Cyber Warfare Lessons From the Russia-Ukraine Conflict

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

James Turgal, VP of Cyber Risk, Strategy & Board Relations, Optiv

May 22, 2023

5 Min Read
Digital hand grenade
Source: Brain light via Alamy Stock Photos

The Russia-Ukraine war has taught us a lot about cyber warfare. After all, it's the first time ever that a world-class cyber power is simultaneously engaged in a kinetic war. But before we can fully grasp the lessons that have surfaced over the past year, we first have to understand what role cyber plays as part of active kinetic warfare, as well as the criteria that determines its effectiveness.

Breaking Down Cyber in Warfare

The main roles of cyber in warfare include: 1) espionage, 2) sabotage, 3) propaganda, and 4) disruptions usually caused by distributed denial-of-service (DDoS) attacks targeting government, electrical, and economic/financial institutions. I believe cyber warfare is two parts information warfare using cyber tactics and techniques and one part cyber warfare with actual destruction.

Cyberattacks with strategic or military implications can include the manipulation of software, data, knowledge, and opinion to degrade performance and produce political or psychological effects. Introducing uncertainty into the minds of opposing commanders or political leaders is a calculatable military objective. Manipulating public opinion to damage an opponent's legitimacy and authority in both domestic and international audiences also is valuable. Some actions may provide only symbolic effect aimed at a domestic audience, but this too is valuable for a nation at war.

So, how can we judge the effectiveness of cyber warfare attacks? My more than two decades of experience serving as an FBI agent taught me that the criteria for success in deploying cyber offensive tactics lies across five areas:

  • Creating chaos

  • Collecting intelligence

  • Driving narratives to shape opinions (disinformation)

  • Inflicting damage to data or ecosystems

  • Stealing/exfiltrating victim data for extortion and/or sale to criminal data brokers

Cyber Warfare in the Russia-Ukraine Conflict

Russia has largely been cited as an "aggressor" in its conflict with Ukraine. But it is important to remember that because cyber knows no boundaries, any country or hacktivist group can join the battle with impunity — it is one of the ways cyber is fundamentally different from traditional warfare, and a dynamic that both sides have benefited from and been victimized by.

Russia holds a broad definitional concept of information warfare, which includes intelligence, counterintelligence, deceit, disinformation, electronic warfare, debilitation of communications, degradation of navigation support, psychological pressure, degradation of information systems, and propaganda.

As used by the Russian military, cyber power is a key facet of hybrid warfare and is an important enabler in the Russian political strategy to oppose NATO's expansion and cohesion. Cyberattacks can be targeted specifically toward and with the purpose of eliminating key networks but also can be used as a tool to intensify the fog of war by sowing confusion within command-and-control networks. If local political and military leaders can't get ahead of and develop an accurate estimate of quickly developing events, critical hours or even days can be gained with which an adversary can create facts on the ground that cannot easily be reversed. As part of its military campaign, Russia used myriad cyberattacks against computers in Kyiv, Poland, the European Parliament, and the European Commission prior to rolling tanks across the Ukraine border.

Here are just a few examples of cyber warfare tactics used in the Russia-Ukraine conflict:

  • The Russians targeted Viasat, a US satellite communications company that provided support to the Ukrainian military, with malware designed to erase its data before disabling it. The Russians did not limit the malware's scope, and it affected other ground satellite components, causing hundreds of thousands of people outside of Ukraine to lose electrical power and Internet connection.

  • A cyberattack against the City Council of Odessa, a major Ukrainian port city situated on the Black Sea, was timed to coincide with a cruise missile attack that was meant to disrupt Ukraine's response to Russian forces attacking in the south.

  • Cyberattacks also have been launched against many parts of Ukraine's infrastructure and government and civilian networks, including hospitals.

  • Ukrainian military units have created bogus dating websites for Russian soldiers, coupled with social media platforms, to lure Russian troops to use their personal mobile devices — at which point Ukrainian troops triangulate their location so they can use a drone to drop a bomb on their geolocated positions.

Even though Russia is considered one of the most dangerous cyber-nation-state actors, the use of cyber warfare tactics against Ukraine leading up to and currently during their one-year-old unprovoked war shows that offensive cyber techniques, when used as a separate warfighting domain, does not necessarily offer magic solutions and miraculous shortcuts to achieving strategic military goals. Similar to when the Russian Army deployed cyberattacks against Georgia in 2008 and Syria after that armed conflict, when the Russia-Ukraine war ends, we will have another example for history to judge the effectiveness of Russian cyber-enabled warfare.

Lessons Learned So Far

Cyber warfare is real, and it is playing out in various theaters across the world — some visible, as in the Russia-Ukraine conflict, and others behind-the-scenes. There will be many lessons learned from these actions, but here are a few takeaways we have so far:

  • The effects of cyberattacks are difficult to contain when not coupled with kinetic military activity. The effects most always extend far beyond the intended target and can be used more as a strategic weapon as opposed to a tactical or precision weapon.

  • Attribution of cyberattacks is difficult and more easily denied. Cyber warfare sits in a gray zone, as it can be used by state and non-state actors, with fewer inhibitions than kinetic strikes.

  • With the use of non-state or patriotic proxies, cyberattacks are less manpower-intensive than kinetic attacks but certainly require more skills to prepare and execute and can be just as devastating to the victim's infrastructure.

There is no question that cyber power is being wielded as a strategic weapon alongside the use of kinetic force in the Russia-Ukraine conflict. And cyber warfare allows power and force to be democratized and sold on the Dark Web, available to anyone with technical skills — irrespective of borders, authorities, or affiliations. Because of this, we must start to think ahead of the threat and develop strategies to respond to these challenges at scale.

About the Author(s)

James Turgal

VP of Cyber Risk, Strategy & Board Relations, Optiv

James Turgal is the former executive assistant director for the FBI Information and Technology Branch (CIO). He now serves as Optiv Security’s vice president of cyber risk, strategy, and board relations. James has personally helped many companies respond to and recover from ransomware attacks and is well versed in speaking with top-tier media.

James draws on his two decades of experience in investigating and solving cybercrimes for the FBI. He was instrumental in the creation of the FBI’s Terrorist Watch and No-Fly Lists.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights