On Thursday, the United Kingdom showed the right way to deal with acts of Russian aggression.
Its National Cyber Security Centre, part of the signals intelligence service Government Communications Headquarters, quite publicly attributed a massive 2019 cyberattack on the nation of Georgia to Russia’s GRU. That attack involved disrupting approximately 2,000 Georgian websites and TV broadcasts. The British attribution level is that the GRU retains “almost certain” responsibility for the attack. That’s a 95%-100% probability rating, the equivalent of an extremely high confidence U.S. intelligence assessment.
The announcement, alongside those from U.S. and Georgian authorities, is important for two reasons.
First, it holds Russia accountable for actions that the Russian state wishes to keep deniable. Second, it pushes back against President Emmanuel Macron’s escalating efforts to see the European Union grant sanctions relief to Russia. Wherever Macron is confronted with continuing evidence of Vladimir Putin’s aggression against democratic values, it degrades his ability to square his sanctions relief agenda with his rhetoric on supporting the liberal international order.
Still, it’s important to note that this is just the tip of the iceberg.
We all know about the 2016 U.S. election interference effort led by the GRU — and yes, it was the GRU. But the list of GRU cyberattacks is long and diverse. The U.K. attribution today included the GRU’s blame for two 2015 and 2016 winter attacks on Ukraine’s power grid (Ukraine is very cold in the winter) and a June 2017 attack on Ukrainian government and financial centers.
Oh, and when it’s not wreaking havoc in cyberspace, the GRU is poisoning innocent people with nerve agents and trying to kill American soldiers in Syria.
To be clear, the GRU is our enemy. The very least we can do is hold it to public account for its actions.
