Sanctions for the cyber phase of a hybrid war, amid protracted diplomacy.
N2K logoFeb 11, 2022

Diplomacy continues, but so do troop movements, and the US State Department tells Americans to leave Ukraine. Is there a failure to learn lessons from earlier cyber campaigns against Ukraine?

Sanctions for the cyber phase of a hybrid war, amid protracted diplomacy.

Diplomacy continues between the Russian side and Ukraine (including Ukraine's international sympathizers) and it's likely to be protracted. In the meantime Russian cyber operations have not, insofar as is publicly known, resumed on any large scale. Russian exercises continue, both in Belarus and in the Black Sea. Ukraine has protested the Russian Black Sea operations as amounting to an incipient blockade; Russia calls them exercises. US Secretary of State Blinken has advised American citizens to leave Ukraine, saying, “Simply put, we continue to see very troubling signs of Russian escalation, including new forces arriving at the Ukrainian border. We’re in a window when an invasion could begin at any time and, to be clear, that includes during the Olympics.” The Netherlands has also advised its citizens to leave Ukraine.

Cocking the trigger on sanctions.

The US Senate Foreign Relations Committee has been much concerned with the design and implementation of a sanctions regime the US could quickly apply as retaliation for further Russian aggression against Ukraine. POLITICO reports that the Committee's thinking is running toward developing sanctions that could be imposed well-short of a kinetic war. Major cyberattacks could, members of the Committee are saying, trigger severe sanctions against Russia.

Further, more extensive US aid to Ukraine may proceed more slowly than proponents had hoped. A lend-lease bill, the first of its kind since the Second World War, is at present stalled in the Senate, according to

Implications for international commerce, should Russia intensify operations against Ukraine.

Global Trade outlines four major risks an escalation of Russian pressure on Ukraine would carry for international commerce:

  • "Commodity prices and supply availability"
  • "Firm-level export controls and sanctions"
  • "Cyber security collateral damage"
  • "Wider geopolitical instability"

The third risk is worth some discussion. Global Trade reviews the experience of NotPetya, in origin and intent an action against Ukraine, as an example of the digital wreckage Russian cyber operations can work globally. But the danger isn't limited to, and the risk isn't primarily collateral damage, but rather the prospect of direct attack. Global Trade writes:

"In 2017, the NotPetya attack on Ukrainian tax reporting software spread across the world in a matter of hours, disrupting ports, shutting down manufacturing plants and hindering the work of government agencies. The Federal Reserve Bank of New York estimated that victims of the attack, which included companies such as Maersk, Merck and FedEx, lost a combined $7.3 billion.

"This figure could pale in comparison to the global supply chain impact of a Russia-Ukraine military conflict, which would inevitably include a cyber element. Whether Russia would target its cyberwar playbook at U.S. or E.U. targets in retaliation for any support to Ukraine remains hotly debated. But the Cybersecurity Infrastructure and Security Agency (CISA) has been urging U.S. organizations to prepare for potential Russian cyber attacks, including data-wiping malware, illustrating how the private sector risks becoming collateral damage from geopolitical hostilities."

It seems that Russian cyber operators know how to avoid collateral damage if they wish to do so. The discriminating nature of the January cyberattacks against Ukraine suggests that this is so.

There's a great deal of talk about collateral damage circulating during the present crisis, and some of it is misleading. The US Department of Defense offers this definition: "A form of collateral effect that causes unintentional or incidental injury or damage to persons or objects that would not be lawful military targets in the circumstances ruling at the time." If an effect is intended, it's not collateral damage. It might be a legitimate operation, or, if a prohibited target is affected, it might be a war crime.

Influence operations continue.

There are no publicly known major cyberattacks in progress, but disinformation and influence operations continue. Russian media have seized upon a Buzzfeed story published earlier this week that described possible contingency plans for moving the US embassy from Kyiv to a location in Western Ukraine should an invasion and an attendant refugee crisis render Kyiv untenable. Those stories are being represented as a form of Anglo-American attempt to stoke fear and exacerbate the crisis. Such opportunistic amplification has become a staple of Russian disinformation, with Facebook in particular seeing tendentious posts that have their origin in distorted interpretations of Western governments' statements and media reports.

One opinion of Ukraine's readiness to cope with high-intensity cyberwar.

