Small Wars

This Week at War: Lessons from Cyberwar I

How Russia pioneered the use of cyberattacks as a military tactic.

What does cyberwar look like? In 2008, Georgia found out.

In most ways, the brief war between Russia and Georgia in August 2008 was a throwback to the mid-20th century. A border dispute, inflamed by propaganda and whipped-up ethnic tension, resulted in a murky case of who-shot-first, an armored blitzkrieg, airstrikes, a plea for peace by the defeated, signatures on a piece of paper, and the winner's annexation of some territory. So far, so 1939. But one aspect of this little war was very much in the 21st century, namely Russia's integration of offensive cyber operations into its overall political-military strategy. The August war was a preview of how military forces will use cyber operations in the future and what commanders and policymakers need to prepare for.

In a new piece for Small Wars Journal, David Hollis, a senior policy analyst with the Office of the Undersecretary of Defense for Intelligence and a reserve Army officer at U.S. Cyber Command, describes how the Russian government integrated cyber operations into its campaign plan against Georgia. Hollis notes that though the Russian offensive cyber operations in the Georgia war were obvious, they were masked through third parties and by routing the attacks through a wide variety of server connections, all standard practices of cyber operations. As a result, Georgian and other investigators cannot conclusively prove that the Russian government conducted these cyberattacks. Indeed, the Kremlin denies using cyberwarfare in the conflict, a somewhat odd thing to be embarrassed about while Russia's tanks roamed around the Georgian countryside and its aircraft bombed Georgian targets.

According to Hollis, Russian offensive cyber operations began several weeks before the outbreak of the more familiar kinetic operations. Russian cyberintelligence units conducted reconnaissance on important sites and infiltrated Georgian military and government networks in search of data useful for the upcoming campaign. During this period, the Russian government also began organizing the work of Russian cybermilitias, irregular hackers outside the government that would support the campaign and also provide cover for some of the government's operations. During this period the government and cybermilitias conducted rehearsals of attacks against Georgian targets.

When the kinetic battle broke out on Aug. 7, Russian government and irregular forces conducted distributed denial-of-service attacks on Georgian government and military sites. These attacks disrupted the transmission of information between military units and between offices in the Georgian government. Russian cyberforces attacked civilian sites near the action of kinetic operations with the goal of creating panic in the civilian population. Russian forces also attacked Georgian hacker forums in order to pre-empt a retaliatory response against Russian targets. Finally, the Russians demonstrated their ability to disrupt Georgian society with kinetic and cyber operations, yet refrained from attacking Georgia's most important asset, the Baku-Ceyhan oil pipeline and associated infrastructure. By holding this target in reserve, the Russians gave Georgian policymakers an incentive to quickly end the war.

Faced by overwhelming Russian air power, armored attacks on several fronts, and an amphibious assault on its Black Sea coastline, Georgia had little capability of kinetic resistance. Its best hope lay with strategic communications, with transmitting to the world a sympathetic message of rough treatment at the hands of Russian military aggression. According to Hollis, Russia effectively used cyber operations to disrupt the Georgian government's ability to assemble and transmit such a plea. Meanwhile, Russia's own information operations filled in a narrative favorable to its side of the case, removing Georgia's last hope for strategic advantage.

Hollis points out that the effectiveness of cyber operations, especially denial-of-service attacks, can be fleeting; in the recent duels between cyberattackers and defenders of WikiLeaks, both sides mostly fired blanks. But in August 2008, Russian planners tightly integrated cyber operations with their kinetic, diplomatic, and strategic communication operations and achieved cyber disruptions at the moments they needed those disruptions to occur. The Georgia episode provides a good case study for cyberwarriors preparing for the next such conflict.

Stuart Levey, Treasury's sanctions supremo, didn't get results. What now?

On Jan. 24, the Wall Street Journal reported that Stuart Levey, U.S. Treasry undersecretary for terrorism and financial intelligence, will leave his post in one month. David Cohen, Levey's deputy with long experience in the Treasury Department, will very likely succeed Levey. For nearly seven years, Levey has labored to isolate the North Korean and Iranian governments from the international financial system. Levey used diplomacy, moral suasion, and his deep connections with the global banking system and in the process revolutionized the employment of financial sanctions as a tool of statecraft. Unfortunately, he will leave office having failed to achieve his goals, namely to obtain leverage sufficient to change the behavior of the North Korean and Iranian governments. His bosses will now have to decide what to try next.

