Russia’s battle with Ukraine is being fought partly in cyberspace, where it may have greater room for escalation because nations increasingly accept covert cyber attack as a valid form of international pressure when more traditional options are too violent – or too visible.
So far, the Ukraine cyber conflict appears to have pitted the strong hacker communities in each nation against each other in hundreds of attacks that have disrupted websites or e-mail systems, notably at government agencies such as Ukraine’s parliament and the Russian central bank and foreign ministry. Before the Russian-Ukrainian confrontation erupted this year, those communities shared many ties, with each other and with organized crime, and appear largely to have refrained from attacks in each other’s countries.
This cyber battle has unfolded differently from its immediate predecessors. In 2007, the Kremlin sparked a weeks-long assault on Estonia by ignoring or encouraging (PDF) attacks by nationalist groups such as Nashi, a movement that backs Russian President Vladimir Putin. A year later, against Georgia, Putin was more willing to let his security services become directly involved to coordinate or perhaps even direct attacks against websites of Georgia’s government and banks.
In Ukraine, the Russians have used a more traditional path of propaganda, misinformation, physical destruction and modification of telecommunications equipment, and cyber attacks, all integrated into a single campaign.
Information warfare like this is part of a classic Russian maskirovka tactic from decades back. But it’s a mostly forgotten discipline in the Pentagon and other Western militaries who copied the American model of focusing on the sexy new field of cyber rather than the more boring information warfare. In recent years, US experts in information warfare have had limited promotion opportunities as leaders’ attention (and massive budgets) shifted to the technical wizards at the National Security Agency and the US Cyber Command. Having ignored information warfare for fifteen years, the United States is less prepared than it might be to understand Russian actions and intentions.
The situation over the next months could unfold in any of several ways. Perhaps most likely, tomorrow will look like today, just more so. Russia will continue a modest information warfare campaign with an emphasis on propaganda and misinformation. Webpage defacements and disruptions of political and economic sites will continue on both sides, as Russian and Ukrainian nationalist groups discover ways to hack while existing hacking groups grow more nationalistic. Some of these attacks will continue to be directed toward NATO, the United States, and other Western targets.
The online conflict might also escalate, with Putin ratcheting up the tempo to that of the 2007 Estonia attacks (along with an increase in propaganda and misinformation). Putin, now facing far higher stakes in Ukraine, might be willing to feed a campaign lasting months or longer. The Kremlin here would largely rely on proxy nationalist groups at arm’s length.
The current cyber battle also could spread if the overall strategic confrontation deepens, say toward a second Cold War. Such a stand-off, pitting Russia against the United States, NATO, and Ukraine, might include propaganda, energy blockades, and economic sanctions – but would be fought more actively and dangerously online. It might look something like the shadowy online war between the United States and Israel against Iran.
Rather than relying on nationalist formations or loose groups of hackers, Putin in this scenario could have his own intelligence and security forces (and perhaps also regime-linked organized crime) disrupt industrial, economic, and military targets in the West, whose national cyber forces would retaliate. The model for these assaults would be Stuxnet, the US cyber attack against Iran’s Natanz uranium enrichment plant, and corresponding Iranian attacks against the US finance sector and Saudi Aramco and Rasgas, two of the world’s largest energy companies. The conflict wouldn’t merely take down websites, but perhaps even disrupt automotive assembly lines or local electrical grids.
These more dangerous conflicts are very unlikely and, the more dangerous the conflict the easier it will be to spot before it unfolds. The rule of thumb for seeing disruptive cyber attacks before they happen is that “physical conflicts beget cyber conflicts.” The more obvious any new Cold War, the more that conflict will be reflected in cyberspace.
The future of cyber defenders, like that of the Ukraine itself, is therefore likely to be decided not in the networks by ones and zeroes but in diplomatic salons because a peaceful world means a more peaceful Internet.
Jason Healey is the director of the Cyber Statecraft Initiative at the Atlantic Council of the United States and the editor of the first military history of cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey.