Germany has good chance to secure new EU anti-Russian sanctions for cyberattacks

In July, Germany assumed the rotating presidency of the European Union Council. Annegret Kramp-Karrenbauer, German Minister of Defence, stated on 14 July 2020 that one of Germany's priorities during its presidency will be the analysis of military and hybrid threats to the bloc, in particular from Russia. Two days earlier, on 12 July the German government officially proposed that the EU impose sanctions on Russian individuals behind a 2015 hacker attack on Deutscher Bundestag (German Parliament), when 16GB of sensitive emails and other data leaked into the hands of Russian hackers. On 22 July, Radio Svoboda correspondent Ricard Jozwiak reported that “EU ambassadors today decided to freeze assets against Russia’s military intelligence GRU and intelligence services of China and North Korea in connection with cyberattacks WannaCry, NotPetya, and Cloud Hopper. Visa bans and asset freezes of 6 Russian and Chinese officials will also be introduced.” The reported agreement reached by the EU ambassadors means sanctions may well be introduced in the coming weeks.

German strategy

Kramp-Karrenbauer also stated that although there are very different perceptions of both Russia itself and the threats it poses to the EU, she has already discussed this issue with colleagues from the Nordic and Baltic countries and will raise it during her visit to the Visegrad Four (Czech Republic, Hungary, Poland, and Slovakia), as well as other EU members.

"We will discuss the question of how we perceive Russia not only in the light of the new military potential it is developing, particularly in the field of unconventional weapons which is already a new challenge for Europe and NATO, but also Russia's behavior. Moscow's behavior will be discussed not only in Libya or Syria but also in Ukraine, where fighting is still going on and where the situation persists that the borders in Europe have been changed by military force for the first time since World War II,” Minister Kramp-Karrenbauer said.

The minister hopes the threat analysis will be completed by the end of Germany's council rotation -- December 2020. This should result in the development of a new EU strategy addressing Russian aggression and coordinating all measures the EU takes in this regard. Along with comprehensive analysis and the development of a new strategy, Germany seeks new EU sanctions against Russian citizens responsible for the 2015 cyberattack against the Bundestag, claiming that sufficient evidence has now been collected. In particular, on 13 May German Chancellor Angela Merkel said there was "hard evidence” that Russian intelligence was behind the hacker attack in which documents and emails, including thousands of emails from the offices of Merkel's Bundestag, were leaked. German Attorney General Peter Frank issued an arrest warrant against Russian hacker Dimitry Badin.

“There is reliable evidence that he was an employee of the GRU [Russian Main Intelligence Directorate] military secret service at the time of the attack,” stated the German Foreign Ministry.

Subsequently, on 28 May the German Ministry of Foreign Affairs “invited for a talk” Russian Ambassador Sergiy Nechayev, where he was informed that the German federal government would ask the EU to apply a sanctions regime (order of misconduct) against those responsible for the attack on the Bundestag, in particular against Dmytro Badin. German Ministry of Foreign Affairs announced intentions to "press for action in Brussels for implementation of the EU cyber sanctions regime against those responsible for the hacking attack on the Bundestag, including Dimitry Badin." The European Council adopted this new cyber sanctions mechanism last year on 17 May 2019. The current German proposal is the first attempt to apply this sanctions mechanism against a foreign power. According to the mechanism, if threatened with cyberattacks of "significant impact" the EU could respond with sanctions against responsible individuals and institutions, including an entry ban into the EU and the freezing of assets. Finally, on 12 July the German government officially proposed to the EU to impose sanctions on Russians responsible for the 2015 hacker attack. The proposal needs to be agreed upon by all EU member states. Paul Ivan, senior policy analyst of the European Policy Centre thinks there is a good chance that Germany will attain EU approval for sanctions:

“There are a number of EU member states that traditionally had better relations with Russia than other EU countries, but that does not mean that they support illegal behavior, the sort of behavior that Germany refers to. So I would not expect them to be against the listing in that sanctions regime of some individuals who would be clearly linked to the attacks on the Bundestag.”

