I am getting exhausted by the continued insistence that the Russians successfully executed strategically meaningful “cyberwar” in Ukraine since the February 2022 invasion and the accompanying accusation that anyone who disagrees is incorrectly applying Western standards of success regarding effects that do not align with the thinking of the Russian Intelligence Services (RIS; a.k.a, GRU, SVR, FSB).
The recent Irregular Warfare podcast appearance by Jason Kikta and Gavin Wilde pretty much laid out the case for sanity. Russia thought the invasion would be over in a matter of days and also did not properly brief their own forces in advance. So the initial computer network operations (CNO) observed in January and then February 2022 ended up being about first demoralizing the Ukrainian population prior to the invasion and then only one confirmed instance of successful computer network attack (CNA) to disrupt communications in concert with the initial military push (i.e., Viasat). The commander of the U.S. Cyber National Mission Force even said of this period that “There doesn’t appear to me that there was a coordinated plan, which surprised us.”When the war effort writ large failed spectacularly, the RIS CNO teams shifted gears and went on to focus on two things: (1) modest-at-best wiper operations in order to look busy in the eyes of leadership through the contribution of doctrinally aligned “psychological effects” that in reality amounted to very little in terms of facilitating the war effort, (2) and the traditional intelligence collection that is cyber operations’ actual strong suit.
In only one post-Viasat case could a disclosed operation—CrashOverride 2.0. — be considered a meaningful attempt at substitution of CNA for kinetic effects, and that failed. And as far as the unclassified world knows, something similar has not been re-attempted while there have continued to be a deluge of still more janky wiper operations (Ukrinform most notably comes to mind).
To my eye, the war that Russia’s cyber operators chose to fight was one of “look busy, the boss is coming and I don’t want to die in a trench in Ukraine” and “keep spying because it’s what we’re best at anyway”. Then they justified all of that behind information confrontation doctrine, which is not difficult to do, and kept chugging along. If you ask me, if Russia chose to fight a war where they relegated cyber to “85% intel collection, 10% jank-ass wipers deployed via GPO, and 5% real CNA that was only 1% well-executed”, that seems like a pretty shitty way to choose to conduct a “cyberwar”.
We shouldn’t pretend that just because Russian military theory differs from Western military theory that the Russians have somehow fulfilled some grand “cyberwar” plan when hard data and a nuanced understanding of how organizations function points to the contrary in numerous ways. I am saying all of this with the explicit intention of separating a theory of standards of success based on Russian military doctrine from what I perceive as the more likely operational reality of what has been happening and continues to happen at the functional level inside RIS cyber elements. I am explicitly not applying Western standards of success with regard to effects. I am explicitly acknowledging the foundation that doctrine plays in strategic culture but then realizing that doctrine is not the water’s edge of same. There are in fact many drivers that alter the reality of organizational realization of strategic culture between the writing of doctrine and the execution of frontline activity.
Using a foreign country’s military doctrine to reframe fuck-ups as successes — here, that the Russians’ real operations have had the intended effects — boils down to doing a GRU colonel’s work for him; placating Gerasimov about whether or not the O6's department has contributed to winning the war, among other things.
At the end of the day, unless CNA operations are being used to enable, facilitate, replace, or otherwise directly support kinetic effects inside a conflict zone then I do not see the presence of cyberwar — only that of cyber during wartime.
For more on this line of thinking, check out these resources (presented in chronological order):
- Microsoft, “An overview of Russia’s cyberattack activity in Ukraine”, 27 April 2022
- Suzanne Smalley, “Cybersecurity experts question Microsoft’s Ukraine report,” CyberScoop, 1 July 2022
- Gavin Wilde and Jon Bateman, “Were Russian cyber operations militarily effective in Ukraine? If not, why?”, CYBERWARCON, 10 November 2022
- The Economist, “Lessons from Russia’s cyber-war in Ukraine”, 30 November 2022
- Gavin Wilde, “Cyber Operations in Ukraine: Russia’s Unmet Expectations”, Carnegie Endowment for International Peace, 12 December 2022
- Jon Bateman, “Russia’s Wartime Cyber Operations in Ukraine: Military Impacts, Influences, and Implications”, Carnegie Endowment for International Peace, 16 December 2022
- Joe Slowik, “What Have We Learned?”, Stranded On Pylos, 16 February 2023
- State Service of Special Communications and Information Protection of Ukraine, “Russia’s Cyber Tactics: Lessons Learned in 2022”, 8 March 2023