How vulnerable, really, would Ukraine be to a renewed, intense Russian cyberoffensive? Euromaidan has published an essay that argues the country would be relatively easy pickings: "In the wake of the [14 January] attack, local cybersecurity experts are unanimous that Ukraine remains vulnerable to future cyberattacks. They see the root of Ukraine’s vulnerability lying deep in the ineffective cybersecurity structure, the country’s insufficient cooperation with the private sector, and the lack of direct responsibility for not addressing security flaws." Those three root causes would be found in most countries, or they'd at least be complained of in most countries. But the experts the essay quotes see them as, in Ukraine, distinctively crippling.

The essay describes the national organization for cyber combat as follows: "Under the Ukrainian law “On Basic Principles of Cyber Security of Ukraine” of 2017 and Cybersecurity Strategy of 2021, major national cybersecurity actors are the State Service for Special Communications and Information Protection of Ukraine (Derzhspetszvyazok), law enforcement, intelligence, defense agencies, and the National bank. The President coordinates cybersecurity activities via the NSDC, while NSDC’s National Cybersecurity Coordination Center (NCCC) oversees the actors in the security and defense sector." That too is not necessarily an unusually complicated division of responsibility, and countries with even more complex sets of agency equities have found ways of making them work.

Two features of the Ukrainian system seem, the essay's sources say, to have had particularly unfortunate effects. One is doctrinal and procedural: a failure to seek out, learn, and apply lessons from the earlier stage of Russian cyberwar against Ukraine from 2014 to 2018. The second feature is cultural: an inheritance from a Soviet system in which officials served as bureaucrats in the worst sense of the word, interested in carving out a fiefdom, jealous of their equities, and not disposed to good-faith cooperation with other agencies (and still less with the private sector). The cultural obstacles to cyber readiness are likely to be the most difficult ones to overcome.

But still, Ukrainian authorities seem to have scored against some operations. The takedown of the two bot-farms in Lviv was a small victory for the Ukrainian services, but it was a victory nonetheless.

Diplomacy supported by deployments.

Ukraine has rejected Russian demands that it effectively recognize Luhansk and Donetsk, entering into direct negotiations with the nominally separatist regions. "Russia insists that Ukraine conduct a direct dialogue with the so-called Donetsk and Luhansk people's republics," Reuters quotes Ukrainian Foreign Minister Dmytro Kuleba as explaining. "If Ukraine agrees to this, then the status of Russia will change from being a party to the conflict to the status of being a mediator in the conflict. That is why we do not go for it." For its part Russia deplored "zero progress" in negotiations, which its representatives blamed on Ukraine's "absurd proposals."

The Duma has postponed a vote on recognition of Luhansk and Donetsk, and Russia continues to disclaim any intention of a renewed invasion, but Russian troop deployments haven't allayed anyone's fears. The exercises in Belarus (Exercise Allied Resolve, as the participants call them) have aroused particular alarm. French Foreign Minister Jean-Yves Le Drian characterized the exercise as a "very violent gesture that concerns us."

It's the UK's turn to conduct high-level talks with Moscow. Defense secretary Ben Wallace is there today. Britain's foreign secretary Liz Truss has concluded unsatisfactory discussions with Russian foreign minister Lavrov. Mr. Lavrov was gratuitously insulting at the joint press conference they held at the close of their meetings, saying that conversation with Ms Truss was like "talking to a deaf person." That's probably as much for domestic as international consumption. The famously foul-mouthed Lavrov (his tough-guy utterances become memes) sells a lot of t-shirts: street entrepreneurs inscribe their wares with his more intemperate remarks. These aren't apparently gaffes, but calculated utterances. Lavrov is not one who has a reputation for thinking with his mouth open.

Russian ambitions in the Near Abroad.

Both the New Atlanticist and Foreign Affairs see President Putin's long game as the eventual absorption of not only Ukraine, but Belarus, into a larger Russian federation. Some of the descriptions call it a move toward reestablishing the Soviet Union, but this comparison seems wide of the mark. Its animating spirit is ethnic and linguistic, not ideological (and certainly not Marxist-Leninist). There seems to be small interest in Southwest or Central Asian annexations, for example: Georgia, Armenia, Kazakhstan, and so forth don't seem to be acquisition targets, although they're clearly conceived as being part of Russia's proper sphere of influence.. The historical ancestor of the aspirations seems older, a revival of Russian Pan-Slavism. That cultural and political movement may well be back from the grave it's generally thought to have been buried in during the First World War. If you're acting like a 19th century Great Power, why not do so with 19th century aspirations?