Recent reporting suggests that Russia has shifted its focus in Ukraine with respect to how it is conducting its offensive cyber activities.  Per another source, Russian cyber units have started to focus on targets tied to Ukrainian military objectives, trying to compromise devices used by Ukrainian soldiers; gaining access into command-and-control systems, and integral component for military operations; and even exploiting public webcams for the purpose of identifying intelligence of interest such as the location of Ukrainian military assets.  Two years since Russia’s 2022 invasion, Russia’s re-allocation of cyber operations marks a shift from attacking more strategic civilian targets like telecommunications and energy as it had at the onset of the conflict.  This change appears to reflect Moscow’s new priorities in the conflict, as it continues to reclaim Ukrainian territory, and may be an indication that cyber weapons haven’t been sufficiently realized to become reliable alternatives to conventional munitions during periods of war.

One commentary also believes Russia has altered its approach to exploit targets that could provide more direct battlefield advantages, and supporting its ground forces.  While Russia deployed a consistent barrage against Ukrainian critical infrastructure at the onset of the conflict, it achieved very little strategic advantage.  Ukraine may have been crippled but it didn’t fall.  Public morale may have been impacted, but it did not surrender.  Two years later, Moscow has calculated that it needed to reexamine how it was utilizing its cyber arsenal and sophisticated hacking capabilities to achieve the type of asymmetric advantage such competency has largely been believed to provide a cyber-savvy state. While the author of the commentary correctly pointed out that Russian cyber teams continue to attack critical infrastructure as reported by Ukrainian authorities, Moscow has clearly acknowledged that it cannot keep on doing the same thing over and over again and expect a different result.  To a large extent it’s not that the cyber operations haven’t been successful in gaining access to networks, and/or disrupting them; it’s that whatever goals that have been accomplished have not yielded the desired outcomes.  Time to change plans, at least a little bit.

Though Russia has not abandoned its cyber efforts against critical infrastructure, any deviation is a testament to the fact that cyber attacks against such targets are not necessarily easy to accomplish or will achieve the results that are expected.  There have always been speculation of what a cyber attack could deliver and the potential devastating consequences one could deliver against an important target.  But so far in Ukraine these have not materialized; or at least, not to the extent of what was intended or planned for.  Therefore, in the midst of a prolonged stalemate, some Russian cyber assets are looking to focus on activities that could provide operational gains for the Russian military.  What’s important is that these are not necessarily attacks that facilitate military maneuvers but are more reflective of a supporting role.  According to research by Mandiant, Russian APT 44 provided infrastructure and technical support to Russian military units to help steal data from Signal communications from captured Ukrainian devices. 

To be clear:  shifting tactics and strategies is not a groundbreaking concept.  Good intelligence operators must continually adapt and improvise to be surreptitious and successful.  Battlefields are often fluid, and even the best strategy is often subject to uncertainties that arise and influence circumstances.  To think that cyber attacks of all things must adhere to a set plan-of-execution is quite preposterous given how easy they can go awry. Adding to this complexity is military leaders are still trying to figure out what cyber’s natural role is in armed conflict, especially as attacks have not been the game changer as they had long been suspected.

But providing more support services to Russian ground forces and being able to have an immediate impact on battlefield operations could be the niche that cyber operations are best suited for.  As has been written, “uncertainty at the tactical and operational levels of war can increase strategic uncertainty.”  When one side is trying to influence an adversary to a desired outcome in his favor, any reduction in uncertainty and/or unpredictability would greatly augment chances of success.  Therefore, the more cyber operations can support tactical gains on the battlefield and claim operational advantage, the less chances that the unpredictability of adversarial courses of action will impact the outcome of an engagement or battle.  Four battlefield functions – kinetic, mobility, protection, and shock action – can be enhanced by cyber activities for operational effect.  While that might not resonate with the shock and awe of “shutting the lights off” in a city, those type of support activities may be the very leverage needed to achieve goals and realize strategic victory quicker.

The extent with which this new effort is successful and how it enhances Russian advantage remains to be seen.  What is evident is that Russia has not achieved what it is wanted with respect to conducting cyber attacks against Ukraine’s critical infrastructures.  Damage and disruption have been caused but little else with respect to getting Ukraine to do what Russia wants.  This new shift is more in line where cyber operations have been remarkable effective: stealing data, compromising devices, and surveilling targets.  Now applied in a military context, 

cyber watchers will be closely monitoring any new developments to ascertain the true effectiveness of cyber operations in conventional military conflict.  This is not to say that militaries shouldn’t use destructive or disruptive cyber attacks to their advantage; but until military leaders understand how to best incorporate them with conventional operations, they remain just another tool that some commanders will employ, and others will not, depending on their faith in their effectiveness.  

If Russia’s tactical shift has a measurable impact, then it will be blueprint for how other militaries will likely start integrating their own cyber capabilities.  The true power of may be as a complement that bolsters conventional military operations, suggesting that its most potent attribute is not as a first strike weapon, but as a true force multiplier on the battlefield.