Contesting cyberspace: The offensive and defensive twiddles in the Russia–Ukraine war
The geography of cyberspace is much more mutable than other environments. Mountains and oceans are hard to move, but portions of cyberspace can be turned on and off with the click of a switch.
– Joseph Nye, The Future of Power
Cyberspace is primarily identified as an operational domain encircled by the consistent use of fast-changing technologies to harness information ‘via interconnected systems and their associated infrastructure’, as Joseph Nye wrote in The Future of Power.
Yet, it is not merely a techno-functional domain characterised by the flow of electronics; rather it is more of a strategic domain driven by ‘command, control, communications, and intelligence’ (C3I).
In cyberspace, offense and defence can be regarded as two contending mechanisms to assert and retain control over information resources. In this regard, Fanelli elucidated that ‘the offense often seeks to reduce a target’s confidentiality and gather intelligence, either as a primary objective or to discover ways to affect the target’s integrity or availability. The defense seeks to reduce an attacker’s confidentiality in order to detect attacks to identify the offensive capabilities employed, and to use the knowledge to foil attacks.’
It is to be noted that today, the cyber domain entails broader issues of military organisation, smart weapons design, tactical communications, and intelligence processing, as well as distribution. That is why it has come to be recognised as ‘a distinct fifth domain of military operations, alongside the kinetic domains of land, sea, air, and space’, Fanelli wrote.
The strategic evolution of this inherently technical domain poses a severe challenge to international peace and stability. Most importantly, the growing evidence of state-sponsored cyberattacks is alarming and may potentially spark a serious arms race in cyberspace.
The Russia–Ukraine war: An overview of the first major cyber war
During the initial months of the war, Ukraine publicly accused Russia of launching disinformation campaigns, massive denial-of-service (DoS) attacks on critical infrastructure, and conducting espionage through phishing emails and malware wipers. Simultaneously, the US government widely alleged Russia breached networks and gained sensitive information about the development of weapons and communications infrastructure in Ukraine, write Sabin and Martin.
According to Ukraine’s State Service of Special Communications and Information Protection, Russia launched 800 cyberattacks against Ukrainian targets up to the end of March 2022, an intensive cyber campaign that coincided with the invasion. It was, however, reportedly claimed that, although Russia’s cyber operations were enormously offensive in nature, they only attained a few tactical victories. One of the prominent reasons behind this was Ukraine’s ability to recover promptly from several identified cyber intrusions and enhance mechanisms to improve the resilience of its cyber infrastructure.
Throughout this process, Ukraine has been consistently receiving assistance from cybersecurity and intelligence agencies, as well as several technology firms, from the USA, the UK, and EU countries. In this regard, Willett significantly pointed out that ‘the US had since 2020 embedded technical experts within the Ukrainian government to bolster Ukraine’s response and recovery capabilities, as well as deploy hardware and software to improve the security and resilience of critical infrastructure’.
Leading US agencies like the Federal Bureau of Investigation (FBI) and the Cyber Security and Infrastructure Security Agency (CISA) have been reportedly sharing intelligence with their Ukrainian partners; the EU has activated its Cyber Rapid Response Teams in Ukraine; the prominent technology companies or firms like BitDefender, Cisco, Cloudflare, Google, Microsoft, and Sophos are providing additional or free security services to the Ukrainian users; the Amazon Web Services (AWS) are trying to make cloud training more easily accessible to Ukrainians; and most importantly, Ukraine’s admittance to NATO’s Cooperative Cyber Defence Centre of Excellence as a contributing partner is a major step forward, writes Beecroft.
It is ostensibly manifested that while Russians have launched sustained campaigns and operations to disrupt and hack Ukrainian networks as a part of their cyberwarfare, the Ukrainians have responded correspondingly in defence by gaining considerable know-how about Russian cyber operations, writes Willett. That is why noted cyber experts like Marcus Willett expressed that ‘the cyber dimension of the Russia-Ukraine war is the first wartime cyber conflict between two states whose cyber capabilities are essentially well-matched […] resulting in intense sparring between offense and defense, but with defense dominating most of the time, given its access to good intelligence and top-class cyber-security expertise’.
Ukraine is considerably investing in enhancing cyber capacity and resilience. It is concerned about the gravity and consequences of proliferating cyberattacks. In this regard, Head of Ukraine’s State Service of Special Communications and Information Protection Yurii Shchyhol has vigorously called for the ‘Cyber United Nations’. During an interview in January 2023, he stated that ‘we need the Cyber United Nations, nations united in cyber space in order to protect ourselves, effectively protect our world for the future, the cyber world, and our real, conventional world’. On a similar note, Microsoft President and Vice Chairman Brad Smith remarked that the war has demonstrated the requirement for a coordinated and comprehensive strategy to strengthen cyber defences.
While contextualising these crucial developments in the cyber domain, what essentially comes to the core of the discussion are the concepts of ‘offensive realism’ and ‘defensive realism’, propounded by the neorealist scholars John Mearsheimer and Kenneth Waltz.
In his influential writing The Tragedy of Great Power Politics, Mearsheimer phrased the term ‘offensive realism’, which holds that due to the anarchic structure of the international system and the existential condition of uncertainty, states are relentlessly striving towards the maximisation of their relative power as well as capabilities and concomitantly, taking advantage of those situations where the benefits outweigh the costs.
However, defensive realists like Waltz assumed that ‘the international structure provides states with little incentive to seek additional increments of power; instead, it pushes them to maintain the existing balance of power’. Hence, the notion ‘balance of power’ serves as an iron law in defensive realism, as states can ensure their survival only by ensuring that none of their rivals grows too powerful or tends to become a hegemon.
In the wake of the ongoing Russia–Ukraine cyberwar, there have been increased tendencies of cyberattacks on the one hand and defensive cybersecurity operations on the other. Amid this persistent quest to turn the balance of information in one’s own favour or to obtain preferred outcomes by having control over the information resources, cyberspace has been increasingly entrapped into a state of ‘security dilemma’.
The nature and impact of cyberwarfare are less driven by the geographic terrain and more by the cyberspace panorama, which is human-made and open to domination through the usage of advanced technological applications. Increased desirability to treat cyberspace as ‘global commons’ like oceans and outer space, has made it appear more like a topsy-turvy sphere, reinforcing a constant state of insecurity and contestation. While an enhanced cooperative multistakeholder model is often called for addressing the complexities in the cyber domain, certain effective and convenient mechanisms are yet to be devised.
Considering the gravity of the challenges stemming from the weaponisation of the cyber domain, more concerted strategies are needed. In sum, what further seems to be feasible is to enhance a distributive governance model based on a more holistic, cross-cutting, and decisive approach, ensuring the security and sustainability of cyberspace.