The National Security Agency and its highly capable British equivalent, the Government Communications Headquarters, or the GCHQ, have identified an ongoing Russian intelligence effort to disrupt coronavirus-related vaccine research around the world. The United States and its allies should retaliate more directly in face of this absurdity.
We learned from the Obama administration’s pathetic response to the 2016 Russian election attacks that Moscow only finds encouragement from shows of perceived weakness.
The shared confidence level for this now-declassified intelligence assessment on vaccine-related Russian attacks is very high. According to Britain’s National Cyber Security Centre, a GCHQ subset, “Throughout 2020, APT 29 has targeted various organizations involved in Covid-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of Covid-19 vaccines … [National Cyber Security Centre] assess it is highly likely (80–90%) that this activity was to collect information on COVID-19 vaccine research or research into the COVID-19 virus itself.”
These Russian cyberteams are believed to operate under the authority of its Foreign Intelligence Service, the SVR, and its GRU military intelligence service. Based on Russian operational authorities for cyberactions that, if detected, pose a significant risk of negative repercussions for Russia, the classified U.S.-U.K. assessment here will very likely identify Russian President Vladimir Putin as the tasking authority for these attacks.
The U.S. and its allies should be doing more to address this aggression than releasing press statements.
Yes, there has likely been some counterdisruption against the teams responsible. But that response has likely focused on specific disruption of the access routes and servers the Russians are using and offering cybersecurity support to the Russian targets. Moreover, it’s clear that Moscow finds this all quite funny. The Kremlin is playing its casual game of denying all responsibility. Putin’s spokesman Dmitry Peskov told TASS that “Russia has nothing at all to do with these attempts.”
Thanks for the clarification, Dmitry.
In light of the urgent scientific, economic, and civil society need to introduce a viable vaccine as soon as possible, Moscow’s activity here constitutes a serious and unacceptable threat. It’s not clear what the motive is here. Considering Putin’s China policy interests, his commitment to reopening the economy at all costs, and Russia’s limited domestic research into vaccine development, it might be that Moscow is using this effort to gather information it can then use to trade with Beijing, which is desperate to win the global vaccine race. We should also note that these attacks take place amid a continuing Russian campaign to blame the coronavirus pandemic on America.
Regardless, these attacks have the potential if not the practice of endangering the entire global population. In turn, the U.S. and its allies should be taking more vigorous action to deter this aggression. It’s time to employ some of the more boutique cyberoffensive tools in the NSA-GCHQ portfolio. They might want to let GRU headquarters operate without power for a couple of days, for example. Or cut the power to their specific station offices in Washington. Or something in that vein of dark Chekist humor.
