Once again, however, the origin of the leak is unclear. The content could have been obtained from an actual Russian whistle-blower, or could have been taken through a network breach. Leaked files—unlike hacked machines—are only rarely a clue to attribution. Some of the most consequential computer network breaches can remain secret for years, even decades. Cyberwar is here, but we don’t always know who’s launching the shot.
Second, cyber operations are not as useful as bombs and missiles in times of war when it comes to inflicting maximum physical and psychological damage on the enemy. An explosive charge is more likely to cause long-term damage than malicious software.
A similar argument applies to coverage of hostility and the psychological toll that media reporting can have on the public. There is no greater story than the violent effects of war: victims of missile attacks, families sheltered underground, residential buildings and bridges reduced to piles of smoking rubble. In comparison, the sensational appeal of cyberattacks is quite low. Largely invisible, they would struggle to break into the news cycle, with little to no immediate impact.
We saw these dynamics in the Russian destructive malware “Viper” attacks of February 23 and 24. Hours before the attack began, two separate cyberattacks hit Ukrainian targets: Hermetic Wizard, which affected several organizations, and IsaacViper, which breached Ukrainian government networks. On 14 March a third devastating malware attack was discovered, CaddyWiper, again targeting only a few systems in a small number of unknown Ukrainian organizations. It is not clear whether these wiping attacks had any meaningful tactical effect against the victims, and the events never broke into the news cycle, especially when compared to the physical invasion of Ukraine by tanks and artillery.
Finally, without deeper integration within a broader military operation, the strategic effects of a cyberattack remain limited. Thus far we have no information on how Russian computer network operators integrate and combine their efforts in direct support of traditional operations. Russia’s silent performance in the digital realm most likely reflects its subpar planning and performance on the ground and in the air. Close observers are baffled by the Russian military’s inadequate preparation and training, its lack of effective combined arms operations, its poor logistics and maintenance, and its failure to properly encrypt communications.
Cyberwar has been playing a trick on us for decades, and especially in the last weeks. It keeps on coming again and again for the first time, as well as slipping into the future. We’re stuck in a loop, doomed to repeat the same hackneyed debate, chasing sci-fi ghosts.
To strengthen our security, we must first recognize cyber operations for what they have been, are and will be: an integral part of the 21st century state craft. The United States has a unique competitive advantage through its vibrant technology and cyber security industry. No other country even comes close to matching US public-private partnerships in attributing and countering counterintelligence operations. These collaborative efforts must continue.