
Listen to the EVN Security Report
Armenia’s security vulnerabilities are not simply specific to the asymmetrical disparity with its neighbors, whether in hard power capacity or in operationalization of hybrid threats. In more simple terms, Armenia’s predatory neighbors, whether Azerbaijan, Russia, or Turkey, basically have “more” of everything. At the same time, the threat from each predatory neighbor is distinct, and mitigating each domain of threat necessitates a specific enhancement of defensive and resilience capabilities. Against Azerbaijan, for example, mitigation is defined by enhancing and multiplying hard power capabilities, which explains the exponential increase in Armenia’s weapons procurement as well as the sense of urgency in reforming the fighting proficiency of its Armed Forces. Against Turkey, mitigation is defined primarily through diplomatic endeavors, since the Turkish threat is designed by Ankara to be indirect: militarily supporting and diplomatically protecting Azerbaijan. The most complex, and by magnitude, the most severe threat comes from Russia, against which Armenia has limited mitigation capabilities at the moment, which, by extension, immensely increases its security vulnerabilities.
Currently, this complex threat is primarily defined by cyber operations and information warfare, and while Azerbaijan also tries to tap into this, it clearly lacks the efficacy and acuteness of what the Russians are capable of. In this context, within the domain of risk severity and risk mitigation, Russia’s capabilities pose the greatest threat against Armenia’s vulnerabilities in relation to its other predatory neighbors. Thus, Armenia faces a trilemma, and while it has found ways, even if nascent and underdeveloped, in mitigating the specific threat domains of Azerbaijan and Turkey, it is yet to develop a risk-mitigation model against the Russian threat. To address this conundrum, and to remediate the trilemma, this report introduces the concept of subversion as a risk-mitigation instrument. More so, the strategic utility of subversion will be qualified as an important asymmetrical capability that Armenia can exploit when mitigating threats from predatory neighbors.
Cyber Conflict and Russia’s “Unpeace”
For the first two weeks of September, U.S. Marine cyber experts undertook training with the Armenian Ministry of Defense’s Cyber Defense Unit within the context of the Defense Cyber Operations Exchange program. The objectives of such collaborative efforts do not require much deduction, but they nonetheless pose two important questions: what is the strategic utility and independent utility of Russia’s cyber warfare against Armenia, and what is the combat effectiveness of Moscow’s cyber operations? In more simple terms, can we measure how Moscow’s cyber operations have helped it achieve its political objectives against Armenia? Considering the fact that the use of virtual weapons is designed to expand “the range of possible harm and outcomes between the concepts of war and peace,” Moscow is seeking to establish a strategic state of “unpeace.” In this context, how can Armenia minimize the operational effectiveness of Russia’s objectives, with operational effectiveness being defined as the capacity of an actor to produce the desired effects against a target?
Fortunately, a large body of research demonstrates that cyber operations, in general, tend to fall short of achieving the set objectives, or the strategic utility, sought by the initiators of cyber warfare. The extent to which such endeavors fall short, or put in another way, the extent to which the defending state is able to mitigate the cyber operations unleashed against it, is the important qualifier in understanding how Armenia can “tranquilize” the severity of the Russian cyber threat. Moreover, developing a mitigation model against Russia’s cyber operations enhances the overall security architecture of Armenia, for the same mitigation model can more easily be applied against Azerbaijan’s cyber operations, which are much weaker and ineffectual when compared to Russia.
Within the context of empirically understanding Russia’s success or failure rate at utilizing cyber operations, and applying the ascertained data to develop Armenia’s risk-mitigation model, three important findings stand out. First, between 2013 to 2022, Russia undertook five major disruptive cyber operations against Ukraine, seeking to engage in election interference, sabotage, and economic dislocation. Collectively, all of these major cyber operations failed to achieve their objectives, which very likely served as an underlying reason for Russia to transition from cyber and non-kinetic warfare to conventional warfare in its invasion of Ukraine. Second, as a “paradigmatic example of cyber-enabled low-intensity conflict involving one of the world’s leading cyber powers, Russia, against a much weaker adversary,” one would surmise that the strategic utility for Moscow would have been robust. Yet such was not the case. And third, the failures of Russia’s subversive operations offers a window in understanding how to develop one’s own subversive capabilities that can effectively mitigate cyber threats.
