Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

The Lessons From Cyberwar, Cyber-in-War and Ukraine

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation.

Use of Cyber in Russia Ukraine War

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question the nature of modern warfare and the role of cyber in its operation. Here we will look at the use of cyber in the years leading to the kinetic war, and the use of cyber technology on the modern kinetic battlefield.

We need to understand the meaning of cyber and the meaning of war, to question whether the two concepts can be separated, and to ask ourselves if we are ever not at war.

‘Cyber’ derives from ‘cybernetics’, a word coined by US mathematician Norbert Wiener in 1948, taken from the Greek ‘kybernetes’. Ultimately, it involves the concepts of guiding by control. For Wiener it is the study of communication and control.

By the 1990s, with the combination of the internet (communication) and computers (control), the single word cyber began to denote the non-physical digital world, and became a prefix for compound words in the digital space — such as cybersecurity, or more directly here, cyberwar.

If we break down the word cyberwar, we have three components: computers + communications + war. In cybersecurity terms, cyberwar refers to the use of computers and communications from one party to attack the computers and communications of another party — most commonly aimed at degrading the adversary’s critical infrastructure. It is a term used as something distinct from kinetic warfare, but is nevertheless most usually associated with attacks by nation states.

As we progress, we will see it is difficult to understand what is and what is not cyberwar. In this article we will describe all criminal cyber activity as ‘cyberattack’, and for reasons that will hopefully become clear, we will describe all nation state cyber activity as ‘cyberwar’.

If we look more specifically at the word ‘war’, we have the concept of one party attempting to exert power over another party. Kinetic activity – that is, the force of arms on the battlefield – is just one phase in the operation of a war. Economics is more usually successful. For example, the old Soviet Union was not dismantled by NATO force of arms, but more by global economics. The rise of Putin’s Russia is predicated on improved Russian economics based on its newfound oil and gas wealth. Sanctions are an economic weapon of war, aimed at reversing this.

Today, it is believed that future strength will be based on an economy itself based on technology – having the most powerful quantum computers and the most efficient artificial intelligence, for example. Much of cyberwar is aimed at achieving this, largely through the theft of IP, espionage against military capabilities and plans, and critical infrastructure surveillance that seeks weaknesses that could be exploited.

History tells us that the winner in any war is the side possessing the better technology. England’s medieval wars were won because the longbow outgunned its enemy’s weapons. This is a basic truism of all wars. Technological superiority is what ultimately wins wars.

Linked to technology is information warfare. Understanding the enemy’s technology and knowing its strengths and weaknesses and how and where it is likely to be used is essential. So too is planting false information about one’s own technology, and false information about where, when, and how it will be used.

Psychological warfare is also an important part of war. It includes and extends propaganda. “Cyber-driven propaganda typically falls within two categories,” comments Samuel Kinch, director of technical account management at Tanium. “The first is the ability to influence open-source or publicly available media, and secondly, military specific environments. In open-source or publicly available media, misinformation creates chaos in what is and isn’t true.” Psychological warfare is the active application of propaganda.

This attempts to destroy the morale of both the enemy’s military forces and the enemy’s underlying civilian population. Since both parties will be engaged in this, psychological warfare also requires boosting one’s own military and civilian morale in the face of enemy attacks against it. Once again, we come back to cybernetics, but here more specifically control over communication.

The reason for this short discourse is to demonstrate a simple but often unseen reality: cyberwar, economic war, psychological war, information war and kinetic war are all inextricably linked, each continuously jockeying for that advantage that can win wars. Kinetic activity is just one aspect of war – and the whole world is already at war in one way or another. It is only the effect of psychological defensive warfare that tells us differently.

In the following sections we will examine how cyberwar is used over many years, sometimes as a preparation for kinetic war, but also in the hope to avoid the need for kinetic war. Finally, we will look at the use of cyber on the modern battlefield.

