The Role of the United States in the Hybrid War Between Russia and Ukraine

Photo by Mathias Reding: https://www.pexels.com/photo/blue-and-yellow-ukrainian-flag-waving-above-crowd-of-people-11421405/

Introduction

The Russo-Ukrainian war presents the first large-scale example that unequivocally demonstrates the concept of “hybrid warfare” that literature has been discussing for years. What does this mean? It is the first war that combines traditional military attacks with cyberattacks. It is neither exclusively “terrestrial” nor “digital”; instead, both types of operations complement each other to generate damage to the enemy's critical infrastructures.

The cyberattacks carried out by Russia since the beginning of the war will first be explored, followed by a discussion on the Ukrainian response. At this point, the role of alternative powers such as the United States, which tip the balance of cyber capabilities, necessitates a renewed analysis. The role of the public and private sectors in the U.S. have been crucial in providing cyber and financial assistance to Ukraine. This prompts an important question: how important are cyberattack resources at war? Are they more valuable than political alliances?

What do we mean by cyberattack?

When discussing a cyberattack, we are referring to a tactical action carried out through digital means with the aim of compromising the security of computer systems, networks, or data. This can involve stealing information, disrupting operations, or damaging the digital infrastructure of the target (Lavorgna, 2023). The objectives are to both weaken the opponent in practice and to expose the relative weaknesses of their IT infrastructure.

In the context of the Russia-Ukraine conflict, two types of cyberattacks are most common. First is malware, particularly a type called wiper, which is effective because of its ability to infiltrate a system and erase all data it contains. Second, there is the distributed denial of service (DDoS) attack, which involves overwhelming a computer system or network with a flood of fake traffic, saturating servers and rendering the service inaccessible to legitimate users. These attacks can target banking institutions, hospitals, and other critical infrastructure.

Additionally, these cyber operations can be accompanied by physical operations to amplify the damage. For example, Moscow often pairs battlefield operations such as missile attacks on infrastructure with hacker attacks to interfere with military communications and civilian alerts.

Russian attacks: Viasat and Kyivstar

In the early days of the war, Russian hackers disrupted Ukrainian command communications by attacking the American satellite network Viasat. This attack not only affected Ukraine but also cut off internet access in various parts of Europe. Viasat provides internet services to Ukrainian military and police units, so loss of this internet access significantly impairs Ukraine's ability to combat Russian forces. Traditional land-based radios have limited range, and in the context of modern military operations, where smart systems and weapons are used, reliance on satellite connectivity is essential.

In February 2022, the attack involved the deployment of a destructive malware called AcidRain against Viasat modems and routers. This malware quickly erased all system data, causing the machines to reboot and become permanently disabled. As a result, thousands of terminals were effectively destroyed. This critical cyberattack coincided with the Russian invasion of Ukraine, making it significantly more difficult for Ukrainian forces to coordinate and execute military maneuvers.

In December 2023, another group of Russian hackers carried out a DDoS attack against Ukraine's largest internet provider, Kyivstar. This attack affected 24 million users, temporarily leaving them without access to the global communications network. This incident was devastating not only for individual users but also for Ukraine's critical infrastructure. The attack on Kyivstar was a comprehensive cyberattack that not only disrupted mobile phone service but also led to the loss of more than 10,000 local computers and 4,000 servers. This cyberattack wreaked havoc on physical hardware and also inflicted considerable damage on cloud and backup storage systems. The loss of these crucial systems affected the country's daily operations and response capabilities. Although Russia has never officially taken responsibility for the cyber attacks committed, the international community agrees that its level of involvement in such attacks is substantial.

Ukrainian counter offense and role of the U.S.

The cyber defense of Ukraine against Russian attacks has been a monumental task involving unprecedented collaboration between state and non-state actors. At the heart of this strategy is the significant support from international allies such as the European Union and the hacktivist community known as the IT Army of Ukraine. The European Union, for its part, has deployed a Cyber Rapid Response Team (CRRT) composed of specialists from various member countries, whose objective is to support the Ukrainian government in defensive activities. Simultaneously, the IT Army of Ukraine has played a crucial role as a non-state cyber force. This group, formed by civilian volunteers and technology experts from various nationalities, conducts strategic cyberattacks against critical Russian infrastructure. Their mission is to aid Ukraine by paralyzing aggressor economies and blocking vital services in Russia, all under the supervision and support of the Ukrainian government. In 2023 alone, the IT Army executed around 130 attacks, targeting over 400 pro-Russian entities. Notable operations include disrupting Russia's Chestny Znak supply chain monitoring system and bringing down Russian state media websites during a parliamentary address by President Vladimir Putin. The government's key contribution has been the implementation of the Hunt Forward Operations (HFO) by the U.S. Cyber Command. These teams are deployed to collaborate directly with Ukrainian authorities in identifying and mitigating cyber threats in real time. This collaboration has bolstered Ukraine's resilience against cyber attacks, allowing them to recover quickly from incidents and better prepare for future ones.

