Is Russia ready to talk?

After years of escalating and intensifying national security strategy language – to include the cyber domain – Russia’s 2023 Concept of Foreign Policy of the Russian Federation (CFP) hints at a change of direction. Or, more realistically, a potential future change in direction.

When western technology companies curtailed their operations in Russia after the 2022 invasion of Ukraine, a flaw in Russia’s national security strategy (NSS) appeared. In 2021, Russia revealed that it was ready to develop its own technology market. The Kremlin claimed it wanted to increase Russia's self-reliance, and boost its economic and cyber security measures. However, it quickly became clear that the claim was hollow.

In 2021, Russia revealed that it was ready to develop its own technology market, to increase its self-reliance and boost its economic and cyber security measures

The CFP pivots not quite to the prospect of engagement, but certainly toward the possibility of it in the future. A return to previous levels of activity is unlikely in the near term. But perhaps if Russia is willing to talk in the future, there will be some measure of stability to whatever peace is eventually negotiated on the war in Ukraine.

Trajectory of Russia’s cyber security strategy

In 2015 and 2016, Russia saw the cyber threat as broad and existential, lacking the nuance in later NSS thinking. That texture began to appear in 2021, at a point where Russia also became much more assertive in its strategy. Furthermore, it began to point fingers. The 2021 Russian NCSS 'contains criticism of Western actions that purportedly undermine Russian interests' across 'almost every policy area'.

Russia approaches cyber security strategy differently to western states, starting with the concept of 'information confrontation'. This idea, which refers to a 'clash of national interests and ideas' with adversary states, is itself highly nuanced. Translated as 'confrontation', the original Russian word protivoborstvo implies the presence of an 'other', given that the word carries a 'counter' connotation. Translators have also offered 'counterstruggle' and 'countermeasure' as alternative (or supplemental) translations. Russian national security strategy – and, within it, national cyber security strategy – is thus positioned as a response to the threats posed from adversaries abroad.

Presciently, the 2016 NCSS, Doctrine of Information Security for the Russian Federation, covered the threats associated with Russia’s dependence on foreign technology providers. The 2021 NSS raised this problem again, and amplified it. Government officials likely contemplated the growing risks of relying on foreign technology within the context of the invasion of Ukraine likely being planned, which would certainly (and did) provoke a western economic response.

The need for change

To counter the economic warfare (sanctions) that Russia seemingly expected from a conflict with Ukraine, which would intersect with its reliance on foreign technology, Russia prepared a potential remedy: '[the] creation of new high-tech industries and markets'. We witnessed western companies (not just technology) curtailing their operations in Russia, although to a lesser extent than it may appear. Furthermore, the 'brain drain' that followed the invasion constrained Russia’s ability to solve its way out of reduced access to foreign technology. In 2023, Russia’s latest statement on security strategy, the 2023 CFP, hints at the need for a shift.

The 2023 CFP acknowledges the virtual impossibility of Russia’s previous 'go it alone' strategy. One could read the following sentence, that the 'global reach and transnational nature of challenges and threats limit the ability of individual states', as a concession that one state cannot take on the entire world. Of course, Russia has invested heavily in cultivating relationships across much of the world, to include the World Majority. But there is clearly no alternative to being 'open to the pragmatic cooperation with the business circles of the unfriendly states'.

The 2023 CFP accuses the US and 'their satellites' of unleashing 'a new type of hybrid war' that is 'aimed at weakening Russia in every possible way'

Unsurprisingly, the 2023 CFP is long on grievance and short on engagement, let alone solution. It accuses the US and 'their satellites' of unleashing 'a new type of hybrid war' that is 'aimed at weakening Russia in every possible way'. Russia focuses on the attacks to its 'economic and technological capabilities', which undermine 'its constructive civilizational role'. The 2023 CFP presents sanctions alongside information and cyber threats as justifying 'the symmetrical and asymmetrical measures necessary to suppress such unfriendly acts and also to prevent them from recurring in future'.

The prospect of 'pragmatic cooperation' with 'unfriendly states'

However, the grievances expressed do hint at some prospect for change. It’s clear in the 2023 CFP that Russia needs a new cyber, information, and even economic strategy with regard to the western adversaries who see 'the strengthening of Russia as one of the leading centres of development in the modern world and its independent foreign policy as a threat to Western hegemony'. For this reason, it must consider the benefits of 'pragmatic cooperation' with 'unfriendly states'. Russia must address both its immediate private market technology concerns and its future economic security.

Russia must now consider the benefits of 'pragmatic cooperation' with 'unfriendly states'

Effectively, the document concedes that the economic measures resulting from the market factors affecting foreign technology providers requires a change in Russia’s approach. In the end, it was not cyber domain superiority that affected a cyber security change. Rather, it was strength in the economic domain.

What next?

Don’t expect real change anytime soon. With the Russia-Ukraine war still ongoing and a US election on the horizon, radical moves aren’t on the cards. What the 2023 CFP offers is a sign that change is possible in the future, not a readiness to take action today. A lot must happen first. But the point is, possibly, that there is room for those intermediate steps to occur.

The signals seemingly offered in the 2023 CFP could provide a basis for outreach, pre-negotiation, and even updates to western cyber and economic security strategy that prepare for the prospect of economic re-engagement in a post-conflict environment. Undoubtedly, it is tempting to focus on the war today. However, one mustn’t forget that winning the peace that follows is always much more difficult.

The post Is Russia’s 'go it alone' cyber security strategy about to change? appeared first on The Loop.