Russia's Experimental Hybrid War With Ukraine

 

“The threats Ukraine faces are harbingers of things to come for the US and its other allies,” said Junaid Islam, chief technology officer and president of Vidder, a California-based cybersecurity firm that does work in Ukraine. “It is in the national strategic interests of both the United States and Ukraine to cooperate deeply in cybersecurity because Ukraine is a canary in the cyberspace coal mine,” Islam said

 

 

The Ukrainian government recently has been attacked by “undetectable” computer viruses that target “particular individuals, in particular departments, and they’re constructed based on the social understanding of social media by particular people,” Dmytro Shymkiv, deputy head of the Presidential Administration of Ukraine on Administrative, Social and Economic Reform, explained recently at  the 2017 Future in Review conference. “Russia recruit’s psychiatrists, scientists, and neurologists, who construct these things to target particular individuals,” Shymkiv said.

 

According to Ukrainian security officials, Russian agents build a psychological profile of their mark through his or her social media footprint. Then, using that information, the Russians can make personalised computer viruses, or run a social media influence operation specifically crafted with that one particular person in mind. “People say, ‘Well, that’s a science fiction.’ It’s not,” Shymkiv said. “When the annexation of Crimea took place, [Russia] shut down the internet to Ukraine, and they used social media to influence people’s behavior. And you can influence people’s behavior. You do it in a nice way, posting things to their friends, et cetera. There’s a whole factory in Russia doing this.”

 

This is known in the cybersecurity world as “social engineering”, a form of cyberattack in which people are psychologically manipulated into performing actions or divulging confidential information. According to some security experts, the best defense against this kind of threat is education. “Man is the weakest link in the chain of information technology,” said Mykhailo Vasyanovich, head of the Public Council for the Ministry of Information Policy of Ukraine. “With such cyberattacks, which are now taking place in Ukraine, it is necessary to raise the level of information technology literacy of users by conducting educational work on cybersecurity among employees of private and state enterprises,” Vasyanovich said.

 

Some experts worry this reliance on the security savvy of Internet users to fend off Russian cyberattacks might be a vulnerability for the US. “What may especially worry the US is that Russia targets influential individuals, such as journalists or political analysts, especially those of rather skeptical approach toward Moscow,” Daniel Szeligowski, senior research fellow on Ukraine for the Polish Institute of International Affairs, told The Daily Signal. “Unlike institutions or infrastructure, they don’t have state protection and are thus vulnerable to intimidation and blackmailing,” Szeligowski added. “And given the rising popularity of social media, such a threat is even more widespread.”

Hybrid War

 

 

 

All of these tactics have also been used by Russia against the U.S. since Russo-American relations took a nosedive in the fallout over Russia’s military aggression against Ukraine in early 2014. “Ukraine is a perfect testing ground for hybrid warfare,” Szeligowski said. “Thus, it is no wonder that Russia has already seized the opportunity, and in Ukraine it has made a dry run of all sorts of its offensive techniques.”

 

Russian hybrid warfare is not covert warfare. Rather, it’s the combined use of conventional military force with other means such as cyberattacks and propaganda to sow chaos and confusion, both on the battlefield and deep behind the front lines.

Hybrid warfare is an evolving threat spanning every combat domain. Particularly, hybrid warfare weaponises many pieces of everyday life, including smartphones, social media networks, commercially available computer software, and journalism.

“Russia is testing in Ukraine both procedures and concepts, which later on are being applied in the West, such as during the US and French elections,” a Polish security spoke incognito, asking not to be named due to professional restrictions on speaking to the media.

 

 

Russia’s use of social media and cyberattacks as weapons of war might be innovative, but, at its core, it’s a modern revamp of a Cold War-era idea. Hybrid warfare is the Kremlin’s contemporary take on a Soviet military doctrine called “deep battle,” in which front-line combat operations are supported with operations to spread chaos and confusion deep within the enemy’s country. Hybrid warfare also draws on the Soviet Union’s well-documented history of “influence operations” against the US and other Western allies.

