At a more strategic level, the Russo-Ukrainian conflict has also featured a number of troubling attacks. The first came on Ukraine’s electrical power grid infrastructure in December 2015, when 30 substations in the Ivano-Frankivsk oblast were shut down as hackers took over their highly automated system control and data acquisition (SCADA) equipment. Nearly a quarter of a million Ukrainians were affected by this hack, which has been attributed to “Sandworm,” a Russian army cyber-warrior unit. These same hackers are believed to have masterminded the extensive cyber attacks on Ukrainian finance, government, and (once again) power companies in June 2017.
Ostensibly, this latter operation aimed at freezing data, whose unlocking was then held for ransom. But the attacks, which did some collateral damage in other countries, were more likely intended simply to impose costly disruptions – and perhaps to serve as launching pads for covert insertions of malicious software designed to act as virtual “sleeper cells,” waiting for their activation at some later date. Overall, the costs inflicted by these 2017 attacks exceeded $10 billion, according to the estimate of Tom Bossert, then a senior Trump Administration cybersecurity official.16 These uses of cyberwar as a means of “strategic attack” are highly concerning, especially the demonstration that SCADA systems – in wide and increasing use throughout the world – are vulnerable to being taken over.
Russian cyber operations in Georgia and Ukraine should be seen as among the first “capability tests” that have provided glimpses of what future cyberwars may look like. Just as the Spanish Civil War (1936–9) foreshadowed the kinds of actions – from tank maneuvers in the field to the aerial bombardment of cities – that were to characterize much of the fighting in World War II under the rubric of Blitzkrieg,17 so too have recent Russian uses of the various modes of cyberwar in Georgia and Ukraine provided a glimpse of the next “face of battle”: Bitskrieg.
And, just as fascist forces in Spain – including tens of thousands of German and Italian volunteers – demonstrated the synergy of armored and aerial operations brought into close coordination by radio, today Russian “volunteers” in Donetsk are proving that integrated cyber and physical operations have profound effects. Another goal of the Blitzkrieg doctrine as practiced by the Germans early in World War II was “to disrupt [the enemy’s] lines of communication.”18 The importance of gaining an information edge by disabling the opponent’s command systems was a central thesis of Heinz Guderian, a pioneer of Blitzkrieg. No surprise that he began his career as a signals officer, nor that he played a major role in the swift victory over France in 1940, which, as Karl-Heinz Frieser has observed, “caused outdated doctrines to collapse; the nature of war was revolutionized.”19 Bitskrieg, too, will likely one day cause the collapse of outdated doctrines.
Bitskrieg is also similar to its World War II-era predecessor in terms of its emphasis on, and capability for, waging political warfare. For another element of Blitzkrieg doctrine was the employment of propaganda and subversion to prepare for invasion by field forces. This practice, too, had origins in Spain’s Civil War, as fascist General Emilio Mola, whose troops were closing in on Madrid from four directions, said that his advance was aided by a covert, subversive “fifth column.”
The early German annexations of Austria and Czechoslovakia benefited tremendously from such fifth-columnist actions, as was also the case in the 1940 invasion of Norway – a daring operation whose success, in part, was due to the activities of Vidkun Quisling and other Nazi collaborators. Their effects were so substantial that, as William L. Shirer noted, the capital Oslo “fell to little more than a phantom German force dropped from the air at the local, undefended airport.” And at strategically important Narvik, the initial defending force “surrendered to the Germans without firing a shot.”20 An Anglo-French force landed at Narvik later – too late, despite much hard fighting, to overturn the final result of this campaign.
In our time, we have the example of a “virtual fifth column” employed to great effect by the Russians, disrupting the Ukrainian ability to resist aggression in, and annexation of, the Crimea. At the same time, a parallel fifth column was used to spread propaganda justifying this invasion to the wider world. This approach, which included a “people’s plebiscite” – a tactic employed by the Nazis – helped to ensure that the Russian take-over would be bloodless, allowed to consolidate with neither effective internal resistance by the Ukrainian government nor international military counter-intervention. In this instance, the Russian fait accompli froze the principal Western guarantors of Ukrainian territorial integrity – per the terms of the 1994 Budapest Memorandum on Security Assurances: Britain, the United States, and France – into almost complete inaction.
But cyber-based political warfare can do far more than just provide support for invasions; it can also be used, as the Russians have done, to foment unrest and chaos in the United States and other open societies that are inherently vulnerable to the dissemination of lies cloaked as truth. Yet political warfare is not only suited to undermining democracies; it can also attack authoritarian and totalitarian rulers. In the 1980s, for example, prior to when the Internet began its rapid growth, President Ronald Reagan pursued an information strategy via radio and direct-broadcast satellite that put pressure on the Soviet Union and its control of Eastern Europe. Indeed, the argument has been advanced that his initiative played a significant role in the peaceful end of the Cold War and dissolution of the Soviet Union.21 Today, cyberspace-based connectivity provides even greater opportunities for striking at dictators. Social media links billions of people, a significant slice of whom live under controlling regimes. Authoritarians are aware of this, and mount efforts to monitor – sometimes to close down – access to such media. They may succeed – for a while. But advancing technology continues a major trend toward broader, easier connectivity, making it ever harder to control access. If past is prologue, even the harshest control efforts will ultimately fail. During the Second World War, John Steinbeck’s The Moon is Down, a novel of resistance, made its way in bootleg translations to virtually every occupied country, inspiring opposition to Nazi rule.22 Information diffusion today is much easier; its effects are likely to be at least as powerful and widespread. Probably much more so, for the classic theme of active resistance resonates in and from the virtual realm in ways that mobilize “the real world” – evinced in recent decades by the “color revolutions” and the Arab Spring.
Back in World War II, physical resistance featured widely varied acts of sabotage against the Nazis’ transport, communications, and arms manufacturing infrastructures – despite often quite terrible reprisals being inflicted upon innocent civilians. Perhaps the most important of the sabotage campaigns was that mounted by Norwegian resistance fighters who prevented shipping of heavy-water supplies – essential to the Nazi nuclear program – from Norway to Germany. One of the key leaders of the Nazi effort to build an atomic bomb, the physicist Kurt Diebner, confirmed that “It was the elimination of German heavy-water production in Norway that was the main factor in our failure to achieve a self-sustaining atomic reactor before the war ended.”23 Inspiring messages, conjuring visions like the one crafted in Steinbeck’s The Moon Is Down, provided informational support that helped to catalyze and sustain such heroic acts of resistance. This was despite the strict controls the Nazis imposed on communications.
Today, it is very difficult to prevent information flows, in a sustained and leakproof way, from reaching mass publics. And the same technologies that allow for “information blockades” to be evaded offer up many opportunities for engaging in active resistance as well. Thus, sabotage using explosives – still quite an available option – can now be augmented by acts of virtual disruption in the form of what I call “cybotage.” Beyond the usual denial-of-service attacks, the worms, and varieties of malicious software designed to disrupt information flows and functions, or to corrupt databases, it is also increasingly possible to employ bits and bytes that cause physical damage to important equipment. The watershed example of this kind of cybotage was the Stuxnet worm that attacked the system running Iranian centrifuges, forcing them to spin themselves