To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

To encourage openness of discussion, these sessions take place with Chatham House rules, where participants are free to use the information in the meeting but are asked not to directly quote or identify other participants (we also keep privacy in mind when preparing summaries of these sessions, like the one that follows).

The January call was held on Friday, January 21st, and began with a discussion of the recently released OODA Almanac 2022 – Exponential Disruption.

https://oodaloop.com/archive/2022/01/18/ooda-almanac-2022-exponential-disruption

The recent OODA Salon is also available online:  OODA Salon Wednesday 19 January 2022: Commercial Technology and National Security

https://oodaloop.com/archive/2022/01/19/ooda-salon-19-january-2022-commercial-technology-and-national-security/

Topics for discussion on the January monthly call were:

• What are the OODA Loop Research priorities for this topic?
• Putin’s Mindset
• What is the right metaphor for this research?
• Digital Cartography of Future European Borders (Network Effects and Regional Insurgencies)
• Is there going to be a cyberattack against America?
• A Study in Leadership
• Long Term Options and Vulnerabilities
• If You Break It, You Own It
• Cyber Degradation and Technology Opportunities
• What Place Sweden and Finland?
• Taiwanese Resolve?
• It is very rare that people do the right thing in a vacuum
• The distraction element
• “If you start taking over the planet, we are going to fight”
• Putin does not seem to be doing anything about sanctions
• We Used to do Subtle Things
• When the Lights Go Down in the City
• Follow the Money
• Time Shifted Intent
• The Best Offense is a Good Defense
• Influence Campaigns and Situational Awareness
• Revil Gang Arrest

January Monthly Call – Discussion

What are the OODA Loop Research Priorities for this topic?   Due to the intensity of the headlines coming out of Europe, the monthly meeting started with the potential conflict in Ukraine.   The following questions were offered as a framing for the discussion in lieu of a broad geopolitical strategy discussion.

Framing questions for the call included:

1. What should OODA and our researchers be doing to add value to the conversation on this topic?
2. What does Europe look like a year from now?
3. What four or five different scenarios of the future are relevant to decision-makers as they think about the future of Europe?
4. What’s the future of Asia because of actions in Ukraine?
5. What are you worried about with regards to this potential conflict? Concerns the membership have voiced over chat recently include:
   • Impacts on remote work and technology development based out of Ukraine.
   • The viability of the IP and the ICT capabilities coming out of the region.
6. Day to day IT and cybersecurity functions. What are some of the issues?
7. What are some of the areas of concern that are on your radar screen?

Putin’s Mindset: What is our frame of reference for Vladamir Putin?  Our usual frame of reference is the United States, democracy political powers, and laws.  That is not Putin’s life.  He had to fight with gangs and corrupt generals.  He basically killed his way to the top. So, someone like that is very different from a CIA analyst studying Russia.  His sense of war is very highly calibrated.  He will only attack if he thinks he can win.  How do we research the conflict in Ukraine with his mindset as a focus?

What is the right metaphor for this research?  Many network members have a counterterrorism side of things.  Suffice it to say that interacting with and researching terrorists is ‘different’.  What are the metaphors that apply to Putin?

Digital Cartography of Future European Borders (Network Effects and Regional Insurgencies):  A member offered the following:  “I would like to see some research around what the borders could look like down the line. We know that Putin has been funding insurgents in every country that has ‘stan at the end.  Where there are insurgents, they want to break away and join Russia. So, what potentially could our borders look like? And would happen in the cyber threat landscape, based on this new mapping,  if these regional ‘nodes’ of insurgents are loyal to Russia?”

Is there going to be a cyberattack against America?  There are competing narratives on this issue.  1) The U.S. is remarkably unprepared for a data wipe malware attack.  2)  The U.S. is the #1 cyber power in the world.  The U.S. has sophisticated tools for an appropriate response to any scale of cyber-attack.  The research question then becomes how we inform both these perspectives, which can be true at the same time.

A Study in Leadership:  The long-term strategic planning with Putin, in a country run by oligarchs, makes it very unpredictable.  China we see as the continued great power conflict because they have a strategy. They have their planning, they are playing the long game from a legacy perspective, as opposed to more immediate actions which are unpredictable.

Long Term Options and Vulnerabilities:  What instruments, what measures do we have to deter future operations like this current activity by Putin?  What other options do we have besides just talking about sanctions short term?   What are the vulnerabilities? We may focus on hypersonic.

If You Break It, You Own It:  Going back in recent history, a member made the following analogy:  “Can we defeat the Iraqi army? Yeah. The good news  – will be in three weeks. We will have Baghdad. The bad news in three weeks:  we have Baghdad.  So too with Kyiv if we are short-term in our thinking and/or forced into a kinetic conflict sooner than later.  We will have Kyiv.”

Cyber Degradation and Technology Opportunities:  What should we be looking at in a country like Russia to prepare the battlefield from a cyber perspective? So, what kind of signals and what kind of degradation should we see ahead of the actual physical advance of their forces?  How can we make this as unattractive from a cyber perspective as possible?  How can we degrade them? I’d be curious to see if there is a playbook that people are aware of?  When Russia goes in to do a military operation, what does their cyber playbook look like? What are the signals that we can see beforehand? And as a country and as technologists can we do to counter?  From a technology standpoint, can we make it hard for them to operate?

