Cyberwar via Cyberwar during War

I heard you like cyberwar, so I put a cyberwar in your war so you can cyberwar via cyberwar...

The Russians go to a lot of effort to hack the Ukrainian electrical grid and do “flick the light” cyber attacks.

These last a few hours, don’t really cause that much damage (compared to say, shelling) and the military objective is clearly missing as there is never any follow up or attempt to use “light flicking” as part of a combined arms operation. It is just some considerable effort put into flicking the lights.

Heres the thing: The only people absolutely terrified of flicking the lights as a cyberwar activity are the Americans (and the West in general). “Cyber light flicking” isn’t militarily useful and isn’t even some sort of “strategic bombing” version of cyber war. The Ukrainians, modern as they are, are probably stoic enough to suffer threw a few hours of power outages in the middle of a shooting war.

Even American civilians have been known to survive for several hours without power, see CyberSquirrel1 for examples.

This light flicking costs money and burns some cyber capabilities these operations cost resources: the malware gets discovered, the vulnerabilities patched, etc. This isn’t free. Just planning and managing the operation is going to consume considerable time and resources. So these are expensive little ops with no apparent military objective.

Why would the Russian forces do something like this? There is one very obvious answer, but it seems to get lost in the excitement over “real” cyberwar. I think this is a layer deeper, using cyber for PSYOPS. Russia is signalling a capability to the US, one that they know the US (and the West) is uniquely terrified of. The spectre of cyberwar as the West understands it: “light flicking”.

There is a long history of Russia and the US using wars as a way of signalling to each other.

Here’s my speculation: The American cyberwar industry is currently all caught up in trying to figure out what counts as deterrence in the cyber domain. This a silly idea, but basically they are mentally modelling cyber like nuclear weapons.

Just like generals always fight the last war rather than the current one, the West are trying to model cyber as the last war that never happened. I think this is a completely foolish idea, but then again I don’t run a think tank.

The West believes that cyberwar is only real when there is a kinetic effect (eg light flicking), and they are also postulating that deterrence happens when you demonstrate your capability to your opponent so they know you can fuck them up. Russia is just demonstrating capability to deter the West from engaging in active cyber kinetic assaults.

I don’t believe that Russia has adopted the “demonstrate capability to deter activity” theory, but they know the West has, or at the very least is contemplating it. It’s a game they’re happy to play in the hope the West will follow through on their theories as praxis. Flicking lights doesn’t match Russian doctrine. These actions are designed for a western audience.

This expensive light flicking makes more sense when viewed as an influence operation to signal the West that Russia has what the West itself believes are “real cyberwar cyberweapons”. I also think that Russia knows how to run a conflict in the informatics sphere and completely dominate. They have a much better understanding of how the use of the internet as an information platform can be used to manipulate the way that the adversary thinks. Long story short? They know what they’re doing.

The infosec industry and the cyber military complex have been extremely excited figuring out and talking about the “how” of the Russian cyberwar operations in Ukraine, but maybe it is time they starting asking about the “why”.

Russia has flicked Ukraine’s lights twice now. The first one wasn’t a test run to see if the system was operational – there was no military followup with the second event – and it wasn’t to gauge the response to the use of this new “cyberweapon.”

We know this because there was no response, even after the second attack. There is no reason to run two tests of an offensive operation if the first is successful. They want to make sure the West gets the signal.

SUBSCRIBE NOW:
Risky Business main podcast feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Our extra podcasts feed:
Listen on Apple Podcasts Listen on Overcast Listen on Pocket Casts Listen on Spotify Subscribe with RSS
Subscribe to our newsletters: