Ukraine at D+238: Misdirection and lessons learned.

Ukraine appears ready to move on Kherson, in the south, and Russian forces hint that they're preparing a strategic withdrawal to the east, back across the Dnipro River. The UK's Ministry of Defence, in this morning's situation report, described a shift in operational focus to Kherson. "On 18 October 2022, recently appointed commander of Russian forces in Ukraine, General Sergei Surovikin, told Russian media that ‘a difficult situation has emerged’ in the Kherson area. He endorsed the previously announced plans of the occupation authorities to evacuate the civilian population. As the overall operational commander, Surovikin’s announcement highlighting negative news about the ‘special military operation’ is highly unusual. It likely indicates that the Russian authorities are seriously considering a major withdrawal of their forces from the area west of the Dnipro river. A key challenge of any Russian withdrawal operation would be extracting troops and their equipment across the 1000m wide river in good order. With all the permanent bridges severely damaged, Russia would highly likely rely heavily on a temporary barge bridge it completed near Kherson in recent days, and military pontoon ferry units, which continue to operate at several locations."

While these adjustments are made, Russian drone and missile strikes against Ukrainian cities are expected to continue.

DDoS as misdirection.

Deutsche Welle reports informed speculation that Killnet's recent distributed denial-of-service (DDoS) attacks against Bulgarian government targets may have been misdirection designed to draw attention from the real Russian goal, which may have been espionage. If that's the case, the ultimate goal is probably not simply Bulgaria, but rather NATO. Compromise of Bulgarian systems could enable Russian cyber operators to pivot into the broader NATO networks to which Bulgaria is connected.

Some Russian official and semi-official discussion of the cyberattacks against Bulgarian government sites was retaliation for Bulgarian cooperation with, and participation in, Ukraine's strike against the Kerch Bridge. Deutsche Welle dismisses this as easily debunked nonsense. "Just last week, the Russian government and intelligence services sought to draw a link between the October 8 explosion that destroyed the Kerch Strait Bridge — which connects Russia and Crimea — to EU and NATO member state Bulgaria.The move was quickly shown to be a blatant propaganda exercise. Now, with Saturday's cyberattack, it appears that Moscow is escalating yet again."

NSA's six lessons from cyber operations observed in Russia's war against Ukraine.

Rob Joyce, head of the US National Security Agency (NSA) Cybersecurity Directorate, spoke Tuesday at the Mandiant Worldwide Information Security Exchange in Washington, DC. He drew particular importance to information-sharing by and with the private sector, CyberScoop reports. He also drew six early lessons that may be learned from the conflict so far. Meritalk summarized those lessons as follows:

1. "Both espionage and destructive attacks will occur in conflict;
2. "Industry has unique insights into these conflicts;
3. "Sensitive intelligence can make a decisive difference;
4. "You can work to and develop resiliency skills;
5. "Don’t try to go at it alone; and
6. "You have not planned enough for the contingencies."

The advice he offered the private sector came from NSA's playbook:

• "Harden: invest in the basics and hardening your systems and networks;
• "Actively defend: take an active stance against adversaries, not a passive one;
• "Contest: impose costs on malicious actors; and
• "Scale: collaborate with industry."