Cyber warfare: the Russians not up to par?

“Sub-threshold” operations

One of the greatest fears when the invasion began was a mushrooming of cyberattacks by groups of Russian hackers. And there were some, particularly on the day the invasion started, against Ukrainian State infrastructure, as well as cyberattacks against Western countries that supported Ukraine. But for now, these attacks have not been as significant as expected and have always remained “beneath the threshold”, so as not to be considered direct attacks.

Today, one might assume a form of restraint on Moscow’s part, but there are also two practical reasons to consider.

Every cyberattack exploits a security flaw, which, once revealed, is most often corrected. Consequently, some attacks are one-offs: as soon as the opponent understands the flaw that was exploited, the same attack is no longer possible. We can therefore presume that the warring nations are keeping their most sophisticated attacks for a strategic context that would actually warrant their use.

Not all cyberattacks are meant to have visible effects. Cyber operations also have an important role in terms of intelligence, data theft or information scrubbing, and must remain as stealthy as possible and therefore unknown.

Cyber warfare: a limited military impact

The majority of cyberattacks were indeed bothersome but they had a very weak impact on military operations themselves. The only digital attack that had a noticeable and measurable effect was the one successfully conducted against the American KA-SAT satellite network used by the Ukrainian Army. Russian forces attempted, and are still attempting, albeit unsuccessfully for now, cyberattacks on the STARLINK constellation, which is now widely used by their adversaries. They have also conducted several jamming operations against the constellation thanks to their “Bylina” and “Tirada-2” RB-109A satellite jamming systems. In the face of these attacks, the STARLINK company set up a software patch to restrain the effects of jamming to a few short disconnections.

Moreover, a great deal of military equipment runs on systems that are isolated from the internet, which protects them and explains the relatively limited impact of these attacks.

Nevertheless, it is difficult to assess the real effect on operations: to what extent can actions influencing public opinion, intelligence gathering and DoS attacks shape the course of the war?

The limits of Russian electronic warfare in the Ukrainian context

Aside from a few localized and sporadic instances of GPS jamming, Russia’s jamming might has remained rather discreet. There are three main reasons for this:

• Land systems are primarily designed to jam an enemy’s aircraft radar (fighter jets and AWACS) when they come close to or penetrate the defended territory. With the Ukrainian air force quickly reduced to the bare bones, this type of jammer had little operational utility. By contrast, airborne jamming can disrupt communications and radar fairly deep into the opponent’s territory, which is particularly interesting in offensive maneuvers; but Russian assets in this area (a dozen specialized aircraft and several jamming pods) are in too short supply to effectively support the invasion.
• For technical reasons, Russian forces have had to resort to civilian resources (private mobile radios, walkie-talkies, internet, mobile phones…) and thus give up on disrupting their associated radio frequency bands. The Russians therefore only found disadvantages in conducting massive jamming operations on civilian communications.
• The Ukrainians use land/air systems that are near identical to the ones used by the Russians, therefore it is difficult not to jam the two systems indiscriminately. As attack drones constitute a constant and widespread threat across the front, Russian forces must, ideally, keep their land/air systems working all the time. In these conditions, it is difficult to activate jamming systems that could deprive them of their vital anti-aircraft defenses.

GNSS jamming, a double-edged sword

In Ukraine, jamming GPS signals alone serves a limited purpose. Civilian drones used by both parties generally use two or three different GNSS constellations to pinpoint their location (GPS, GALILEO and GLONASS essentially). To produce an impact, it is necessary to jam all these constellations, of which the GLONASS system is used by Russian forces. A widespread and constant use of GNSS jamming is therefore counterproductive in Ukraine as it handicaps the Russians just as much as the Ukrainians.

The war in Ukraine, in many respects, is considered a high-intensity conflict. This is undoubtedly true concerning combat but, for reasons that are just as structural and specific to this conflict as they are political or operational, cyber operations remain, at this stage, at a threshold that is rather far from high intensity. Due to the restraint observed in regard to the use of cyber resources, it remains difficult to get an idea of the real operational consequences a high-intensity cyberspace confrontation would have.