Diplomacy continues over Ukraine.
N2K logoJan 28, 2022

Diplomacy continues over Ukraine. Renewed warnings of Russian cyberattack. Cyber operations as combat support. And, when it comes to opsec, you can camouflage all you want, but someone will probably TikTok you anyway.

Diplomacy continues over Ukraine.

The Russian response to the rejection of its proposals by NATO and the US has so far been less intemperate than was the soft ultimatum itself. Diplomacy seems likely to continue, at least in the short term.

TASS: "No understanding on new Russia-US strategic dialogue meetings so far."

The "so far" in TASS's headline is significant insofar as it suggests that diplomacy remains Russia's focus. Reuters also sees a softening of the Russian tone, but a change in tone doesn't necessarily imply a change in direction. TASS quotes Vladimir Yermakov (Director of the Russian Foreign Ministry’s Department for Nonproliferation and Arms Control):

"Further strategic dialogue with the United States depends to a significant extent on Washington’s readiness to give a rational and realistic response to Russia’s core security concerns and to engage in practical work on legally binding guarantees of stopping NATO’s further expansion, refraining from deployment of offensive weapons of the US and its allies near our borders and returning NATO’s military equipment and personnel to levels of 1997, when the Russia-NATO Founding Act was signed." 

Those are substantially the demands Russia made during the Geneva talks, and neither NATO nor the US are likely to accede to them.

The US has sought to engage China in efforts to reduce the risk of a Russian invasion of Ukraine, Agence France-Presse reports. While Beijing has indeed urged "calm," the Chinese government has also decried a US and NATO "Cold War mentality," which suggests that China is publicly at least buying the Russian line that the real threat is from the Atlantic Alliance.

The US has called for a meeting of the United Nations Security Council on Monday, where the US intends to confront Russia over its preparations to invade Ukraine. The Wall Street Journal quotes a statement yesterday by Linda Thomas-Greenfield, US ambassador to the UN:

“More than 100,000 Russian troops are deployed on the Ukrainian border and Russia is engaging in other destabilizing acts aimed at Ukraine, posing a clear threat to international peace and security. The members of the Security Council must squarely examine the facts and consider what is at stake for Ukraine, for Russia, for Europe, and for the core obligations and principles of the international order should Russia further invade Ukraine.”

The public statement suggests that the US believes that at least nine of the members of the Security Council will agree to hold the meetings.

NATO has increased its conventional military readiness and provided aid to Ukraine, including funds and weapons. But a considerable part of any response to a Russian invasion would involve sanctions, and both the US and Germany have told Russia that such sanctions would include interruption of natural gas deliveries through the Nord Stream 2 pipeline. Natural gas exports to Western Europe are vital to the Russian economy, and this is why Nord Stream 2 has been singled out for special attention.

Renewed warnings of heightened threat of Russian cyberattacks.

The BBC reports that Britain's National Cyber Security Centre (NCSC) has (like others among the Five Eyes, notably Canada and the US) renewed warnings to businesses in the UK that they should be on alert for Russian cyberattacks during the present period of heightened tension. "While we are unaware of any specific cyber threats to UK organisations in relation to events in Ukraine, we are monitoring the situation closely and it is vital that organisations follow the guidance to ensure they are resilient," Paul Chichester, the NCSC director of operations said early this morning. For all of the NCSC's reticence about attribution--it hasn't formally ascribed responsibility for the Whispergate wiper malware to Russia--Computer Weekly quotes Chichester as adding, “Over several years, we have observed a pattern of malicious Russian behaviour in cyberspace. Last week’s incidents in Ukraine bear the hallmarks of similar Russian activity we have observed before.” 

While experts temper the warning with reassurance that panic isn't called for, and that Russian cyber operations are likely, at least in the initial phases of a hotter hybrid war, to be confined insofar as that's possible to the theater itself, memories of WannaCry and NotPetya remain fresh, and lend gravity to NCSC's latest warning. "At one point around a fifth of the world's merchant shipping fleet was being controlled by WhatsApp because their computer systems weren't working," the BBC quotes former NCSC director Ciaran Martin as saying about the disruption that rippled out of those 2017 cyberattacks against Ukraine.

Also mindful of the 2017 experience, the Danish Defense Intelligence Service has warned the maritime sector in particular to be alert for possible spillover from Russia's hybrid war against Ukraine. Shipping Watch notes that the Danish shipping giant Maersk was particularly hard-hit by NotPetya.

Martin is among those who counsel against panic, at least with respect to cyberattacks. "If the aim is to conquer Ukraine, you don't do that with computers," he said. The BBC also suggests that both the UK and the US have succeeded in establishing their own persistence inside Russian critical networks, that Russia knows this, and that Russia will therefore be likely to exercise a degree of restraint before it lets an attack loose against Western targets. That the wiper used in the Bleeding Bear attacks against Ukrainian networks wasn't wormable, and was therefore less likely to propagate beyond its intended targets, may be one indication of such restraint.