An Intelligence Theory of Subversion
At its most fundamental level, subversion is an instrument of power used in nonmilitary covert operations, with its defining characteristic relying on the secret exploitation of vulnerabilities in the system (social, political, institutional, military, etc.) targeted. Relying on the body of work in intelligence studies, subversion is to be understood as a set of acts and practices designed to control, manipulate, and exploit the targeted system to produce detrimental outcomes against the adversary. In this context, subversion’s reliance on exploitation distinguishes it from warfare and diplomacy, the two traditional instruments of power in security competition. Intelligence research shows that subversion holds “great strategic promise” due to two key properties of exploitation: secrecy and indirect reliance on adversary systems. Findings identify two strategic benefits of secrecy: lowering of escalation risks and plausible deniability for intervening in the affairs of adversaries. Thus, subversion leverages an adversary’s own capabilities against its own systems to produce effects. Collectively, subversion offers a less expensive and risk-averse alternative to direct confrontation, while also offering asymmetrical benefits for an actor with limited resources.
In the case of Armenia, an intelligence model of subversion will seek to exploit the adversary’s system not to cause detrimental outcomes, but rather, to mitigate and curtail the adversary’s ability of inflicting detrimental outcomes. The objective is to leverage the adversary’s own capabilities, in this case, Russia’s cyber operations system, against itself to increase the probability of failure. In this context, an Armenian strategy of subversion can be more accurately qualified as a strategic state of counter-subversion. This approach fully aligns with Armenia’s policy of deterrence-by-denial and its resilience strategy of de-hybridization. Moreover, the development of any mitigation model that reduces the efficacy of Russian cyber operations will, by definition, also reduce and even diminish the cyber threats from Azerbaijan. In this context, counter-subversion strategies within the domain of cyber-defense exponentially increase Armenia’s resilience capabilities, and while the threat from Russia is much more severe than the threat from Azerbaijan in this domain, the quantitative threat from Azerbaijan remains higher. The ability to absorb and mitigate qualitative shocks via Russia or quantitative shocks via Azerbaijan rely on a foundational premise: if a model of mitigation demonstrates level of success with the former, it will produce a much higher level of success against the latter.
Based on the available empirical evidence of Russian cyber operations, scope and breadth of tactical capacity, and range of functional implementation, an operationalizable case study will be provided of how an Armenian strategy of subversion can mitigate the Russian, and when collaborating, the Russo-Azerbaijani cyber threat. Within the domain of cyber operations, three fundamental variables determine and shape operational effectiveness: operational speed, scope and scale, and secrecy. Operational speed is defined as the time required from starting an operation to producing desired effects, while scope and scale pertain to the intensity and severity of effects. Secrecy pertains not only to maintaining anonymity during operations, but also the extent of control that is established over the targeted system and the detrimental effects produced due to such control. In layman terms, this is the formula that Russia operationalizes when undertaking large-scale cyber attacks. Further, this is “the” system that defines Russia’s cyber operations: its cyber threat against Armenia functions within this system. In this context, when referring to the targeting of an adversary’s system, Armenia’s counter-subversion activities will specifically target this system. For the sake of contextual consistency, the term system is not used to refer to the entirety of Russia, i.e., its social, political, economic, or other such systems. This would be nonsensical and incoherent, considering Armenia’s marginal capabilities. Thus, the term system is qualified in a categorical way: the system of operations that Russia functions in when carrying out cyber attacks.
When studying and observing the operational effectiveness of this Russian system, and how Armenia can mitigate its threats, four important assessments allow for Armenia to successfully develop risk-mitigation modeling. First, Armenia can constrain, though it cannot fully disrupt, the first variable of operational effectiveness: operational speed. For Russia, speed is always a problem, as seen in many of their major operations, because identifying vulnerabilities and developing means of exploitation require reconnaissance and tactical flexibility against the target. Both processes take time, and by creating complex and sophisticated obstacles, Armenia may not stop Russian operations, but it may be able to cogently slow it down.
Second, with respect to the second variable of operational effectiveness, scope and scale, assessments of Russian cyber operations demonstrate that the need to establish access to target (Ukraine, Armenia, Moldova, etc.) systems without detection limits the intensity (scope and scale) of effects. In this context, Armenia’s risk-mitigation model must primarily concentrate on developing mechanisms that create difficulties for Russia in being able to establish access to the targeted systems in Armenia. While Armenia cannot fully stop the ability of Russian penetration and cyber engagement, by virtue of enhancing its detection capabilities, it can robustly diminish the intensity (scope and scale) of the Russian threat.
Third, the need for secrecy, as the last variable of operational effectiveness, tends to limit Russia’s ability of establishing control over the targeted system(s), since the degree and level of control increases the likelihood of discovery. Namely, there is an inverse relationship between robust levels of exploiting and controlling a system, and the likelihood of these activities being discovered by the targeted country.
