Book Review: Russian Information Warfare: Assault on Democracies in the Cyber Wild West

Russian Information Warfare: Assault on Democracies in the Cyber Wild West, by Dr. Bilyana Lilly, is the latest title from the Naval Institute Press to take on the serious and important topic of foreign cyber threats to the United States. Dr. Lilly, a cybersecurity expert and adjunct researcher at the RAND Corporation, brings significant expertise to the work. She also comes at the topic with very welcome thoroughness regarding the nature and background of the problem, as well the analysis of the issue.

Dr. Lilly starts the book by establishing a couple of truths about what’s happening in the US and the broader world of political democracies—truths that should not be hard to identify, but are, for a variety of reasons I will discuss in a moment. First, Russia is waging an information war against the US, Germany, the UK and other democracies it perceives as threats. This information war is part of a broader strategy of fighting wars without actually fighting wars (though with the invasion of Ukraine, this doctrine is now falling apart.)

She also explores the political philosophy and strategic outlook driving Russian actions. This is a helpful context, as it answers the question on the minds of many people who study the issue: Why are they doing this? She puts you in the heads of Russian leadership, offering a point of view on how Russia sees the west as a threat.

The book then works through eight case studies, each analyzing the highest impact Russian information war campaigns in the last few years. These include the efforts to disrupt the 2016 US presidential election, hacking the German Bundestag and interfering in the French presidential election of 2017. For each case, Dr. Lilly offers a data-driven analysis, structured by a disciplined methodology, to show how Russian hacking and disinformation processes work.

For each case, Dr. Lilly offers a data-driven analysis, structured by a disciplined methodology, to show how Russian hacking and disinformation processes work.

The book shows data on the interlocking attack vectors of media disinformation, hacking, and data theft/leakage that cuts across political, social and economic spheres of the targeted country. This methodical, deep analysis is very welcome, in my view. So, too, is the fact that Dr. Lilly does not waiver in her attributions.

Difficulty in attribution is one of the two most serious problems the west has in confronting this digital aggression from Russia. The major media stumbles badly in dealing with these attacks because it’s almost impossible, based on journalistic standards, to attribute cyberattacks to a foreign power. News reporting invariably waffles, with frustrating cop outs like, “suspected to be the work of Russian gangs who may have connections to the Kremlin…”

The other problem comes from the intelligence world, which, probably with good reason, is loath to weigh in definitively on where these attacks are coming from. They don’t want to reveal sources and methods, and so forth. Even the bright spots, like the bipartisan Senate report accusing Russia of election interference, lack impact because few people read it. Current senior leadership is similarly reluctant to make too much of the issue, for fear of disrupting the diplomatic process with accusations based on guesswork and vague attributions.

Even the bright spots, like the bipartisan Senate report accusing Russia of election interference, lack impact because few people read it.

Then, there’s the herd of elephants in the room: One of two political parties in the United States has an urgent need to ignore this serious national security threat and pretend it isn’t happening. Russia interfered in the 2016 election to get their preferred candidate elected. That candidate is now the undisputed leader of that political party, with the extent of his reliance on Russian influence (and vulnerability to blackmail) still unknown.

A massive media ecosystem is complicit in hiding his connections to Russian information warfare. If anything, it appears to be repeating Russian disinformation campaigns to further Russian information warfare goals in the US and elsewhere. In this environment, any honest appraisal of the risks faced by the US is nearly impossible.

All of which begs a huge question: how does a country fight an information war it won’t admit it’s in? It’s not fair to lay this at Dr. Lilly’s feet. She has done an admirable job of analyzing the problem and offering the most compelling proof of attacks I’ve ever seen. She does offer some policy recommendations, however. These include expanding information gathering about Russian cyber operations, beefing up cyber defenses and getting media outlets to agree on standards for reporting stories that are suspected to be the work of foreign propogandists.

Given the state of American politics and political media these days, it’s hard to know if any of these ideas will work. But, having a book like this is a good start. It provides a detailed, factual basis for discussing a confrontation the US and other countries are having with a major geopolitical adversary—a confrontation that needs to be addressed out in the open if anything is to be accomplished.