Enable breadcrumbs token at /includes/pageheader.html.twig

Dragons of the North: Vikings and Cyber Deterrence

History can teach policymakers how to deal with Russia.

Lessons learned from the monarchs of history offer four modalities for coping with Russian cyber aggression. Credit: Shutterstock

Starting from the first recorded raid on the monastery of Lindisfarne in 793, Viking raids presented European rulers with an unprecedented challenge. Fast, sleek longships could stealthily deploy alongside the coasts of early medieval England and France, striking at wealthy, isolated targets and departing before local authorities could mount a response.

A similar scene plays out today online. Groups of cyber criminals attack daily, causing incalculable financial damage. Many groups, with names like DarkSide, are based in the former Soviet Union. There is a tacit understanding that as long as cyber criminals do not attack those countries, they will be allowed to operate.

This creates considerable difficulties in establishing cyber deterrence. Although the Biden administration presented Russian President Vladimir Putin with a list of 16 critical economic sectors that the United States considers off-limits, cyber attacks have continued.

A close study of history offers insight. Long ago, European monarchs were offered a similar choice against the Vikings: fight, and potentially lose, or do nothing and stand by while their lands were ravaged. Through a thorough examination of the modalities facing European kings confronting the Vikings, insight can be gained into how U.S. policymakers can best respond to present-day cyber raiders.

Modality One: Do Nothing

From a historical point of view, ignoring attacks only worked when they were episodic and unlikely to reoccur. One of the most far-reaching Viking raids was an attack on Muslim Spain in the 840s. Although devastating—Seville was left almost completely burned—the distance of Spain from the raiders’ supply lines in France ensured that the few attacks that followed met with little success and were not repeated. Unfortunately, given the size of the U.S. economy and relatively weak cybersecurity, doing nothing will only make the United States a more tempting target for Russian-sponsored cyber attacks.

Modality Two: Capitulation

When faced with unceasing attacks, governments can attempt to buy off attackers. This temptation to pay the ransom demanded—and quickly restore pre-attack status—has been likened to a 21^st-century version of the “Danegeld” immortalized in Rudyard Kipling’s poem, where he observed that, “[I]f once you have paid him the Dane-geld, you never get rid of the Dane.”

However, the historical record of the Viking Age Danegeld was rather mixed. It was first levied in 991 during the reign of Aethelred the Unready (r. 978–1016), to buy off a devastating raid led by the Viking chieftain Olaf Tryggvason. Conversely, rather than ensuring peace, Viking raiders developed a taste for treasure. Olaf, accompanied by Sweyn Forkbeard, the ruler of Denmark, returned in 994 with, “an army of over 2,000 fighting men” and proceeded to plunder England.

If the Danegeld did not work well for the Anglo-Saxons, would a “cyber Danegeld” work for modern actors faced with the pernicious threat of cyber raiders? Unfortunately, paying ransom is a less effective strategy than it was during the Viking Age. According to CyberEdge Group, only 19 percent of hacking victims who pay ransom actually re-obtain access to their files.

While both groups engaged in their respective practices—raiding and hacking—for financial benefit, raiders had a personal stake in following through with ransoms. If Vikings broke an agreement, the English would have no choice but to fight. In comparison, cyber criminals pursue a strategy of quantity over quality. While Vikings could only launch a few raids per season, launching cyber attacks can be done globally. Thus, while Viking raiders would frequently pursue a strategy of selecting a few high-value, low-resistance targets and were unlikely to attack if paid off, modern cyber criminals have no such incentive.

Modality Three: Setting a Thief To Catch a Thief

The third modality is co-option, or “setting a thief to catch a thief.” Rather than ignoring attacks or paying them off, rulers can attempt to cleave off one group of attackers and use them to defend against others. This was most famously done in the Viking Age by the French king, Charles in 911, who gave Normandy to a group of Viking raiders—the Normans—with the understanding that they would act as a buffer against future attacks.

While this tactic was effective in the Viking Age, would it still be useful against modern-day cyber criminals? There are elements of this strategy in place already—the cybersecurity industry frequently uses “white hat” hackers to legally hack into many of the same private and government systems that illegal “black hat” hackers attempt to infiltrate. However, the intelligence community must step up efforts to recruit elements of the Russian cyber gangs that are responsible for launching many of these attacks and retain them as white hat hackers. Doing so will help the U.S. government learn about their tactics, recruitment and methodologies—all of which can be used to thwart future cyber attacks.

Modality Four: Resistance

The final modality considered is the one that offers the greatest promise for U.S. policymakers: resistance. During the Viking Age, this was most famously carried out by Alfred the Great in his struggle against the Vikings of the 870s. Previous attacks had been seasonal, but this was a full-scale invasion. It was only through a herculean, whole-of-society effort that Alfred was able to assemble a force to defeat the Great Heathen Army, an effort that almost exhausted the kingdom of Wessex.

The question U.S. policymakers must answer then, is what level of threat do Russian cyber attacks pose to national security? Are they of an existential nature, similar to what Alfred himself faced? Or are they devastating but temporary raids more concerned with short-term profit than long-term strategic goals? If cyber attacks are merely a series of devastating but opportunistic attacks, hardening cyber defenses may be enough to provide deterrence. However, if their main purpose is not short-term profit, but rather to advance Russia’s strategic interests, a more Alfred-esque strategy may be required.

Suggestions for Further Action

These modalities must be debated within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). Given the incentives discussed earlier, ignoring cyber attacks and paying ransoms will be ineffective strategies. Instead, a combination of setting a thief-to-catch-a-thief and resistance will be met with success. By coordinating with the intelligence community to improve upon human intelligence efforts to recruit assets in Russian criminal cyber networks, CISA can serve as a clearinghouse for information on how Russian cyber gangs operate.

Establishing a single source point for this information will facilitate the cleaning of classified data, ensuring that what information can be distributed to the public without damaging national security—perhaps the methods groups like DarkSide use in phishing attacks—can be employed by private sector actors to harden their own cyber defenses. Efforts should also be made to recruit elements of these groups and retain them as white hat hackers to test critical networks before they are attacked by malicious actors.

Finally, a whole-of-society effort must be made to harden, educate and shore-up cybersecurity at the private, local, state and federal levels. Although not faced with hordes of heathen invaders, U.S. national security has been compromised by increasingly devastating cyber attacks originating from Russia’s orbit. By hardening defenses on a nationwide scale—such as by establishing national training workshops on security protocols like enabling two-factor authentication—CISA can make the United States a harder target for cyber attacks. Combined with robust, swift action by Congress—such as legislation mandating the reporting of all ransomware attacks to CISA—the government can negate the asymmetries that Russian cyber hackers currently enjoy.

Will Nelson is an International Security M.A. student at George Mason University. He works as the administrative coordinator for the Anti-Illicit Trade Institute at the Terrorism, Transnational Crime, and Corruption Center and is a research assistant with the State Department's Regional China Office, focusing on Chinese digital Silk Road activities in Southeast Asia. His research focuses on intelligence and strategic analysis with an emphasis on the rise of China in the Indo-Pacific and the political structure of authoritarian states. He has lived and worked in China, Japan, Thailand, Spain and Azerbaijan and speaks fluent Chinese, Japanese, Spanish and intermediate French.