What Place Sweden and Finland:  Will there be new NATO members?  It is important to look at research areas from the perspective of countries like Sweden and Finland.

Taiwanese Resolve?  It started with Hong Kong and is now the potential future of Ukraine under Russian rule.  Will these events further strengthen the strategic resolve of Taiwan vis a vis China?  And what of the future of NATO and the West generally? Does Putin even care? Has this current aggression exposed cracks in NATO, not strengthened their resolve, i.e., the flights with arms shipments from the UK that are avoiding German airspace?  Would the actual reality of capture of Ukraine further stress and make those cracks in NATO worse?

It is very rare that people do the right thing in a vacuum:  What does the West stand for at this moment?

The distraction element:  Does the Ukrainian ‘front’ activate the Chinese/Taiwanese front?  In what scenario is North Korea then actively clashing with South Korean interests as a function of this larger conflict?

“If you start taking over the planet, we are going to fight”:  A member went further with this notion:  “How can we just be blunt about it. You know, it’s not, it’s not going to happen.  The group was not sure how this would translate into a policy statement, but aggression is not something that should not go unheeded.  Specifically, how do we research or formulate the conventional wisdom that, generally, the American public does have a value system and a taste for the defense of global freedom?

Putin does not seem to be doing anything about sanctions:  Why is that?

We used to do subtle things.  A member brought up a brilliant historical context and question:  “We used to be capable of signals designed to rattle our adversaries, and to signal our capabilities as a deterrence.  They were highly choreographed things: Naval warfare submarines would come up to launch level, the lids would come off the silos.  Stuff like that, that we knew the Soviets would see.  The question here is, forget physically doing something like that, but conceptually:  what can we do in the cyber area or other areas that are similar subtle signals with the goal of deterrence?  They don’t have to be in the Eastern European theater. The further question is what can we do in the “elsewheres” that would remind Putin, whether it’s the cyber domain or different physical geography altogether, that sends a signal and not an announcement?

Case studies discussed and mentioned in the chat included:  Voice of America style attempts to get the word into the Eastern bloc countries  – not much unlike the role of the availability of modems and the early internet in the late 80’s Soviet context;  or an internet broadcast from space – free internet for all Russian people. These are not things you can stand up in an instant.  They take an investment of time and energy.  They must be strategically thought out.

When the Lights Go Down in the City: On the pure cyber piece, what is the risk calculation of the impact when they hack back or demonstrate their capabilities?  Making the lights blink in Moscow is vastly different from making the lights blink in Manhattan. The escalatory nature of it may work out terribly for us. That is not to say that our capabilities are worse than the Russians on offensive cyber, but that our resilience and the impact that it has on economically and on innovation would be much more pronounced in the U.S for similar attacks. We would have a complete absolute panic attack.  Strategically, they might welcome it to prove that they are more resilient people than we are – that they can just drink more vodka and stand in bread lines while the U.S. collapses.

Follow the Money:  Are there options that are on the economic side of the equation, i.e., making their oligarch bank accounts blink zero?  A lot is driven based on the financial benefits to Putin and the rest of the oligarch structure. So, if there’s something that we can do that hits them where it hurts on the monetary side, maybe that is a warning signal.

Time Shifted Intent:  We’ve been talking for years about time-shifted intent:  “If an adversary can have time-shifted intent, it means we can also have time-shifted conflict.  We are fighting future wars right now.” A lot of what they may be sitting on already – they planted that capability for when they need it. We just don’t know at this point, how much of that is in place, just waiting for the intent to align with the preexisting capability.

The Best Offense is a Good Defense:  In the last few weeks there’s been some drone activity in Sweden and then a very suspect TikTok video. These two events are the first test of the Psychological Defense Authority in Sweden, a test of the cognitive infrastructure and cognitive infrastructure failures of Sweden and the region, respectively. The Swedish Psychological Defense Authority is structured to educate the population for preparedness and readiness when things start manifesting in the information space.  How do we track this defensive stance and glean lessons from it?

Influence Campaigns and Situational Awareness:  is there an opportunity for tools that map to this cognitive infrastructure challenge?

Revil Gang Arrest:  The Russian arrest of the REvil crew seemed like an oddity based on the timing and based on the fact that the arrest took place at all.  Is there some way that we’re supposed to interpret that? Is it an olive branch? Is it meant to offer some sort of alternative extradition bargain around the Julian Assuage extradition? Were they tasked around some Ukraine activity, and they were non-responsive, and this was to demonstrate that level of authority over the other cybercriminals, signaling that when we want to use your capability in support of a national objective, you better drop everything else?

Resources for the C-Suite and Crisis Management Team:

Twitter List For Tactical Information: This Twitter list of vetted resources that have reported accurately on tactical moves in the Ukrainian theater can be used to quickly capture the gist of a dynamic military situation.