In further explaining the EU toolbox to prevent hacker attacks, Ivan clarified that the only measures the EU can take are sanctions as well as international coordination to enhance cybersecurity, not counterattacks:

“In the EU toolbox, there is nothing in terms of offensive operations, and the EU institutions do not have a mandate to use such capabilities. Capabilities in that sense exist at the level of EU member states, and most of the work that has been done in terms of cybersecurity, cyber defense, and capabilities are at the level of EU member states, not at the level of the EU institutions.”

Evidence of Russian coordination behind cyberattacks

• Read also: The Kremlin’s cyber contractors. Their motives and risks

Investigations of virtual crimes are not easy -- first of all, because of the problem of attribution. It is not easy to prove who did what and when, since not all virtual operations leave reliable traces. Moreover, false trails can put investigators on the wrong track. The consequences of the 2015 cyber-attack were so bad that the Bundestag IT office had to completely reconfigure and reboot the IT system of the German Parliament. From the very beginning, there were traces leading to Russian hackers and the GRU. Yet, other cases of cyber investigations were no less helpful.

Significantly, the FBI has also been building a case against Badin since 2016. He was among Russian hackers involved in stealing documents from the computers of the US Democratic Party. Badin and other Russian hackers are wanted by the FBI. Cybersecurity specialists at FireEye are monitoring the threat posed by Russian state-backed hackers -- see Russian traces behind attacks on the World Anti-Doping Agency (WADA), the Organization for Security and Co-operation in Europe (OSCE), and the North Atlantic Treaty Organization (NATO). Notwithstanding, most helpful were Dutch investigations. In the spring of 2018, a Dutch counterintelligence team thwarted an attack on the Organization of the Prohibition of Chemical Weapons (OPCW). The Dutch probe uncovered the wide range of technical apparatus that made it possible for the German attorney general to provide clear evidence against Badin and GRU. Cyberattacks constitute an important proportion of Russian hybrid warfare, as Marta Barandiy, international lawyer and Brussels-based analyst has proven. According to her findings, Russia has developed a wide range of hacker capacities to attack other countries. Notably, the Kremlin organized a wide recruiting campaign to mobilize its virtual army of hackers. One of their tactics was to post ads on social media sites with government-backed recruiters offering jobs to college students and professional coders, as revealed in The New York Times in 2016. One of their most efficient means has been to find those hackers who “have problems with the law” and blackmail them. However, the growing number of cyber threats can be mobilizing, especially for EU and NATO cooperation in cybersecurity. Ivan says that a number of steps have been taken towards EU-NATO cooperation on cyber. Key among them is the European Commission that has been proposed to create the Cybersecurity Competence Community:

“It is part of a larger proposal that also aims to create a Network of National Coordination Centres and a European Cybersecurity Industrial, Technology and Research Competence Centre," explains Ivan. "We are talking about mechanisms and processes to stimulate European technological, industrial research in cyber issues, to coordinate and to pull together resources at the EU level. The EU has been investing in cybersecurity for a number of years. We have had the cybersecurity strategy for seven years already. In 2016, we had a major piece of legislation -- the Directive on Security of Network and Information Systems (NIS Directive) that created among others a network of the national CSIRTs (computer emergency response teams). So this competence community and the competence centre are new steps in which the EU tries to improve EU cybersecurity capabilities.”

Read also:

• Beware of Russia’s bilateral cyber world order
• Why are Russian hackers targeting COVID-19 vaccine laboratories?
• Beware of Russian Cyber Warfare in 2016
• What Surkov’s hacked emails tell about Russia’s hybrid war against Ukraine
• How states can get real about Russian cyber attacks: Estonia, the UK, and Poland explain
• Russia-linked cyber attacks targeted 104 accounts of European think tanks (2019)
• Ukrainian banks, enterprises, media and energy companies under powerful cyber attack, including Chornobyl NPP – LiveUpdates