501. Integrating Cyber Into Warfighting: Some Early Takeaways From the Ukraine Conflict
- Author:
- Ariel Levite
- Publication Date:
- 04-2023
- Content Type:
- Working Paper
- Institution:
- Carnegie Endowment for International Peace
- Abstract:
- It is too early to draw definitive conclusions about cyber warfare in the lead-up to and the execution of the Ukraine war. Data are lacking, and the outcome of the conflict remains uncertain. Yet through monitoring and analysis of a single year in the first major war into which cyber has been extensively woven, we do know enough to be able to generate some tentative, high-level, generic propositions on the nature of cyber conflict. These propositions draw on wide-ranging press reporting and extrapolate from several superb pieces recently published by my colleagues Jon Bateman, Nick Beecroft, and Gavin Wilde, as well as Microsoft’s recent report on the cyber dynamics of the conflict.1 However, we must still tread cautiously. Our propositions draw on highly imperfect empirical knowledge of a single historical case that is still unfolding.2 Current and future antagonists are also constantly learning from their own and others’ analyses and enhancing their performance, which can render current assessments obsolete.3 For this and other reasons it is quite possible that some of the cyber dynamics unfolding in and around Ukraine may play out differently later in Ukraine as well as in other, future confrontations. As we have observed over millennia, the balance between offense and defense can shift over time; this dynamic may well play out in cyberspace as well. It is also important to note at the outset that widespread assessments disparaging the utility and expediency of Russian cyber operations in the Ukrainian conflict (and projections regarding future conflicts) are presently limited by far more than a lack of comprehensive and reliable empirical data. We also lack insights into the metrics and criteria that each of the protagonists uses to assess the success and failure of cyber’s overall performance in the conflict, and we have only fragmentary evidence of the role each party expected cyber operations to perform. Moreover, even if we had such information, Ukraine-specific answers might not apply elsewhere because the expectations for cyber and the metrics for assessing its performance may vary not only over time and between protagonists but also from one conflict to another. In this context it is important to underscore that some specific factors that possibly helped diminish the efficacy of Russia’s offensive cyber operations in Ukraine may not apply elsewhere. Three in particular deserve to be noted here: Russia’s unique approach toward cyber warfare; the level of external support that Ukraine received before and during the war from some leading national and multinational cyber powers; and the sophistication and battle-tested experience of Ukraine’s cyber warriors.4 Nevertheless, even if some of the cyber characteristics of the Ukraine conflict ultimately turn out to be sui generis, they are instructive given the novelty of the field and the involvement of major powers in the conflict. Hence, there is considerable value in advancing these propositions to focus attention on certain questions and facets of cyber conflict, facilitating their review and reassessment as more comprehensive and reliable information becomes available and developments on the battlefield evolve. But the reader should consider the interim observations and propositions offered here as hypotheses employed as a heuristic to encourage debate and invite feedback. All the propositions offered below pertain to our core conception of what cyber warfare is about. Some of the propositions we advance are novel; others reaffirm or refine tentative assertions made before the war. Taken together they suggest a more subdued view of the utility and impact of cyber warfare than was generally found in prewar speculations. More importantly, the Ukraine war reveals that nations diverge significantly in the role and aims they assign to offensive cyber operations as well as the institutional setup and operational modalities they use for conducting them. Most glaringly, the U.S. perspective and approach (emulated in whole or in part by several other Western nations) differs deeply from that of Russia, which makes it reasonable to expect similar divergence across similar regimes. We group our propositions under three temporal headings: the prewar period (starting in 2014);5 the war itself (beginning on February 24, 2022); and finally, the postwar period, after kinetic hostilities eventually die down. Obviously, we cannot know when this last phase will begin; nevertheless, analysis of trends that were manifest in the two earlier phases of the conflict provides a tentative basis for predictions as to what might be expected down the road. This broad scope is driven by two considerations. First, it is designed to underscore the considerable relevance of cyber operations across various phases and types of conflicts. And second, it highlights continuity as well as change between cyber action in peacetime, in wartime, and in grey area situations, as well as during the transitions between these states of confrontation.
- Topic:
- Cybersecurity, Conflict, Non-Traditional Threats, and Russia-Ukraine War
- Political Geography:
- Russia, Eurasia, Ukraine, and United States of America