Ukraine at D+650: Hybrid wars' spillover in cyberspace.
the cyberwire logoDec 6, 2023

Drone technology improvises and adapts, but so do air defenses. Experts warn of hybrid wars' spillover into remote sections of cyberspace.

Ukraine at D+650: Hybrid wars' spillover in cyberspace.

Russian strikes hit more civilian targets. Al Jazeera reports, "Russia targeted an aid centre, a medical centre and residential buildings in Ukraine’s southern and eastern regions, killing three people and injuring at least 11, officials said. The International Rescue Committee confirmed an overnight missile attack hit its humanitarian centre, 'I am Kherson', destroying stockpiles of aid."

Drones and air defenses.

The air war in Ukraine remains, for both sides, a war of drones and air defense systems. "Ukrainian forces reportedly conducted successful drone strikes against Russian military targets in occupied Crimea on the night of December 4 to 5. Ukrainian media reported on December 5, citing sources in the Ukraine’s Main Military Intelligence Directorate (GUR) and Ukrainian Security Service (SBU), that GUR and SBU elements struck a Russian military oil terminal in Feodosia, a Nebo-M radar system near Baherove (13km west of Kerch), and a helicopter landing pad, P-18 Terek radar system, and a Baikal-1M anti-aircraft missile control system in unspecified areas of Crimea," the Institute for the Study of War summarizes.

The story on the Russian side is a defensive one. "Russian sources, including the Russian Ministry of Defense (MoD), claimed that Russian air defenses, electronic warfare (EW) systems, and small-arms fire downed up to 35 Ukrainian drones near Baherove, Feodosia, Cape Chauda, and over the Sea of Azov but did not say that any Ukrainian drones struck their intended targets. Another group of Russian sources, including Kherson Oblast occupation head Vladimir Saldo, claimed that Russian air defenses downed up to 41 Ukrainian drones over northern Crimea and the Sea of Azov and claimed that Ukrainian forces attempted to strike Russian air defense systems and fuel storage facilities."

Drone technology has evolved through improvisation during the war, seeking to redress both supply and performance shortfalls. The UK's Ministry of Defence describes the Russian experience. "Since mid-2023, Russia has almost certainly augmented Iranian-supplied Shahed one-way attack uncrewed aerial vehicles (OWA UAVs) with similar weapons made in facilities in Russia. Russia is now almost certainly attempting to incorporate improvements to the OWA UAV designs based on operational experience. In late November 2023, a downed UAV was reported as being fitted with a Ukrainian SIM card and 4G modem. This is likely a Russian improvised modification to improve real-time guidance using cell towers to reduce reliance on satellite navigation. There is a realistic possibility that it is also attempting to mitigate Ukrainian electronic warfare measures. Some other Russian-made OWA UAVs have likely been given a black finish, making it harder to visually identify the incoming drones at night." Despite the adaptations, the drones are for the most part being shot down, with their damage worked by the minority that leak through air defenses. "Russia is increasingly employing OWA UAVs in large raids in an attempt to overwhelm Ukrainian air defences. However, Ukraine continues to successfully neutralise the majority of incoming weapons."

Cyber phases of hybrid wars spread beyond the theaters of operation.

Russia's war in Ukraine, like the war between Hamas and Israel initiated by Hamas's October 7th terror attacks, have both been hybrid wars, with significant action in cyberspace. CSO has an essay describing this "spillover" and how security teams should prepare for it. The essay argues that public and private sector organizations are both likely to become targets of cyberattacks mounted as contributions to such wars, and that security teams should recognize this risk, understand that the risk is unlikely to be catastrophic, and apply sound risk management practices to deal with it. "[C]ybersecurity teams must persistently simulate and collaborate with information sharing geared toward an adaptive defense posture that consistently tailors and re-tailors internal practices toward shifting geopolitical conditions."

One of the lessons of the war in Gaza is the large role states not directly involved in a conflict can play in cyber operations. Iran's recent exploitation of vulnerable PLCs in US utilities and other facilities affords an example of this. And one of the lessons of Russia's hybrid war is not only the active participation of security and intelligence services in cyberattacks (as seen most recently in Fancy Bear's email credential harvesting operations) but also the use of hacktivist auxiliaries and criminal groups acting effectively as privateers. A lesson from both wars is the importance of public-private cooperation for better security. A recent example of such cooperation is afforded by this morning's announcement, by Dragos, of the expansion of its Community Defense Program, initially piloted last year in response to Russian action in Ukraine. That program provides training, technical support, and information-sharing to small and under-resourced utilities, especially those that deliver local water and electrical power services.