Ukraine at D+280: War against infrastructure, kinetic and cyber.
N2K logoDec 1, 2022

Russian partial mobilization remains deeply unpopular. The Kremlin continues to frame its ongoing campaign against civilian infrastructure as an attack against legitimate military objectives.

Ukraine at D+280: War against infrastructure, kinetic and cyber.

Further Russian withdrawals from the towns around Kherson, but on the east bank of the Dnipro, are being reported, according to the Telegraph. Russia's partial mobilization remains deeply unpopular, and military-aged men have been voting with their feet. Some estimates put the number of those fleeing conscription as high as a million. A report by Foreign Policy notes an interesting sidelightt (Extra credit to the two who crossed the Bering Sea to Alaska in a small boat--that's showing motivation of the highest degree). Leaked internal polls suggest that domestic popular support for Russia's war has dropped from a simple majority to around 25%. Those results should be treated with caution, of course, but they may be giving the Kremlin pause.

War against infrastructure.

"Since October 2022, Russia has repeatedly attacked Ukraine’s electricity distribution grid, primarily with cruise missiles," this morning's situation report from the UK's Ministry of Defence says. "This is likely the first example of Russia attempting to implement the concept of a Strategic Operation for the Destruction of Critically Important Targets (SODCIT), a key component of the military doctrine it has adopted in recent years. Russia envisioned SODCIT as using long-range missiles to strike an enemy state’s critical national infrastructure, rather than its military forces, to demoralise the population and ultimately force the state’s leaders to capitulate. Russia’s strikes continue to cause power shortages resulting in indiscriminate, widespread humanitarian suffering across Ukraine. However, its effectiveness as a strategy has likely been blunted because Russia has already expended a large proportion of its suitable missiles against tactical targets. Also, with Ukraine having successfully mobilised for nine months, material and psychological effect of the SODCIT is likely less than if it was deployed in the initial period of a war."

Thus the MoD's judgment is that a war against civilian infrastructure is, for various reasons, failing. It doesn't explicitly judge the attacks to be war crimes, although the reference to "indiscriminate, widespread humanitarian suffering" suggests that this is the MoD's view. Discrimination and proportionality are touchstones of the lawful conduct of war. There's an ambiguity surrounding critical infrastructure, which under some circumstances might be considered "war sustaining," and thus a legitimate military target set, but this is controversial (see the LIeber Institute for a discussion).

Russian Foreign Minister Lavrov sees no shades of grey, however. The Guardian quotes him as accusing NATO of full involvement in the war, and of attacks on Ukrainian infrastructure, specifically its power grid, as essential to stopping the flow of NATO supplies to Ukraine. “'You shouldn’t say that the US and Nato aren’t taking part in this war, you are directly participating in it,' Lavrov said in a video call with reporters.'And not just by providing weapons but also by training personnel. You are training their military on your territory, on the territories of Britain, Germany, Italy and other countries.' He said that the barrage of Russian missile strikes was intended to “knock out energy facilities that allow you to keep pumping deadly weapons into Ukraine in order to kill the Russians. The infrastructure that is targeted by those attacks is used to ensure the combat potential of the Ukrainian armed forces and the nationalist battalions,' he said."

Crimes against peace.

War crimes, like massacres of civilians, mistreatment of prisoners, and, arguably, destruction of civilian infrastructure, are crimes against the laws that govern the conduct of war, against jus in bello. Other crimes are crimes against peace, aggressive war itself, a violation of jus ad bellum. France has become the first major state, the Guardian reports, to support the European Commission's call for a special tribunal to bring Russian President Putin and other leaders to justice for crimes against peace.

An assessment of Russian cyber warfare.

The Economist has a long and thoughtful account of the fortunes of Russian cyberwar. One overarching observation is that such warfare is inherently difficult, and that it takes long and careful preparation to be successful. Thus the disabling attacks against Viasat ground stations in the opening hours of the war had been under preparation for months, as had the subsequent wiper attacks against Ukrainian networks. These enjoyed some success, but that success was short-lived and not easy to improvise going forward, once the defenders were on the alert for them. They did, however, demonstrate that Russian cyber capabilities weren't negligible, and hadn't been grossly overestimated.

But there's a flip side to this. Russian cyber operations, like Russian kinetic military operations, also seem to have suffered from sloppiness, careless coordination, and overconfidence. These served the operators poorly against a defender that proved capable, prepared, resilient, and ably supported by allies and commercial partners. Ukrainian capability in defense shouldn't be underestimated either. If Russian cyber operations have largely dwindled to nuisance level fizzles since March, Ukraine's defenders deserve a great share of the credit.

From criminals to hacktivists.

The Wall Street Journal has an interview with Dmitry Smilyanets, a reformed Russian cybercriminal who, having served his US sentence, now works for security firm Recorded Future. He offers some insight into the nexus between the Russian underworld and Russia's security services, and on the ease with which criminal gangs shifted into nominal hacktivist mode during Russia's war against Ukraine.

The connection is close but complicated. “If we talk about financially motivated hackers, what happens is directly or indirectly," Smilyanets said, "they know someone from the government and they pass information or help in this or other cases. It doesn’t mean they’re employed [or] it doesn’t mean they’re on a paycheck with the state but there is a connection. Sometimes we see it clear, sometimes not.”

And they needed little or no inducement to turn to patriotic hacktivism. "When Russia attacked Ukraine, some groups there declared loyalty to the Russian government. …Those groups, they consist not only of Russian criminals. They consist of former Soviet Union bloc citizens, including [from] Ukraine.” The ransomware gangs found it an easy transition to make. “I don’t see Russia asking them directly because that’s not what’s really happening. What I see, a lot of groups who made some money with ransomware, they decided to be loyal to the state and create hacktivism. Instead of making money, they create destruction, they develop new ransomware payloads that have no intention to decrypt. That’s malware to disrupt the network, not to ask for ransom. That’s growing, unfortunately. This war caused a lot of hatred on both sides, people just jumping into this boat of hacktivism without thinking of consequences.”