Assessing Russian Cyber and Information Warfare in Ukraine: Expectations, Realities, and Lessons

Judging by noteworthy headlines and expert analyses, one might be forgiven for some measure of confusion about the cyber domain's role in the first year and a half of Russia's full-scale war with Ukraine. These discussions have run the gamut. The war's cyber dimension has been called a "game changer" and a "turning point for cyberwarfare" that has "transformed the cyber threat landscape." Russian efforts have been referred to as "relentless and destructive," of "unprecedented magnitude," "strategic and deliberative," "aggressive and multi-pronged," the "most sustained and intrusive cyber-campaign on record," amounting to "full-on, full-scale cyberwar," even the "world's first full-scale cyberwar." Technical reports have pointed to skyrocketing numbers of cyberattacks, both prior to and during the conflict, both on Ukraine and its allies. Ukraine's government has appealed to The Hague to prosecute Russian cyberattacks as war crimes. Nonetheless, many experts have also described Russian cyberattacks as surprisingly ineffective, as having "fallen flat." They have characterized Russia as "losing the information war," and they have debated reasons for the apparent absence of "cyber shock and awe," referring to cyber as the "dog that didn't bark."

This striking lack of a clear consensus over how to interpret the role of cyberspace in Russia's war with Ukraine stems at least in part from the magnitude of early expectations. Russia is one of the US's foremost competitors in cyberspace, and it has long demonstrated its willingness to bring its cyber power to bear in efforts to gain desired strategic outcomes, particularly in its "near abroad," and nowhere more than in Ukraine. For this reason, as intelligence and the gathering of Russian troops on the Ukrainian border in early 2022 drew international attention to the imminent threat of a Russian invasion of its militarily weaker neighbor, many also predicted a particularly catastrophic cyber onslaught—whether in substitute or preparation for, or as a complement to a full-scale invasion. Yet since its invasion of Ukraine, Russia has not leveraged these capabilities to secure as great a battlefield advantage as many expected. Early reports of their outside-theater subthreshold uses to undermine international support for Ukraine have likewise suggested more limited effect in key theaters than featured in the direst predictions. Perhaps most remarkably, more than a year and a half into the fighting, there is still no clear consensus within and across expert communities as to how the accruing evidence should be assessed.

This article examines Russian use of cyber and information capabilities to influence the course of the Ukraine war by analyzing prior expectations, public knowledge of wartime realities, potential reasons for disparity between the two, and the distinct and sometimes contradictory takeaways that have been drawn to date within the analytical community. What lessons can be learned from the early phase of the Ukraine war concerning Russia's capabilities, strategy, and approach in cyberspace? To what extent do these lessons point to broader possible conclusions about the role of cyber and information operations during direct military conflict? Furthermore, what explains the dramatically different early responses to these significant questions? How can the strategic community make sense of this debate and arrive at usable lessons? Although the lack of consensus among experts this far into the conflict demonstrates the challenges of drawing conclusions with incomplete and early evidence, we suggest that significant preliminary lessons can be drawn by looking at both sides of the debate—understanding the bases of disagreement and elements of validity to each set of claims.

The remainder of the article is divided into four sections. The first section, "Russia's Approach to Cyberspace," lays out what has been considered unique about Russia's approach to the domain and how its capabilities and strategy have weighed upon US and Western cyber threat perceptions. This threat includes Russia's significant technical cyber capabilities and demonstrated willingness to use these in targeting critical infrastructure. It also includes unique and surprising uses of cyber-enabled information operations—including the strategic spread of mis- and dis-information—in ways thought to demonstrate democratic vulnerabilities. This discussion specifically addresses how Ukraine has long been a test bed for using various combinations of these tools for apparent political and strategic objectives.

Following this prior understanding of Russia's capacities and strategy, the second section, "Wartime Expectations and Realities," examines expectations that existed concerning Russia's potential use of its array of cyber capabilities in relation to the war in Ukraine and the extent to which these expectations have been met. This includes both expectations about how such capabilities could be used surrounding military invasion and escalation and also about how they might contribute to ongoing war efforts. We then compare that baseline to what is known of Russia's uses of these capabilities during the war. Although some mismatch with prior predictions is obvious, it also is clear that the domain has played an active and ongoing role in the conflict.

In the third section, "What Happened? A Bark, but Not a Bite," we assess the disparity between predictions and outcomes, examining possible reasons why Russia's cyber operations during the war have not proven as effective as some predictions would have suggested. This analysis also provides some clarity as to how different parts of the expert community have rendered such distinct initial findings. We examine prominent arguments that have been promulgated in the outside analytical expert community, both to explain Russia's underwhelming cyber performance and reasons why the domain overall has proven less critical than imagined to above-threshold warfighting. Although frequently framed as diametrically opposed to the dramatic assessments of Russia's extensive cyber activities produced by technical and operational experts—often from government, military, or the private sector—most of these arguments focus on assessing strategic effect rather than activity levels, leaving room for mutual compatibility of claims as well as significant misunderstanding.

The concluding section, "Strategic Adaptation and the Wartime Cyber Debate," draws preliminary conclusions about possible lessons that can be learned at this stage of the war—both specifically about Russia's cyber capabilities and strategy and, more theoretically, about how cyber and information operations contribute to the course of armed conflict. Despite disagreements on exact strategic merit and effect, Russian use of the cyber domain during the conflict has been extensive. Ukraine has also clearly mounted a tremendous cyber defense, supported by a wide coalition of governmental and private sector partners. However, many questions still exist. We particularly consider the possible takeaways about the influence of Russian cyber activities on escalation dynamics and partnership cohesion and what we can and cannot say based on currently available information. We also suggest that the ongoing lack of consensus concerning the extent and role of cyber conflict in the current war might be indicative of deeper challenges to strategically relevant wartime learning and adaptation in the cyber domain. This will be of ongoing significance in continuing to counter the Russian threat and support Ukraine in the next stage of the war.