Cyber

Cybercom chief warns against taking lessons too early from Russia-Ukraine conflict

As the Russia-Ukraine conflict has evolved, the U.S. should be careful of taking cyber lessons from the early days of the war, Gen. Timothy Haugh said.

By Mark Pomerleau

May 8, 2024

This photograph taken in Kyiv on February 26, 2024 shows a laptop screen with a webpage of the IT Army of Ukraine group of volunteer hackers. The IT Army of Ukraine first set up in the wake of Russia's devastating attack, and has since hugely grown in importance. It is one of a flurry of hacker groups that have flourished in wartime, countering Russia from behind their screens and operating in a legal grey area. (Photo by GENYA SAVILOV/AFP via Getty Images)

The Russia-Ukraine conflict over the past two-plus years has engendered myriad lessons for modern conflict. However, when it comes to drawing lessons about cyber operations in war, the U.S. must be careful to look at the conflict in totality and not focus too much on the early salvos in which cyber provided limited impact.

“We have to make sure that we don’t get anchored in the initial lessons from Russia-Ukraine. This has been an evolving conflict,” Gen. Timothy Haugh, commander of U.S. Cyber Command and director of the National Security Agency, said Wednesday at the AI expo hosted by the Special Competitive Studies Project.

Despite Russia’s perceived prowess in the digital domain as one of the most sophisticated cyber actors in the world, and the ongoing conflagration being dubbed by many outside observers as the first real and large-scale cyber war, these types of capabilities played a small role in the early days of the fighting.

Experts attribute this to multiple factors such as the defensive work Ukraine did ahead of the invasion to prep its networks against attacks — for which the U.S. military played a large role — and Russia’s overall poor military planning. Many stated that Russia assumed it would be able to march into Ukraine and take over the country with little resistance, prompting little to no integrated military planning, which has partially led to the war’s protracted nature.

As the conflict has dragged on, the U.S. must be paying attention to how Russia is using its digital capabilities.

“We now need to watch how the conflict has continued to evolve. Areas that I think we need to really understand is how Russia has evolved in using their cyber forces. I think it’s one we’re watching closely and in many ways want to ensure that we take away the right lessons of how they’ve applied their cyber forces as it’s evolved,” Haugh said. “I think what we will increasingly see is an understanding of how cyber has participated and given them increasing intelligence insights.”

Haugh told a House subcommittee panel last month that one of the other areas he’s watching closely is how Moscow is using its cyber forces from an intelligence aspect versus cyber effects. As Cybercom continues to monitor this, officials will work to inform their colleagues at U.S. European Command as well.

The conflict overall has prompted the U.S. to reevaluate some preconceived notions about cyber in hostilities, which have made their way into the Department of Defense’s updated cyber strategy that was released in September 2023.

“Cyber has an important role to play in conflict, it’s just not the role that I think we expected it to play at the outset of Russia-Ukraine. But we do expect cyber to play a significant role in a conflict, but it would not be a cyber by itself,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, told reporters last year. “One of the things that we have learned here is that the kinetic conflict is different than what we expected cyber to do on its own.”

The other main takeaway was that cyber must be integrated from the start, something Russia failed to do.

The 2023 DOD cyber strategy “draws on lessons learned from Russia’s 2022 further invasion of Ukraine, which has prompted a global reconsideration of the role of cyber in conventional conflict. These events reaffirmed that war-time cyberspace operations are best understood as a complement to conventional missions rather than as a decisive standalone capability,” Ashley Manning, acting assistant secretary of defense for cyber policy, wrote in congressional testimony in April.

“Russia’s cyber operations in the war in Ukraine are largely consistent with the strategic miscalculations we have observed with Russia’s kinetic forces. The Department does not consider this to be proof of the weakness of Russia’s cyber arsenal or a failure of cyber as a tool in warfare. Rather, we assess that it is a reflection of the challenges of integrating multi-domain operations and Ukraine’s resilience, which has been reinforced by strong support from the international community and private sector partners,” she added.

The U.S. military has sought to improve cyber planning and integration into operations over the last seven years. Traditionally, it had been bolted onto plans at the end, not integrated from the start. Around 2017, Cybercom created what are called Cyber Operations-Integrated Planning Elements, a cadre of experts from Cybercom that are embedded within the staff sections of each combatant command to provide insights into how cyber capabilities can be incorporated into their battle plans.

Haugh explained at Cybercom’s legal conference in April that those teams have grown over time, with the smallest having 35 cyber experts and others having upwards of 50.

“That allows us to integrate every single day with every combatant command across the globe and with U.S. Cyber Command being invested in their outcomes and being able to deliver cyber as part of how they campaign and how they think about integrated deterrence,” he said.