Cybercom chief warns against drawing lessons from the conflict between Russia and Ukraine too early

The conflict between Russia and Ukraine over the past two-plus years has provided countless lessons for modern conflicts. However, when it comes to learning lessons about cyber operations in war, the U.S. must be careful to look at the conflict in its entirety and not focus too much on the early salvos in which cyber had limited impact.

“We must ensure that we do not become anchored in the first lessons from Russia-Ukraine. This has been an evolving conflict,” Gen. Timothy Haugh, commander of the US Cyber ​​Command and director of the National Security Agency, said Wednesday at the AI ​​expo organized by the Special Competitive Studies Project.

Despite Russia’s perceived prowess in the digital domain as one of the most advanced cyber actors in the world, and the ongoing conflagration described by many outside observers as the first real and large-scale cyber war, these types of capabilities played little role in the fight against Russia. the first days of the fighting.

Experts attribute this to several factors, including the defensive work Ukraine did prior to the invasion to prepare its networks for attacks – in which the US military played a major role – and Russia’s overall poor military planning. Many stated that Russia assumed it would be able to march into Ukraine and take over the country with little resistance, which would give rise to little to no integrated military planning, which in part led to the protracted nature of the war.

As the conflict drags on, the US must pay attention to how Russia uses its digital capabilities.

“We now have to see how the conflict continues to develop. Areas that I think we really need to understand are how Russia has evolved in the use of its cyber forces. I think we’re watching this very closely and in many ways we want to make sure that we learn the right lessons from the way they’ve applied their cyber forces as they’ve evolved,” Haugh said. “I think we’re going to see more and more understanding of how cyber has participated and given them more and more intelligence insights.”

Haugh told a House subcommittee panel last month that one of the other areas he is closely watching is how Moscow uses its cyber forces from an intelligence aspect versus cyber effects. As Cybercom continues to monitor this, officials will work to inform their counterparts at U.S. European Command as well.

The conflict in general has prompted the US to reevaluate some preconceptions about cyber in hostilities. These have found their way into the Ministry of Defense’s updated cyber strategy, which was released in September 2023.

“Cyber ​​plays an important role in conflicts, it’s just not the role I think we expected at the start of the Russia-Ukraine relationship. But we do expect cyber to play an important role in a conflict, but it would not be cyber in itself,” Mieke Eoyang, deputy assistant secretary of Defense for cyber policy, told reporters last year. “One of the things we learned here is that the kinetic conflict is different than what we expected cyber to do on its own.”

The other key conclusion was that cyber must be integrated from the start, something Russia has not done.

The DOD 2023 Cyber ​​Strategy “builds on lessons learned from Russia’s further invasion of Ukraine in 2022, which has led to a global rethinking of cyber’s role in conventional conflict. These events reaffirmed that wartime cyberspace operations are best understood as a complement to conventional missions and not as a decisive, standalone capability,” Ashley Manning, acting assistant secretary of Defense for cyber policy, wrote in an April testimony before Congress.

“Russian cyber operations in the war in Ukraine are largely consistent with the strategic miscalculations we have observed among Russian kinetic forces. The ministry does not view this as evidence of the weakness of Russia’s cyber arsenal or of the failure of cyber as a tool of war. Instead, we believe it reflects the challenges of integrating multi-domain operations and Ukraine’s resilience, which has been strengthened by strong support from the international community and private sector partners,” she added.

The U.S. military has been trying to improve cyber planning and integration into operations over the past seven years. Traditionally it was bolted into the plans at the end and not integrated from the start. Around 2017, Cybercom created so-called Cyber ​​Operations-Integrated Planning Elements, a cadre of Cybercom experts embedded in each combatant command’s staff departments to provide insight into how to incorporate cyber capabilities into their battle plans.

Haugh explained at Cybercom’s legal conference in April that these teams have grown over time, with the smallest having 35 cyber experts and others having more than 50.

“That allows us to integrate every day with every combatant command around the world and where US Cyber ​​Command is invested in their results and can deliver cyber as part of the way they campaign and how they think about integrated deterrence,” he said.