 

 

The advent of the internet, and social media in particular, has given the Kremlin direct access to the populations of its adversaries, bypassing the gatekeeper role America’s media institutions used to play. “Everything today is digitised, including phone and mail services, and everything runs on the same network,” Kenneth Geers, ambassador of NATO’s cybersecurity center and a senior fellow at the Atlantic Council, told The Daily Signal. “There is only one Internet, and one cyberspace, inhabited by all of the world’s citizens, soldiers, spies, and statesmen.”

 

Meanwhile, Americans’ distrust in their media institutions has reached historic levels. Russia has stealthily taken advantage of Americans’ crisis of confidence in the media to permeate the US news cycle with misinformation spread by propaganda mouthpieces cloaked as alternative news sources, such as RT and Sputnik.

 

Some commercial cybersecurity firms have stepped in both to harden Ukraine’s cyber-defenses and use lessons learned from Ukraine to craft better defenses for the US to counter Russia. “With the world increasingly digital and connected, Ukraine is of strategic, vital interest to the West,” said Greg Ness, a cybersecurity specialist and vice president of marketing at Vidder. “What happens in Ukraine doesn’t stay in Ukraine.” California-based Vidder has put together a team of cybersecurity experts to comprise the core of a proposed US-Ukraine cybersecurity center with offices in Kyiv, Washington, and Silicon Valley.

 

“By ensuring that Ukraine adopts leading cybersecurity solutions and best practices, we will not only provide Ukraine with the best protection from cyberattacks, but it also helps US experts develop new and more effective technologies and strategies in the future,” Islam, Vidder’s president, said. “It will also help establish Ukraine as a secure, stable, prosperous, and reliable ally in Eastern Europe.”

 

The war in Ukraine has shaped how NATO forces are training for the next military conflict.NATO and Ukraine already cooperate in a joint center to counter hybrid warfare. The center is part of the Comprehensive Assistance Package that NATO pledged to Ukraine during the alliance’s summit in Warsaw last year.

 

According to NATO, the joint center will be “a platform for identifying lessons learned from hybrid war in Ukraine.”

For its part, the US military has reportedly been studying the war in Ukraine to shape its own military doctrine. Lt. Gen. H.R. McMaster, the Trump administration’s national security adviser, recently directed a study to analyse Russia’s hybrid warfare tactics in Ukraine in order to craft recommendations for the US Army. 

 

Not all of Russia’s hybrid warfare tactics in Ukraine would be effective against the US. “There is a yawning gap between Ukrainian and American cyber capabilities, not to mention cultural and linguistic differences between Russians and Americans,” Szeligowski said. “But it goes beyond any doubt that, at least at some point, Russia already used hybrid warfare instruments against the US, and did it effectively.”

 

The effects of Russia’s proxy war against Ukraine are limited to a 250-mile-long static front line in southeastern Ukraine’s Donbas region. The war is moderated in intensity and is geographically frozen according to the rules of the February 2015 cease-fire deal, known as Minsk II. More than 10,100 Ukrainians have died so far in the war. The conflict has displaced about 1.7 million people. Yet, the physical consequences of the war are quarantined from most of the country. Outside the range of the artillery, mortars, rockets, and tank shots, you’d hardly know there was war going on.

 

 

Consequently, there’s hardly any part of Ukrainian life that hasn’t been affected by Russia’s ongoing hybrid war.

Russian cyberattacks have hit Ukraine’s power grid, water supply systems, the country’s banking system (shutting down ATMs), its largest international airport, and the electoral process.

 

In December 2016, a cyberattack, which Ukrainian officials attributed to Russia, took down one-fifth of Kyiv’s electrical grid. Since 2014, Ukrainian security services have thwarted numerous cyberattacks in which malware from abroad was used in attempts to steal classified information from Ukrainian government networks. In the eyes of Ukrainian security officials, the internet has become as much of a battlefield as the trenches in the Donbas region. The main goal of Russia’s information warfare, according to Ukrainian security officials, is to incite civil unrest throughout all of Ukraine and to undermine the government’s credibility.