Fourth, and this is perhaps the most crucial, mitigation modeling shows that the three effectiveness variables of Russian cyber operations are not only interconnected, but are also negatively correlated: a gain in one variable tends to produce losses across the other two variables. Thus, the higher the operational speed, for example, the less intensity and control Russian operations tend to achieve. In the domain of risk-mitigation, what we learn is that improving one variable tends to produce corresponding losses across the remaining variables within Russian cyber operations. Increase of operational speed, for example, increases risk of discovery, which decreases the ability to establish control. At the same time, lowering the risk of discovery diminishes intensity (scope and scale), while also disrupting operational speed. Why is all of this important? Armenia’s counter-subversion capabilities can achieve success in disruption of Russian cyber operations without coming anywhere close to matching Russia’s capabilities: the Russian threat may be mitigated by exploiting the vulnerabilities within Russia’s own system.
Thus, in the form of a conclusion, the most important tactical component to consider is the need to disrupt Russia’s system through counter-subversion, and this is done by deconstructing the adversary’s systems approach, and finding the precise vulnerabilities to exploit. Speed, intensity, and control-via-secrecy make up the essential components of Russia’s operational effectiveness, yet each of these variables tend to lead to mission failure if only one of them is sufficiently obstructed. To this end, while Armenia can never go toe-to-toe with Russia within the domain of cyber attacks, it actually does not need to. By understanding Russia’s system of operational effectiveness, exploiting the specific vulnerabilities that disrupt the efficacy of this entire system, Armenia can deny Russia (or Azerbaijan, or any predatory neighbor) strategically significant outcomes. In more simple terms, Armenia’s strategy of subversion needs to only achieve one objective: denying Russia strategic utility.
Security Context
-Prime Minister Nikol Pashinyan reiterated Armenia’s continuous freezing of membership within the CSTO, with an important qualifier that the probability of Armenia unfreezing membership remains highly improbable.
-Armenia also confirmed that it will participate in the BRICS summit to be held in Russia in late October, with the lingering issue of Baku and Ankara having submitted applications to join the economic bloc, while Armenia will seek to lobby through India to disrupt this initiative.
-Tensions between Iran and Russia flared over Russia’s support of Azerbaijan’s demands of a “Zangezur” corridor, with Iran drawing a direct red line against such an outcome, diplomatically lambasting Russia for cajoling Baku into undertaking the initiative through the use of force.
-Top officials within Armenia’s security apparatus, including Defense Minister Suren Papikyan and Secretary of the Security Council Armen Grigoryan, undertook a whirlwind of separate and joint visits to numerous countries, including Georgia, South Korea, Japan, and China.
-Armenia’s diversification of its security strategy, in this context, expanded from its growing set of Western partners to the establishment of deeper relations with Western-aligned partners in the East, specifically Japan and South Korea.
-Baku and Moscow continued to synchronize their attacks against the European Observation Mission in Armenia, with Azerbaijan’s foreign policy chief Hikmet Hajiyev noting that the small progress in bilateral talks qualifies as the basis for the removal of the EU contingent from Armenia. While Armenia qualified Hajiyev’s suggestion nonsensical, Baku found a partner in Russia to echo the same sentiments, with Russia’s ambassador to Armenia accusing the EU mission of “engaged in gathering intelligence against Azerbaijan, Iran, and Russia.”
-While the Baku-Moscow tandem continue to align their interests in the region, Armenia proceeded to strengthen its partnership with the U.S., as USAID increased support to Armenia from $120 million to $250 million, designed to support “disaster risk management, cybersecurity, food and energy security, regional cooperation and trade, democratic processes, and inclusive economic development.” This was supplemented by the continued deepening of U.S. “defense diplomacy” in Armenia, with the visit of America’s Marine cyber experts to train and develop the Armenian Ministry of Defense’s Cyber Defense Unit.
-Within the domain of security cooperation, Armenia’s closest defense partner, France, sent its Foreign Minister for an official visit, with Minister Stéphane Séjourné meeting the entirety of the government leadership, and committing to further support the strengthening of Armenia’s security architecture.
Examining the Context
Examining the Context: Toward a Strategy of Subversion, Mitigating the Russian Cyber Threat
Armenia faces distinct security threats from Azerbaijan, Turkey and Russia, with Russia posing the most complex and severe challenge through cyber operations. In this episode of “Examining the Context” podcast, Nerses Kopalyan explains the concept of subversion as a tenable risk-mitigation strategy against these threats.
Read moreExamining the Context: What Will Kamala Harris’ Foreign Policy Look Like? An Assessment of its Implications on Armenia and the Region
In this episode of “Examining the Context” podcast, Dr. Nerses Kopalyan explains what U.S. foreign policy will hold for Armenia and the region if Kamala Harris wins in the upcoming presidential elections in the United States.
Read moreExamining the Context: America’s Defense Diplomacy, Understanding Washington’s Investment in Armenia’s Security Architecture
In this episode of “Examining the Context” podcast, Dr. Nerses Kopalyan explains the concept of defense diplomacy to understand the strategic framework guiding America’s increasing engagement with Armenia’s security landscape.
Read more