Title: Hitting Home: Cyber-Hybrid Warfare in Ukraine and Its Impact on the United States

Hybrid warfare, while not a new concept, fits well with military concepts of maskirovka, or the masking of offensive military activities. What is new is the emergence of new technologies. Cyber warfare allows greater flexibility for carrying out attacks across great distances and against more powerful adversaries, all while denying involvement in the conflict. Cyber operations mean conflict can be carried out at a global level with relatively modest resources, erasing geographical boundaries, with significant spillover effects from one target to a larger impact.

The emerging cyber strategies in hybrid warfare pose significant challenges to traditional national security planning, in that an adversary’s actions generally operate below the threshold of response for national security in Western countries. The United States and its NATO allies have operated for decades on a model of national security with “red lines” that, if crossed, trigger a massive response. New full-spectrum responses are difficult to formulate. An adversary employing distributed assets, and adhering to a coordinated strategy to attack critical systems, can still operate below the radar and escape a massive response from its target.

The distributed nature of cyber-hybrid attacks is closely related to the second challenge of this form of warfare that it is often carried out in ways that leave us unable to give clear attribution of attackers. From traditional denials over the identity of “Little Green Men” who took control of Crimea in early 2014, to attacks on banking systems, power plants, and computer networks, DGA attacks on Ukraine since 2014 have demonstrated clear, yet circumstantial, evidence back to outside actors. In December 2015, a sophisticated intrusion into the computer networks of the Prykarpattyaoblenergo power plant in western Ukraine disabled the plant and left a region without power for part of the day. This sophisticated attack was likely “proof of concept” to demonstrate an ability to carry out similar attacks against countries like the United States and Germany.

Similar patterns emerged with denial of service (DDoS) attacks against Estonia in 2007, the NotPetya ransomware attacks of 2017, and attacks in the United States such as the breach of both Democratic and Republican National Committee email servers prior to the 2016 US election. While electronic fingerprints had led investigators back to foreign intelligence services, plausible deniability was possible given that these agencies often contract out activities to cyber mercenaries around the globe, making direct tracing of accountability difficult. This lack of attribution is not incidental, but rather works toward strategies that undermine social trust and resilience.

Cyber warfare focused on existing social vulnerabilities—what RAND refers to as “virtual societal warfare”—represents the third major threat posed by these emerging hybrid warfare strategies. The goal of hybrid warfare is not conquest but instability, throwing one’s opponent off balance and leaving them more vulnerable to other forms of pressure or conflict. The strategy focuses on critical vulnerabilities in political, economic, and social structures, further dividing societies by preying upon their own weaknesses. When combined with lack of attribution, social groups turn on each other rather than recognize that what is happening is part of a concerted, outside attack. Targeted populations of these attacks are led to believe that they come from fellow residents. Astroturf groups propagated on social media can create and disseminate disinformation and conspiracy theories, and in general leave people unsure of where they should turn for solid, reliable information.

Sustained attacks on information, which, via social media platforms like Facebook, can be microtargeted to individuals known to lean toward certain beliefs, not only change attitudes and beliefs, but over time lead to acute changes in stress levels and social resilience. Medical studies in Ukraine have indicated that PTSD-like symptoms of informational trauma have been seen far from the front lines of eastern Ukraine. These symptoms reflect the sustained attacks on cognitive sphere of the people and society, political and economic institutions, social resilience, sense of identity, and concepts of truth.

When exposed to repeated sources of stress where one cannot disconnect (decouple) stimulus from the perception of danger, the brain’s limbic system reacts, instead of its usual cognitive processes. Even while we may rationally understand that we are not experiencing imminent physical danger, humans can react with extreme anxiety or other trauma-like forms of coping. When threats to one’s country seemingly come from internal forces and information attacks seem both inevitable and unpredictable, the psychological and political impacts can go far beyond affecting voting behavior. We can perceive constant danger in what should otherwise be comfortable surroundings. Crucially, studies of information warfare demonstrate that it is not the physical threat that is the sole criterion for potential trauma, but that the perception of threat can also create overwhelming feelings of stress and learned helplessness. The impacts on particularly vulnerable populations, such as children, may have long-term effects on politics and social trust, heightening partisanship, corruption, and the breakdown of traditional institutions.

The United States is not as far from this conflict as we sometimes pretend. The United States and allied intelligence agencies have substantiated DGA interference in the 2016 elections. Fabricated news stories concerning refugee violence have been used to divide German and British politics, while power grids across Europe and the United States have been infiltrated by cyber attacks. DGA actors also hold enormous private leverage over the United States, from US security clearance data breaches to attacks on private entities like Sony Studios. Repeated attacks can further fragment societies and leave us unable to respond to crises at home and abroad.

Analyses of cyber attacks on Ukraine demonstrate the main destabilizing goals of strategic cyber attacks. If one understands that these are not isolated incidents—that they can form part of a larger strategy intended to sow distrust in vital institutions, paralyze government response, and target individual citizens through social media and internet devices—we can start to devise effective defenses against sustained attacks. An emphasis on full-spectrum defense planning— coupled with a recognition that traditional geographical barriers are no longer a defense for countries like the United States—can help in keeping ahead of the next attacks,. This includes dedicated centers to combat disinformation, greater integration of cyber strategies into all US combatant commands, investment in technical cyber security protection, and greater civic education for citizens and media on how to identify and resist disinformation campaigns.

. . .

Yuriy Danyk serves with the Ukrainian Army and is Professor and a Doctor of Engineering Sciences. Major General Danyk has combat experience in cyber security. He is the author of monographs: Cyber security and Cyber security and Cyber defense. zhvinau@ukr.net

Chad Briggs is Director of Public Policy at the University of Alaska Anchorage. Dr. Briggs is the author (with Miriam Matejova) of Disaster Security. chad.briggs@alaska.edu

Tamara Maliarchuk was an analyst with the S.Korolov Zhytomyr Military Institute in Ukraine and has worked with US forces on language and cyber defense. maliarchuktamara@gmail.com

[1] The destructive geopolitical actors are states, terrorist organizations or groups of people conducting attacks against national security of the state.