KYIV, Ukraine—Ukraine’s May 25, 2014, presidential election was a pivotal moment for the country.
A revolution that February, in which more than 100 died, had overthrown pro-Russian President Viktor Yanukovych.
Two weeks prior to the election, on May 11, pro-Russian separatists in the eastern Ukrainian cities of Donetsk and Luhansk declared their independence from Kyiv.
At the time of the vote, separatist forces, receiving weapons and financing from Moscow, were on the march, taking town after town across eastern Ukraine.
The country as a whole was still reeling from the body blow of losing the Crimean Peninsula to Russia that March. And with a war brewing in the east, Ukraine’s new pro-Western government was under pressure to cement its legitimacy and restore faith in the democratic process.
There were fears of an all-out Russian invasion or a combined offensive by pro-Russian separatists and Russian regulars advancing as far as the Dnieper River, cleaving Ukraine in two.
Officials advised citizens in Kyiv to use the city’s metro in case of a Russian aerial bombardment or artillery blitz. Spray-painted signs on the sides of buildings pointing to the nearest bomb shelter became ubiquitous in cities across Ukraine.
And as Ukraine’s regular army—decimated by decades of neglect and corruption—was on its heels in the Donbas, legions of civilian volunteer soldiers banded into partisan militias and set out for the front lines.
“There was a real chance the front could have collapsed in 2014,” Denys Antipov, a Ukrainian army veteran, told The Daily Signal. “Nobody knew what was going to happen. It was a war for our independence.”
The survival of Ukraine as a sovereign, democratic nation was at stake. And the presidential election needed to go smoothly—thus making it a prime target for a Russian cyberattack.
Four days prior to the election, on May 21, 2014, a pro-Russian hacktivist group called CyberBerkut launched a cyberattack against Ukraine’s Central Election Commission computers.
According to Ukrainian news reports, the attack destroyed both hardware and software, and for 20 hours shut down programs to monitor voter turnout and tally votes.
On election day, 12 minutes before polls closed, CyberBerkut hackers posted false election results to the election commission’s website. Russia’s TV Channel One promptly aired the bogus results.
Ukrainian officials said the cyberattack didn’t affect the outcome of the election because Ukraine used paper ballots. The votes were counted by hand.
Ukrainian investigators later uncovered evidence that CyberBerkut hackers had penetrated the election commission’s computers in March, more than two months prior to the election.
“I believe that we should not underestimate the ability of hackers—especially those that enjoy state sponsorship—to disrupt the political process of a country,” wrote Nikolay Koval, who served as chief of Ukraine’s Computer Emergency Response Team during the 2014 revolution, in a 2015 NATO report on Russia’s cyberwar in Ukraine.
No Silver Bullet
When Russia went to war with Georgia in 2008, it launched cyberattacks against Georgian government computers and media websites.
“In Georgia, cyberattacks were closely coordinated with Russian military operations,” wrote James Andrew Lewis, senior fellow at the Center for Strategic and International Studies, in the NATO report.
“The internet has become a battleground in which information is the first victim,” Reporters Without Borders said in a statement published to the group’s website in August 2008 during the Russo-Georgian War.
Cyberwarfare was not, however, a “silver bullet” for Russia in Georgia. Likewise, Russian cyberattacks in Ukraine have been, so far, mostly used to create chaos and increase the fog of war, rather to effect any militarily significant outcome.
“The most notable thing about the war in Ukraine, however, is the near-complete absence of any perceptible cyberwar,” wrote Martin Libicki, a RAND Corp. analyst, in the NATO report.
“In particular, there are two major forms of cyberattack that have not taken place in the Russo-Ukrainian conflict: attacks on critical infrastructure and attacks on defense systems,” Libicki added.
Yet, according to news reports, since 2014, Russia has maintained a low-level cyberoffensive against Ukraine, targeting banks, railroads, the mining industry, and power grid.
Military communications and secure databases have also been attacked, according to Ukrainian officials. Pro-Russian hackers have also leaked stolen, sensitive information from Ukrainian government networks and the accounts of government officials to the internet.
“It is evident that Russia has fully embraced cyber espionage,” says a LookingGlass report.
And according to a report by LookingGlass, a U.S. cybersecurity firm, a Russian cyber espionage campaign called “Operation Armageddon” allegedly began targeting Ukrainian government, law enforcement, and military officials in 2013.
