is invested well, it will be an incredible boon to critical public agencies struggling to improve their cybersecurity maturity, and it can better protect millions of people.”

Samford: “Software bill of materials (SBOM), but not for the reasons people may think. SBOM is a very useful tool in managing risk, provided that organizations already have good asset inventory capability. In operational technology, asset inventory is an area that asset owners continue to struggle with, so the benefit from SBOM is more of a long-term journey. That is why I say SBOM, but not for the reasons people think. In my mind what I think was most impressive around SBOM was that it demonstrated that the industry can successfully rally and rapidly standardize around very specific asks. SBOM came together because it had three things: 1) common industry understanding of the problem; 2) existing tooling that, for the most part, did not require new training; and 3) government policy and right-sized program management.”

Wilde: “The European Union’s proposed Cyber Resilience Act, which is poised to update and harmonize the regulatory environment across twenty-seven member states and set benchmarks for product and software security—particularly as both cybercrime and Internet-of-Things applications continue to proliferate. The proposals offer a stark contrast between a forward-looking regulatory regime, and a crisis-driven reporting and mitigation one.”

#3 What is the most important yet under-covered cyber incident of 2022?

Langevin: “I think it is worth reminding ourselves just how serious the ransomware attacks were that crippled the Costa Rican government this year. This was covered in the news, but from a policy perspective, I think it warrants a deeper conversation about what the United States can be doing on the international stage to double down on capacity-building and incident response efforts with allies, particularly those more vulnerable to such debilitating attacks. Part of that conversation needs to include a commitment to ensuring that our government actors, like the State Department’s Bureau of Cyberspace and Digital Policy, have the appropriate resources and authorities to effectively provide that assistance.”

Nather: “The Twilio breach (although Wired did a good job covering it). It is important because although SMS is a somewhat-reviled part of our security infrastructure, it is utterly necessary, and will continue to be long into the future.”

Powazek: “The Los Angeles Unified School District (LSUSD) ransomware attack by Vice Society was highly covered in the news, but I think the implications are resounding. LAUSD leaders refused to pay the ransom, maintained transparency with students and parents, and were able to move forward with minimal downtime. It was a masterclass in incident management, and I was thrilled to see a public institution take a stand against ransomware actors and recover quickly.”

Samford: “Uber’s chief information security officer (CISO) going to jail. This has turned the industry on its head and forced people to challenge what it means to be an executive in this industry and make decisions that can land you—not the chief executive officer or chief legal counsel—in jail. What is the compensation structure for this amount of risk taking? I have heard of CISOs being called the ‘chief look around the corner officer’ or the ‘chief translation officer,’ but now has the CISO become the ‘chief scapegoat officer?”

Wilde: “The US Department of Justice’s use of ‘search and seizure’ authority (Rule 41 of the federal criminal code) to neutralize a botnet orchestrated by the Russian GRU. So many fascinating elements of this story—including the legal and technical implications of the operation, as well as the cultural shift at DOJ—seem to have gone underexamined. Move over, NSPM-13…”

The cyber strategy and operations of Hamas: Green flags and green hats

GRU 26165: The Russian cyber unit that hacks targets on-site

Wargaming to find a safe port in a cyber storm

#4 What cybersecurity issue went unaddressed in 2022 but deserves greater attention in 2023?

Langevin: “I am hopeful that this answer proves to be wrong before the end of the year, but right now, it is the lack of a fiscal year (FY) 2023 budget. The federal government has a wide array of new cybersecurity obligations stemming from recent legislation and Biden administration policy, but agencies will struggle to fulfill these responsibilities if Congress does not provide appropriate funding for them to do so. Keeping the government at FY22 funding levels simply is not good enough; if we want to see real progress, we need to pass a budget.”

Nather: “One trend I see is that there is almost no check on technological complexity, which is the nemesis of security. Simply slapping another ‘pane of glass’ on top of the muddled heap is not a long-term solution. I believe we will see more efforts to consolidate underlying infrastructure for many reasons, among them cost and ease of administration, but cybersecurity will be one of the loudest stakeholders.”

Powazek: “The United States still does not have a scalable solution for providing proactive cyber assessments to folks who cannot afford to hire a consulting firm. There are lots of toolkits available, but some organizations do not even have the staff or time to consume them, and there is no substitute for face-to-face assistance. We could use more solutions like cybersecurity clinics and regional cyber advisors that address this market failure and help organizations increase resiliency to cyberattacks.”

Samford: “Coordinated incident response as well as whistleblower protection. If you want safety-level protections in cybersecurity, you need safety-level whistleblower protections. In the culture of safety, based on decades of culture development and nurturing, whistleblowing is a key enabler. It is based on a basic truth that anyone in an organization can ‘stop the line’ if they see unsafe behavior. In cyber, we lack ‘stop the line’ power and, in many cases, individuals fail to report risk because of fear of attribution and retaliation. That is why, in my mind, the topic of whether or not whistleblower protection should become a cyber norm remains something that has gotten little attention but it is a critical decision point in how the cyber community wants to move forward. Will we have more of a tech-based culture or a safety-based culture?

As far as coordinated incident response, we estimate that upward of 80 percent of the cyber defense capacity resides in the private sector, yet very few mechanisms exist to coordinate these resources alongside a government-led response. We have not yet figured out how to tap that pool of resources, and I fear that we are going to have to learn it quickly one day should such attacks occur that require rapid and consistent response coordination, such as a targeted campaigned cyberattack linked with physical impact on critical infrastructures. Using Incident Command System could solve for this and the ICS4ICS program is picking up this challenge.”

Wilde: “Privacy and data protection. The ‘Wild West’ of data brokerages and opaque harvesting schemes that enables illicit targeting and exploitation of vulnerable groups poses as much a threat to national security as any foreign-owned applications or state intelligence agencies.”

#5 What do the results of the 2022 midterm elections in the United States portend for cybersecurity legislation in the 118^th Congress?

Langevin: “The cybersecurity needs of the country are too great for Congress to get bogged down in partisan fighting, and I think there are bipartisan groups of lawmakers in both chambers who understand that. There may be philosophical differences on certain issues that are more pronounced in a divided Congress, but I expect that we will still see room for effective policymaking to improve the Nation’s cybersecurity. The key to progress, as it would have been no matter who controlled Congress, will be continuing to build Members’ policy capacity on these issues, lending a broader base of political support to those Members who understand the issues and can lead the charge on legislation.”

Nather: “Some of the centrist leaders from both parties who led on cybersecurity, such as John Katko (R-NY) and Jim Langevin (D-RI), are retiring. And Will Hurd (R-TX), who held a similar role—working across the aisle on cybersecurity issues—in the previous Congress, is gone. As the work on cybersecurity legislation has historically stayed largely above the political fray, it will be interesting to see who steps up to build consensus on this critical topic.”

Powazek: “The retirement of policy powerhouses Rep. John Katko and Rep. Jim Langevin leaves an opening for more cyber leadership, and the recent elections are our first glimpse of who those leaders may be. As a Californian, I am particularly excited about Rep. Ted Lieu and Senator Alex Padilla, both of whom are poised for cyber policy leadership.”

Samford: “More focus on zero trust, supply chain, and security of build environments. These are efforts that all have bipartisan support and engagement.”

Wilde: “The retirement of several of the most driven and conversant members does not bode well for major cybersecurity initiatives in Congress next session. Diminished expertise is not only a hurdle from a substantive perspective, but it also makes it difficult to avoid cyber issues falling victim to other political and legislative agendas from key committees.”