2022 continues to look like 1938, with the addition of cyberspace as an operational domain.
Casus belli for an intensifying war of aggression.
More Russian troops move into Ukraine in what Russia represents as a calming, peacekeeping move, but which most other governments call aggression.
Putin's Sudetenland.
It looks like 1938 after all, to revert to an analogy that's been used in this context by Baltic governments in particular. As Czechoslovakia's Sudetenland provided Germany with an opportunity to pretend protection of an ethnic German population in a neighboring state, so have Donetsk and Luhansk afforded Russia a similar pretext to encroach upon Ukrainian territory.
It's not the "shock and awe" predicted in some quarters, and in fact Russia's Foreign Ministry has continued to deny that it's not sure if it's really happened at all. But Russian President Vladimir Putin did announce in his major speech yesterday that he had authorized the dispatch of "peacekeeping" troops into the eastern Ukrainian regions of Luhansk and Donetsk. Kremlin spokesman Dmitri Peskov expressed the facially implausible hope that Moscow's recognition of the two regions Russia wishes to detach from Ukraine would help restore calm, and that Russia remained open to diplomacy with the EU and the US. The relatively gradual (and for all that violent) escalation may be intended to divide Western counsel and mute some of the response the action will summon.
Putin's stated perspective on Ukraine.
It's simple. "Ukraine never had a tradition of genuine statehood," President Putin said in a speech yesterday evening announcing Russia's recognition of the independence of Donetsk and Luhansk. Besides, Ukraine is also a US puppet, it aspires to acquire nuclear weapons, it was Lenin's creation, and, if the Ukrainians really want "de-communisation," then that means giving up communism's creation of their country in the first place.
False flag provocations.
Russia said early yesterday that it had killed five "saboteurs" who attempted to cross into Russia near Rostov, the Guardian reports. Interfax said Russian forces also destroyed two Ukrainian army vehicles that crossed the border in a failed attempt to come to the saboteurs' rescue. Ukraine denied the claims, which indeed seem preposterous.
Disinformation.
The principal line of disinformation Russia has pursued with respect to Ukraine is to accuse Kyiv of "genocide" against ethnic Russians. It's an absurd claim that's gained little traction abroad, as the Atlantic Council argues. But its principal audience may be a domestic Russian one.
Who's really beating the war drums in eastern Ukraine? Why, the House of Windsor, of course. The Telegraph has been watching Russian television and noticed this explanation, offered by the outlet Russia 1: Prince Charles and Prince Andrew need something to distract the public from recent royal scandals, Russia 1 says. Hence Ukrainian aggression against Russia. (This is a conspiracy line worthy of Lyndon Larouche.)
Sanctions and the prospects of continuing diplomacy.
Syria and presumably Belarus appear to be in Russia's corner (Syrian Foreign Minister Mekdad said his country's government "supports" Russia's move and "will cooperate" with the two breakaway regions), but most other governments have condemned Russia's recognition of Donetsk and Luhansk and the dispatch of Russian troops to the Ukrainian territories. TASS quotes an aggrieved Russian Foreign Minister Lavrov, who says the itch to punish Russia is familiar and enduring: "We understand that now our colleagues are seeking to put all the blame for the breakdown of the Minsk agreements on Russia. Our European, American, and British colleagues will never stop and rest content until they use all their possibilities for the so-called punishment of Russia. They are already threatening with possible hellish sanctions, or, as they say, ‘mother of all sanctions.’"
The UN Security Council held an emergency meeting last night to consider Russian actions. Separately, UN Secretary-General António Guterres called Russia's actions "a violation of the territorial integrity and sovereignty of Ukraine and inconsistent with the principles of the Charter of the United Nations." NATO's Secretary-General also condemned Moscow's recognition of the two regions as independent republics: "I condemn Russia’s decision to extend recognition to the self-proclaimed 'Donetsk People’s Republic' and 'Luhansk People’s Republic'. This further undermines Ukraine’s sovereignty and territorial integrity, erodes efforts towards a resolution of the conflict, and violates the Minsk Agreements, to which Russia is a party."
Germany has suspended certification of the Nord Stream 2 pipeline, which would have delivered very large quantities of natural gas to Western Europe (and to Germany in particular). Natural gas exports represent an important part of the Russian economy, and Berlin's decision is probably the most consequential sanction so far levied against Russia. The US applauded Chancellor Scholz's decision and said (as seen in this representative tweet from White House Press Secretary Psaki) that it would be announcing more sanctions of its own later today. The Military Times notes that the US has so far been relatively restrained in terms of sanctions or other responses. Officials have pointed out that the troop movements have not been as large as they might have been, and that Russian forces in the Donbas, whether deniable or overt, wouldn't really represent a new invasion--they've been in and out of the region (more in than out) since 2014. Fresh US sanctions so far have been limited to restrictions on doing business in Donetsk and Luhansk, but, again, more are expected later today.
