How technology makes war more terrifying

Russia’s Ukraine invasion is the first major physical war between developed countries in the connected age. As the tragedy continues to unfold, we’re likely to see it manifest in the digital systems that surround us. 

NOTE TO READERS: the war in Ukraine is something very hard to completely fathom – and it is impossible to feel “caught up” given the flood of information. So much to write about: 

-Belarus may be about to send its troops into Ukraine, setting up a 4th front. Minsk is now merely an extension of the Kremlin.

-Or Putin’s “don’t try to stop me or I’ll nuke you” which is not a threat you make from a position of strength. It comes from a position of extreme weakness, desperation even. But it will have repercussions.

-Or the article I noted over the weekend. Western security analysts have warned Putin has moved thermobaric missiles into Ukraine – “flame-thrower” bombs which Russia deployed in Chechnya and Syria and can cause huge loss of life. Neither the nuclear threats that Putin is deploying, nor the thermobaric missiles, both clearly intended to intimidate, can be entirely discounted given his state of mind.

-Or the issue that Russia has deployed over 10,000 skilled and battle-hardened Chechen fighters to Ukraine, allegedly to “hunt” some Ukrainian officials. These Chechen fighters have long had a reputation of taking no prisoners.

-Plus the Russian paradox. On paper, it is a state with a GDP the size of Spain, whose economy is vulnerable to disruption by the West. But its military technological capabilities in many respects exceeds the West. For example, Russia fields the Kh-47M2 Kinzhal (“Dagger”) missile. It is three times the size of a Tomahawk, and 13 times faster. It has the range to annihilate any U.S. carrier strike group at Mach 10.

-And I spent almost my weekend with military analysts who said many (1) overrate the Russian army (2) underrate the Ukrainian army, and (3) misunderstand Russian strategy and political goals. And I am not going to summarise that discussion here 😵‍💫

For this post I want to focus on cyberwar and its long-term effects. It might be said Russia has suffered a defeat in information warfare where it should be strongest. The narrative of Ukrainian success across main stream media and social media is having real consequences in terms of the strengthening the willingness of foreign powers to toughen sanctions and provide military aid. But whether Russia is really losing this war is still a big question – it’s too early in the game.

 

28 February 2022 (Berlin, Germany) – And so we have front row seats to watch the post-Cold War era get dismantled. It will be a staggering milestone with deep, deep ramifications. When I was at university I pursued a double major in political science/economics, with a minor degree in Physics. I spend 1+ years at the Sorbonne in Paris where you could not avoid studying Cold War international relations. I have kept my knowledge “warm” through the years, and quite “hot” with my cyberwar research in Ukraine (see below). This current conflict speaks to histories I’ve studied informally for more than 40 years.

Information warfare has always been the dominant Russian interest in the cyber domain. Some perspective from Alexander Klimburg in his book The Darkening Web :

Soviet computer systems nearly played a decisive role in world history. Already in the 1940’s, Soviet engineers had begun to make significant strides in computer science, and by the early 1970s some part of Soviet computing were equal to or even better than their US counterparts. Russian programmers have for decades played vital roles in the development of computing in general. Topcoder.com, a community Web site, has consistently ranked Russia the first nation worldwide in terms of providing sophisticated coders (with China second, Ukraine fifth, and the US only sixth). Indeed, brilliant Russian coders have a reputation of having helped build Silicon Valley.

The Soviet in-depth consideration of “cyber” was markedly different from the western approach to network systems. On its surface, the Russian interest in kibernetika, or “cybernetics”, was heavily informed by the writings of American mathematician who first coined the term. Norbert Wiener’s work was largely ignored in the US for decades many having perceived cybernetics as a minor branch of general system theory. Not so in the Soviet Union, where Wiener was celebrated as a philosopher of renown, somewhere between Gramsci and Hegel. As an MIT colleague once put it, “Wiener is the only man I know who conquered Russia, and single-handed at that”. The influence that Wiener’s cybernetics revolution had on post-Stalinist Russia is simply astonishing.

