The Cyber Edge Home Page

  • Intelligence community leaders, including (l-r) FBI Director Christopher Wray; Gen. Paul Nakasone, USA, director, National Security Agency and commander, U.S. Cyber Command; Avril Haines, director of National Intelligence, Office of the Director of National Intelligence; CIA Director William Burns; and Gen. Scott Berrier, USA, director, Defense Intelligence Agency, testify before Congress in March about lessons learned from Russia’s invasion of Ukraine.  Senate Select Committee on Intelligence
     Intelligence community leaders, including (l-r) FBI Director Christopher Wray; Gen. Paul Nakasone, USA, director, National Security Agency and commander, U.S. Cyber Command; Avril Haines, director of National Intelligence, Office of the Director of National Intelligence; CIA Director William Burns; and Gen. Scott Berrier, USA, director, Defense Intelligence Agency, testify before Congress in March about lessons learned from Russia’s invasion of Ukraine. Senate Select Committee on Intelligence

Perspectives on the Russian Invasion

The Cyber Edge
May 1, 2022
By Kimberly Underwood
E-mail About the Author

The United States learns its lessons from Russia’s invasion of Ukraine.


February’s invasion of Ukraine by Vladimir Putin was a shock to geopolitical order. NATO and the United States acted quickly to aid Ukraine while avoiding entering a war against Russia and shoring up any threat to NATO and the United States. From their early observations of the war, U.S. officials from Congress, and the cyber and intelligence communities are looking closely to glean understanding and apply key knowledge to U.S. actions and defenses.

The intelligence community’s (IC’s) tracking of Russian activities will continue to remain a significant focus, according to congressional testimony of Director Avril Haines, Office of the Director of National Intelligence (ODNI). Before the invasion, the intelligence community, which is now made up of 18 agencies including the U.S. Space Force, was able to discern Putin’s false flag operations and provide advanced warnings of Russia’s intended actions.

“The IC provided warning of Putin’s plans, but this is a case where I think all of us wish we had been wrong,” the director notes.

And although the invasion in the first month proceeded consistently with the plan the IC assessed the Russian military would follow, the Ukrainian response was stronger than Putin had expected and was combined with his “serious” military operational shortcomings. Moscow’s underestimation of the strength of Ukraine’s resistance and the degree of Russia’s internal military challenges actually gave more time for allies to help Ukraine, Haines notes.

“Russia’s failure to rapidly seize Kyiv and overwhelm Ukrainian forces deprived Moscow of the quick military victory that it probably had originally expected, [which] would have prevented NATO and the United States being able to provide meaningful military aid to Ukraine,” she says.

Putin’s ill-constructed plans, military morale issues and considerable logistical challenges in that first month made it “unclear” whether Putin would continue to pursue his “maximalistic” plan to capture more or all of Ukraine, “which we assess would require more resources even as the Russian military has begun to loosen its rules of engagement to achieve their military objectives,” the director states. “If they continue to pursue the maximalistic approach, we judge it will be especially challenging for the Russians to hold and contain Ukrainian territory and install a sustainable pro-Russian regime to Kyiv in the face of what we expected is to be a persistent and significant insurgency.”

In addition to Ukraine’s brave resistance, Haines also emphasizes that NATO’s response impacted Russia, alongside the “western unity” of imposing sanctions, export controls and foreign commercial decisions, which had “cascading effects,” she asserts.

Moreover, NATO’s strong unified response to Russia’s invasion has had impacts, “not just in terms of economic measures but also in actions long thought to be off the table, such as the provision of lethal aid to Ukraine and shutting down European Union airspace to Russian planes—all of which almost certainly surprised Moscow,” the director offers.

“While Putin probably anticipated many of the current sanctions to be imposed when he weighed the cost of the invasion, we judge that he did not anticipate either the degree to which the United States and its allies and partners would take steps to undermine his capacity to mitigate western sanctions or the pullback from Russia initiated by the private sector.”

Even so, Haines warns that the U.S. intelligence community estimates that Putin “is unlikely to be deterred by such setbacks.” He may, in fact, continue to escalate the conflict, “essentially doubling down to achieve Ukrainian disarmament and neutrality to prevent it from further integrating with the United States and NATO,” Haines says.

In the meantime, the IC will continue to document Russia’s actions across Ukraine to hold Russia accountable, she notes. The human toll of Putin’s war is considerable and will still grow, Haines emphasizes. The IC estimates that the Russian and Ukrainian militaries have suffered at least 10,000 casualties, in addition to considerable civilian deaths.

“Russian forces at the very least operated with reckless disregard for the safety of civilians, given Russia’s launch of artillery and airstrikes into urban areas,” she stresses.

In addition, well more than 1 million people have fled Ukraine since the invasion, the director reports.

“We assess Putin feels aggrieved the West does not give him proper deference and perceives this is a war he cannot afford to lose, but what he might be willing to accept as a victory may change over time, given the significant cost he is incurring.”

In the cyber domain, steps the United States took before Russia’s invasion of Ukraine helped to digitally strengthen Ukraine’s critical infrastructure, says Gen. Paul Nakasone, USA, commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, in separate testimony to the U.S. Senate Select Committee on Intelligence.

