This post was updated on February 4
As the world watches the Kremlin’s military build-up along the Ukrainian border, the Irish military is worried about Russian naval activity in its own backyard. That’s where Russian exercises are set to take place dangerously close to strategic undersea communications cables that represent an overlooked element of a potential Russian escalation: an effort to blind the world to events unfolding in Ukraine.
Armed with a sophisticated set of cyber capabilities, the Russian government has long relied—even compared to a cyber power like China—on destructive attacks that degrade or destroy systems, such as the one that shut off power grids in Ukraine in 2015. Not to mention the large network of actors, from state agencies to front companies to recruited cybercriminals, who conduct a range of cyber and information operations against the Putin regime’s enemies. But Russia’s weaponization of tech isn’t just about code and keyboards: If attackers can damage, destroy, or merely cut power to physical internet infrastructure, such as undersea cables, they can disrupt internet communications in a target area to cause public panic and unrest, undermine economic activity, and disrupt the flow of government and citizen communications.
That’s now a distinct possibility if Russia escalates further in Ukraine.
Recent history suggests as much. When Russia illegally invaded and annexed Crimea in 2014, one of its first suspected actions was to damage some communications cables* belonging to the Ukrtelecom monopoly that linked the peninsula to Ukraine. This partially disrupted* internet connectivity provided the Kremlin another point of leverage over the region and limited the world’s visibility into the early phases of the “grey zone” conflict (a term used to denote a conflict that falls below the threshold of war). This shows that the Kremlin recognizes the importance of the physical dimensions of online control and coercion. Domestically, for example, the state has moved to exert more control over physical internet infrastructure by forcing companies to install more surveillance and filtering technology. And when digital mechanisms of control fail or are insufficient, the state turns to physical coercion of citizens and foreign tech employees.
The last two decades of Russian military doctrine have also witnessed a growing emphasis on the importance of software, hardware, and cognitive control in modern conflict. This outlook isn’t lost on Western officials. Most recently, the head of the United Kingdom’s armed forces warned that Russian naval activity could threaten submarine cables and allow Moscow to disrupt global internet traffic.
Scenarios for slashing
In the current crisis, observers should watch the one submarine cable that carries global internet traffic directly into Ukraine: the Kerch Strait Cable, laid in 2014 by Rostelecom, the Russian state-owned telecommunications company. After the annexation, Crimean internet service providers (ISPs) began using the cable to route internet traffic through Russia. Because the most immediate impact of cutting it would be to internet communications in Crimea itself, the Kremlin may be less likely to damage this cable.
Yet if the standoff over Ukraine intensifies, the Kremlin might calculate that such a move is worth the risk if it could be combined with other actions to disrupt internet communications in the rest of the country, too. In that scenario, Russian military and intelligence assets in Crimea could have their internet access disrupted (which would perhaps give Ukraine a reason to target that infrastructure). But at the same time, targeting the cable while targeting other infrastructure outside Crimea could create panic in the rest of Ukraine and limit the international community’s visibility into further Russian actions—well in line with the Kremlin’s willingness to accept some costs to invade and forcibly exert control over Ukraine.
Ukrainian internet traffic is also carried over land-based cables, such as fiber-optic, cross-border communication lines. The Russian military could physically damage, hold hostage, or cut power to internet service provider facilities (which deliver internet traffic to users) and internet exchange points (which exchange traffic between ISPs). These physical components in Ukraine carry global internet traffic, so disrupting them would impact the international sphere and force some traffic to get routed around Ukraine, but the worst effects would be felt within the country as these components primarily deliver traffic to Ukrainians.
In the most globally damaging scenario, the Russian military could target any of the dozens of submarine cables linking other parts of Europe to the global internet—and which, by extension, may carry traffic originating in (and destined for) Ukraine. For instance, there are sixteen submarine cables touching Ireland, and cutting some of those cables—a couple of which are in the vicinity of the Russian exercise*—would damage the flow of global internet traffic and could take several hours or even days to repair. It could also considerably distract those countries from other world events.
Alongside preparing for damaging Russian cyber operations against Ukraine, as well as countries that Russian President Vladimir Putin considers to be pro-Ukraine, Kyiv and its allies must prepare for the potential targeting of internet cables. Moscow knows that information is vital in a crisis—and that controlling or entirely disrupting its flow can provide important strategic advantages.
Justin Sherman (@jshermcyber) is a nonresident fellow at the Cyber Statecraft Initiative in the Atlantic Council’s Scowcroft Center for Strategy and Security.
An earlier version of this article incorrectly characterized how Russia is suspected to have physically damaged internet infrastructure in 2014. Multiple overland cables were allegedly damaged, not a single underwater cable. This article has also been updated to clarify that the 2014 cut did not disrupt all internet connectivity in Crimea and that Russian naval activity was near a couple of cables, not all sixteen touching Ireland.
Mon, Jan 31, 2022
Issue Brief By
This essay focuses on how cyber operations employed during militarized crises are likely to impact escalation management. Cyber operations intended as offramps in a crisis could have an outcome opposite than that intended. Given the absence of direct experience, policymakers must critically examine assumptions and claims that cyber operations can serve as de-escalatory crisis offramps.
Fri, Jan 28, 2022
Russian Hybrid Threats Report: Kremlin pushes claims about Ukrainian offensive, ‘junk’ weapons from West
New Atlanticist By
The Council's Digital Forensic Research Lab is tracking the latest from Russian troop movements to social media conspiracy theories to Duma debates.
Wed, Jan 26, 2022
BelarusAlert By Peter Dickinson
A group of cyber activists known as the Belarusian Cyber-Partisans hacked into the Belarusian railway computer system this week in a bid to sabotage the deployment of Russian military units in the country.