French President Macron condemned Moscow's action and called upon the EU to immediately impose sanctions on Russia. British Foreign Secretary Truss has said that British sanctions against Russia would be forthcoming today. And, across the Black Sea, Turkey's government issued a condemnation of the Russian action.
European foreign ministries have said that additional Russian forces have indeed moved across the Ukrainian border. The European Union has condemned the Russian move as aggression, and is preparing a comprehensive sanctions package as part of its response. The Presidents of the European Council and the European Commission issued a brief joint statement that's worth quoting in full:
"The decision of the Russian Federation to recognise as independent entities and send Russian troops to certain areas of Ukraine’s Donetsk and Luhansk oblasts is illegal and unacceptable. It violates international law, Ukraine’s territorial integrity and sovereignty, Russia’s own international commitments and it further escalates the crisis.
"Both Presidents welcome the steadfast unity of Member States and their determination to react with robustness and speed to the illegal actions of Russia in close coordination with international partners.
"An informal meeting of EU Foreign Affairs Ministers chaired by the High Representative will take place today at 4 pm. Following that a first package of sanctions will be formally tabled later this afternoon.
"Appropriate bodies will then meet to finalise the package without delay.
"The package contains proposals:
- "to target those who were involved in the illegal decision,
- "to target banks that are financing Russian military and other operations in those territories,
- "to target the ability of the Russian state and government to access the EU’s capital and financial markets and services, to limit the financing of escalatory and aggressive policies,
- "and to target trade from the two breakaway regions to and from the EU, to ensure that those responsible clearly feel the economic consequences of their illegal and aggressive actions.
"The EU has prepared and stands ready to adopt additional measures at a later stage if needed in the light of further developments.
"Both Presidents supported by the High Representative continue to follow closely developments on the ground and consult with fellow EU leaders and international counterparts.
"The Union remains in full solidarity with Ukraine and united in support for its sovereignty and territorial integrity.
"We stand by and will continue to support Ukraine and its people."
Cyber operations during hybrid warfare, and the difficulty of containing them.
Reuters reports that the US and the UK on Friday publicly attributed recent distributed denial-of-service attacks against Ukrainian banks and government websites to Russia. Australia joined in this attribution shortly thereafter, and promised cyber support to Ukraine as it resisted further Russian activities. Western governments are on alert for Russian cyberattacks on their own assets, and the Independent reports that British defense secretary Ben Wallace suggested to the House of Commons that the UK was prepared to undertake offensive cyber operations against Russia should retaliation become necessary.
Western organizations and their exposure to cyber threats from Russia's hybrid war.
The risk of Russian escalation in cyberspace during its hybrid war is generally regarded as high. The Harvard Business Review summarizes how businesses ought to prepare for this threat in the near future, and Moody's Investor Service has issued a new research report that emphasizes the difficulty of such conflict remaining confined either geographically or economically: "Given the digitization of and interconnectedness of global markets such attacks could have economic implications across geographies and sectors."
Derek E. Brink, CISSP, Vice President & Research Fellow, Aberdeen Strategy & Research, wrote that the risk to critical infrastructure under these circumstances is high:
“It should come as no surprise that in today’s conflicts between nation-states, cybersecurity attacks play an increasingly strategic role. Mid-January attacks took down and co-opted the websites of the Ukrainian Ministry of Foreign Affairs, other agencies, and leading financial institutions -- adding cyber disruptions and distractions to the tensions along the physical borders that have continued to unfold to where we are today. Political leaders are usually cautious about the formal, public laying of blame ('attribution') for cybersecurity attacks on a specific actor, given the technical challenges of definitive forensic investigations -- which creates even more opportunities for sowing chaos and confusion, ranging from 'false flag' operations to actual attacks by opportunistic political activists. Cybersecurity attacks against government websites are one thing -- but it should also come as no surprise that potential attacks against critical infrastructure such as communications, financial services, energy, transportation, water, and food can escalate the chaos and confusion to a much higher level.”
John Hultquist, VP of Intelligence Analysis at Mandiant, says that the DDoS attacks attributed to Russia are designed for intimidation:
“It’s unsurprising to learn that the DDOS attacks in Ukraine were conducted by the GRU. Russia’s military intelligence service is the most aggressive of its peers when it comes to cyberattacks and other activity in the sphere. We have seen them carry out DDOS attacks on several occasions which they use to harass and undermine institutions. It’s not unusual for incidents such as these to be nested within a larger campaign that can take many forms from hack and leak to serious destructive attack. Following their partial expulsion from the Olympics Russia kicked off a campaign of cyberattack and other aggressive activity which began with DDOS but ended with an attempt to take the entire games in Pyeongchang offline. Also, while this event may have had a limited impact, when joined with other incidents over time, it’s impact could become more serious.
