Ukraine at D+41: Russia reconstitutes maneuver forces; expect fire and cyber.
N2K logoApr 6, 2022

Infantry and armor withdraw from the north of Ukraine, but Russian artillery continues its reduction of such Ukrainian cities as are within range. Cyber operations continue, and Ukraine is apparently getting some help from abroad (at least some defensive help).

Ukraine at D+41: Russia reconstitutes maneuver forces; expect fire and cyber.

The British Ministry of Defense situation map shows the slow withdrawal of Russian forces from the northern portions of Ukraine as the invaders refocus on the Donbas and the Black Sea coast. Russia's slow but violent reduction of Mariupol continues. "Heavy fighting and Russian airstrikes have continued in the encircled city of Mariupol. The humanitarian situation in the city is worsening. Most of the 160,000 remaining residents have no light, communication, medicine, heat or water. Russian forces have prevented humanitarian access, likely to pressure defenders to surrender."

Maneuver goes into a lull, but Russian artillery fire continues.

After their failure to take Kyiv ("a defeat for the ages," the AP calls it) Russian infantry and armored units are withdrawing for reconstitution to Russia and Belarus. By many estimates it will be a matter of some weeks before they're expected to be able to return to the line, and that line will probably be in the Donbas. In the meantime Russian artillery units continue their attempts to reduce the cities they've invested, most notably Mariupol, but also in Luhansk, where Russian shellfire hit civilians at a humanitarian aid distribution point. Reuters says that incident killed two and wounded five. Authorities in Luhansk are advising civilians to leave while it's still possible for them to do so.

Russian cyber operations: an assessment.

Russian cyber operations in Moscow's war against Ukraine haven't developed in the expected directions. Those directions included:

  1. Crippling attacks against Ukrainian infrastructure (especially its power grid, which Russian operators attacked in December 2015),
  2. Attacks against countries sympathetic to Ukraine, and
  3. Widespread, damaging attacks that spread globally and indiscriminately, as WannaCry and NotPetya did in May and June of 2017.

But of course Russian cyber operations have taken place at lower levels, especially in the form of nuisance-level distributed denial-of-service attacks and attempts to push disinformation through accessible channels. An essay in Foreign Affairs argues that in fact Russian cyber operations were both extensive and successful, and that it would be naive to underestimate them simply because they didn't unfold as expected. "Extensive" seems correct, but "successful" is less clear. It may be that the cyber operations' success was lost in the general noise of Russian tactical ineptitude. The authors maintain that Russian cyber operators performed as planned, and that the failure was a general strategic one.

In addition to the DDoS attacks, the Foreign Affairs piece mentions the wiper attack against Viasat customers. There has also been Russian interference with GPS. Simple Flying reports that France’s civil aviation authority (DGAC) has attributed interference with GPS signals near Finland to Russian jamming. That jamming has been ongoing since early last month, and is probably intended as a hedge against attacks against Russian forces by precision-guided weapons. And of course there have also been cyberattacks against Ukrainian telecommunications infrastructure, notably the March 28th attack on Ukrtelecom. The Wall Street Journal reports that both Microsoft and Cisco have been helping Ukrainian telcos with remediation.

But this doesn't change the fact that Western expectations of the damage Russian cyberattacks would produce were inflated. And it also seems inarguable that Ukrainian networks have proven more resilient than expected, and that Ukraine has probably received more foreign assistance than Moscow anticipated.

US has been providing cyber assistance to Ukraine.

General Paul M. Nakasone, commander, US Cyber Command, yesterday delivered his organization's Posture Statement to the 117th Congress. Prominent among the threats and responses he outlined were those presented by Russia's invasion of Ukraine. Russia, in Cyber Command's estimation, is using a broad range of its capabilities against Ukraine. "Russia’s invasion of Ukraine demonstrated Moscow’s determination to violate Ukraine’s sovereignty and territorial integrity, forcibly impose its will on its neighbors and challenge the North Atlantic Treaty Organization (NATO). Russia’s military and intelligence forces are employing a range of cyber capabilities, to include espionage, influence and attack units, to support its invasion and to defend Russian actions with a worldwide propaganda campaign."

General Nakasone also described the response to the invasion by Cyber Command and NSA. That response extends to readiness and intelligence services to the US and its allies, but also to direct support of Ukraine:

"U.S. Cyber Command (with NSA) has been integral to the nation’s response to this crisis since Russian forces began deploying on Ukraine’s borders last fall. We have provided intelligence on the building threat, helped to warn U.S. government and industry to tighten security within critical infrastructure sectors, enhanced resilience on the DODIN (especially in Europe), accelerated efforts against criminal cyber enterprises and, together with interagency members, Allies, and partners, planned for a range of contingencies. Coordinating with the Ukrainians in an effort to help them harden their networks, we deployed a hunt team who sat side-by-side with our partners to gain critical insights that have increased homeland defense for both the United States and Ukraine. In addition, USCYBERCOM is proactively ensuring the security and availability of strategic command and control and other systems across the Department. We have also crafted options for national decision makers and are conducting operations as directed.

"When Moscow ordered the invasion in late February, we stepped up an already high operational tempo. We have been conducting additional hunt forward operations to identify network vulnerabilities. These operations have bolstered the resilience of Ukraine and our NATO Allies and partners. We provided remote analytic support to Ukraine and conducted network defense activities aligned to critical networks from outside Ukraine – directly in support of mission partners. In conjunction with interagency, private sector and Allied partners, we are collaborating to mitigate threats to domestic and overseas systems."

Sanctions tightening on Russia.

Widespread outrage against atrocities that came to light as Russian forces retreated from ground they had taken in the north of Ukraine has prompted not only calls for war crimes prosecutions, but also more extensive sanctions. The US has sharpened its financial strictures against Moscow, pushing Russia closer to default, and the EU is also banning more Russian imports, including imports of coal. The EU is also looking for ways to wean itself from Russian fossil fuels generally. That will be a long process: dependence runs deep.