The long game in warfare

There is a tendency for people to consider events in isolation. This is almost always wrong. Let us assume for the sake of argument that Putin’s overriding objective has always been to return Russia to his perceived glory days of the Soviet Union. 

Ukraine becomes pivotal in this. If it joins NATO, Russia becomes hemmed in by its ‘enemy’ – so control over Ukraine is seen by Russia as almost existential. Putin effectively began the Ukraine war in 2014 with the kinetic annexation of Crimea. He seemed to stop there (apart from continuous political activity in Eastern Ukraine).

However, 2014 coincided with and was immediately followed by increasing mis- and malinformation cyber and political campaign aimed at the US and European populace in both in and around the US 2016 elections and the UK Brexit vote (psychological/information warfare). We shouldn’t see this as separate to Crimea and Putin’s desire to restore the glory of the Soviet Union. Nor, then, should it be separated from the current kinetic activity in Ukraine.

Russia’s misinformation political meddling was designed to weaken the will and resolve of both the western populations, and the western political leaders. The calculation was that by the time of the 2022 invasion, the West (that is, NATO) would not have the will to object. Had Putin been completely successful in promoting an ‘America First’ doctrine, Europe would have been left entirely defenseless against the economic (oil and gas) and military power of Russia. As it is, the EU is weakened by the UK’s exit, and riven internally by far-right parties that have been promoted in one way or another by Moscow.

Viewed in this light, digital cyberwarfare should not be thought of as something separate from kinetic warfare – it is primarily a jockeying for position prior to and readying for kinetic war – and all nations are forced to take part. Psychological warfare was a precursor to the Russian invasion of Ukraine in 2022 – an invasion that hasn’t immediately gone to plan because of Trump’s failure to win a second term as president. His America First approach – which would inevitably have weakened if not destroyed NATO – was replaced by Biden’s globalism and a strong and united NATO.

The war in Ukraine

The first thing to stress is that we may believe we know what is currently going on in Ukraine, but we do not. This is because of the psychological and information elements of warfare – both of which are based on cyber technologies.

Consider the claims of Russian war crimes. War crimes happen in war. Think back to all the accusations against the US, such as Chelsea Manning (formerly Bradley Manning) and the Iraq war – so, they’re likely to be true. However, if NATO’s peoples believe that Russia is heinous, NATO’s resolve can be strengthened – it may be true, but is hyped as part of psychological/information warfare.

But you can go too far. On January 9, 2023, Politico reported, “Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection (SSSCIP) of Ukraine, said Russia has launched cyberattacks in coordination with kinetic military attacks as part of its invasion of Ukraine, arguing the digital warfare is part of what Kyiv considers war crimes committed against its citizens.”

Lukasz Olejnik, a visiting fellow at the Geneva Academy of International Humanitarian Law and Human Rights, responded, “It would be difficult to prove. The bar is high. Perhaps when part of a wider event. But cyberattacks on their own? Maybe not. Sorry for being the devil’s advocate here.”

As a result, we are left with the clear impression that Ukraine is pushing the idea of Russian war crimes as hard as possible. The same goes for reports on Putin’s illness. He probably is ill, but his demise may not be as close as we in the west are led to believe or hope.

This battle for the hearts and minds of the people is waged by both sides. Ukraine reported a strike against Russian barracks in Makiyivka, claiming 400 fatalities. Russia admitted 89 deaths, and blamed its own soldiers for using mobile phones that allowed Ukraine to pinpoint the target – something that may or may not be wholly or partly true.

Russia retaliated by claiming a strike against Ukrainian barracks at Kramatorsk, claiming more than 600 Ukrainian military deaths. Ukraine replied that Russia missed the target, and no soldiers were killed. The precise accuracy of claims and denials cannot be determined in a time of war – but they are certainly part of the psychological war.

There is little doubt – certainly since the introduction of HIMARS (high mobility artillery rocket system) that Ukraine has had an edge over Russian technology. The value of the HIMARS system is its mobility (making it easier to relocate and hide); the speed of delivery (2.5 times the speed of sound, making it almost impossible to detect and destroy in flight); and the precision of its strike (using GPS coordinates for pinpoint accuracy).