The United States has definitively been the force contributing most to strengthening Ukraine's cyber defense. Regarding the private sector, big tech companies have significantly contributed to Ukraine providing resources: primarily cloud services and internet connectivity. For instance, Microsoft offered its Azure platform to Ukraine, enabling the secure migration of critical government data to the cloud. This rapid and protected data transfer was essential in maintaining the operational activities of the Ukrainian government during the early stages of the Russian invasion. By moving sensitive information to a secure cloud environment, Microsoft helped protect it from potential cyber threats, ensuring the continuity of essential government functions.

Similarly, Amazon Web Services (AWS) has been pivotal in supporting Ukraine's cyber infrastructure. AWS provided $75 million worth of cloud technology services to help Ukraine migrate its critical state registers and databases to the cloud. This move was vital in maintaining the functionality of Ukraine's digital infrastructure despite ongoing military attacks.

In the case of Starlink, support came after an X post of Mykhailo Fedorov (Ukraine's vice prime minister and the country's minister of digital transformation) asking Elon Musk to “(...) provide Ukraine with Starlink stations”. Two days later, 10 million dollars worth of terminals were sent with the help of the United States Agency for International Development (USAID). This has ensured the continuity of communications by providing satellite internet, especially in areas where traditional infrastructures were attacked or destroyed. The ability to maintain stable communications has been vital for military operations and the overall coordination of the Ukrainian government.

The combined support from both public and private sectors of the United States (and other states and non-state actors such as the European Union, the Anonymous hacktivist group and the IT army of Ukraine) has enabled Ukraine to withstand a series of intense and sustained cyberattacks from Russia. This approach has allowed to counteract Russian superiority in terms of cyber capabilities, since Ukraine benefits from significant support from allies in the face of cyber warfare.

Final debate ¿How much do cyber capabilities really matter?

The fact that this is the first large-scale hybrid war has shocked the academic community and, above all, has led to significant debate. The most powerful states are increasingly investing in cyber capabilities to perform cyber attacks as a form of warfare. However, although Russia is the most capable rival in this regard, after almost three years, we observe that this has not translated into a significant advantage in military terms. Therefore, it is worth questioning the true relevance of cyber capabilities in the current war context. Regarding this, Professor Tim Stevens from King's College London notes: "This is the first time we have been able to see in real-time how cyber warfare contributes to the overall military campaign. While it may be useful in certain circumstances, it is not going to win you a war". After all, if the outcome depended solely on cyber capabilities, Russia would have declared victory a few weeks after the invasion. However, today the scenario is entirely different, which necessarily leads us to question the relevance of other factors. We are mainly referring to the allied coalition behind Ukraine, composed of various actors in the international system, with a clear relevance of the United States government and private technology companies. As Smeets explains, cyber warfare does not act as the final arbiter of the competition and should be considered only in its combined effect with other factors such as traditional forms of warfare and international alliances. (Smeets, 2018, p. 92).

References

CNN Español. (2023, December 12). Un ciberataque al operador de telefonía móvil de Ucrania interrumpe servicios bancarios y sirenas antiaéreas. CNN Español. https://cnnespanol.cnn.com/2023/12/12/ciberataque-operador-telefonia-movil-ucrania-interrumpe-bancarios-sirenas-antiaereas-trax/

Euronews. (2023). Ucrania: La realidad ha dejado a la guerra cibernética en un segundo plano. Euronews. https://es.euronews.com/2023/02/22/ucrania-la-realidad-ha-dejado-a-la-guerra-cibernetica-en-un-segundo-plano

Euronews. (2023, December 12). Un ciberataque deja sin servicio a Kyivstar, el mayor proveedor de telefonía móvil de Ucrania. Euronews. https://es.euronews.com/2023/12/12/un-ciberataque-deja-sin-servicio-a-kyvistar-el-mayor-proveedor-de-telefonia-movil-de-ucran

Infobae. (2023). DDoS attack on Kyivstar. Infobae. https://www.infobae.com/def/2022/10/15/guerra-en-ucrania-mitos-y-realidades-de-los-ciberataques-entre-los-gobiernos-de-putin-y-zelensky/

Lavorgna, A. (2023). Unpacking the political-criminal nexus in state-cybercrimes: a macro-level typology. Trends Organ Crim. https://doi.org/10.1007/s12117-023-09486-1

Microsoft News. (2023, January 20). How technology helped Ukraine resist during wartime. Retrieved from https://news.microsoft.com/en-cee/2023/01/20/how-technology-helped-ukraine-resist-during-wartime

Smeets, M. (2018). The strategic promise of offensive cyber operations. Strategic Studies Quarterly, 12(3), 90-113.

Space.com. (n.d.). SpaceX to provide USAID with Starlink terminals for Ukraine. Retrieved June 19, 2024, from https://www.space.com/spacex-usaid-starlink-terminals-ukraine

U.S. Department of State. (2023). proceedings of the 2023 U.S.-Ukraine Cyber Dialogue. Retrieved from https://www.state.gov/proceedings-of-the-2023-u-s-ukraine-cyber-dialogue/

USNI News. (2023). Defensive cyber warfare lessons from inside Ukraine. Proceedings, 149(6). Retrieved from https://www.usni.org/magazines/proceedings/2023/june/defensive-cyber-warfare-lessons-inside-ukraine