Seven weeks after the beginning of the latest Russian invasion of Ukraine, and mindful of the horrendous toll of human suffering it has produced, it is possible to reflect on the significance of what has happened so far and how it affects our understanding of some of the different aspects of modern conflict.
Any attempt to do this must proceed with the caveat that there is much that we do not yet know and likely will continue to not know for some time to come. This caveat reflects the uncertainty involved in making judgements about on-going conflicts, particularly so regarding the most secretive aspects of conflict, such as the use of cyber operations.
Much commentary has rightly focused on what appear to have been deeply flawed assumptions underpinning the initial Russian war plan, shortcomings in the wider performance of Russian armed forces, and the increasing number of reports about possible war crimes committed against Ukrainian citizens.
Similarly, many have noted the strength and effectiveness of Ukrainian resistance against the Russian invasion.
Ukraine’s armed forces were able to prevent the Russian war plan from succeeding according to its presumed logic and time frame, forcing the recalibration of effort that we now appear to be seeing. This owes much to Ukraine’s ability to access foreign support, most notably in the continuing supply of weapons, platforms and likely also the sharing of useful intelligence.
Whilst the specifics are even more elusive than in other domains, the dynamics of this conflict in cyberspace have also been affected by Ukraine’s ability to access support from beyond its borders, both from states and the private sector.
We know, for example, that in the years following the Russian invasion of 2014, Ukraine has been beset by waves of malicious cyber activity against its infrastructure.
Few if any nations have suffered worse than Ukraine from sustained digital efforts to disrupt the everyday life of the nation. Serious efforts at cyber disruption in Ukraine in this period have been attributed (by the US, UK and a series of other governments) to operations conducted by Russian military intelligence.
The response to Russian cyber victimisation of Ukraine did not end with coordinated public attributions of malicious activity: the cyber campaign against Ukraine led to years of effort to harden Ukraine’s cyberspace defences and improve its resilience to cyber attacks.
Much of this effort to improve national cyberspace defence involved assistance from other actors. This included private sector cyber security companies and direct bilateral assistance from other states, all of which intensified in the months leading up to and since the commencement of the latest phase of conflict.
This isn’t simply a case of states ‘doing the right thing’ in providing defensive assistance to a victimised state. It is also a question of prudent self-interest in countering the disruptive and destructive global impact of malicious cyber operations.
As the double-hatted head of both US Cyber Command and the National Security Agency, Gen. Paul Nakasone, noted recently in testimony to Congress, US cyber personnel were able to ‘hunt’ for malicious Russian activities by deploying to support Ukraine’s cyber defences.
This ‘hunt forward’ aspect of the wider process of ‘persistent engagement’ or ‘defending forward’ – in the jargon of US cyber strategy – helps partners such as Ukraine improve their defences, but it also improves the knowledge of US cyber operators, who are then better able to understand and to counter cyber threats posed by US adversaries.
It is much too early to say with any confidence precisely how effective this external support has been in helping Ukraine to defend against the range of cyberspace operations that Russia has employed as more or less integrated components of its wider invasion.
There are, however, strong reasons for believing that sustained and systematic efforts to improve national cyber defences over a period of years, and intensified over the last few months, are more strategically significant to Ukraine’s cyber defence than the widely reported phenomenon of volunteer hacktivists loosely coalescing since the invasion.
There has already been much commentary on the cyber aspects of the conflict (see an excellent overview here). There is some disagreement (such as here and here) amongst commentators about how to interpret the cyber aspects of the conflict.
Some have emphasised the variety of Russian cyber operations that have been conducted against Ukrainian targets, including disinformation operations, efforts to wipe data from Ukrainian government networks, and reportedly also efforts to disrupt and degrade the operations of satellite communications and energy infrastructure.
Whilst that might sound like a lot, other commentators have correctly emphasised the limits of this activity in helping to further Russia’s strategic objectives, the apparent successes of Ukraine’s cyber defences, and the disconnect between years of doom-laden rhetoric forecasting the coming of ‘Cyber Pearl Harbour’ and the more modest operational realities.
As I have argued elsewhere, it is better to interpret cyberspace operations as more incremental tools, instrumental components of efforts to pursue a wider strategy.
States have undoubtedly been conducting cyber operations against each other for longer than you might think, albeit primarily to produce intelligence insights (espionage) rather than to deliver disruptive, degrading or destructive blows (offensive cyber operations).
Investment in offensive cyber capabilities has increased significantly in recent years. The United Kingdom, for example, aims to increase the size of its National Cyber Force from a few hundred to 3,000 personnel by the end of this decade. (And even if it meets this very ambitious target, the UK would still have a cyber mission force less than half the current size of its US counterpart.)
For all this additional investment and the notable increase in public messaging from governments about their development of offensive cyber capabilities as part of enhancing national cyber power, concerns about escalation should prevent an outbreak of significant, reciprocal cyber attacks between Russia and NATO states during the current conflict.
This judgement still leaves plenty of room for the likelihood of other cyberspace activities, from espionage to counter-cyber ‘skirmishing’. But clear-eyed and well-informed decision makers would recognise that neither Russia nor NATO stands to gain from a spiral of cyber escalation.
Of course, it cannot be ignored that the Russian invasion of Ukraine itself appears to provide evidence that major national security decisions can be made more recklessly and supported by badly flawed assumptions. So the risks are real – and they need to be carefully managed.
By Dr Joe Devanny, Lecturer in National Security Studies in the Department of War Studies in King’s College London and the deputy director of the Centre for Defence Studies.