As Ukraine's counteroffensive makes progress, the Billington Cybersecurity Summit in Washington, DC, hears about the lessons Ukraine has been able draw from its experience with Russia's hybrid war.
Ukraine at D+197: Lessons from the hybrid war.
Gains in Ukraine's counteroffensive.
The Telegraph reports that Ukrainian advances into Russian-occupied territory have along some axes exceeded thirty miles.
Belarusian exercises "highly unlikely" to be preparation for intervention in Ukraine.
The UK's Ministry of Defence, while noting that "Fighting continues in southern, eastern and northern Ukraine," devoted this morning's situation report to Belarus's current military exercises. "On 08 September 2022, the military of Belarus, Ukraine's northern neighbour, started routine training exercises to regain territory taken by ‘enemy forces’ and secure their borders. The exercises are due to last until 14 September 2022. The drills will be conducted close to Brest near the Polish border, around the Belarusian capital Minsk and in the north-eastern region of Vitebsk." The MoD doesn't see the exercises as a threat to Ukraine, still less as staging for an invasion. "Although Russia’s use of Belarusian territory was instrumental in Russia’s failed advance on Kyiv early in the invasion, Belarusian forces have limited offensive capabilities and there is a remote chance that they have deployed forces into Ukraine. It is highly unlikely that these exercises are an indication of preparations for direct Belarusian involvement in the Ukraine war."
Cyber lessons learned: the view from Ukraine’s Ministry of Digital Transformation.
The third and final day of the annual Billington Cybersecurity Summit met in Washington, DC, on Friday, September 9th, 2022. The day opened with a long session, partly in person, partly by video, on the lesson learned, so far, during Russia’s hybrid war against Ukraine.
The morning’s panel, moderated by James Lewis, SVP and Director, Strategic Technology Program, at the Center for Strategic and International Studies (CSIS) engaged three experts on the conflict in Ukraine: Mykhailo Fedorov, Ukraine’s Vice Prime Minister and Minister of Digital Transformation (who participated via a specially recorded video), Dmitri Alperovitch, Co-Founder and Chairman of the Silverado Policy Accelerator, and Georgii Dubynskyi, Ukraine’s Deputy Minister, Ministry of Digital Transformation.
The introduction to the panel’s topic said, “The Russian invasion of Ukraine has generated new fears about how the Russians can leverage cyber as part of its invasion plans, launch new threats to use attacks as a pressure point to reduce US counter responses, even to potentially target key energy sector infrastructure to put additional pressure to get the West to back away from supporting Ukraine. This panel will talk about what we have learned to date from the conflict as it relates to cyber and what this means to better prepare the West to defend against potential new attacks as well as to better understand and counter our adversaries during conflict.”
Mykhailo Fedorov opened the discussion with a video that gave his perspective on the war. Ukraine, he said, has been fighting for both democracy and its survival as a nation. The war began in cyberspace before Russia’s full-scale invasion, and Fedorov thinks that the first lesson to be learned is about the reality of Russian power: it’s been generally overestimated. “We’ve shown the whole world that Russia is not the powerful state everyone thought it was.” Both Russia’s kinetic power and its cyber capabilities were believed to be greater than the war has revealed them to be. “They’re not the second-best army in the world, and they’re not the best hackers in the world, either.”
Russia’s failure to achieve significant strategic effects in cyberspace can be attributed in significant part, Fedorov believes, to Ukrainian defenses, which succeed in thwarting some 98% of cyberattacks daily. He strongly commended the IT Army of Ukraine, which he characterized as “enthusiastic volunteers eager to defend Ukraine’s borders in cyberspace.” He introduced a video that presented Kyiv’s view of how things are going in cyberspace. Interestingly, that video made the case that the main contribution the IT Army had made was in fighting disinformation and propaganda, and a great deal of that fight has been carried to Russian media.
Not only are Russian channels of disinformation being disrupted, and Russian media hijacked to display protest against the war, but the IT Army has also been engaged in informing “Russian mothers” of their sons’ deaths, information that the Russian government is slow to share. The IT Army is also collecting evidence of war crimes. “We know the names,” the video said, “of all the looters.” And, in general, “Ukraine is showing the whole world that in the 21st Century the truth cannot be suppressed.”
In addition to resilience and information operations, Fedorov sees drones as having more than proved their worth, and that, in the future, nurturing a vibrant tech sector will be key to future security.
This war has become an artillery war. Drones are a “game-changer technology,” Fedorov said, “the eyes of the military.” The war of the future will be fought by an army of drones. The video accompanying Fedorov’s presentation pointed out that Russia enjoyed a 15-to-1 advantage in artillery systems and a 6-to-1 advantage in ammunition expenditure. Yet Ukraine continues to enjoy success, which he attributed to professionalism and superior technology. tubes, a 6-1 advantage in ammunition. Professionalism and superior tech have made up the difference for Ukraine. Precision artillery informed by accurate, timely drone-delivered targeting has been turned to battlefield advantage. “Artillery without a UAV is like a rifle without sights.” The video ended with an appeal for donations for drones. “Professionalism, cleverness, and heroism” were the watchwords of battlefield success.