Last week's negotiation in Istanbul between Iran and the P5+1 group ended in quick failure, revealing that many years of increasingly restrictive sanctions against Iran have failed to produce effective negotiating leverage. And in spite of being the most commercially and financially isolated country in the world, it took North Korea only a year and half to build a large uranium enrichment facility, equipped with 2,000 centrifuges and advanced control systems.

Levey's disappointing results do not mean that sanctions should not have been tried or that the U.S. government and its partners should not continue to tighten them. Western policymakers surely hope that sanctions will eventually produce effective negotiating leverage without inflicting deep pain on civilian populations. It is worth questioning whether such fine-tuning -- effective leverage without civilian pain -- is realistic. The civilian population in North Korea suffers more than any (something for which Kim Jong Il is responsible), without the achievement of much negotiating leverage. And if things became really uncomfortable for a targeted regime, it could play the "victim card" to fight back against sanctions, as Saddam Hussein did with increasing success before 2003.

If sanctions aren't working, what then? Policymakers will inevitably look to their military and paramilitary assets to produce negotiating leverage. Military and intelligence staffs will be asked to prepare options involving the use of covert action, unconventional warfare, or the recruitment of proxy combatants. Political leaders generally first chose sanctions in order to avoid the privations of war. Next will be the hope that "small wars" will preclude a large one. In Iran, some entity has employed covert action -- the Stuxnet computer worm and the assassination of two nuclear scientists -- in an attempt to slow down Iran's nuclear program. How many other realistic "small war" options exist against Iran and North Korea remains a mystery.

When civilian masters have concluded that sanctions aren't working, they will put pressure on their military planners to come up with some practical "small war" options. If the Treasury's leverage isn't enough, the Pentagon's planners will likely be asked to produce more. These planners need to be careful that their plans produce more leverage instead of more trouble.


Small Wars

This Week at War: Whose Chinese Military Is It?

Hu Jintao's seeming lack of control over the PLA should worry Washington. 

Is China's military under civilian control?

Chinese President Hu Jintao has completed his state visit to Washington, having received the welcoming ceremony and state dinner that he is said to have long sought. But the "deliverables" from the visit seem scant -- a few trade deals and some bland remarks promising better cooperation. If little was expected and even less delivered at the summit, it may be because Hu lacks the authority to produce significant results from his own government. On the eve of Hu's arrival in Washington, aNew York Times article questioned the Chinese president's authority over a wide range of controversial issues, including China's exchange rate policy, its trade barriers, and its influence over North Korea.

If that is so, does the Chinese president's weakness extend to his control over the military? There have been numerous instances over the past 15 years of the People's Liberation Army (PLA) running on a seemingly very long leash. In 1995 and 2005, Chinese generals made specific threats, in the presence of the U.S. ambassador to China and to foreign journalists visiting Beijing, of nuclear attacks against U.S. cities. In 2001, when a U.S. patrol plane made an emergency landing on Hainan Island after colliding with a Chinese fighter, China's military leadership did not cooperate with its civilian counterparts in quickly resolving the incident. And the PLA's destruction in 2007 of a weather satellite using a ground-launched missile took the government by surprise and left the Foreign Ministry unable to respond to international concerns for 10 days. These cases of apparently roguish behavior by the PLA are most likely the result of the military's bureaucratic independence. But they are also carefully calculated attempts to bolster the credibility of China's military deterrence.

This seeming lack of control was worryingly highlighted last week when China conducted an unusually public test flight of its new stealth fighter during U.S. Defense Secretary Robert Gates's visit to the country, an action some considered to be a rude provocation. The affront was compounded when it became apparent that Hu was kept in the dark about the test. Later in Tokyo, after himself listing several incidents that raised more questions about who in China is in charge, Gates asserted that "there is no doubt in my mind that it is President Hu Jintao and the civilian leadership of that government." But merely having to address such a question seems to be evidence of an unsettling problem.