Noticeably, neither Russia nor NATO countries have (at the time of writing) employed their most technologically advanced weapons in Ukraine. There could be many reasons – but one could simply be a preference to avoid escalation of the war beyond Ukraine’s borders. Both sides appear to be relaxing this stance, with Russia releasing its newer tanks, and the UK considering the supply of Challenger tanks. Pressure on Germany to either supply or allow NATO allies to supply German Leopard tanks is also growing. Challenger and Leopard are two of the three most advanced tanks in the world; the third being the US Abrams.

What this tells us, however, is that the Ukraine war can only give an indication of what might happen in any future all-out war between major parties. This is a constrained war – its expansion is incremental. Any future all-out war will be less constrained.

Another example is in the use of satellites for communications. Simultaneous with the February 2022 invasion, Russia delivered a cyberwar attack against Viasat to reduce Ukrainian military communications. It also took down the major Ukrainian ISP, Triolan. This could be expected – classic nation state cyberattacks to support a kinetic attack.

Elon Musk stepped in and offered Ukraine the use of the Starlink satellite communications system. Russia does not seem to have made any serious attempts to eliminate Starlink – and again this is probably down to a reluctance to escalate the war. But in an all-out war, satellites would soon be physically eliminated. “In a battlefield in the future, those satellites are going to get knocked out of the sky real quick,” comments Helder Figueira, founder at Incrypteon. “Starlink will not survive. There are capabilities now in terms of the deployment of micro nuclear or electromagnetic pulse (EMP) weapons.”

While Starlink is invaluable in providing the internet and war news to the Ukrainian people, it is unlikely to be used for military communication – if only because Starlink communications can be intercepted by Russia. Troops on the ground use various radio frequencies, from a control as close to the enemy as possible. These too can be intercepted – but the message is encrypted (not with commercial encryption, which is not viewed as trustworthy) to delay understanding; while the proximity allows a strike before the enemy can respond.

This explains the number of videos we receive from Ukrainian drones. The drone is used as a close-range spotter, which locates and pinpoints a target, calls in a rapid strike, and films the effect. Cyber technology is used in the conduct of kinetics, and subsequent propaganda.

“Modern combat involves a lot of communications, with radios in most installations, many individual combatants, and aboard each vehicle,” says Mike Parkin, senior technical engineer at Vulcan Cyber. “The communications are encrypted if they’re doing it right, but each one is a source that can be located and targeted. With individual combatants carrying normal cell phones into the field, it’s easy to identify and track them as long as they are operating in ‘the other side’s’ cellular network space – which is exactly what we’re seeing in the Ukraine conflict.”

There have also been suggestions that Ukraine is using a more ‘advanced’ form of target discovery. The UK’s Express newspaper reported (December 25, 2022): “Palantir’s MetaConstellation software relies on intelligence gathered on enemy troop positions by commercial satellites, heat sensors and reconnaissance drones, as well as spies working behind enemy lines. The software then uses AI to transform the data into a map highlighting the likely positions of Russian artillery, tanks, and troops.”

On December 30, 2022, Palantir CEO Alex Karp seemed to confirm the generalities if not the specifics of this in an open letter. “Those using our platforms in the defense and intelligence context, for reconnaissance, targeting, and other purposes, require the best weapons that we can build,” he wrote. “And we have never been inclined to wait on the sidelines while others risk their lives.”

Andy Patel, researcher at WithSecure, points to the State of AI Report published in October 2022. According to this report, he said, “Current efforts to infuse defensive products with AI technologies appear to concentrate on using AI for UAV control, anti-drone systems, and for surveillance and reconnaissance purposes.” But he also notes the report’s description of Ukraine’s own GIS Arta software.

