Dr. Khatuna Mshvidobadze is a Professorial Lecturer of Cybersecurity at the George Washington University and Adjunct Professor of Cyber Security at Champlain College. She is also a Senior Fellow at the Rondeli Foundation in Tbilisi, Georgia. Earlier, she developed and taught cyber security courses for M.S. and M.P.S. programs at Utica College.

She has been Deputy Director of the Information Center on NATO in Georgia and Adviser to the Office of the Minister of Defense of Georgia. Her articles have appeared in Georgian and in English, including in Defense News, Jane's Defense Weekly, US News & World Report, Jane's Foreign Report, Radio Free Europe/Radio Liberty and more. 

She has presented topics on cyber threats at different venues inside and outside of the country: The Office of the Secretary of Defense, US Department of Defense, FBI Headquarters and field offices, Department of Justice, Defense Intelligence Agency, U.S. Healthcare Sector Coordinating Council, Mitre Corporation, Raytheon BBN Technologies, NATO and EU events. She has also been a speaker at TEDx, DefCon and RSA conferences and more.

In this podcast, Dr. Khatuna Mshvidobadze traces the history of Russian information warfare doctrine, and its subset of cyber warfare, operating under an umbrella of “an integrated system of systems”.

Through examples such as the Russia-Georgia conflict of 2008 and Ukraine critical infrastructure disruptions of 2015/2016 – she elaborates how the doctrine evolved, from its foundation days in the 1970s, rooted in the military writings of Nikolai Ogarkov, then Chief of the Soviet General Staff, to today.

Laying out how the cyber troops units are structured under Russia’s military and intelligence organizations, the GRU (Military Intelligence Directorate), Foreign Intelligence Service (SVR), and Federal Security Service (FSB), she points out how they carried out the cyber intrusions, using such tactics as phishing and remote desktop protocols exploitations.

Besides state sponsored cyber-attacks, she also notes the wave of ransomware attacks launched by Russian criminal groups such as REvil and Ryuk during the Covid-19 pandemic.

Dr. Mshvidobadze highlighted how outsourcing is a key element in carrying out the attacks, where criminal groups work with Russian threat actor groups, and sometimes across national borders. One example is the information warfare campaigns prevalent during the current Russia-Ukraine conflict carried out by “GhostWriter”, which has alleged ties to Belarus, a Russian ally.

Referencing the recent supply chain attacks such as the SolarWinds and Kaseya incidents by Russian groups, she advises cyber defenders to step up defensive measures on critical infrastructure, re-assess supply chains, and build threat intelligence into cybersecurity frameworks.

Recorded with Jane Lo, Singapore Correspondent, Wednesday 27th April 2022 1pm (Italy)/ 7pm (Singapore)