 

Since 2014, Ukraine has established a Situation Center for Cybersecurity, and Ukrainian officials have fostered closer ties to Western intelligence agencies to bolster their cyber-defenses.

 

Russia’s purchase of $100,000 worth of Facebook advertisements in the run-up to the 2016 U.S. presidential election sparked a media frenzy in America and an outcry from lawmakers for social media sites to provide better transparency about the identity of those who purchase advertisements on their sites.

 

In a sweeping ban announced in May, Ukrainian officials banned Russian internet search engines, including Yandex, as well as popular Russian social media sites such as VKontakte, which millions of Ukrainians used. The ban prompted some pushback from Ukrainians, who used these sites for many daily tasks and for social reasons. But Ukrainian officials insisted the sites posed a national security threat, which warranted the free speech trade-off.

 

Also in May, Ukraine banned commercially available Russian software, including anti-virus software from Moscow-based Kaspersky Lab, the same company US officials now say was used as a Trojan horse for Russian intelligence agencies to steal classified information from the US government. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security,” the Department of Homeland Security said in a Sept. 13 statement posted to its website.

 

US intelligence officials said Russian intelligence services had modified anti-virus software from Kaspersky Lab to clandestinely search computers around the world for classified US government documents and top-secret information.

“Possessing a worldwide deployment of sensors may be too great a temptation for any country’s intelligence service to ignore, and Kaspersky may have been forced into a quiet business partnership with the Russian government,” Geers, the NATO cybersecurity specialist, said.

 

Similarly, news reports recently detailed how Russian military forces have been targeting the smartphones of NATO troops to gather intelligence. Ukrainian soldiers in the eastern war zone have long been advised by their leaders not to turn on their smartphones while in the war zone. Russian forces reportedly have used the cell signals emitting from Ukrainian soldiers’ phones to target its artillery. For years, Ukrainian soldiers have reported receiving death threats and demands for their surrender from their enemies over cellphone text messages.

 

Journalism has been one of Russia’s most lethal weapons against Ukraine. Ukrainian officials have banned a slew of Russian TV stations from broadcasting in Ukraine, and foreign journalists accused of spreading Russian propaganda have been booted out of the country. Anti-propaganda outlets in Ukraine such as StopFake.org also monitor media reports for Russian disinformation and are dedicated to setting the record straight.

 

To counter Russian propaganda in the war zone, Ukraine’s government has rebuilt its TV and radio broadcast network in the east, which Russia and its separatist proxies destroyed in the opening days of the war.

 

For years, Ukrainian citizens in eastern Ukraine could access only Russian TV channels for their news. Now, Ukraine has taken back control of the airwaves. While not as evident or as spectacular as the artillery bombardments and the tank battles, the battle for broadcast dominance in eastern Ukraine is a key piece of the overall war effort for Kyiv. After all, many Ukrainian citizens in eastern Ukraine can’t tell whether the artillery they are living under is fired from Ukrainian or Russian forces. And so long as they had access only to Russian television networks, which exclusively painted Ukrainian forces as the aggressor and, consequently, responsible for all civilian casualties, public opinion toward Ukraine’s central government was under an endless stress test as the war dragged on.

 

Now, with Ukraine able to defend itself on the airwaves, Russia has lost a potent weapon to turn the citizens of eastern Ukraine against their own government. Similarly, US lawmakers have debated how to defend the US population against Kremlin-backed news outlets, including RT (formerly Russia Today) and Sputnik, which US officials have called out as Russian propaganda mouthpieces.

 

 

In America, as has been the case in Ukraine, manipulation of the media by a foreign power increasingly is regarded as a hostile act warranting retaliation. “America has experienced a sustained attempt by a hostile power to feed and exploit our country’s division,” former President George W. Bush said in alast year. Russia “has made a project of turning Americans against each other,” Bush said, adding, “Foreign aggressions, including cyberattacks, disinformation, and financial influence, should never be downplayed or tolerated.”

 

Daily Signal: 

 

 

Russian General Brags About Cyberwar Successes: