Pages

10 August 2023

Digital Storm? The Modest Impact of Cyberwarfare

Brandon Valeriano


The idea that cyber operations are game-changing weapons of war echoes persistently through public debate, propagating a vision of a future where virtual battlefields decide the outcome of interstate conflict. This narrative is increasingly disjointed from the realities on the ground, with the war in Ukraine as a case in point.

As the world watched Russia amass troops on Ukraine's border and subsequently invade in February 2022, many analysts expected cyber operations to play a pivotal role. Some NATO researchers argued that Russia succeeded in cyberspace, arguing that “Russian cyberattacks on government and military command and control centers, logistics, [and] emergency services . . . were entirely consistent with a so-called thunder run strategy intended to stoke chaos, confusion, and uncertainty, and ultimately avoid a costly and protracted war in Ukraine.”

However, the actual course of events presented a different story and revealed a paradox. While there has been a surge in cyber operations during the conflict, their target demographics, severity, and methods have largely remained unchanged. Ukrainian cyber defenses have proved resilient, rendering the offense impotent.

In our recent Center for Strategic and International Studies (CSIS) series report of On Future War (OFW), “Cyber Operations during the Russo-Ukrainian War From Strange Patterns to Alternative Futures,” we challenge the prevailing belief in cyber operations as decisive operations in warfare. Instead, using statistical analysis, we argue that the role of cyber operations is supportive-adjunct rather than determinative in the Russo-Ukraine conflict.

Our team leveraged previously collected data through the Dyadic Cyber Incident Dataset 2.0 and identified thirty cyber actions between Russia and Ukraine from 2000 through 2020. To conduct our study through the 2022 Russian invasion, we reviewed weekly Ukrainian government and private sector reports to fill in gaps. In all, our research team counted forty-seven additional cyber operations launched by Russia against Ukraine from November 29, 2021 to May 9, 2022 (when the weekly reports stopped).


Figure 1 shows that 57 percent of Russia’s pre-invasion attacks originated from private or non-state entities. After the invasion, non-state attacks continued at 59 percent of the total.


Figure 2 demonstrates that while Russia increased cyber operations by 75 percent post-invasion, cyber operations nonetheless decreased in severity. Using a scale of zero to ten, we found that Russia averaged a severity of 3.18 pre-invasion but decreased to 2.45 after the launch of the “special operation.” This fact highlights that while the cyber campaign is ongoing, old-fashioned espionage and disruption are more frequent. This further aligns with our findings that there is no statistically significant difference in targets but a statistical difference in severity after the start of the war.

The empirical evidence demonstrates that while there has been a dramatic uptick in cyberattacks during the conflict, these attacks did not show an increase in severity, a shift in targets, or a change in methods. These results reinforce our point that cyber operations are not a means to an end, providing little to no advantage to Russia on the battlefield.

Despite doom-laden speculative proclamations of a revolution in warfare, Russia's actions have contradicted most popular expectations. While cyber-enabled targeting at the tactical level is almost certain to occur alongside signals intelligence, the prevailing trends suggest cyber operations have yet to make a material impact on the battlefield. Instead, cyber operations have played a supportive role, primarily bolstering information operations and disinformation campaigns that shape international opinion, particularly in the Global South.

As the war continues into its second year, deciphering the reasons behind cyber warfare's underwhelming performance in Ukraine will take time and careful examination. Our preliminary findings suggest a complex interplay of factors, including Ukrainian defensive hardening, international support from private sectors and allies, and possible limitations in Russia's preparations and capabilities.

The Future of Warfare

From our analysis, there are three possible future scenarios. First and most likely, Russia continues to grapple with integrating cyber and conventional operations in Ukraine and future conflicts. In this same scenario, Ukraine’s defense remains dominant, bolstered by years of resilience and maturing public-private partnerships. Second and least likely, Russia grows more desperate and regroups, launching a wave of cyber operations to target critical infrastructure in Ukraine and the United States to hamper counteroffensive operations and battle networks. This scenario is unlikely because escalatory actions are not the norm in cyber operations, driving our question, “Why hack what you can destroy?”

Finally, and not mutually exclusive, Russia continues to push out digital lies, focusing on influence operations and propaganda to degrade support for the war in the United States, Europe, and the Global South. In this scenario, Russia continues to target rising states like India or Brazil while positioning itself as an alternative model for aspiring authoritarian-populist leaders.

Our report highlights that in war, cyber operations serve as tools of political warfare. It is not difficult to imagine how cyberspace potentially endangers civil liberties and freedoms when cyber-attacks are directed at dissatisfied populations demanding change. As the community mistakenly focuses on cyber war, states will continue to face few restrictions on the practice of cyber repression shaping global discontent.

The Biden administration should focus on enabling integrated deterrence, including target hardening and operations supported by wargames, building stronger public-private partnerships. Meeting the challenge of disinformation and global attempts to distort public opinion through information operations will require a rethinking of how we frame cyber operations in public discourse.

No comments:

Post a Comment