Alexander’s book is a “must read” to understand Russia and cyber. We did a video interview a few years back at the International Cybersecurity Forum in Lille, France and I shall include some snippets as part of my new, updated e-monograph on the history of Russian cyberwar.

As noted in previous posts, I have made several trips to Ukraine courtesy of a long-time cyber security vendor and client – all part of my background research for that monograph. It afforded me the opportunity to meet and speak with experts on the front lines of those campaigns. Because whatever you might think of Russia’s recent antics on the world stage, you have to concede: it has brilliantly exploited information-age tools to confuse audiences about what is truth, what isn’t, and to set their own narrative. The returns have been massive, and out of all proportion to the modest investment required. If you look at all the latest examples in real-time … the Skripal poisonings, the Kremlin propaganda & that of its allies, and even Robert Mercer and the alt-right (far, far bigger threats to America than Russia) … what you see is the dumping out of a hundred narratives, hoping that each one takes 0.5% of the attention away from the truth.

And that was my biggest take-away from the Mueller Report: the U.S. intelligence agencies had their first major intelligence breakdown in this new “information war” era – the complete failure to identify and fully grasp the magnitude of Russia’s use of social media. They totally missed Russia’s most important tool: the weaponization of social media. The Russian “information war machine” is simply incredible.

The Ukraine invasion is maddeningly hard to process. Even as we remain in a global pandemic, an unstable autocrat who brags about possessing nuclear weapons is disregarding many of the laws and norms established in geopolitics over the last 75 years.

But this is the first hot war between major developed countries since the world became digitally interconnected. And because of that, it could take directions that are truly unprecedented. The tank and missile attacks on Ukraine are terrifying and truly dangerous, but they are in many ways anachronistic. Other powerful and subtle weapons, digital ones, now exist that can disrupt and destabilize societies.

A global cyberwar could quite possibly begin. Russia, the world’s worst haven of cyber-criminality and a country with extensive digital expertise, has proven prone to lashing out in the digital realm. It can be expected to do so more, as it gets increasingly besieged by the world’s reaction to its ill-considered invasion. It’s already happening to the people of Ukraine. And the U.S. and allies will inevitably take advantage of our own vast capabilities to disrupt and alter communications systems, as we seek to find ways to push back against Russia’s aggression, yet avoid full-scale physical war.

The outcome of such hidden digital warfare is extremely difficult to predict, especially if it escalates. Some analysts say the U.S. and Russia may be restrained, at least at first, in using cyberweapons to expand the conflict by directly attacking one another. But as Politico noted over the weekend, Biden has already been presented with multiple options for cyber-attacks against Russia that would impair its ability to continue waging war against Ukraine, including “disrupting internet connectivity across Russia, shutting off electric power, and tampering with railroad switches to hamper Russia’s ability to resupply its forces.” If Russian aggression in Ukraine continues, or gets worse, U.S. cyberattacks could conceivably go further and, for example, shut down all of Russia’s pipelines. These kinds of capabilities are available to sophisticated cyber adversaries.

We really have never seen the full potential of the weaponization of the cyber realm, but with a digitally-sophisticated nation like Russia led by a heedless risktaker, it could get quite bad. Russia could also cause major disruption to our own national infrastructure. Could it, for example, attack the US banking system? We already saw the largest fuel pipeline in the U.S., Colonial Pipeline, shut down for days last year by a ransomware attack conducted by cybercriminals based in Russia. They and the many others in Russia like them will take orders from Putin if necessary.

One of the other most damaging recent cyberattacks last year was managed by the Russian intelligence services. It corrupted and took over software systems made by the company SolarWinds that were installed on hundreds of corporate and U.S. government networks. The assault may even have been a deliberate shot over the bow intended to warn the West of how bad things could get if it entered an ongoing cyberwar. But as I noted last week, a long-time contact of mine in the U.S. Cyber Command (he recently retired) had taken a more serious tone:

The SVR, Russia’s foreign intelligence service, has been linked to a number of espionage and data-pilfering campaigns, from the widespread SolarWinds breach in 2020 (whose victims ranged from government agencies to major corporations) to stealing information from Covid-19 vaccine developers. For years, Russia’s military intelligence service, the GRU, has launched destructive cyberattacks, from the NotPetya ransomware that likely cost billions globally, to shutting off power grids in Ukraine, to, just last week, launching a distributed denial of service attack against Ukrainian banks and its defense ministry. But it was the SolarWinds breach that told us how embedded there were, and frankly it will take us years to find out how deep.