Sen. Mark Warner (D-VA), chairman of the committee, had expressed surprise at the relatively low amount of cyber warfare during the beginning of the invasion, given Russia’s malicious cyber tendencies.

“I do not think many of us think that Russia does not have extraordinarily critical and first-rate cyber tools,” Sen. Warner notes. “The fact is that they did not launch much beyond traditional malware. They did not launch the kind of worm-driven NotPetya attacks that we saw in 2017. My concern has been that one of those types of attack could literally go beyond the geographic boundaries of Ukraine, bleed into Poland, where it could affect American troops or shut down Polish hospitals and result in the death of Polish citizens, which could potentially move us into Article 5 territory.”

Gen. Nakasone theorized that the relatively low level of cyber attacks could, in fact, have been part of Russia’s strategic calculus. On the other hand, early work to harden Ukraine’s infrastructure also made a difference, including efforts from forward-deployed cyber defenders and private industry contributors.

“A tremendous amount of work was done prior to the actual invasion,” the commander reports. “Work that was done by my agency, work that was done by the U.S. Cyber Command, by the interagency, by a series of private-sector partners that hardened the infrastructure of the Ukraine.”

At the beginning of Russia’s invasion, U.S. Cyber Command had seen “three to four attacks.” Gen. Nakasone emphasizes that the command “remains vigilant,” and that “by no means are we sitting back and taking this casually. We are watching every single day for any type of unusual activity.”

In general, the commander identified several potential types of cyber warfare from Russia, in addition to possible malware.

“There are three other scenarios that also come into our thinking,” he told lawmakers. “One might be the broad use of ransomware. The next scenario would be proxies, those attacks that may not necessarily be part of the Russian government but are functioning as a proxy or as a non-nation-state actor to do this type of cyber activity, to perhaps launch malware. The final one is this idea of a disruptor or destructive attack on a country in Eastern Europe that could take place.”

The United States will continue to provide cybersecurity support and share information on Russia’s cyber activities. “We are not only vigilant, we are prepared and most importantly, we are sharing information and sharing our expertise with our partners,” Gen. Nakasone promises.

Congress’ military budget leaders are seeing the impact that the U.S. Cyber Command is having, at least according to Sen. Jack Reed (D-RI), chair of the Senate Armed Services Committee, who also emphasizes that the committee will look closely at the cyber warfare aspects of Russia’s invasion, including the command’s assistance to Ukraine.

“I think we will get very deeply involved in debriefs on cyber operations,” he notes. “My sense is that our cyber operations have been extremely important, informing the Ukrainians of the situation and also disrupting attacks by Russian cyber hackers on Ukrainian targets. So, that’s a lesson we will definitely look at.”

Because cyber has become “one of the most critical aspects” of the battlefield, Sen. Reed ensures that the committee would continue to support U.S. cyber operations, especially from U.S. Cyber Command, led by Gen. Nakasone.

“One of the areas that we have to look at very closely is maintaining and strengthening the cyber teams that General Nakasone has,” Sen. Reed states. “These cyber teams, the actual groups of individuals who go out, penetrate the systems, develop the tools to do that, we want to make sure he’s got the very best and he’s got a sufficient number of them.”

Given the considerable shortage of personnel in the greater cyber workforce, outside the military, the chairman acknowledges that Congress might have to provide additional incentives to cyber warriors to keep U.S. cyber operations strong. “We’re competing with very lucrative jobs on the outside for people with these types of skills,” Sen. Reed notes. “That is going to require, if necessary, inducements to stay in the service and for a long time.”

In addition, Sen. Reed considers the Ukrainians’ defense an important lesson learned and advised U.S. leaders to take heed of their adroit use of asymmetric warfare.

“It is [their] utility of asymmetric weapons,” he says. “Russia was coming in with tanks and jets and hypersonics [the Kinzahl missile], and what the Ukrainians have done with Stinger missiles, with air defense systems and being available to move around, has been able to counter what everyone assumed before the battle would be an overwhelming attack and very fast run by the Russians into Kyiv. And again, this notion of asymmetric battle and dispersed fighting is something that we’re going to take away from this.”

As far as what level of cyber warfare against the United States or NATO perpetrated by Russia or its proxies could be considered an act of war—crossing NATO’s Article 5 tenants—the chairman hypothesizes that it would depend on the scale of such an attack.

“Russia has the ability to conduct cyber operations worldwide,” he warns. “They demonstrated that in the United States in 2016. ... And in 2018 [and since] we conducted operations to disrupt the possible interference into our election. [But] one of the problems with cyber is we have no written rules of the road. We had an intrusion into a presidential election by the Russians. And there was no formal mechanism to report them or to sanction them. We’re still in a very early stage with cyber, so it would be a function of scale and probably the human consequences. If it’s a significant cyber attack and there are significant casualties, that’s more than a message. I think that’s when you would need to be sitting at the table saying we can and we must do something, but we’re on basically a new ground on this.” 

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.


Departments: 

Share Your Thoughts: