Even as conventional weapons scream across Ukraine, cyberwarfare was heating up too. In the hours before Russia’s invasion, hackers took down several Ukrainian government and bank websites.
But talk to anybody in the intelligence community and they’ll tell you “that’s not what is keeping us up at night. That’s kid stuff”. Here is the stuff they REALLY worry about.
25 February 2022 (Auschwitz, Poland) – Russia’s large-scale invasion of Ukraine yesterday and today went beyond what most observers thought Vladimir Putin was prepared to do. Now, as the war continues to rage across the country, many are looking at how the conflict could spill beyond Ukraine’s borders – the thought being Putin’s gamble has sparked fears that absorbing Ukraine may be a prelude to seeking a bigger chunk of Europe.
The Baltic states, which chafed under Moscow’s control for decades and are home to large ethnic Russian minorities, are particularly worried. So too is Poland – no stranger to Russian invasions itself. This morning I had breakfast with a bunch of Poles and Americans (about 50 Yanks were moved by their companies out of Ukraine and resettled in Krakow, Poland – part of an expected 200+ contingent of Americans). Tech companies in the U.S. and around the globe that have for years relied on Ukraine as a source of cheap and reliable tech talent are now rushing to evacuate employees and keep services online as Russia’s assault on Ukraine continues. Most are being resettled in Krakow which is very dynamic tech centre with a deep pool of talent and facilities.
The fear at the breakfast table was palatable.
Poland and the Baltics, however, are members of NATO. A Russian war against the smaller, non-NATO army of Ukraine is very different from tangling directly with a powerful, nuclear-armed military alliance that has been bolstering its numbers in Eastern Europe for months. That’s a big gamble even for a leader who thinks he’s got the hot hand these days. Moreover, it would exceed Putin’s stated aims: to destroy Ukraine’s sovereignty and remake it as a demilitarized, Kremlin-controlled buffer state between Russia and NATO.
For Putin, history is a sledgehammer. The day before he invaded Ukraine he said in a speech:
On December 30th, 1922 Lenin’s held his first “Council of People’s Commissars,” or Sovnarkom, and created the Union of Soviet Socialist Republics (USSR). In December 1922, there were only four Soviet republics represented, Russia, Ukraine, Belarus, and the Transcaucasian Republic. By December 2022, will there be four Russian Federation ‘republics’? If so, to paraphrase Lenin, what is to be done?
In light of the unfolding tragedy, one only has to look at a map to see the implications for the West if Putin should succeed in establishing a Belarus-Ukraine salient in the heart of central Europe. Seizing Ukraine (he already control Belaurus) gives Putin a very particular interpretation of history, and we are witnessing a high-end force that will spearhead the transition towards Russia as a strategic fighting power.
And even if Putin doesn’t intend to go beyond Ukraine, there is still the possibility of a miscalculation that could set Russia and NATO on a collision course. Wars are foggy. Missiles go awry. Targets are confused. Dogfights can spill into neighboring airspace. Passenger jets are sometimes shot down by Russian troops. Accidental escalation can happen in a heart beat.
But I’ll leave that for other essay. Right now, cyber makes this all much, much worse. Even as conventional weapons scream across Ukraine, cyberwarfare is heating up too. In the hours before Russia’s invasion, hackers took down several Ukrainian government and bank websites. One immediate problem is that cyberweapons are hard to control: as we learned in 2017, a virus released in Ukraine can knock out hospitals as far away as the US and UK. A fight between Ukrainian and Russian hackers could wreak havoc elsewhere, forcing governments further afield to respond.
But for the intelligence community, that’s child’s play. More the concern of the corporate and legal world who can afford to remain in “The Matrix” – avoiding what is happening in the real world, the real dangers.
And that real danger, the bigger and far scarier risk when it comes to cyber is that an escalating conventional conflict will lead either/both Russia and the US could use their cyberweapons to jam each other’s ability to detect and understand nuclear weapons movements as well. As I pointed out last year, both sides have that capability. And while talking about nuclear weapons feels like a terrifying anachronism, be warned. In his speech yesterday Putin threatened to hit interlopers with “consequences greater than any you have faced in history,” and it was understood by many in the intelligence community as an implicit threat to use nukes – either the real thing or cyber related.
But worse, as Mircea Geoană, Deputy Secretary General of NATO, said at the Munich Security Conference last week, if Russia launched a major cyberattack on a member state it would be enough to trigger the alliance’s Article 5 collective defense obligations.