But in Ukraine, we can see they can unleash their more expansive, complex, and often opaque web of proxies whose actors are happy to hack and attack on behalf of the regime. The Kremlin’s involvement with these groups varies and may fluctuate over time; it may finance, endorse, ignore, recruit, or use these actors on an ad hoc basis. Part of the reason Moscow protects or turns a blind eye to cybercriminals is economic—cybercrime brings in a lot of money—but it’s also so the state can sway those actors to do its dirty bidding.

Let me tell you – you think these threats seem confusing and overwhelming? That’s exactly the point, and that’s exactly what makes the threat against Ukraine so grave. My ex-colleagues at Cyber Command tell me Moscow is deploying, stationing, or leveraging both state and proxy hackers overseas to launch operations from within other Western countries. That have that capacity – at will.

The Russian attack on Ukraine is a consequence of a destabilized world. But that destabilization has partly been created by the weaponization of the cyber realm, which also includes the tools of digital disinformation. Putin weaponized Facebook to help Trump get elected and Brexit to pass. Those two events helped bring us to this moment. And there have been many other recent deliberate degradations of the digital world, caused by corrupt and dishonest governments and their leaders as well as others seeking to wreak havoc in their own interests.

Much of the action will not be on the ground in Ukraine, however awful that is. Much of it will be in the systems that flow around us and that we depend on all the time. As Azeem Azhar notes in this new book “The Exponential Age” in a chapter on the future nature of war:

During the Exponential Age, the attack surface expands and the weapons that can be used against it increase in number. It is not simply that our medieval king’s moat is drained of water; it is that the arrival of trebuchet and then cannons have rendered the thick walls meaningless, and the development of aircraft has neutralised the height of the ramparts. No-one today would think of using a castle to defend from a modern assault. This, in short, is what the technologies of the Exponential Age are doing to the modern state, not to mention modern businesses.

All of this leads to a classic exponential gap. The speed of technological change has created new potentials for our adversaries. But the channels we might use to attenuate conflict, or the resources we can draw on to reduce the severity of attacks, have not kept up.

But in the Ukraine cyber battle space – mixed results. While we have seen some low-level cyberattacks (like DDOS attacks on Ukrainian government websites) and the deployment of one nasty wiper worm, we haven’t seen any serious cyberattacks. Nor have we seen much evidence of Western powers using their offensive cyber capability to impact Russian functionalities.

On information operations, my sense is that Russia has not really succeeded in Ukraine or indeed in much of the West. Rather, the constant stream of TikTok and remarkable communications from the Ukrainians (who seem to be good at memeing and Substack), has forced Russia to close down their own information space. Given the widespread reaction to the Russian aggression, it isn’t clear that there is much Moscow can do to shift the narrative.

SURPRISING NOTE: as in recent conflicts, there is a flood of smartphone imagery from Ukraine, and the networks themselves mostly seem to remain operational. I’m not a military analyst, but failure to shut these down is one of many odd decisions, or failures, by Russia. The Ukraine government asked Elon Musk to activate Starlink satellite internet converage there, which he did. But note, of course, that any such devices produce signals that can be tracked and targeted with the right equipment.

We are still seeing cyber activity on both sides. Belarussian hackers have started to attack the Ukrainian military – the “independent” hacker group, Conti, has come out all guns blazing for the Russian dictator. (Conti were behind a ransomware attack on the Irish health system last year.) Anonymous has sided with Ukraine, stating “We want the Russian people to understand that we know it’s hard for them to speak out against their dictator for fear of reprisals. We, as a collective, want only peace in the world. We want a future for all of humanity”.

