What does cyberwar look like? In 2008, Georgia found out.
In most ways, the brief war between Russia and Georgia in August 2008 was a throwback to the mid-20th century. A border dispute, inflamed by propaganda and whipped-up ethnic tension, resulted in a murky case of who-shot-first, an armored blitzkrieg, airstrikes, a plea for peace by the defeated, signatures on a piece of paper, and the winner's annexation of some territory. So far, so 1939. But one aspect of this little war was very much in the 21st century, namely Russia's integration of offensive cyber operations into its overall political-military strategy. The August war was a preview of how military forces will use cyber operations in the future and what commanders and policymakers need to prepare for.
In a new piece for Small Wars Journal, David Hollis, a senior policy analyst with the Office of the Undersecretary of Defense for Intelligence and a reserve Army officer at U.S. Cyber Command, describes how the Russian government integrated cyber operations into its campaign plan against Georgia. Hollis notes that though the Russian offensive cyber operations in the Georgia war were obvious, they were masked through third parties and by routing the attacks through a wide variety of server connections, all standard practices of cyber operations. As a result, Georgian and other investigators cannot conclusively prove that the Russian government conducted these cyberattacks. Indeed, the Kremlin denies using cyberwarfare in the conflict, a somewhat odd thing to be embarrassed about while Russia's tanks roamed around the Georgian countryside and its aircraft bombed Georgian targets.
According to Hollis, Russian offensive cyber operations began several weeks before the outbreak of the more familiar kinetic operations. Russian cyberintelligence units conducted reconnaissance on important sites and infiltrated Georgian military and government networks in search of data useful for the upcoming campaign. During this period, the Russian government also began organizing the work of Russian cybermilitias, irregular hackers outside the government that would support the campaign and also provide cover for some of the government's operations. During this period the government and cybermilitias conducted rehearsals of attacks against Georgian targets.
When the kinetic battle broke out on Aug. 7, Russian government and irregular forces conducted distributed denial-of-service attacks on Georgian government and military sites. These attacks disrupted the transmission of information between military units and between offices in the Georgian government. Russian cyberforces attacked civilian sites near the action of kinetic operations with the goal of creating panic in the civilian population. Russian forces also attacked Georgian hacker forums in order to pre-empt a retaliatory response against Russian targets. Finally, the Russians demonstrated their ability to disrupt Georgian society with kinetic and cyber operations, yet refrained from attacking Georgia's most important asset, the Baku-Ceyhan oil pipeline and associated infrastructure. By holding this target in reserve, the Russians gave Georgian policymakers an incentive to quickly end the war.
Faced by overwhelming Russian air power, armored attacks on several fronts, and an amphibious assault on its Black Sea coastline, Georgia had little capability of kinetic resistance. Its best hope lay with strategic communications, with transmitting to the world a sympathetic message of rough treatment at the hands of Russian military aggression. According to Hollis, Russia effectively used cyber operations to disrupt the Georgian government's ability to assemble and transmit such a plea. Meanwhile, Russia's own information operations filled in a narrative favorable to its side of the case, removing Georgia's last hope for strategic advantage.
Hollis points out that the effectiveness of cyber operations, especially denial-of-service attacks, can be fleeting; in the recent duels between cyberattackers and defenders of WikiLeaks, both sides mostly fired blanks. But in August 2008, Russian planners tightly integrated cyber operations with their kinetic, diplomatic, and strategic communication operations and achieved cyber disruptions at the moments they needed those disruptions to occur. The Georgia episode provides a good case study for cyberwarriors preparing for the next such conflict.