This Week at War: Lessons from Cyberwar I

How Russia pioneered the use of cyberattacks as a military tactic.

BY ROBERT HADDICK | JANUARY 28, 2011

What does cyberwar look like? In 2008, Georgia found out.

In most ways, the brief war between Russia and Georgia in August 2008 was a throwback to the mid-20th century. A border dispute, inflamed by propaganda and whipped-up ethnic tension, resulted in a murky case of who-shot-first, an armored blitzkrieg, airstrikes, a plea for peace by the defeated, signatures on a piece of paper, and the winner's annexation of some territory. So far, so 1939. But one aspect of this little war was very much in the 21st century, namely Russia's integration of offensive cyber operations into its overall political-military strategy. The August war was a preview of how military forces will use cyber operations in the future and what commanders and policymakers need to prepare for.

In a new piece for Small Wars Journal, David Hollis, a senior policy analyst with the Office of the Undersecretary of Defense for Intelligence and a reserve Army officer at U.S. Cyber Command, describes how the Russian government integrated cyber operations into its campaign plan against Georgia. Hollis notes that though the Russian offensive cyber operations in the Georgia war were obvious, they were masked through third parties and by routing the attacks through a wide variety of server connections, all standard practices of cyber operations. As a result, Georgian and other investigators cannot conclusively prove that the Russian government conducted these cyberattacks. Indeed, the Kremlin denies using cyberwarfare in the conflict, a somewhat odd thing to be embarrassed about while Russia's tanks roamed around the Georgian countryside and its aircraft bombed Georgian targets.

According to Hollis, Russian offensive cyber operations began several weeks before the outbreak of the more familiar kinetic operations. Russian cyberintelligence units conducted reconnaissance on important sites and infiltrated Georgian military and government networks in search of data useful for the upcoming campaign. During this period, the Russian government also began organizing the work of Russian cybermilitias, irregular hackers outside the government that would support the campaign and also provide cover for some of the government's operations. During this period the government and cybermilitias conducted rehearsals of attacks against Georgian targets.

When the kinetic battle broke out on Aug. 7, Russian government and irregular forces conducted distributed denial-of-service attacks on Georgian government and military sites. These attacks disrupted the transmission of information between military units and between offices in the Georgian government. Russian cyberforces attacked civilian sites near the action of kinetic operations with the goal of creating panic in the civilian population. Russian forces also attacked Georgian hacker forums in order to pre-empt a retaliatory response against Russian targets. Finally, the Russians demonstrated their ability to disrupt Georgian society with kinetic and cyber operations, yet refrained from attacking Georgia's most important asset, the Baku-Ceyhan oil pipeline and associated infrastructure. By holding this target in reserve, the Russians gave Georgian policymakers an incentive to quickly end the war.

Faced by overwhelming Russian air power, armored attacks on several fronts, and an amphibious assault on its Black Sea coastline, Georgia had little capability of kinetic resistance. Its best hope lay with strategic communications, with transmitting to the world a sympathetic message of rough treatment at the hands of Russian military aggression. According to Hollis, Russia effectively used cyber operations to disrupt the Georgian government's ability to assemble and transmit such a plea. Meanwhile, Russia's own information operations filled in a narrative favorable to its side of the case, removing Georgia's last hope for strategic advantage.

Hollis points out that the effectiveness of cyber operations, especially denial-of-service attacks, can be fleeting; in the recent duels between cyberattackers and defenders of WikiLeaks, both sides mostly fired blanks. But in August 2008, Russian planners tightly integrated cyber operations with their kinetic, diplomatic, and strategic communication operations and achieved cyber disruptions at the moments they needed those disruptions to occur. The Georgia episode provides a good case study for cyberwarriors preparing for the next such conflict.

NATALIA KOLESNIKOVA/AFP/Getty Images

 SUBJECTS:
 

Robert Haddick is managing editor of Small Wars Journal.

MALICEIT

2:09 PM ET

January 29, 2011

RE:

LOL band of hackers are now considered the Armed forces of Russian Federation? Its like considering Anonymous an armed forces of Wikileaks.

"When the kinetic battle broke out on Aug. 7, Russian government and irregular forces conducted distributed denial-of-service attacks on Georgian government and military sites." Here you wrong, attacks started as Putin signed armed conflict; and its also the same time when Western NGOs and their media PR started crying of how "bad russian bear attacked poor innocent country"

"Russia's tanks roamed around the Georgian countryside" ---"Bad russian bear attacked poor innocent country"

The irony of this article is the fact that single person can perform more (or at least as much) damage as if it had resources of MIC. The fact that amount of hackers is quite large within Russia it seems sooo obvious for senior analysts in DC that "bad russian bear has hackers that will steal your cookies"

 

NORBOOSE

2:45 PM ET

January 29, 2011

What?

Thank you, that was incredibly incoherent. I am pretty sure I disagree with you, but I cant find a cohesive argument anywhere in your post to argue with. All I find are a bunch of confusing assertions.

 

CANNONEER NO. 4

3:31 PM ET

January 29, 2011

English is not your first language, is it, tovarisch?

Russophile spammers inundated comments sections and discussion boards throughout the Anglophone web throughout the Russo-Georgian War. Their mission apparently was pro-Russian/anti-Georgian propaganda, but mostly they were just annoying. Enough of them can make intelligent discussion on a particular forum too hard to follow, so intelligent people move on to better protected sites.

They were easily recognized by their incoherence. Had they been formal employees of the Putin regime their English would have been impeccable and their arguments too logical for easy refutation. They were instead Civilian Irregular Information Operators, propagandists mostly, hobbyists doing their part for the glory of the Rodina, out of patriotism I suppose.

Civilian Irregular Information Operators can accomplish a number of useful tasks on behalf of Westphalian nation-states, responsibility for which they can plausibly deny.

 

MALICEIT

4:24 PM ET

January 29, 2011

RE@ameri-fags

Yay for patriotism or should i say for GlennBeckanism ? so eat more burgers, shoot mexicans, and coup governments. I care less.

 

CANNONEER NO. 4

6:07 PM ET

January 29, 2011

Stifling Debate

. . . by polluting comments sections with inane drivel to drive off the intelligent is a type of counterpropaganda Restrictive Measure.

If you care so little, why do you bother?

 

MALICEIT

9:15 PM ET

January 29, 2011

Learn to read...

...as far as i recall i said "i care less". If you care so much about "Reds keepin you down" then why dont you want to talk about it? Or your propaganda havent made that one up yet ?

 

NORBOOSE

11:04 PM ET

January 29, 2011

Wow, just wow.

Not a single reason, just anti-American slogans. You know, a half-decent pro-Russian argument can be made regarding the Georgian war, but you sure as hell arent making it.

 

MALICEIT

1:01 AM ET

January 30, 2011

You are not here to listen for it amirite?

You are not here to listen for it amirite?

 

OTUS

8:05 AM ET

January 31, 2011

Wow!

Mr. Haddick is awake after more than two years of sleep!

That is the only explanation (if not to assume that Mr. Haddick is a liar) I can find for his claims about "Russian aggression".

All other people with at least brain between the ears must have heard that the war started with Georgia hammering residential quarters with non-guided missiles and murdering Russian peacekeepers.

At night. Just a few hours after the Georgian president’s swears to solve the problem peacefully. For those brainwashed I should explain: at the time when he was swearing the Georgian troops must have been battle-ready; otherwise, they could not start the full-scale offensive that soon.

To summarize, 8/8/8 was kind of micro-22 June 1941 or mini-Perl Harbor. So, the war reminds not 1939 but 1941 and not Russia but Georgia = Nazi Germany. And yes, "sorry that won the war that you had started" (C). After it had been defeated, Germany lost part of its territory; so did Georgia. This should be a good example for any aggressor.

Finally, the idea of the Russian "cyber attacks" is hilarious. There is no way that it could affect the Georgian troops - troops are not operated by e-mails. As regards EM warfare, it was, of course, practiced by both parties. There is nothing new in that.

 

JIMCAS

5:54 PM ET

February 27, 2011

They were easily recognized

They were easily recognized by their incoherence. Had they been formal employees of the Putin regime their English would have been impeccable and their arguments too logical for easy refutation. They were instead Civilian Irregular Information Operators, propagandists mostly, hobbyists doing their part for the glory of the Rodina, out of patriotism I suppose. Civilian Irregular Information Operators can accomplish a number of useful tasks on behalf of Westphalian nation-states, responsibility for which they can plausibly deny.