National Security National Security

THE RUNDOWN

As the conflict in Ukraine unfolds, there have been several articles written about the anticipated Russian cyber onslaught that never came; or at least, none that met the expectations of cyber professionals. Based upon Russia’s use of state and non-state cyber assets in Estonia (2007), Georgia (2008), and Crimea (2014), many believed Russia would escalate the destructive nature of cyber-attacks in this war, and perhaps introduce new types of cyber weapons that would neutralize strategic targets and debilitate key critical infrastructures. These fears and concerns even prompted the Department of Homeland Security to release an alert calling for organizations to prepare for potential Russian cyber activities in the month prior to its invasion of Ukraine.

Yet, cyber engagements have not materialized in the fantastic way some imagined. Russia executed relentless cyber-attacks leading up to and during its invasion of Ukraine, notably destructive wiper malware, ransomware, distributed denial-of-service, and an attack on a key satellite. Moreover, the cyber focus of Russia’s war effort seems to have shifted from government and military targets to civilian critical infrastructure, a likely attempt to apply pressure on Ukraine’s government. Yet despite the bombardment from both state and proxy assets, the cyber front has failed to yield any significant advantage for Russia, making modest contributions to the overall effort. 

To be fair, Ukraine’s ability to detect, remediate, and recover from these cyber-attacks may have more to do with the help Ukraine is receiving from the international community than with the ineffectiveness of the strikes themselves. Russia’s cyber forces are not just taking on Ukraine in a straight-up cyber fight, but a combination of government, NATO, and private sector organizations bolstering Ukraine’s cyber defenses. Perhaps most helpful has been the United States’ deployment of its largest ever “defend forward” force to minimize the Russian cyber threat.

The ongoing cyber-attacks are not the only unprecedented development that has occurred during the conflict; the amount of international assistance in place to match the volume and intensity that Ukraine is facing has been revolutionary. This has certainly helped reduce the extent of any damage and has been a testament to what true global cooperation could achieve when pressed into action.

The conflict marks the second time (the first being when Russia attempted to invade Georgia in 2008) in which cyber-attacks have been coordinated with conventional military maneuvers. As many cyber experts theorized, prior to invading Russia attacked key communications and financial targets in order to impede the ability to communicate, as well as to create a sense of chaos in Ukraine. However, as the attacks persisted against other public and private sector organizations, they have only achieved marginal success. The coordinated nature of the effort has not yielded any substantial strategic or tactical gains, almost serving as more of an exercise than a maneuver with any intended, lasting outcome. Further, there is little evidence to show how cyber has complemented the kinetic, or even how they build on one another to create battlefield advantage. In late December 2022, Russia elected to use missiles against key energy targets and not cyber-attacks, perhaps an acknowledgement that such weapons were more reliable to cause the damage Russia was seeking.

For a long time, the United States, China, and Russia have believed that the future of war lies in technology. And for improved and advanced weapons, this has borne out. The increased focus of incorporating drones, artificial intelligence, and other emerging technologies into military forces has only underscored this belief. Therefore, it is unsurprising that the same considerations have been levied against cyber weaponry, which some had considered to be a strategic and decisive weapon on par with its nuclear counterpart. What has not materialized is the correct integration of cyber weapons to achieve the necessary effects to tilt favor to one side over another. Even Russia’s frequent use of destructive wiper malware, once a feared weapon, has provided no significant tactical or psychological advantage.

Many believe that cyber weapons are best positioned to be used for maximum effectiveness leading up to a traditional military confrontation, and this seems to hold true. However, as evidenced from the satellite attack, there needs to be consideration on what is to be achieved by the strike. By attacking the satellite, Russia temporarily cut off Internet access to much of Ukraine and the surrounding region. However, there was no corresponding military maneuver that took advantage of that period to attain an advantage. Future military conflicts implementing cyber-attacks will need to take into consideration how militaries can build on cyber-attacks for continued success and not be content with just one-and-done, tactical successes. This holds especially true if the global community will continue to come to a country’s aid, lending their expertise to combat cyber-attacks. Russia’s reliance on wiper malware also shows that Moscow has given no consideration to adjusting how they are used and for what effect. Not only does Ukraine expect wiper attacks, but it also knows how to address them.

THE TAKEAWAY

So, the question remains: why did Russia fail to create the “wow” factor? One possibility is that experts overestimated Russia’s capabilities, and that Moscow simply lacked the resources and ability to create unique weapons and deploy them accordingly. Another is that Russia never intended to have cyber-attacks be more than for which they have been executed. Simply, they were used for espionage and to distract Ukraine’s resources from other areas of concern. A third reason is that Russia still does not know how to incorporate cyber-attacks into larger military action. Or the real reason may just be that cyberwar is a work in progress, the utility of which will rest largely on the target nation and the attacker’s ability to gain an advantage that can’t be done by other, perhaps even more reliable, means. A state needs to consider how offensive cyber operations are realistically integrated into a battle strategy that advances its goals.

Unless there is a dramatic turnaround with respect to cyber operations in and against Ukraine and its allies, the future of cyberwar will not be more than what we have seen thus far. Again, to be fair, there really has been nothing to compare what Russia has done with any other historical example. Russia has used cyber-attacks in smaller, limited engagements, but nothing on the scale of what’s happening now, and nothing that would give Moscow the opportunity to have applied a suitable lessons-learned approach before executing its current iteration of cyberwar. For the foreseeable future, governments can best use cyberwar surgically and sparingly. Otherwise, if used in large offensives, cyber-attacks may elicit international attention that would then neutralize any advantage cyberspace might have provided in the first place.