Prep and staging during a diplomatic pause in the Russia-Ukraine crisis.
N2K logoFeb 3, 2022

The opposing sides in the Russia-Ukraine crisis are now talking for the most part with actual and potential allies. General purpose forces are being staged into the theater, and NATO remains alert for Russian cyber operations.

Prep and staging during a diplomatic pause in the Russia-Ukraine crisis.

Ukraine has officially increased its state of cybersecurity readiness. President Zelensky has "enacted the National Security and Defense Council’s decision of December 30, 2021, 'On the Plan for implementing the Cyber Security Strategy of Ukraine,'" Ukrinform reports.

Talk among friends: old, new, and prospective.

US Deputy National Security Advisor for Cybersecurity and Emerging Technologies Anne Neuberger continues her discussions with NATO allies. LRT reports that she's warning that Russian cyberattacks during Moscow's ongoing campaign of pressure on Kyiv should be expected. “Russia has used cyber as a key component of their force […]. So this is a proactive trip both to talk about improving resilience […] and to highlight overall NATO’s commitment to NATO member’s cyber resilience in that way,” Neuberger said, describing the purpose of her visit.

According to Ukrinform, the Netherlands has promised Ukraine technical assistance for its cyber defense, and has declared an interest in closer cooperation with Ukraine on cybersecurity. In a joint statement issued by Ukrainian President Volodymyr Zelenskyy and Netherlands Prime Minister Mark Rutte, the two countries said: "Following the cyberattack against Ukraine on 14 January, the Netherlands stands ready to provide technical cyber assistance to Ukraine. The two leaders expressed their interest in advancing cooperation on cyber issues as well as on other matters of mutual concern in the face of the contemporary challenges, including hybrid threats and fight against disinformation."

Russia's engaged with clients and potential allies-of-convenience. Moscow now has, Reuters reports, more than thirty-thousand troops in Belarus. The Atlantic Council writes that this amounts to a quiet occupation of the country. That aspect of the Russian troops' staging has been generally overlooked, in large measure because of the prominent threat they pose to Ukraine, and because Belarus has for some time been a docile Russian client. To find a template for what Moscow envisions for Ukraine and other states in the Near Abroad, look to Minsk.

Russian President Putin will be in China for the Olympics' opening ceremonies tomorrow, and he'll also be talking with his Chinese counterpart, the AP reports. China isn't exactly an ally, but Beijing is on poor terms with Washington, and the Sino-Russia relationship is founded on the old truism that the enemy of my enemy is my friend. China also sees certain analogies between Russia's designs on Ukraine and its own ambitions with respect to Taiwan. “The U.S. and the Western countries, on the one hand, are exerting pressure against Russia over the issue of Ukraine, and on the other hand, are exerting pressure against China over the issue of Taiwan,” the AP quotes Li Xin, director of the Institute of European and Asian Studies at Shanghai’s University of Political Science and Law, as saying. “Such acts of extreme pressure by the West will only force China and Russia to further strengthen cooperation,” which is one way of looking at it.

The place of cyber operations in hybrid war.

Critical infrastructure is expected to figure largely on Russian targets lists should the ongoing conflict escalate. An essay in the Conversation argues that the metaphorical first shots have already been fired in cyberspace, and that this is entirely consistent with the Gerasimov Doctrine that has shaped Russia's approach to hybrid war.

The sector generally regarded as providing both high-value and high-payoff targets is electrical power generation and distribution. While Ukraine has sought to improve the security of its grid since Russian disruptive attacks in 2016, that effort remains a work in progress, and won't be completed in the near term. One of the challenges Ukrainian authorities face are the remaining connections of its power grid with Russia's. Kyiv has sought to decouple itself from the Russian grid, but again, the Kyiv Post points out, that's not something done overnight. (As an aside, it's not unusual for power grids to cross international borders, even uneasy ones. During the Cold War, for example, there were electrical power distribution connections across the Inner German Border.)

