Today’s objectives

 

  1. Take stock: how has Russia leveraged “nonmilitary means” of war?
  2. Discuss: how effective Russia’s use of information operations has been
  3. Consider: how cyber operations have (not) affected battlefield events

Generations of war (Russian taxonomy)

  1. Pre-12th Century
    1. cold steel (spears, arrows)
    2. line & column tactics
  2. 12th - 18th Century
    1. gunpowder
    2. smoothbore firearms, artillery
    3. fortifications, siege tactics
  3. 18th - 19th Century
    1. rifled weapons
    2. dispersed formations
  4. 19th - 20th Century
    1. internal combustion engine
    2. mobile armored warfare
    3. air power
  5. Mid-20th Century
    1. nuclear weapons
  6. Late 20th, early 21st Centuries
    1. long-range precision strike
    2. multi-domain (e.g. nonmilitary)


 

Testudo then

Testudo now

Non-military means

  1. Role in Russian military strategy
    1. includes political, economic, informational, spiritual, cyber measures
    2. employed in peacetime & wartime as part of Active Defense concept
  2. Cold War origins
    1. in communist camp:
      • discredit “apostates” (e.g. Tito)
      • construct negative image of West
    2. in West:
      • expose social problems (e.g. civil rights, homelessness, poverty)
      • undermine trust in state, elites
    3. in non-aligned countries:
      • support anti-colonial movements
      • offer education, scholarships
        (e.g. Patrice Lumumba University)
  3. What’s different now?
    1. info ops more targeted, less costly


Anti-Tito

Anti-lynching

Non-Military Instruments of Power

Overview

Non-military means: actors involved

Russian State Actors Russian Private Actors Local Partners
Political foreign ministry, NGOs, think tanks political parties
IC (FSB, GRU, SVR) (e.g. IDC) (e.g. AfD, FN)
Economic state enterprises private enterprises MNCs (e.g. Exxon),
(e.g. Gazprom), IC (e.g. RosUkrEnergo) banks, state utilities
Spiritual Moscow Patriarchate, nationalist media ROCOR, OCA,
IC (e.g. Tsargrad) UOC-MP
Information state media (e.g. RT, troll farms (e.g. IRA), journalists, activists,
Sputnik), IC milbloggers NSAs (e.g. WikiLeaks)
Cyber IC (e.g. “Fancy Bear”, contractors, hackers anti-Western
“Cozy Bear”) co-opted into service hacktivists

 

 

Categories of non-military actions

  1. Overt actions
    1. public and directly attributable to RF
      (e.g. diplomacy, media broadcasts)
    2. (usually) not illegal
    3. no effort to conceal state involvement
  2. Covert actions
    1. secret and (usually) illegal actions
      (e.g. cyber attacks, bribery)
    2. extensive effort to conceal involvement
  3. Denied actions
    1. covert actions that are either discovered, or too big to conceal
      (e.g. support for DNR/LNR)
    2. official denial, despite public evidence


 

 

alt.facts

Vote JC

 

Types of information operations

  1. Plant novel messaging
    1. goal: create new narrative
    2. approach:
      • message “seeded” on Russian state media or proxy source
      • message becomes “unmoored” from original Russian source
      • message circulates organically
  2. Amplify existing messaging
    1. goal: reinforce existing narrative that aligns with Russian interests
    2. approach:
      • publicize, “re-up” message already in circulation
  3. Flood the zone
    1. goal: confuse, exhaust
    2. approach:
      • seed, amplify multiple (mutually contradictory) messages


 

 

 

 

Don’t

 

Discussion
 

Russian information operations often seem uncoordinated, decentralized.

  1. Is there an advantage to an uncoordinated information campaign?
  2. Which of these considerations are more/less important for IO?
    1. resilience / continuity of effort
    2. plausible deniability
    3. message discipline
    4. synchronization of effort
    5. economy of effort (avoiding redundancy, duplicate effort)
  3. How does this square with tradition of centralized C2 in Russia?
  4. Would more centralized C2 make Russian IO more deterrable?

Effectiveness of Russian Information Operations

 

How do we know if info ops are effective?

  1. Observational data
    1. compare opinions/actions of people exposed to more vs. less messaging
    2. difficulties:
      • isolating effect of Russian messaging from all other content
      • people self-select into exposure groups (e.g. InfoWars vs. CNN)
    3. hard to establish causal inference
  2. Experimental data
    1. randomly expose study subjects to message vs. placebo
    2. advantage:
      • no self-selection
      • causal effect identifiable
    3. disadvantage:
      • external validity (lab \(\neq\) real life)


 

 

 

 

Truth pyramid

 

What do the data say?

  1. Evidence is mixed
    1. little/no evidence that Russian IO affects attitudes or behavior in West (Eady et al 2023)
    2. strong evidence that Russian IO affects domestic public opinion (Krishnarajan and Tolstrup 2023)
  2. What might explain this disparity?
    • more competition for audience attention in West
    • volume of messaging too low
    • “ceiling effect” due to audience micro-targeting (messages sent to hyper-partisans, not persuadables)
    • audience not receptive or resistant to messaging
    • Russian involvement too overt


 

 

 

 

Not easy

Cyber Warfare

 

Varieties of malicious cyber activity

  1. Cyber espionage
    1. objectives:
      • passively collect information
      • discover system vulnerabilities
  2. Cyber crime
    1. objectives:
      • raise revenue by weaponizing information discovered in #1
  3. Cyber propaganda
    1. objective:
      • influence elite, public opinion
      • undermine support for policy
  4. Cyber disruption
    1. objective:
      • sabotage opponents’ ability to operate in physical, electronic domains (e.g. DDoS attacks)


 

 

 

Info is power

DDoS

 

 

Examples of malicious cyber activity

  1. Cyber propaganda
    1. Sony Pictures hack 2014
    2. “Cyber Caliphate” 2015
    3. DNC email leak 2016
    4. BlueLeaks 2020
  2. Cyber disruption
    1. USSR pipeline 1982
    2. Estonia mass DDoS 2007
    3. Iran Stuxnet 2010
    4. Ukraine 2014-
      • power grid 2015
      • “NotPetya” 2017
      • hacking of CCTV cameras
      • artillery mobile app


 

Cyber Caliphate

NotPetya

Effectiveness of cyber warfare

How big of a threat is cyber warfare?
Alarmist view

  1. Offensive advantage
    1. can strike targets at great strategic, operational depth
    2. ability to quickly disrupt opponent’s C4I
  2. Low cost to attacker
    1. operators not in harm’s way
  3. Element of surprise
    1. target initially unaware of own vulnerabilities
      (“zero day” attacks)
  4. Challenges of attribution
    1. attackers cover own tracks
    2. can be hard to establish origin of attack with high confidence

Cyber is “top threat to U.S.” (DNI, 2015)


 

 

 

Threat matrix

How big of a threat is cyber warfare?
Skeptical view

  1. Costs to target are also limited
    1. disruptions are mostly temporary
  2. Depreciation after first use
    1. no more surprise after “zero day”
      (software patches, updates)
  3. Hard to synchronize with kinetic ops
    1. malicious code takes time to write, effectively deploy
    2. hard to launch attacks on tactically-relevant timeline
  4. Commitment problems
    1. targets may see compliance as unnecessary or insufficient to stop attacks (due to misattribution, limited damage, quick recovery)


 

 

 

Best laid plans

Case study: Ukraine, 2014-2016

Can cyber attacks shape battlefield events?
Evidence from War in Donbas

  1. Cyber attacks
    1. 1,841 cyber attacks (2013-2016)
      • DDoS detected by Arbor Networks
      • attacks claimed on social media (Facebook, VKontakte, Twitter)
      • websites/blogs of non-state actors
      • Ukrainian, Russian media sources
    2. interviews cybersecurity experts
  2. Kinetic operations
    1. 29,289 actions by pro-Russian and Ukrainian govt forces (2014-2016)
      • Ukrainian, Russian media sources
      • event classification via ML
      • weekly & daily time series


 

 

 

Cyber

Kinetic

 

Impulse-response of kinetic, cyber operations in Ukraine

What do the data say?

  1. No interdependence b/w kinetic, cyber ops
    1. strong Kinetic (U) \(\leftrightarrow\) Kinetic (R) link
    2. but cyber shocks account for \(<1\%\) of variation in kinetic ops
  2. Cyber warriors hardly even respond to each other’s cyber attacks
    1. no evidence of reciprocity, instant retaliation
  3. Cyber domain seems totally disconnected from kinetic domain, and itself


Couch warriors

Explanations

  1. Limited resources and capabilities
    1. limited pre-2014 investment in cyber units, capabilities in Ukraine
    2. but this can’t explain coercive failure on Russian side
  2. Lack of coordination with hackers
    1. SBU initially had limited desire to cooperate with non-state hacktivists
    2. but this not true in Russia
  3. No good targets
    1. Ukrainian industrial control systems, critical infrastructure mostly off-line
    2. but power grid attack shows massive disruption is possible
  4. Cyber warfare never seriously attempted
    1. Russia hesitant to compromise ongoing cyber-espionage operations
    2. priorities (on both sides):
      propaganda \(>\) disruption


 

 

 

Back to kinetic

NEXT MEETING

 

Backgrounder: Ukraine (Th, Nov. 21)

  • What is a “nation”? Which groups attain “nationhood”? Why?
  • What does it mean to “decolonize” the study of Ukraine?