"It’s also important not to misjudge the purpose of these attacks – the disruption they cause is designed to intimidate and undermine and is not an end to itself. Furthermore, they may be timed or accompanied by other elements to magnify their psychological impact. Ultimately, we should not judge these incidents by their technical complexity. Though they turned off the lights in Ukraine, the GRU’s most important cyberoperation may have been when they hacked and leaked information during the 2016 elections.”
Scott Kanry, CEO of Axio, emphasized that large-scale cyber operations are now a normal part of warfare:
"There are a lot of nervous conversations being had this weekend between Boards of Directors, CEOs and their CISOs. 'Can we be impacted by any cyber actions tied to the Russia - Ukraine tensions?' 'How strong is our cybersecurity program right now?' 'What else can we do?'
"Some CISO’s will respond by pulling up the latest green/yellow/red heat maps, discuss patching cadences, note that it’s an “all-hands-on-deck” week for the cybersecurity team, and perhaps might even pull up the latest outside-in scanning scores.
"Other CISO’s will pull out their current cyber event impact dashboards, and refresh the CEO’s memory on how a successful cyber event could impact the business in financial and operational terms. They’ll then explain how well the cybersecurity program is performing against the most significant areas of risk, and also explain how the incident response program and insurance program will minimize impacts if an event occurs. Finally, they’ll give the CEO their “wish list” of additional controls to consider, rank ordered by risk reduction impact.
"The companies that are having the second conversation are much better positioned in general, but certainly in the shorter term. They are the ones whose Boards and CEOs should have confidence that the security and risk teams are managing cybersecurity risk as effectively as possible. Unfortunately, most companies are still having the first conversation.
"Worse case scenario something happens in the traditional kinetic conflict sense, and also in the cyber realm. But if nothing happens this time, it’s a reminder that cyber will be forevermore linked with traditional conflict."
An excursus on the Russian suppression of (some) ransomware gangs.
An Aspen Institute conference on Russian Aggression Toward Ukraine held Friday, asked, among other things, what should be made of the recent Russian moves against its domestic ransomware gangs. The panelists who discussed the arrests and announcements were skeptical, seeing the moves as tactical, not as representing some new-found respect for legality. Dr. Herb Lin, of the Hoover Institution, said, “It can’t possibly be an accident that it happened at this time.... We don’t know who they rolled up. Let’s assume that they’re key players. Russia has pointed out, hi, we have these people, and we can control them. We can turn them off, and by implication we can turn them on. It’s a pointed reminder that they have a lot of non-traditional resources at their disposal.” Chris Krebs, former Director, Cybersecurity and Infrastructure Security Agency and currently Senior Newmark Fellow in Cybersecurity Policy, Aspen Digital, agreed. The ransomware gangs are "a deniable, reversible asset." Sandra Joyce, EVP and Head of Global Intelligence at Mandiant, said, "The timing is suspect for sure, but it doesn’t really matter. Ransomware is still hugely active. A lot of the ransomware operators have affiliates.... The arrests are a blip in the actual outcome of reducing ransomware.” It’s a way of obfuscating, of misdirecting, and she said, "I’m not buying it, and I don’t think anyone should be buying it.” Krebs offered a plausible summation: “It smacks of gangster diplomacy.” That is, the privateers will return when it's in Russia's interest that they do so.
There is, of course, no lack of ordinary criminals ready to take advantage of the fear and unrest that accompany a war. Accenture reports an uptick in Ukrainian-themed offerings (especially offers of purported personal information of Ukrainian citizens) and expects it to continue. Some of the cases it cites, like WhisperGate, have clear connections with Russian intelligence services; others seem to be the usual opportunistic work of gangs:
"As of Feb. 11, 2022, ACTI assesses it is likely that as intelligence warnings and postings related to Russia and Ukraine increase, deep web actors will continue to increase their offerings for databases and network accesses relevant to the Russia Ukraine conflict in hopes of gaining high profits. Global events occasionally serve as motivating factors for malicious actors to claim they are selling important and relevant data for profit, regardless of whether such data is genuine or even exists."
An excursus on long diplomatic tables.
With President Putin behaving in ways unseen in Europe since the 1930s, many have commented on the excessively long table across which he conversed with French President Macron. That table has indeed become an Internet meme, and in truth it did look like something out of Chaplin's "The Great Dictator."
But there's a backstory to this. It's Russian policy that everyone who meets Mr. Putin undergo a Covid-19 PCR test. President Macron wouldn't do that, with French diplomatic sources explaining, diplomatically, that Monsieur Macron was simply too pressed for time. Off the record, however, those sources told Reuters it was all about keeping President Macron's DNA away from the Russians. "We knew very well that meant no handshake and that long table. But we could not accept that they get their hands on the president's DNA." What they were afraid the Russians might do with it is unclear, but the concern is noteworthy.