Unpacking Russia’s cyber nesting doll
When the Russian government launched its full-scale invasion of Ukraine on February 24, 2022, many Western observers braced for digital impact—expecting Russian military and security forces to unleash all-out cyberattacks on Ukraine. Weeks before Moscow’s full-scale war began, Politico wrote that the “Russian invasion of Ukraine could redefine cyber warfare.” The US Cybersecurity and Infrastructure Security Agency (CISA) worried that past Russian malware deployments, such as NotPetya and WannaCry, could find themselves mirrored in new wartime operations—where the impacts would spill quickly and globally across companies and infrastructure. Many other headlines and stories asked questions about how, exactly, Russia would use cyber operations in modern warfare to wreak havoc on Ukraine. Some of these questions were fair, others clearly leaned into the hype, and all were circulated online, in the press, and in the DC policy bubble ahead of that fateful February 24 invasion.
As the Putin regime’s illegal war unfolded, however, it quickly belied these hypotheses and collapsed many Western assumptions about Russia’s cyber power. Russia didn’t deliver the expected cyber “kill strike” (instantly plummeting Ukraine into darkness). Ukrainian and NATO defenses (insofar as NATO has spent considerable time and energy to support Ukraine on cyber defense over the years) were sufficient to (mainly) withstand the most disruptive Russian cyber operations, compared at least to pre-February 2022 expectations. And Moscow showed serious incompetencies in coordinating cyber activities with battlefield kinetic operations.
Read more at Atlantic Council