Once again, though, the origin of the leak remains unclear. The material could have been procured from a Russian whistle-blower or taken through a network breach. Leaked files — in contrast to hacked machines — rarely contain clues for attribution. Some of the most consequential computer network breaches may stay covert for years, even decades. Cyberwar is here, but we don’t always know who is launching the shots.
Second, cyberoperations in wartime are not as useful as bombs and missiles when it comes to inflicting the maximum amount of physical and psychological damage on the enemy. An explosive charge is more likely to create long-term harm than malicious software.
A similar logic applies to the coverage of hostilities and the psychological toll that media reporting can have on the public. There’s no bigger story than the violent effects of war: victims of missile attacks, families sheltering underground, residential buildings and bridges reduced to piles of smoking rubble. In comparison, the sensationalist appeal of cyberattacks is significantly lower. Largely invisible, they will struggle to break into the news cycle, their immediate effect greatly diminished.
We saw these dynamics play out in the Russian destructive malware “wiper” attacks of Feb. 23 and 24. Just hours before the invasion started, two cyberattacks hit Ukrainian targets: HermeticWizard, which affected several organizations, and IsaacWiper, which breached a Ukrainian government network. A third destructive malware attack was discovered on March 14, CaddyWiper, again targeting only some systems in a few unidentified Ukrainian organizations. It is unclear if these wiping attacks had any meaningful tactical effect against the victims, and the incidents never broke into the news cycle, especially when compared to the physical invasion of Ukraine by tanks and artillery.
Finally, without deeper integration within a broader military campaign, the tactical effects of cyberattacks remain rather limited. Thus far, we have no information on Russian computer network operators integrating and combining their efforts in direct support of traditional operations. Russia’s muted showing in the digital arena most likely reflects its subpar planning and performance on the ground and in the air. Close observers have been baffled by the Russian Army’s insufficient preparation and training, its lack of effective combined arms operations, its poor logistics and maintenance and its failure to properly encrypt communications.
Cyberwar has been playing a trick on us for decades — and especially in the past weeks. It keeps arriving for the first time, again and again, and simultaneously slipping away into the future. We’ve been stuck in a loop, doomed to repeat the same hackneyed debate, chasing sci-fi ghosts.
To harden our defenses, we must first recognize cyberoperations for what they have been, are and will be: an integral part of 21st-century statecraft. The United States has a unique competitive advantage through its vibrant tech and cybersecurity industry. No other country comes even close to matching the U.S. public-private partnership in attributing and countering adversarial intelligence operations. These collaborative efforts must continue.