Russia’s opening cyber salvo was clearly tied to their war planning. They seem to have used wipers to go after gov, mil and comms systems to degrade Ukraine’s defense capacity. And the attack on KA-SAT was related to Ukrainian military capacity as well.
These sorts of attacks are very much in line with the traditional model of cyberwar. They were targeted, tactical strikes with immediate effect and exploitation. Ukraine’s cyber response has been …full spectrum. The most obvious is the call for a global civilian hacker army.
Ukraine’s most interesting cyber response has been their dominance of the information space. People keep denigrating it as “that’s just because the West is sympathetic” but that is a very shallow dismissive analysis. Ukraine is very savvy with their info ops.
Ukraine creates complex narratives that resonate with their target audiences. Internally their messaging is very very different from what they share with western audiences. They’ve managed to thread the needle: the underdog who could lose if our support falters.
Russia has failed in the information domain. They were unprepared for a war that didn’t have a swift conclusion. Now their available info op resources are greatly reduced and under stress to manage domestic and external messaging.
Russia has regrouped on the information warfare front and launched attacks using their usual “firehose of bullshit” strategy. There are at least three false narratives that Russia is promoting. These are:
- False claims that Ukraine wanted to create a nuke/dirty bomb. (Impossible to achieve because Ukraine’s reactors are the wrong kind.)
- False claims that the US was assisting Ukraine in developing a nuclear weapon. (This is baffling.)
- False claims of a Ukrainian bio weapons lab. (Bio weapons are a common theme in Russian disinformation.)
Outside of the information domain, cyber has been sparse on the ground. Ukraine called for a hacker army. Who knows what they’re doing? Anonymous has been claiming the moon and delivering tuppence. That could change though, since cyber is nothing if not surprising.
Where’s the cyber?
Russia has their ransomware auxiliaries waiting on stand by. If/when Russia calls on their auxiliary cyber forces to go “make Europe howl” things will get interesting.
Russia has a lot of options to cause extreme pain in the West using vectors that don’t rise to the level of direct attack. Of course, what constitutes a direct attack is a political decision, not a technical issue. When will Russia cry havoc and let slip the dogs of cyberwar?
At least there is now a national intelligence agency that is keen to take the fight to the enemy. Australia will be doing their “that’s not an exploit… this is an exploit” routine on the ransomware scene, and it will be hilarious.
However, to come back to my main point. None of this activity, beyond the opening salvo, looks like traditional cyberwar. This is criminals, disinformation, TikTok and Twitter, but no critical national infrastructure attacks. No electrical grids committing cyber Pearl Harbor at all!
The traditional model of cyberwar has failed as a predictive, descriptive, and analytic framework. In it, cyberwar exists only to emulate kinetic war capabilities. The sheer cost of developing such capabilities makes them unattractive. Cyber does not conform to the traditional model, indeed it is inherently nonconformist.
The only rule in cyber is that you don’t play the same way twice.