But nobody knows what that would look like. When NATO decided that cyber should be considered an “operational domain,” the bloc also made the call that a “massive cyber attack” on one member state could trigger Article 5 of NATO’s Washington Treaty. This strikes at the heart of the alliance’s defense clause, which states that an attack on one country is considered an attack on all allies. One big problem here is that when it comes to cyber – unlike conventional or nuclear war – there are no clear rules, precedents, or understandings about what constitutes an attack or a proportional response. So the Ukraine War will be a “petri dish” for how cyber interacts with conventional and nuclear forces in a major war.
And that is the monstrous fear. Without a doubt, the Russian state has the most sophisticated cyber capabilities with a track record of havoc. For my 4-part 2018 series on why please read “Technical and psychological cyberattacks on the U.S. – why the Russians are so good at this” by clicking here.
A long-time contact of mine in the U.S. Cyber Command (he recently retired) had told me:
The SVR, Russia’s foreign intelligence service, has been linked to a number of espionage and data-pilfering campaigns, from the widespread SolarWinds breach in 2020 (whose victims ranged from government agencies to major corporations) to stealing information from Covid-19 vaccine developers. For years, Russia’s military intelligence service, the GRU, has launched destructive cyberattacks, from the NotPetya ransomware that likely cost billions globally, to shutting off power grids in Ukraine, to, just last week, launching a distributed denial of service attack against Ukrainian banks and its defense ministry. But it was the SolarWinds breach that told us how embedded there were, and frankly it will take us years to find out how deep.
But this week, in Ukraine, we can see they can unleash their more expansive, complex, and often opaque web of proxies whose actors are happy to hack and attack on behalf of the regime. The Kremlin’s involvement with these groups varies and may fluctuate over time; it may finance, endorse, ignore, recruit, or use these actors on an ad hoc basis. Part of the reason Moscow protects or turns a blind eye to cybercriminals is economic—cybercrime brings in a lot of money—but it’s also so the state can sway those actors to do its dirty bidding.
Let me tell you – you think these threats seem confusing and overwhelming? That’s exactly the point, and that’s exactly what makes the threat against Ukraine so grave. My ex-colleagues at Cyber Command tell me Moscow is deploying, stationing, or leveraging both state and proxy hackers overseas to launch operations from within other Western countries. That have that capacity – at will.
Ted is not a fear monger. He knows his stuff. And he acknowledges we just do not know what the Russian government will or will not do to Ukraine (or the West in general) in cyberspace – nor what non-state entities might do of their own volition. A complex, opaque, and entangled web of proxies can generate deniability, confusion, the need to fend off multiple ongoing attacks at once – and from the Kremlin’s perspective, that’s part of Russia’s cyber power, power the world can’t afford to ignore.
But having said that, if you follow Bob Carver, Andy Jenkinson, Steve King, and Garret Moreau on Linkedin you know most of the West’s cyber defenses are pathetic.
It has only been 48 hours but among some of my military contacts there is a belief that the reason Russia is bogging down a bit is because Russia is fighting a 1970s era war against a small but early 2000s era enemy. And what they mean by “1970s era” is that Russia executed limited precision strikes, followed immediately by multiple lines of armored advances (3 as Soviet doctrine commands, plus a 4th from the separatists who appear to be fighting alone).
The offensive was conducted by the easiest routes possible – roadways – with avoidance of set battles en lieu of encirclements. Air assaults were via helicopter and paratroopers to seizing two key sites. Air dominance was possible but not planned.
By the early “2000s era” they mean Ukraine’s widely distributed, high-value small arms and light weapons, and a dispersed command. It focused on defensive moves, occupying zones. Population center control and casualty consciousness was paramount.
What does this all mean?
That Russia, despite its overwhelming size and inevitability of their goals in this situation, is incredibly out of date. Within the first 6 hours they stopped precision strikes (they were likely out of munitions) and began a ground movement into contested air territory. Their deep strike air assault attempts have far have been repulsed at Kyiv’s main airport, as well as in Mariupol and Odessa. Air dominance is still not even ensured nor were precision strikes fully successful in eliminating anti-air capabilities, also hindering their air assault. Ukraine’s air capacity should have been decapitated and was not. Ukraine, despite the hopelessness of their fight, are outfighting the Russians who claimed two days to achieve total victory.
From a capabilities perspective, from an objectives perspective, defenders in cities are forcing the Russians to siege them out, which is counter to what we assume was a deep strike’s method.
But, in the end, most military strategists say Russia will persevere.
I am thinking more about the long view. The Ukraine invasion is a crystallising moment for a more dangerous, divided world. No level of sanctions and harsh words will constrain Putin now. This will remain true while he leads Russia – and, quite frankly, while Xi leads China. Yes, what is happening in Ukraine is about 44 million people with lives and families, not just some piece on the geopolitical chessboard. But the long game has changed and that has become more important and more apparent whenever the intensity of the immediate crisis in Ukraine lessens.