It's a broad question, but I'll give you a small slice of it, which I think pertains specifically to the cyber-environment itself.
One of the interesting paradoxes is that some of the more successful employments of code-based attacks—if you want to call them that—against critical infrastructure over the last three years have effectively been the repackaging of NSA attack code that was stolen during the Shadow Brokers incident. For example, there was the takedown of the systems at Maersk's major maritime operations. It was repackaged code that was effectively employed.
I think one of the things we've seen from a perspective of looking at how Russia and other countries employ information operations is this. Let's focus on how Russia has done so. One of the things we've seen is that their ability to develop techniques, tradecraft, and process around employment of a cyber-operation has been quite significant. In other words, there's been an intentionality in what they've tried to do.
From a technical point of view, their sophistication really hasn't been anything different—larger or smaller—than what we've had. I think there's a reason why the Russians have done this. I think it's partially due to the fact that they feel there's a certain existential threat that has occurred as a result of NATO's growing resolve around Russia's claims along its borders. I think it's a hardening of Russian positions in general. Does it necessarily reflect a capability that is more sophisticated than what we have from a technological point of view? My answer would be no.