An essay in Foreign Affairs, while agreeing that Russian offensive cyber operations are not only likely, but have actually begun, downplays the threat of destructive malware. It sees the likeliest Russian course of action in cyberspace as threefold:

"In the event of a full-scale invasion, Russia is likely to conduct three types of campaigns in cyberspace to support its military objectives: intelligence gathering operations, operations aimed at disrupting or deceiving the Ukrainian military, and psychological operations against the Ukrainian public. The first would seek to monitor Ukraine’s military operations. By tapping communications between Ukrainian military units, Russian intelligence agencies could access unfiltered information on Ukrainian troop deployments, defensive tactics, and other battlefield logistics.

"In addition to giving Russia a military advantage, this type of cyber-espionage operation could also help Russia prepare for an eventual occupation of parts of Ukraine. By infiltrating Ukrainian national police databases, Moscow could identify and neutralize potential leaders of a future insurgency, for example, or pinpoint Ukrainian citizens who might be willing to collaborate with Moscow in a future pro-Russian government. In fact, Russia is probably already conducting some of these operations in preparation for a potential conflict.

"Second, Russia would likely use cyberspace operations to deceive the Ukrainian military or disrupt its operations. For instance, Russian hackers could target the Ukrainian forces’ command-and-control networks, including both its wireless and wired communications networks, making it difficult for Ukrainian military leaders to coordinate troop deployments or efficiently mobilize reservists and volunteers. Moscow could also disrupt major Ukrainian telecommunications providers or target the digital databases of the Ukrainian military’s logistics hubs, undermining Kyiv’s ability to distribute equipment and provisions to soldiers and aid to civilians. Or hackers could attack Ukrainian air traffic control networks, disrupting civilian flights and impeding international support and aid for Ukraine.  

"Finally, Russia could conduct psychological operations to sow confusion and doubt among the Ukrainian population, thereby eroding the public’s will to resist Russian aggression. Moscow could launch a cyberattack against Kyiv’s power grid, for instance, leaving millions of people without heat or electricity in the dead of Ukraine’s brutally cold winter. Or it could attack Ukraine’s financial system and make it difficult for civilians to buy groceries with a credit card or withdraw cash from an ATM."

On the third possibility, the US also regards widespread Russian influence operations to continue, and Washington, the AP reports, has been unusually open and forthcoming about "naming and shaming" the influence operators and their products.

Assessing the probability of a Russian invasion.

US President Biden yesterday told his Ukrainian counterpart, President Zelenskyy, that a Russian invasion next month was "a distinct possibility." For its part, Ukraine regards the situation as grave, but also as not inevitably leading to war. The Military Times quotes a Ukrainian military assessment to the effect that “By now, the Russian military contingent near the Ukrainian border is insufficient to carry out a large-scale armed aggression against Ukraine. The Armed Forces of Ukraine are ready to protect Ukrainian territory and the Ukrainian population.” Russian Foreign Minister Lavrov also took a slightly softer tone. "If it depends on Russia, then there will be no war," he said. "We don't want wars. But we also won't allow our interests to be rudely trampled, to be ignored," 

Combat power and combat support.

Presumably one way you ensure that your interests aren't rudely ignored is to forward deploy heavy forces.

In hybrid war, cyber operations for the most part amount to what military officers call "combat support," and experts commenting to the BBC tend to see it that way. What combat power, kinetic power, looks like is on display in Belarus. DFRLab has been tracking the movement of Russian combat units into the Russian ally's territory, where they're positioned, nominally for joint exercises, along the border Belarus shares with Ukraine. The 97th Airborne Regiment, the 36th Motorized Rifle Brigade, and the 155th Naval Infantry Brigade have deployed to the southwest, in the Brest Oblast. To the east, in the Gomel Oblast, are the 164th Artillery Brigade, the 64th, 38th, and 37th Motorized Rifle Brigades, and the 5th Tank Brigade. The 103rd and 107th Rocket Brigades are to the north, in Osipovichi. (A note on Russian military nomenclature: "Motorized Rifle" is what Americans would call "Mechanized Infantry," a kind of heavy force in which infantry can fight either mounted in armored fighting vehicles or dismounted, on foot.)

The sources of DFRLab's information are interesting. Some of them derive from satellite imagery, but more of them come from social media, as Belorusian locals take pictures and video of Russian equipment moving through their towns. Much of it appears on TikTok, and where else would you go for information on an enemy order of battle? "Information wants to be free," as they used to say, and the way social media have put the libido ostentandi so firmly in the cultural saddle makes one wonder whether traditional military operational security is even possible any more. Who needs hyperspectral sensing platforms in low earth orbit when everyone is happily taking selfies in front of BMP-2s at Rechista Station? This is not, we should note, purely or even characteristically a Russian or Belarusian phenomenon. No army on the planet should be surprised when its deployments turn up on TikTok, right beside the latest moves of the most viral post-adolescent but sub-adult influencers.