But the problem with cyberspace conflicts is that they are messy. Computer systems are networked, viruses hop from one machine to another, and cascading failures can emerge. Worse, the rules of engagement and escalation are rather unclear. The Russian military is not renowned in recent years for adhering to accepted norms of war, but in the case of cyberspace the norms for escalation are unwritten. Severe cyberattacks may be a trigger for even more severe physical attacks. Since 2019, NATO has acknowledged that a serious cyberattack could allow a member state to trigger Article V – defending NATO members.

CONCLUDING …

In an opinion piece this morning, Yuval Noah Harari noted that Putin could count on many known facts. He knew that militarily Russia dwarfs Ukraine. He knew that Nato would not send troops to help Ukraine. He knew that European dependence on Russian oil and gas would make countries like Germany hesitate about imposing stiff sanctions. Based on these known facts, his plan was to hit Ukraine hard and fast, decapitate its government, establish a puppet regime in Kyiv, and ride out the western sanctions.

But there was one big unknown about this plan said Harari:

As the Americans learned in Iraq and the Soviets learned in Afghanistan, it is much easier to conquer a country than to hold it. Putin knew he had the power to conquer Ukraine. But would the Ukrainian people just accept Moscow’s puppet regime? Putin gambled that they would. After all, as he repeatedly explained to anyone willing to listen, Ukraine isn’t a real nation, and the Ukrainians aren’t a real people. In 2014, people in Crimea hardly resisted the Russian invaders. Why should 2022 be any different?

The Ukrainian people are resisting with all their heart, winning the admiration of the entire world – and winning the war. Many dark days lie ahead. The Russians may still conquer the whole of Ukraine. But to win the war, the Russians would have to hold Ukraine, and they can do that only if the Ukrainian people let them. This seems increasingly unlikely to happen.

Each Russian tank destroyed and each Russian soldier killed increases the Ukrainians’ courage to resist. And each Ukrainian killed deepens the Ukrainians’ hatred of the invaders. Hatred is the ugliest of emotions. But for oppressed nations, hatred is a hidden treasure. Buried deep in the heart, it can sustain resistance for generations. To reestablish the Russian empire, Putin needs a relatively bloodless victory that will lead to a relatively hateless occupation. By spilling more and more Ukrainian blood, Putin is making sure his dream will never be realised. It won’t be Mikhail Gorbachev’s name written on the death certificate of the Russian empire: it will be Putin’s. Gorbachev left Russians and Ukrainians feeling like siblings; Putin has turned them into enemies, and has ensured that the Ukrainian nation will henceforth define itself in opposition to Russia.

Nations are ultimately built on stories. Each passing day adds more stories that Ukrainians will tell not only in the dark days ahead, but in the decades and generations to come. The president who refused to flee the capital, telling the US that he needs ammunition, not a ride; the soldiers from Snake Island who told a Russian warship to “go fuck yourself”; the civilians who tried to stop Russian tanks by sitting in their path. This is the stuff nations are built from. In the long run, these stories count for more than tanks.

Putin should know this as well as anyone. As a child, he grew up on a diet of stories about German atrocities and Russian bravery in the siege of Leningrad. He is now producing similar stories, but casting himself in the role of Hitler.

I think this war is likely to be long-lasting, and it will take different forms, and it may well continue for years. But the last few days have proved to the entire world that Ukraine is a very real nation, that Ukrainians are a very real people, and that they definitely don’t want to live under a new Russian empire.

And as an armchair historian facing my own memento mori I wonder if dear Vlad – an old man scared of death – is merely trying to turn back time. Ukraine and Ukrainians are as his blood sacrifice. His invasion of their country is his attempt to forestall his personal, inevitable demise. As we grow older, death becomes harder to ignore. As it approaches it’s natural to want to reverse time. We become nostalgic, a little bitter about the present. As death closes in we commit silly acts to prove we are still young. We try, a little comically, to thumb our nose against the inevitable.

Dodge reality. C’est la vie.

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top