The emphasis given to the ongoing digital transformation of government and society was striking. This transformation has been both serving emergency needs (especially in rendering assistance to displaced persons) and anticipating post-war recovery. It delivers television and radio when traditional broadcast channels have been destroyed. Economically, “Ukraine will be the first European tiger,” and politically, “script will replace bureaucrats.”
Cyber lessons learned: Ukrainian and American perspectives ("be brave").
The panelists who appeared in person, James Lewis, SVP and Director, Strategic Technology Program, at the Center for Strategic and International Studies (CSIS), Dmitri Alperovitch, Co-Founder and Chairman of the Silverado Policy Accelerator, and Georgii Dubynskyi, Ukraine’s Deputy Minister, Ministry of Digital Transformation, also discussed lessons from Russia's hybrid war, but with the reservation, as Alperovitch pointed out, that it was premature to speak with great confidence of lessons learned. This war is still in its early stages.
Georgii Dubynskyi, Ukraine’s Deputy Minister of Digital Transformation, said that the situation on the ground was “difficult,” but that “we are doing our best to drive Russia from our territory.”
“The Russians have obviously made tremendous blunders,” Alperovitch said. “The Russian intelligence services have not been able to achieve significant successes, after the first days of the war.” He sees one early lesson is that it’s possible to prevent the enemy from achieving strategic effects in cyberspace, and he would go on to add that it was in any case over-sanguine to imagine that it would be easy to achieve such effects.
Ukraine has been preparing for this war, in Dubynski’s view, since Russia invaded Crimea. “The war started in 2014, and we were preparing since then.” Ukraine had seen Russian preparations as early as October of 2021, but had been reluctant to fully credit Western (especially US) intelligence warnings that an invasion was in the offing. “But we saw preparations as early as October and November; the Russians began trying to enroll hackers that early, GRU, SVR, and especially FSB. It was important, too, to make some friends. We didn’t believe [war] would come, but we were a little bit ready.”
It was in the first hours of the war that Russia enjoyed its most significant cyber success, notably in its attack on Viasat. Some of what the Russians did was impactful, notably the attack on Viasat. Russia’s ability to shut down Viasat modems in Eastern Europe temporarily “downed” Ukrainian military communications, but those communications were relatively quickly restored as Western companies provided alternatives.
Alperovitch also noted the importance of information operations. “I was surprised there wasn’t more of an attempt to shut down the Ukrainian Internet,” he said. That Ukraine has been able to tell its story has been “an enormous failure” on the part of the Russians. It’s also been remarkable to watch how Ukraine has been able to continue rapid digital modernization during wartime.
If there were one “secret ingredient” in Ukraine’s ability to defend itself in cyberspace, Dubynskyi would identify it as the IT Army. While often characterized as “hacktivists” (a notoriously “gnarly” crew, as Lewis pointed out) the IT Army was also significantly formed from among IT professionals who wanted to contribute to the war effort. “People just came voluntarily on the street and asked to be given weapons, and people from the IT community also volunteered.” Defense, Dubynskyi said, was not enough: “We need active defense. We need to keep this guy busy… These are professional IT experts. They receive their targets through the Telegram channel, openly.” Those targets were official sites, and particularly propaganda sites. The IT Army filled a gap left by Ukraine’s failure to develop an offensive cyber capability.
Alperovitch thought that the IT Army’s experience showed that it’s possible to “hack back” without unconstrained collateral damage. “We’ve seen you can do very precise operations that don’t harm civilians and innocent people.” The hacktivists probably haven’t achieved any strategic results, “and frankly that’s hard to do,” but they have created a nuisance, and they’ve had an effect on morale, both Russian and Ukrainian.
As far as the decision to go over to the attack in cyberspace, Dubynskyi said, “We had no other choice,” because “a small Soviet army can’t defeat a big Soviet army.” Ukraine had to innovate under the pressure of invasion.
The other key decision Ukraine took was to move its data to the cloud. Cyber attacks came in conjunction, as the war began, with kinetic strikes that destroyed data centers. Just before Russia invaded, Ukraine allowed public data to be moved to public clouds, and so the cruise missiles that hit the official data centers didn’t destroy the data. “Amazon, Microsoft, Google, Oracle, responded to our call quickly. And other governments offered private clouds, notably Poland and the Baltic states. Collaboration with Big Tech has been very important to us.”
Dubynskyi offered some final thoughts. He emphasized the necessity of strengthening digital resilience, of close cooperation with friendly countries, engagement with Big Tech, and getting the media involved in countering disinformation. “Do not allow yourselves to be threatened by Russia. And be brave.”