“It is evident that Russia has fully embraced cyber espionage as part of their overall strategy to further their global interests,” the LookingGlass report said.
Yet, according to Lewis, Russia’s cyberattacks on Ukraine have achieved little.
“The incidents in Ukraine did not disrupt command and control, deny access to information, or have any noticeable military effect,” Lewis, the Center for Strategic and International Studies senior fellow, wrote.
He added, “Cyberattacks are a support weapon and will shape the battlefield, but by themselves they will not produce victory.”
Despite its limitations, cyberwarfare was a key component of Russia’s “hybrid warfare” playbook in Ukraine. Online disinformation campaigns helped cloud Western media reports about Russia’s direct involvement in military operations in Crimea and the Donbas.
“Information campaigning, facilitated by cyber activities, contributed powerfully to Russia’s ability to prosecute operations against Ukraine in the early stages of the conflict with little coordinated opposition from the West,” Keir Giles, associate fellow of the Russia and Eurasia Programme and director of the Conflict Studies Research Center at Chatham House, wrote about Russian hybrid warfare.
“Russia, more than any other nascent actor on the cyberstage, seems to have devised a way to integrate cyberwarfare into a grand strategy capable of achieving political objectives,” Giles added.
A ‘Part of Daily Life’
Even though Russian cyberattacks were not decisive on the battlefields of Georgia and Ukraine, Moscow has aggressively used cyber means to target foreign political processes and to spread propaganda.
Russia’s military intervention in Ukraine was accompanied by a wave of cyberattacks, chiefly comprising distributed denial of service attacks, on government and business organizations in Poland and Ukraine, as well as the European Parliament and the European Commission.
Russia has also launched cyberattacks against the governments of countries across Europe, including the Netherlands, Estonia, Germany, and Bulgaria.
“Russia considers itself to be engaged in full-scale information warfare, involving not only offensive but defensive operations—whether or not its notional adversaries have actually noticed this happening,” Giles, the Chatham House expert, wrote.
In 2007, Estonia faced a monthlong cyberattack, which targeted government computer networks, the media, and banks.
“The cyberattacks in Estonia, composed of service disruptions and denial of service incidents, could best be compared to the online equivalent of a noisy protest in front of government buildings and banks,” Lewis wrote. “They had little tangible effect, but they created uncertainty and fear among Estonian leaders as they were considered a precursor to armed Russian intervention.”
Bulgaria’s Central Election Commission was hit by a cyberattack in October this year, during local and municipal elections.
The attack was a distributed denial of service attack similar to what Russian hackers used in Ukraine, Georgia, Estonia, and Poland. It included 530,000,000 visits to the commission’s website in 10 hours. (Bulgaria has a population of 7.2 million.)
Russian hackers have also targeted Western European governments. Germany’s domestic intelligence agency, BfV, said in May that Kremlin-linked hackers had targeted Germany’s parliament. And in May, Russian hackers targeted German Chancellor Angela Merkel’s Christian Democratic Party.
Merkel has been a firm proponent of maintaining EU sanctions against Russia for its military interventions in Ukraine. The German chancellor is up for re-election in 2017.
A cyberattack on Deutsche Telekom, a German telecommunications company, in November spurred German officials to publicly address the Russian cyberthreat.
The head of Germany’s foreign intelligence service, Bruno Kahl, warned that Russian hackers might target next year’s German presidential elections.
“We have evidence that cyberattacks are taking place that have no purpose other than to elicit political uncertainty,” Kahl told the German newspaper Süddeutsche Zeitung in November.
“The perpetrators are interested in delegitimizing the democratic process as such, regardless of who that ends up helping,” Kahl said. “We have indications that [the attacks] come from the Russian region.”
And without specifically blaming Russia for the Deutsche Telekom attack, Merkel said, “Such cyberattacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life, and we must learn to cope with them.”
According to news reports, a Russian cyber espionage campaign also targeted the Netherlands-based international investigation into the Malaysia Airlines Flight 17 shootdown over eastern Ukraine, as well as the World Anti-Doping Agency investigation into Russian Olympic athletes.