This, says the report, is a homegrown application developed prior to Russia’s invasion based on lessons learned from the conflict in the Donbas. It’s a guidance command and control system for drone, artillery, or mortar strikes. The app ingests various forms of intelligence (from drones, GPS, forward observers etcetera) and converts it into dispatch requests for reconnaissance and artillery.

One anomaly in the use of cyber in Ukraine is the apparent lack of success from Russian cyberattacks. “While cyber-kinetic attacks may take many different forms (DDoS, misinformation campaigns, infiltrating adversaries’ networks, etcetera),” says Srinivas Mukkamala, CPO at Ivanti, “the goal of these attacks is to assist in creating real-world damage and to disrupt communication and intelligence. After all, the true advantage stays with the side that can communicate with their troops and leaders.”

Russia’s cyberattacks against Ukraine since the start of the current fighting have failed to prevent Ukrainian communication. This is not to suggest they don’t occur – but it is noticeable that Russia is using kinetic weaponry rather than cyberattacks against Ukraine’s utilities. Unsurprisingly, we are not being told why – although the visible damage caused by Russian rockets and drones is part of the psychological war against the Ukrainian civilian population.

We have a similar lack of information about Ukrainian cyberattacks against Russia. Our knowledge is mostly limited to the claims of civilian sympathizers – which is notoriously overhyped and self-aggrandizing.

But we do have one example of a Ukrainian cyberattack. Richard Greenway (BBC Monitoring) tweeted (January 7, 2023) that Ukraine had hacked Russian television broadcasts to occupied Ukraine, switching the Russian messages to its own. “Ukraine is uplinking its own multiplex (a ‘mux’) to various Russian satellites, mimicking the mux being uplinked by Russia,” wrote Greenway. “On 4 & 5 January they replaced Rossiya 1’s main evening news beamed to Crimea with Zelensky’s New Year message!”

Russia has called this information warfare conducted ‘under the guidance of Anglo-Saxon IT terrorists. Anonymous appears to be either claiming credit or simply voicing support in the comments.

Summary

War is a horrible thing, but humanity has been waging war with itself since Cain and Abel. It is not likely to stop – there will be more wars to come. The arrival of computers has changed and will continue to dramatically change the operation of war. Artificial Intelligence and robotics will become more important — killing at a distance rather than close and personal is the evolution. And all of this is based on an increase and improvement in cyber technologies.

What we have tried to demonstrate here is that what we have loosely described as cyberwar and kinetic war should no longer be considered as separate. Part of Russia’s difficulties in Ukraine now are down to its failure to weaken NATO through mis- and malformation cyberwar campaign after the Crimean invasion in 2014. That attempt is as much part of its war against Ukraine as the invasion and cyber-influenced kinetic war today.

In short, kinetic warfare is only a part of modern war. Cyber is used before kinetics, during kinetics and as part of kinetic weaponry, and it will probably continue long after the kinetic phase is complete.

War itself is no more, nor less, than the exertion of power from one party over another. DIME is used as an acronym for the make-up of power. Sam Curry, CSO at Cybereason, links modern warfare to this acronym. “In the DIME (diplomatic, information warfare, military tools, economic tools) arsenal,” he said, “cyber is both a dramatic increase to the weapons available in the ‘I’ category and a force multiplier for ‘D’, ‘M’ and ‘E’.” We would suggest that diplomacy is just one aspect of psychological warfare, and that all parts are now commingled in both time and space.

Of course, all of this could be wrong. We only know what we are allowed to know or what we are told to understand. And that itself is a part of cyberwar.

Related: Cyber Insights 2023 | The Geopolitical Effect

Related: NATO, Ukraine Sign Deal to ‘Deepen’ Cyber Cooperation

Related: Ukraine Says Russia Planning ‘Massive Cyberattacks’ on Critical Infrastructure

Related: Russian Use of Cyberweapons in Ukraine and the Growing Threat to the West

Related: Cyberattacks in Ukraine: New Worm-Spreading Data-Wiper With Ransomware Smokescreen

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cyberwarfare

Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...