Episode 77. The Cyber War in Ukraine
We are now entering the sixth month of Russia's major offensive into Ukraine. Whilst reporters are fixed on the number of tank and infantry battles occurring across the country, many are missing the heated struggles taking place in within Ukraine's cyberspace.
In this theatre, where many expected Russia to simply trample over Ukraine, the defenders have not only held their ground but are now taking the fight to Russia. So did we overestimate the Russian cyber capabilities, or is there more to this story? We ask our panel of experts.
Part 1: A Test Run For Terror (4:01)
Roman Osadchuk offers insight into the seeming lack of success Russia's cyber warfare campaign has had against Ukraine to date, noting that this has not been from a lack of effort on Russia's path. Ukraine's preparation, including migrating critical infrastructure towards cloud technology, has helped prevent widespread damage and degradation of Ukraine from cyber attacks.
Osadchuk notes that Russia's elite military cyber unit, the GRU, has not been as effective as predicted, hypothesising on the reasons why they have not been the overwhelming force some expected it to be.
Osadchuk also talks about the reduced utility of certain advanced technologies, such as the phone hacking software Pegasus, on the frontlines compared to more simple methods such as phone and radio interceptions.
While the defences have held up well to date, Osadchuk warns there is still great risk for Ukraine's cyber defences including the potential for critical infrastructures to be destroyed or degraded through ongoing infiltration attempts, including previously tactics such as disrupting power and gas supply during the coming winter months.
Part 2: Modems and Machine Guns (27:06)
Brigadier General Yurii Shchyhol explains that Ukraine experienced Russian cyber attacks in the weeks and months leading into the invasion, with the apparently intent of creating panic and lowering morale of the Ukrainian people.
Brig. Gen. Shchyhol asserts that this is the first open cyberwar, with cyber weapons being just as important and potentially deadly as tanks and artillery, targeting critical infrastructure and civilians.
Our conversation compares differences between the Russian cyber attacks on Ukraine in 2014 and now, with the biggest difference identified by Brig. General Shchyhol as the readiness of Ukrainian systems and personnel to defend and repel Russian cyber weapons and operators from impacting systems and servers.
The support of the international community to help prepare for and increase Ukraine's domestic cyber capabilities is also highlighted, with Ukraine making the point that international cooperation, information sharing and collaboration has been crucial in the success of Ukraine's cyber defence to date.
Brig. General Shchyhol discusses Ukraine's offensive operations in Russian occupied territories, including Russian communications infrastructure, and the evolution of Russia's attacks on Ukraine. He notes that while Ukraine has suffered approximately 1500 cyber attacks by Russia since the start of the conflict, Ukraine has observed the declining potency of Russia's offensive operations with less preparation time for Russian operatives and the diversion of Russian operatives dealing with cyber attacks on Russian systems.
Our interview ends with a discussion with Ukraine's end goals and objectives in this cyber conflict, with Brig. General Shchyhol noting the exodus of cyber companies from Russia over the course of the year will leave Russian cyberspace vulnerable and outdated in the future.
Part 3: Where the Rubber Meets the Road (41:51)
Gavin Wilde posits that Russia's cyber warfare strategy in the war in Ukraine indicates potentially holding back more destructive cyber attacks at the start of the conflict with the expectation of a quick decapitation and occupation offensive. He also notes that the rapidness of the campaign's conception and planning may have exposed a lack of required lead time to prepare more effective cyber weapons and attacks.
Wilde notes that Russian approach to cyber tradecraft is more holistic, with technical skills and tactics combined with psychological and cognitive focused operations. He goes on to state that Russia may have calculated poorly with a focus on the latter at the expense of the former, perhaps another indication of a lack of cyber capability being exposed in Russia.
We discuss Russia's changing tactics to propaganda and disinformation over the life of the campaign, including a seeming narrowing of targets to specific stakeholders and a move toward influencing already sympathetic audiences. This corresponds with several Internet tech companies de-platforming Russian channels and removing themselves from the Russian market.
We also examine the perception of cyber warfare being less efficacious than traditional kinetic military force and the dangers of concluding prematurely based on the conflict to date, as well as the difficulty of using this conflict to draw conclusions about the role of cyber in future conflicts.
Part 4: A Painful Connection (1:04:45)
James Lewis picks up where Wilde leaves off, noting that Russia's planning and military organisation for cyber operations has been poor and directly resulted in the lack of success of their broad attack using advanced cyber weapons.
This combined with Ukraine's previous experience with Russian cyber attacks, helping them to detect attacks and react quickly as well as prepare and design systems to be more protected to Russian aggression, has led to Ukraine's successful defence to date.
The international community supporting Ukraine with their own cyber intelligence and alerts has also been significant, as well as the migration of Ukrainian infrastructure to international cloud technology providers.
Lewis notes that this war has displayed a blend of electronic and cyber war that does not fall neatly into academic definitions of each of those terms. The broad intelligence collection efforts from Ukrainian civilians and the international community has significantly hindered Russian efforts on the ground.
We discuss the distinction between cyber warfare and espionage, noting China's evolution being previously 'noisy' collectors of information to highly subtle operations. The territorial borders brought into play through international data storage on cloud technology remains a tricky question for would-be attackers, something Lewis notes Russia is highly aware of with NATO and Article 5.
Research Associate for Eurasia at the Atlantic Council’s Digital Forensic Research Lab (DFRLab)
Roman researches disinformation narratives and technology uses for their spread in the Eurasian region. He is interested in the role of information policy and media cycle in the disinformation spread.
Before joining DFRLab, he held several positions in Ukraine Crisis Media Center (UCMC), where he was involved in communications of decentralisation reform and administrative support to the internal operations.
Brigadier General Yurii Shchyhol
Head of the State Service of Special Communications and Information Protection (SSSCIP) for Ukraine
Ukrainian military official in charge of Ukraine's information and cyber defences.
Senior Fellow in the Technology and International Affairs Program at the Carnegie Endowment for International Peace
He focuses on Russia and information warfare to examine the strategic challenges posed by cyber and influence operations, propaganda, and emerging technologies
Prior to joining Carnegie, Wilde served on the National Security Council as director for Russia, Baltic, and Caucasus affairs
Senior Vice President and Director, Strategic Technologies Program at the Center for Strategic and International Studies
Before joining CSIS, he was a diplomat and a member of the Senior Executive Service with extensive negotiating, politico-military, and regulatory experience.
He leads a long-running track 2 dialogue with the China Institutes of Contemporary International Relations.
The Red Line's Cyber Warfare Reading List:
We’ve compiled a list of further reading to better understand the geopolitics of cyber warfare.
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers
Likewar: The Weaponisation of Social Media
Information Warfare in the Age of Cyber Conflict
Edited by Christopher Whyte
For episode transcripts, monthly geopolitics Q&A’s, member-only videos and to support the show, check out our Patreon here: https://www.patreon.com/theredlinepodcast
This episode is dedicated to Patreon member Chad Hanson.