C-Suite Guide: Improving Cybersecurity Posture Before Russia Invades Ukraine: The capabilities of Russia to conduct cyber espionage and cyber attack have been battle tested and are hard to thwart even during daily “peacetime” operations. They include well resourced capabilities of the military and intelligence services and also deep technical expertise in the Russian business ecosystem and in organized crime which operates as part of Russian national power. Proof points of Russian capabilities include the massive and sophisticated Solar Winds attacks which leveraged low and slow, well thought out plans to achieve access to multiple well-protected targets. Ransomware successes by Russian based criminal networks are also instructive as to the capability of Russian cyber threat actors. The use of malicious self replicating code (worms/virus/trojan) to spread malicious code into infrastructure is also well proven with decades of practice including fielding software that replicates from unclassified to classified systems in the military and spreads throughout critical infrastructure. This post goes beyond an articulation of the threat into recommendations leaders seeking to mitigate cyber threats from Russia including threats before, during and after a Ukraine invasion.

What The C-Suite Needs To Know About The Threat To Space Based Systems (and what to do about it): OODA recently updated the analysis below on threats to space based assets (with a focus on what the C-Suite needs to know) because of tensions with Russia and continued testing of satellite destruction capabilities the most recent of which (Nov 2021) caused significant increases in dangerous space debris.  We recommend this be read in conjunction with our report on what the C-Suite needs to know about the cybersecurity threats due to the coming Russian invasion of Ukraine, see links in the document for more.

Will China Replicate Russia’s Cyber Offensives in a Taiwan Reunification?: The current situation in the Ukraine has garnered the world’s attention with stakeholders watching attentively as the crisis unfolds. Such regional hotspots have the potential of spilling over into neighboring countries and pulling in governments from all over the world in some capacity. The threat of armed conflict escalating into a major global engagement is always a possibility. China and Taiwan are eagerly watching the crisis as well, but largely for different reasons. While Taiwan is interested to see how friendly governments come to Ukraine’s aid, China is observing how Russia may go about reclaiming territory of the former Soviet Union, in the attempts of gaining insight into how such an act can be accomplished successfully, should Moscow do just that.

A Warning for the U.S. Chip Industry: Russian Retaliation Could Hit Supply of Key Materials: Russia may retaliate against the U.S. threat of trade sanctions and export curbs by blocking access to key materials like neon and palladium. Ukraine supplies over 90% of U.S. semiconductor-grade neon. This type of supply chain-based retaliation has become a priority concern for the White House, which is encouraging a broad diversification of the supply chain in the event Russia limits access to these key materials.

Russia’s Long Game, Leadership Lessons, and Learning from Failure: In February of 2021, Matt Devost spoke to Rob Richer, a highly regarded advisor to international executives and global government leaders including several heads of state. Rob has a well-informed perspective on international risks and opportunities and an ability to analyze and distill observations in a way that is meaningful for your decision-making process. In light of the conditions in Europe, this portion of their initial OODAcast conversation is timely and includes a discussion of Richer’s time as the head of CIA Russian Operations, his perspective on U.S./Russian relations (especially the role of cyber), leadership, the role of failure, and decision-making.

Charity Wright on China’s Digital Colonialism: Charity Wright is a Cyber Threat Intelligence Analyst with over 15 years of experience at the US Army and the National Security Agency, where she translated Mandarin Chinese. Charity now specializes in dark web cyber threat intelligence, counter-disinformation, and strategic intelligence at Recorded Future. Her analysis has provided deep insights into a variety of incidents, activities and strategic moves by well resourced adversaries, primarily actors operating in China.

The January 2022 OODA Network Member Meeting: Putin, Russia, Gray Zone Conflict Capabilities and The Future of Europe: To help members optimize opportunities and reduce risk, OODA hosts a monthly video call to discuss items of common interest to our membership. These highly collaborative sessions are always a great way for our members to meet and interact with each other while talking about topics like global risks, emerging technologies, cybersecurity, and current or future events impacting their organizations. We also use these sessions to help better focus our research and better understand member needs.

CISA Insights Bulletin Urges U.S. Preparation for Data Wiping Attacks :In what felt like coordinated attacks last Friday, data-wiping malware (masquerading as ransomware) hit Ukrainian government organizations and was quickly followed by an aggressive unattributed cyber attack on Ukrainian government sites. The attacks prompted the release of a CISA Insights Bulletin urging U.S. organizations to strengthen their cybersecurity defenses.

Additional Context on OODA Reporting on Russia’s Military-Technical Maneuvers in Europe: We are conscious of our need to keep our usual variety of News Brief and OODA Analysis, but for obvious reasons, this week is top-heavy with Russian, NATO, and Ukrainian coverage. We intend on keeping our focus on providing context you need vice the blow by blow of major moves. Like in other domains we endeavor to provide the “So What?” and “What’s Next?” you need to help drive your decisions.

OODA Research Report- The Russian Threat: This special report captures insights into the capabilities and intent of the Russian Threat, with a special focus on the cyber domain. Our objective: provide insights that are actionable for business and government leaders seeking to mitigate risks through informed decisions.