Words and Actions: Understanding Russia’s Information Security Strategy

Abstract

Do Russia’s resource allocations and observable behavior in the sphere of information security correspond with its stated strategy in that domain? The answer to this question is important because Russia increasingly relies on information warfare tactics for trying to gain a geopolitical advantage vis-à-vis America and its allies, as demonstrated by its meddling in the U.S. presidential elections and numerous cyberattacks on critical U.S. infrastructure. Not only scholars but also policy practitioners can benefit from a clear answer to this question. I will aspire to give that answer in this thesis. I will begin my efforts to answer the aforementioned question by providing background and context for my research. Chapter I will also then offer a review of the literature on information security before describing the theoretical framework, methodology, and research design I will rely upon in my study. In Chapter II, I will analyze Russia’s main doctrinal documents released between 2011 and 2021 to infer a broad outline of Russia’s stated information security strategy. I will then advance a number of propositions regarding Russia’s expected behavior and resource allocation decisions in that domain. I will test these propositions in Chapter III by conducting an empirical analysis of Russia’s observable behavior in the 2011-2021 research period based on a collection of open-source data. I will contrast and compare Russia’s words and actions in Chapter IV, before determining whether Russia’s resource allocations and observable behavior in the sphere of information security were indeed consistent with its stated information security strategy in the research period. Finally, I will offer concluding remarks and outline potential directions for future research in Chapter V.