Ukraine at D+314: Dispersal, and inward-looking info ops.
the cyberwire logoJan 5, 2023

Fighting continues around Bakhmut, but a general Russian offensive grows less likely as forces are dispersed out of HIMARS range. "Information security" means something different in Russia from what it means in the West.

Ukraine at D+314: Dispersal, and inward-looking info ops.

Heavy fighting continues around the now largely destroyed city of Bakhmut. The first class of convicts recruited to the Wagner Group has completed its service at the front and is being released to go home. Wagner Group boss Prigozhin gave them some farewell advice: “Don’t drink a lot, don’t use drugs, don’t rape women, do not get up to no good.”

Effects of Ukrainian rocket artillery.

Ukrainian artillery, especially the US-supplied HIMARS rockets, increasingly complicate Russian deployments. Strikes like the New Year's Eve attack against barracks in occupied Makiivka have made it difficult, the Telegraph reports, for Russian commanders to concentrate forces near the front, which makes it harder to organize an offensive.

Strikes into rear areas are also forcing redeployment of combat aircraft out of the immediate theater. Russian Long-Range Aviation (LRA) units are being relocated to the Russian Far East, out of range of the Ukrainian missiles that have hit their former location at Engels Air Base. The British Ministry of Defence Intelligence update on the situation in Ukraine this morning reported that "On 27 December 2022, Oleksiyy Danilov, secretary of Ukraine’s National Security and Defence Council, reported that Russia had relocated long range aviation (LRA) Tu-95MS BEAR heavy bombers and Tu-22M3 BACKFIRE medium bombers to Russia’s far east. On 5 and 26 December 2022, the LRA’s Engels air base was struck and several aircraft damaged. Russia has highly likely responded to the incidents by conducting a general dispersal of LRA aircraft, especially to airfields further away from Ukraine. The LRA will still be able to fire air launched cruise missiles into Ukraine because the weapons have a 5000km range, in addition to the flight range of the bombers. However, operating from dispersal locations will add additional maintenance stress and will further deplete the limited flying hours available on these aging aircraft."

The losses at Makiivka, high and still being counted, have provoked a search for scapegoats. The dissent in this case has come from pro-war hardliners who have been demanding that responsibility be fixed and blame assigned for whatever negligence exposed such a large number of troops to destruction. The Ministry of Defense has pointed to the troops themselves. Lieutenant General Sergei Sevryukov, speaking for the Ministry, explained “it is already obvious that the main reason for what happened was the large-scaled use of mobile phones by the troops despite the ban and within the range of the enemy’s artillery.” Hardliners (and they speak with some official sanction) have derided this as victim-blaming, noting that drone reconnaissance and reports from hostile locals are far more likely sources of target indicators.

Cellphone traffic as a source of combat information.

The extent to which cellphone signals have been used for geolocation and then targeting in any particular case remains unclear, but the devices represent a persistent operations security challenge for both sides. The phones make it possible to collect combat information that would formerly have been difficult to come by, from unguarded conversations to revealing photos shared in social media. The New York Times summarizes the problem that simple phone conversations pose. Russian commanders have ordered the troops to give up their phones, but such orders have been widely evaded. "But just as often, soldiers found ways to circumvent the rules. They stole phones from Ukrainians, including those they had killed, and passed around the available phones to call home, an analysis of call logs shows. In many intercepted calls, Russian soldiers can be heard complaining that they did not trust their leaders or felt abandoned by them, and saying that they did not care about the rules," the Times writes.

There's an awareness on the soldiers' part that the enemy is listening in, but the folkloric opsec of using circumlocutions to baffle the adversary remains as futile as ever. "Some Russian soldiers made remarks that showed they were aware Ukrainian intelligence could be listening — and that they should choose their words carefully, to avoid giving away their locations." If your bros get it, so does the enemy. And if your bros don't get it, the enemy might still be quicker on the uptake. (Lest we be accused of blind, Anglo-Saxon Russophobia, this tendency is found in all armies we're familiar with. Any American veteran who remembers a sergeant telling him to say "5 clicks" so the enemy won't know you mean "5 kilometers" will recognize the problem. General Fredendall's notoriously opaque formulation of orders before the American disaster at Kasserine Pass during the Second World War are a famous US historical example.)

It's also not only the words that matter, but the signals themselves. "But the soldiers did not appear to know that cellphone data alone could potentially betray them, giving Ukrainians enough to pinpoint a phone’s location down to an apartment building." Metadata can be as lethal as data.

Incommensurable views of information security.

The Carnegie Endowment for International Peace notes that Russia has an understanding of information security that's quite different from the one that prevails in Western and especially US circles.

"Critically, Russian government references to so-called information security do not mirror the modern, Western understanding of information security—which refers generally to the confidentiality, integrity, and availability of systems, networks, and data. Likewise, references to 'information security breaches' do not correspond to the contemporary Western understanding (of undermining encryption or getting past a firewall). Instead, the Russian government’s discussion of information security broadly encompasses the regime’s interests in the information sphere, including regime security and the state’s control over information flows and public opinion. This is the 'sovereignty' to which Moscow refers in 'cyber sovereignty.' Relatedly, breaches of information security, in the Russian government’s conception, include threats to encryption and technical defenses, but also include—and perhaps principally emphasize—undesirable content or information. The last of the Information Security Doctrine’s 'external threats' speaks particularly to this point. Indeed, the document expresses a fear of information undermining the regime: 'the precariousness of citizens’ rights to information access, and information manipulation evoke a negative reaction among people, which in a number of cases leads to a destabilization of the social and political situation in society.'”

This view is significantly inward-looking and inclined to view information operations as deterministic. Mistakes may be made, but nothing happens by chance.