Cyber(war) Persuasion Fatigue

4 min readMay 6


Artwork courtesy of Russell Johnson.

I am getting exhausted by the continued insistence that the Russians successfully executed strategically meaningful “cyberwar” in Ukraine since the February 2022 invasion and the accompanying accusation that anyone who disagrees is incorrectly applying Western standards of success regarding effects that do not align with the thinking of the Russian Intelligence Services (RIS; a.k.a, GRU, SVR, FSB).

The recent Irregular Warfare podcast appearance by Jason Kikta and Gavin Wilde pretty much laid out the case for sanity. Russia thought the invasion would be over in a matter of days and also did not properly brief their own forces in advance. So the initial computer network operations (CNO) observed in January and then February 2022 ended up being about first demoralizing the Ukrainian population prior to the invasion and then only one confirmed instance of successful computer network attack (CNA) to disrupt communications in concert with the initial military push (i.e., Viasat). The commander of the U.S. Cyber National Mission Force even said of this period that “There doesn’t appear to me that there was a coordinated plan, which surprised us.”When the war effort writ large failed spectacularly, the RIS CNO teams shifted gears and went on to focus on two things: (1) modest-at-best wiper operations in order to look busy in the eyes of leadership through the contribution of doctrinally aligned “psychological effects” that in reality amounted to very little in terms of facilitating the war effort, (2) and the traditional intelligence collection that is cyber operations’ actual strong suit.

In only one post-Viasat case could a disclosed operation—CrashOverride 2.0. — be considered a meaningful attempt at substitution of CNA for kinetic effects, and that failed. And as far as the unclassified world knows, something similar has not been re-attempted while there have continued to be a deluge of still more janky wiper operations (Ukrinform most notably comes to mind).

To my eye, the war that Russia’s cyber operators chose to fight was one of “look busy, the boss is coming and I don’t want to die in a trench in Ukraine” and “keep spying because it’s what we’re best at anyway”. Then they justified all of that behind information confrontation doctrine, which is not difficult to do, and kept chugging along. If you ask me, if Russia chose to fight a war where they relegated cyber to “85% intel collection, 10% jank-ass wipers deployed via GPO, and 5% real CNA that was only 1% well-executed”, that seems like a pretty shitty way to choose to conduct a “cyberwar”.

We shouldn’t pretend that just because Russian military theory differs from Western military theory that the Russians have somehow fulfilled some grand “cyberwar” plan when hard data and a nuanced understanding of how organizations function points to the contrary in numerous ways. I am saying all of this with the explicit intention of separating a theory of standards of success based on Russian military doctrine from what I perceive as the more likely operational reality of what has been happening and continues to happen at the functional level inside RIS cyber elements. I am explicitly not applying Western standards of success with regard to effects. I am explicitly acknowledging the foundation that doctrine plays in strategic culture but then realizing that doctrine is not the water’s edge of same. There are in fact many drivers that alter the reality of organizational realization of strategic culture between the writing of doctrine and the execution of frontline activity.

Using a foreign country’s military doctrine to reframe fuck-ups as successes — here, that the Russians’ real operations have had the intended effects — boils down to doing a GRU colonel’s work for him; placating Gerasimov about whether or not the O6's department has contributed to winning the war, among other things.

At the end of the day, unless CNA operations are being used to enable, facilitate, replace, or otherwise directly support kinetic effects inside a conflict zone then I do not see the presence of cyberwar — only that of cyber during wartime.

For more on this line of thinking, check out these resources (presented in chronological order):




The net’s own counterintelligence referent, maybe. Views here are personal, not my employer’s. All original content © Alex Orleans, 2014–2023.