A 2009 research paper by Andrew Scobell, a China scholar then at Texas A&M University, discussed the apparent gap that exists between the country's civilian and military leadership. Scobell attributes this gap to differences in the culture and experiences of China's military and civilian leaders. For China, this divergence is a relatively recent phenomenon. Mao Zedong and Deng Xiaoping, who led the People's Republic from its founding into the early 1990s, had very deep experience in both military and civilian political roles. The recent generations of Communist Party leaders have, for the most part, lacked much if any military experience. As a result, according to Scobell, the PLA has achieved a large measure of bureaucratic independence compared with the Mao and Deng eras. It doesn't help that the staffing of the supervisory Central Military Commission is composed entirely of senior military officers except for Hu and, very recently, his likely successor, Xi Jinping.

Although the incidents cited above are indications that the PLA occasionally operates under very loose control from civilian leaders, there is, according to Scobell, a large portion of premeditation in this arrangement that seems to suit both the military and civilian leadership ranks. Scobell asserts that PLA leaders have delivered seemingly bellicose remarks and used incidents such as the 2001 Hainan Island patrol plane incident and the 2007 anti-satellite test in a calculated manner to bolster the PLA's authority and display its determination to use force when it considers it necessary to defend China's interests. Most notable in this regard is the PLA's displays of determination to use force if necessary to establish China's sovereignty over Taiwan, in the hope of deterring U.S. intervention should a crisis over the island occur. But even if the PLA's leaders display bellicosity and independence, the ends they are attempting to achieve match those of the civilian leadership.

Should a military crisis occur, ambiguity over who controls the Chinese military could increase the risk of miscalculation and miscommunication for diplomats scrabbling to avoid a war. China's leaders may hope that their calculated ambiguity will deter a U.S. response during a crisis. But if this gambit fails, such a crisis might end up messier than it would need to be.

Red flags for the U.S. strategy in Afghanistan

What are the best ways to fight an insurgency? Researchers at the Rand Corp. think they have an answer. These analysts studied all insurgencies begun and concluded between 1978 and 2008. Their goal was to find strong evidence that would either support or reject various approaches for combating insurgent movements.

In an article written for Small Wars Journal, Rand's researchers summarized the detailed report. The 30 cases examined in the study occurred on six continents and across a variety of cultures and terrain. From the cases, Rand extracted 15 "good" practices and 12 "bad" practices for counterinsurgents. As one would expect, virtually all the cases exhibited a combination of good and bad practices.

The good news is that the researchers believe they can make some conclusions about what approaches work -- when good approaches outnumbered bad, the counterinsurgents always prevailed. The bad news is that according to their analysis, things don't look good for the U.S. strategy in Afghanistan.

The report highlights the need for positive involvement in the counterinsurgency campaign by the host-nation government. The local government should achieve legitimacy with the local population and practice good governance. By all accounts, the Afghan government has much room to improve on these measures.

Next, the report recommends that the counterinsurgent forces engage in multiple lines of efforts simultaneously. These would include security, economic development, and building indigenous capacity. In Afghanistan, economic development and local capacity seem to be lagging behind the security effort.

According to the report, steady access by the insurgents to tangible support was the single best explainer of success or failure. Cut off insurgents from support, whether from the local population or from across a border, and the counterinsurgents nearly always succeed. By contrast, failure to isolate the insurgents from support invariably leads to defeat for the counterinsurgent. In the case of Afghanistan, Taliban access to support and sanctuaries in Pakistan remains an unresolved and perhaps unsolvable problem and thus an ominous red flag for the counterinsurgency campaign.

The Rand report has its flaws. It follows the conventional wisdom and codes the Soviet counterinsurgency campaign in Afghanistan as a failure. By contrast, a team of U.S. military officers, most of whom have combat experience of their own in Afghanistan, concluded in their own study that the Soviet campaign was a success -- the Soviets withdrew their forces on terms of their choosing and left a friendly government behind, a regime that ended up outlasting the Soviet Union itself. In another example, the Sri Lankan government's crushing of the Tamil Tigers occurred too recently to make it into the report; this government's harsh but thus far successful methods would clash with a few of the conclusions in the Rand report.

These points aside, the Rand study draws some useful evidence from recent history about what does and doesn't work when battling an insurgency. Policymakers responsible for Afghanistan very likely agree with much of the report's conclusions. Unfortunately, Afghanistan's stubborn facts are getting in the way of implementing this sound advice.