As to the form such cyberattacks might take, most of the press is betting on form. Since Russian operators have used pseudoransomware in past attacks, many are looking for a repetition of that method. It's tried, it's deniable (although more implausibly than plausibly, given recent events), and it's available. Mint's coverage is representative of the journalistic consensus. As likely as pseudoransomware may be, it's unlikely to simply be a rerun of NotPetya: the state of the art, Computing points out, has advanced considerably since 2017.

Estonia, which in 2007 was on the receiving end of a major Russian cyber campaign, has continued to express concern that a Russian cyber offensive would spill over into the Baltic region. The Baltic Times quotes Estonian Minister of Entrepreneurship and IT Andres Sutt: "The threat of a military escalation in Ukraine has also greatly worsened the cyber security situation in our region, and what we need now is for the heads of businesses and authorities to think about the security of their organization's IT and communications systems -- have they done all they can to implement basic cyber hygiene measures and what happens if any of their systems becomes the target of a cyber attack?" Estonian officials point with concern to recent attacks, criminal or privateering, against health care systems and petroleum pipelines.

The UK remains on alert in ways that have gotten through in popular culture. The demotic Fleet Street tabloid the Daily Mail has two representative screamers: "How Vladimir Putin will unleash his cyber thugs against Britain if we stand up for Ukraine: Former GCHQ boss Professor CIARAN MARTIN says that with relations on the brink of collapse, Moscow could cause huge disruption in the months ahead," and "NHS is a target if Moscow launches cyber blitz on UK over support for Ukraine, defence chief warns." Some recent Russian air action has added to British concerns: the Royal Air Force yesterday intercepted and turned away four Russian bombers approaching the UK's airspace area of interest. The Russian aircraft, the RAF said, were two Tu-95 Bear H and two Tu-142 Bear F. Such flights aren't unprecedented or even unusual, but the timing here seems gratuitously provocative.

NATO considers its cyber strategy, particularly with respect to Article Five.

The Christian Science Monitor describes the ways in which NATO's understanding of cyber conflict has evolved. In particular the threshold for the invocation of Article Five, the Alliance's provision for collective defense, has gotten lower. Part of the motivation for this is to improve deterrence, where uncertainty can sometimes make an adversary more reluctant to move. The Monitor quotes David van Weel, NATO Assistant Secretary-General for Emerging Security Challenges, who told journalists in December, “Up until now, the idea [among cyber adversaries] was, if we don’t completely disable a full country’s infrastructure, it’ll probably be OK. With the new policy we’re saying, well, that’s not necessarily true. I’m making it less defined. Sorry for that.” So, sorry, not sorry, as they say.

The US in particular is interested in cooperating on what US Cyber Command calls "hunting forward," a more assertive doctrine that was on display in last year's incursion into the Internet Research Agency, a Russian organization closely associated with that country's offensive cyber and influence operations.

Sanctions and diplomacy.

NATO has talked about subjecting Russia to sanctions should it escalate its pressure on Ukraine. Kyiv would like to see some of those sanctions discussed publicly. In particular, POLITICO reports, Ukraine would like the European Union to say, explicitly, exactly what costs it intends to impose on Russia in the event of an invasion. As Ukrainian Foreign Minister Dmytro Kuleba said yesterday, "Make it available for the Russians, for everyone, so that the Russians can see what awaits for them. "We hear discussions about the severity of sanctions, but it's time to go into specifics. Otherwise Russia may think it's just about bluffing."

The US has plans for sanctions that would both hobble the Russian economy and damage the personal interests of named Russian leaders, including President Putin. The Washington Post describes the way such personal sanctions would work. They would involve such measures as blocking access to assets, limiting financial transactions, and imposing restrictions on travel.

Sanctions directed against the Russian economy as a whole would severely restrict Russia's ability to avail itself of international financial services that use the dollar (and that's most of them) and would block Russian access to the dollars it already holds. The Atlantic Council has a useful explanation of what it characterizes as "dollar weaponization."