During the period of decolonisation in the twentieth century, the global security community developed a binary system for analysing the conflicts taking place around the world both between and within nations. Wars were either high intensity and conventional or low intensity and unconventional. Conventional warfare refers to the type of wars armies fight, where massed opposing forces fight pitched battles for the control of territory. Unconventional warfare is not the weapon of nation states, but of substate actors such as militias and insurgents. The line between combatants and civilians is blurred as these wars typically take place within a state, and pitched battles are avoided by the weaker side, who’s primary goal is to harass the stronger power to degrade its political legitimacy in the eyes of the local population.
This binary model can be extended to most conflicts fought in the latter half of the twentieth century, but the difficulty begins when explaining conflicts which have taken place in the past 20 years which do not fit neatly into either category. The most recent label for these strategies has developed in reference to Russian actions in its periphery during the presidency of Vladimir Putin: “Hybrid Warfare”. This name was chosen because the strategy combines elements of high and low intensity conflicts. Unconventional war is used to harass, conventional warfare to destroy, and hybrid war to destabilise. This article will examine the balance Moscow has found between cyberspace and ‘kinetic space’ —or the real world— in its attempts to debase the Ukrainian government.
Moscow is one of the most apt users of cyberspace for military ends, possessing a broad range of capabilities we’ve seen displayed in previous Russian actions against its neighbours. Despite possessing the capability to essentially shut down neighbouring states’ infrastructure, Russia has shown restraint in its usage of cyber capabilities. Russian’s primary capability —the type crucial to hybrid strategies— is the ‘hacking’ activities we’ve seen in Estonia, Georgia and now Ukraine. This capability consists mostly of low-level attacks which gain access to media accounts that are then blocked or defaced. Additionally, this capability uses Distributed Denial of Services (DDoS) attacks which essentially spam an enemy network using a ‘botnet’ hijacked private computers, disallowing the user of the enemy network from accessing his or her own system. An impressive version of this attack was seen in Georgia in 2008, where the National Bank of Georgia was forced to sever its entire internet connection for ten days, thus stopping all transactions. According to Jeffery Carr, a U.S. Government consultant, an additional level of capabilities is one we haven’t seen. “Russia has the capability to completely shut down Ukraine’s infrastructure…but if they did that it would be inviting all kinds of sanctions.”
Col. Aapo Cederberg (Ret.), a senior advisor in emerging securities at the Geneva Centre for Security Policy, agrees and called Russia’s position vis-à-vis Kiev as one of “clear superiority”, but asserts that Russia’s reason for restraint in cyberspace in recent conflicts has been because “western countries are following this crisis very carefully and analysing the level of knowledge of Russia in cyber operations. They want to keep their real capacity in reserve for the future.” The strength of this argument comes mostly from the primary goals of hybrid warfare itself, recalling that the end goal of hybrid strategies is —at least in the short-term— to have a destabilising effect on one’s adversary.
Before we explore that argument further, it’s worth noting what Moscow has actually done in Ukrainian cyberspace. Much of Russian activity has been aimed at disrupting Ukrainian telecommunications. This is a particularly important infrastructure for a country which has a capital to the West and is fighting separatists to the East, and is also an easy network for Moscow to access. A 2014 Reuters article noted that “much of Ukraine’s telecommunications infrastructure was built when it was part of the Soviet Union, along with what is now the Russian Federation, and is particularly vulnerable to penetration by Moscow.” John Lewis, a fellow at the Center for Strategic and International Studies in Washington D.C., went so far as to claim that “the Russians have the place completely wired…That they haven’t done more probably reflects their confidence that they’re going to come out ahead and there’s nothing anyone can do about it.” As far as the ‘hacking’ activities we discussed earlier, DDoS and defacing attacks against pro-European individuals and networks in Kiev were being carried out by pro-Russian ‘hacktivists’ in the Donbas even during the days of the initial protests against Yanukovych’s incumbent government in February 2014. These kinds of attacks continued with at least tacit compliance if not support and coordination from Russian signals intelligence (SIGINT) once the ‘hot conflict’ between Kiev’s transition government and the separatists began in March 2014. During the annexation of Crimea which followed, Putin’s ‘Little Green Men’ raided the Crimean offices of Ukraine’s Ukrtelecom, destroying finer optic cables and essentially cutting off the peninsula from contact with Kiev.
How then has the Ukrainian Government defended itself from and secondly responded to Russian cyberspace aggression? The answer to the first part is that Kiev is currently essentially defenceless and the answer to the second part lies in Ukrainian nationalist hacker groups.
As part of the NATO focus on “non-lethal aid” for Ukraine —as opposed to providing weapons such as missiles and small arms— the United States and other NATO nations have focused a large part of their support for Kiev on cyber. Following the 2014 Wales Summit, NATO nations agreed to a combined aid package of $20 million for training and cyberspace capability-building, and the former direct of Romanian intelligence has confirmed that Romanian Intelligence has been monitoring Ukraine’s key vulnerable sectors for Russian infiltration and has been advising Kiev on how to bolster its systems’ defences.
Kiev must fight fire with fire. In cyberspace, offence has the complete advantage and offensive actions have no risk as far as loss of life and are thus advisable during war under all conditions. Recall the actions of pro-Russian hacker groups after the start of pro-EU protests in Kiev? While the Ukrainian military possesses essentially null capabilities in cyberspace, Ukraine does have a thriving internet community containing many skilled computer experts which would be willing to hack for their country. Following the initial Russian cyberattacks on Kiev during the early days of the ‘hot’ conflict, Ukrainian hacker groups Cyber Hundred and Null Sector launched retaliatory attacks on the Kremlin and the Central Bank of Russia. The best tactic in cyberspace is counter strike, as attacks cost essentially nothing to one’s adversary and only damage done through retaliation can act as a sufficient counter. Rather than wasting time and money developing a cyber-strike capability of its own, Kiev should take advantage of the skills of civilian hackers, just as Russia has done with pro-Moscow hackers in the Donbas, to engage in retaliatory attacks against Russia.
How does this cyber capability factor into the overall Russian hybrid warfare strategy? Colonel Cederberg describes it as another tool for Moscow and notes that since Russia has achieved “clear superiority in all other domains of this crisis as well” without using cyberspace to paralyse Ukrainian infrastructure, they have no incentive to utilise the full extent of their capacities. As noted in the beginning of this article, hybrid warfare seeks to destabilise and not destroy. Russia has not used its overwhelming conventional abilities such as strategic bombers, long-range artillery, and naval forces to destroy Kiev’s capacity to fight, so it follows logically that they would not go all-in with their cyberspace tactics either. Hybrid warfare is about carefully managing the level of escalation in a crisis to one’s advantage, and using cyber sparingly in this case seems the most logical path for the Kremlin. Many scholars of international relations assert that the threat of ‘power held in reserve’ is far more coercive than power that is actually used. Fear is more powerful than pain. The fact that the Kremlin could completely decimate the functioning of the Ukrainian state should it wish to do so is far more powerful as a threat than as an actual action, like a guillotine hanging over the heads of Ukrainian negotiators. Russia does not plan on using this capability, for doing so would require an escalation of all elements of the hybrid warfare strategy, including kinetic aspects, and the price of this action far outweighs Moscow’s possible payoffs.
Jackson Webster is originally from Los Angeles, California, and is now based in London where he studies at King’s College London. He is reading for a degree in International Relations at the Department of War Studies, specialising in Multilateral Security, Risk Assessment, and the Middle East. He is the President of the KCL United Nations Association and is also a Content Editor at Dialogue Magazine.