Ukraine at D+112: The likely course of cyber escalation.
N2K logoJun 16, 2022

Russia continues its slow offensive in the Donbas amid signs of difficulty maintaining its battalions' troop strength. Western leaders visit Ukraine and promise more support. Observers speculate about the likely course of Russian cyber operations as the war continues.

Ukraine at D+112: The likely course of cyber escalation.

Today's situation report from the UK's Ministry of Defence (UK) assesses the current state of the Russian reduction of Sieverodonetsk. "All of the main bridges over the Siverskyy Donets River, which link the contested town of Sieverodonetsk and Ukrainian-held territory, have now highly likely been destroyed. Ukraine has probably managed to withdraw a large proportion of its combat troops, who were originally holding the town. The situation continues to be extremely difficult for the Ukrainian forces and civilians remaining east of the river. With the bridges highly likely destroyed, Russia will now likely need to either conduct a contested river crossing or advance on its currently stalled flanks to turn tactical gain into operational advantage. As claimed by the Ukrainian authorities, some Russian Battalion Tactical Groups (BTGs) - typically established at around 600 to 800 personnel - have been able to muster as few as 30 soldiers. For both sides fighting in contested towns, front line combat is likely increasingly devolving to small groups of troops typically operating on foot. Some of Russia’s strengths, such as its advantage in numbers of tanks, become less relevant in this environment. This is likely contributing to its continued slow rate of advance."

Troop shortages have prompted Russia to intensify its recruiting efforts, the Washington Post reports. An alternative to more vigorous and successful recruiting, full mobilization with more extensive conscription, is problematic for Moscow, since adopting that policy would give the lie to the narrative of restraint and success that the Kremlin has pushed domestically. In the short-term at least, the Telegraph writes, that some of the manpower shortages are being made up with conscripts from nominally sympathetic Russophone enclaves in the Donbas. The soldiers acquired that way can't be receiving any effective training.

Pravda reports a major explosion and fire at Gazprom's Urengoyskoye field in Russia. It may have been an accident, and Pravda reports the incident neutrally, but there's speculation in social media that the damage might be the result of a Ukrainian special operation.

Belarus continues to maintain its forces at the high state of alert on which they've recently been placed. President Lukashenka, the Atlantic Council says, has explained the alert as a response to the threat of Belarus being "chopped off," that is, isolated, by NATO. But the Atlantic Council sees the heightened readiness as a response to pressure from Moscow to show that Belarus is solidly behind Russia's cause. Opposition leaders claim that Mr. Lukashenka's regime has grown increasingly unpopular, and that indigenous guerrilla actions have sought to disrupt Minsk's support for Moscow's war. Belarusian mobilization functions, effectively, as a Russian economy of force measure, since Ukraine must, out of prudence, consider the possibility of invasion from the northwest, and deploy its forces accordingly.

The leaders of France, Germany, Romania, and Italy have just visited Ukraine, for talks with President Zelenskyy, expressions of support, and visits to sites of Russian atrocities. Messrs. Scholz, Macron, Iohannis, and Draghi all condemned Russian "brutality." They also, the AP reports, committed to delivering arms to Ukrainian forces and to working to smooth Ukraine's path to membership in the European Union.

The US has committed to delivering an additional $1 billion in weapons to Ukraine. Defense News reports that "The U.S. aid will include two Harpoon launchers and an unspecified number of Guided Multiple Launch Rocket System, or GMLRS, rockets for previously committed M142 High Mobility Artillery Rocket Systems, or HIMARS, U.S. Defense Secretary Lloyd Austin announced in Brussels. Also included are 18 M777 howitzers, 36,000 rounds of 155mm ammunition and thousands of secure radios." Canada is sending Ukraine replacement barrels for M777 155mm howitzers.

Reflections on the first large-scale hybrid war.

The Atlantic Council has an essay by Yurii Shchyhol, head of Ukraine’s State Service of Special Communications and Information Protection. Mr. Shchyhol discusses Russia's war against Ukraine as the first cyber war, that is, the first major war in which cyber operations have been integrated fully into planning and operations. One of its conclusions is that the war has rendered obvious what's long been known by close observers of cyber gangs: the place the Russian cyber underworld occupies in Moscow's order of battle. "The current war has confirmed that while Russian hackers often exist outside of official state structures, they are highly integrated into the country’s security apparatus and their work is closely coordinated with other military operations. Much as mercenary military forces such as the Wagner Group are used by the Kremlin to blur the lines between state and non-state actors, hackers form an unofficial but important branch of modern Russia’s offensive capabilities." Shchyhol also notes that the war has revealed Russian limitations as well as Russian capabilities. Ukraine's infrastructure has shown significant resilience under Russian cyberattack.

Computing has an essay arguing that in wartime nations now have as much to fear from cyberattacks as they do from kinetic attacks. At first look this seems to be overstated--after all, cyberattacks become lethal only when they have kinetic effects. A ransomware attack, for example, as such is very far from being an artillery barrage, and a corrupted database isn't the same thing, IRL, as an artillery preparation. Unless we've become gnostics who believe the physical world is less real than the information space, few would go that far. But reading past the headline, that's not the essay's point. Its argument, rather, is that modern infrastructure is now so inextricably intertwined with and dependent on information technology that cyberattack can and do have physical, kinetic effects. Computing quotes Ian Hill, director of cyber security at BGL Insurance, who said, at the magazine's conference last week, "The real world and the virtual world have become so interdependent. Our physical world, certainly in the context of Western society, has pretty much got to the point of no return, where our dependency on technology - and technology's dependence on the internet - that the economy cannot exist without them. If anything happens to the internet, or some connected technology, we've got a real problem." 

The possibility of cyber escalation.

The Cyber Peace Institute has published a useful overview of operations in the fifth domain during Russia's war against Ukraine.

Observers continue to debate why Russian cyberattacks haven't been more widespread and more destructive than they've proved so far to be. If Shchyhol is correct, as he seems to be, that Russian cyber operators are about as concerned with abiding by the norms of proportionality and discrimination embodied in international laws of armed conflict as Russian infantry and artillery have shown themselves to be, then the apparent restraint Moscow has exhibited seems to require explanation. An essay in Cyber Security Hub concludes that a partial explanation can be found in deterrence. President Putin doesn't want a full war with NATO, and has been concerned to avoid attacks on critical infrastructure that would provoke a kinetic response from the Atlantic Alliance.

If Russia has maintained the complete conquest of Ukraine as its objective, as many observers think it has, can deterrence be expected to hold in cyberspace as the war inevitably escalates on the ground? An assessment in GIS concludes that it may not. "Russia’s red lines and escalation strategy could further change in the weeks and months ahead. How the military, political and economic aspects evolve, and war aims change will influence how the Kremlin decides to use its cyber capabilities in the conflict." Defense One reports that some US officials agree. They see the indiscriminate effects of NotPetya as foreshadowing the probable course of Russian escalation. “I do think there there is a risk that the deeper you get into this conflict that the Russians will…be pressed to resort to more aggressive operations,” Neal Higgins, the deputy national cyber director for national cybersecurity at the White House’s Office of the National Cyber Director, said this week at Defense One's Tech Summit. "If you're acting quickly and desiring a large impact, there is a risk that you lose control and that that did occur. It certainly is a risk that we continue to monitor across the government.”