“Russian strategic culture focuses on war as political activity; for cyberpower to have a truly strategic effect, Russia believes that it must contribute directly to shaping political outcomes by altering the political perceptions of their opponents to better suit their interests,” James J. Wirtz, dean of the School of International Studies at the U.S. Naval Postgraduate School, wrote in the NATO report on Russia’s cyberwar in Ukraine.
Cold War Tradecraft
In 2014, cyberattacks linked to Russian hacking groups increased on U.S. government computer networks.
U.S. officials in Europe have also been the target of Russian cyberattacks.
In February 2014, a disparaging phone conversation between Geoffrey Pyatt, U.S. ambassador to Ukraine, and Victoria Nuland, U.S. assistant secretary of state for European and Eurasian Affairs, was uploaded to YouTube.
The U.S. government pinned the bugging of the phone conversation and its online release on Russia.
“I would say that since the video was first noted and tweeted out by the Russian government, I think it says something about Russia’s role,” former White House press secretary Jay Carney said at the time.
“Certainly we think this is a new low in Russian tradecraft,” Jen Psaki, the State Department’s press secretary at the time, said in response to the leaked phone call.
Russia’s cyberwar strategy draws on Soviet tradecraft. The USSR conducted clandestine operations around the world to extend Soviet influence and undermine the legitimacy of, and sow chaos within, Western democracies.
These tactics included leaking false information to foreign media outlets.
“The Soviets always tried to influence both friend and foe; the Russians are doing the same,” Steven Bucci, a visiting fellow at The Heritage Foundation who served for three decades as an Army Special Forces officer, told The Daily Signal in an earlier interview.
War, or Something Else?
The U.S. government currently has no clear definition for when a cyberattack crosses the threshold from a crime or an act of espionage to an act of war.
And, so far, Russian cyberattacks on NATO countries like Bulgaria, Estonia, Germany, Poland, and the U.S. have not spurred NATO’s invocation of Article V—the Western military alliance’s collective defense protocol.
The U.N. Charter is also ambiguous about when a cyberattack merits a kinetic military response.
“Skeptics rightly claim that in cyberwar, no one dies,” Kenneth Geers, ambassador of NATO’s cybersecurity center and a senior fellow at the Atlantic Council, told The Daily Signal. “But to some degree, our concept of national security must evolve with technology.”
In a 2011 White House report, the Department of Homeland Security listed 16 “Critical Infrastructure Sectors,” which, if destroyed, would have a “debilitating effect on security, national economic security, national public health or safety, or any combination thereof.”
The list comprised infrastructure assets like power grids, air traffic control systems, and dams. The country’s electoral process was not listed as a critical infrastructure sector to be protected from cyberattacks.
The Democratic and Republican national committees are nonprofit organizations, which are responsible for financing and organizing their own cybersecurity.
Geers argued, however, that the government has a responsibility to secure the DNC and RNC email servers because they have national security value.
“To some degree, our concept of national security must evolve with technology,” says @KennethGeers.
“In some way, the U.S. government will define these servers as ‘critical infrastructure’ and articulate some level of responsibility for protecting them,” Geers said. “The U.S. government is responsible for protecting our country and its citizens, and that certainly includes the security of our democracy, especially from foreign power manipulation.”
According to Bucci, the alleged Russian hacking of the DNC over the summer was espionage and falls well short of the threshold required to merit a military response.
“The U.S. government has never defined an act of war in cyber,” Bucci said. “This would not be close in anyone’s book. It’s not a crime either. It’s spying. The release of the purloined emails is for influence.”
The White House’s 2011 “International Strategy for Cyberspace” alluded to the use of military force to retaliate against a cyberattack.
According to the report: “When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners, and our interests. “
In testimony before the House Armed Services Committee on June 22, Thomas Atkin, acting assistant secretary of defense for homeland defense and global security, said the Pentagon has no clear-cut threshold for when a cyberattack becomes an act of war.
Cyberattacks could merit a military response if there was an “act of significant consequence,” Atkin told Congress.
“As regards an act of significant consequence, we don’t necessarily have a clear definition,” Atkin said. “But we evaluate it based on loss of life, physical property, economic impact, and our foreign policy.”
“Computer network operations, even when they are this daring, are closer to covert action than traditional warfare,” Geers said, referring to the alleged Russian hacking of the DNC.
“Only the president can decide” when a cyberattack becomes an act of war, Geers added.