Cyberwar Case Study: Georgia 2008
by David Hollis
Download The Full Article:Cyberwar Case Study: Georgia 2008
The Russian-Georgian War in August of 2008 represented a long history of geostrategic conflict between the two nations and was based on many complex factors: ¬geopolitical, legal, cultural, and economic. The 1992 South Ossetia War and the 1993 Abkhazian War resulted in the loss of the regions from Georgia to internationally unrecognized, pro-Russian local governments. Tensions had been building in the region for several years prior-to the initiation of conflict in August 2008. The war officially started on 7 August 2008 after several weeks of growing arguments over the future of the South Ossetian territory. Georgian troops initiated a military attack against South Ossetia and began a massive shelling of the town of Tskhinvali in response to alleged Russian provocation. Russia deployed additional combat troops to South Ossetia and retaliated with bombing raids into Georgian territory. Russia deployed naval forces to formally blockade Georgia and landed naval infantry (marines) on Abkhaz coast (near Georgia). The decisive ground combat operation of the campaign resulted in mechanized Russian military and Ossetian militia forces defeating the more lightly armed Georgian military forces in the only large-scale major ground combat of the war (battle for the town of Tskhinvali). Georgian tactical military defeat at the battle of Tskhinvali, operational defeat via Russian uncontested invasion of the western part of Georgia, unchallenged naval blockade of Georgia, and Georgian difficulty getting their media message out to the world, led to Georgia's strategic defeat in the war. The conflict forced approximately 25,000 Georgian residents to flee from ground combat as refugees into internal displacement. The two countries signed a ceasefire agreement a week later but tensions remain high to this day. Russia has failed to implement some of the terms of the ceasefire agreement, resulting in further loss of Georgian territory to Russian occupation.
As wars historically go, it wasn't very big, did not involve vast amounts of military forces, nor did it last long. One might argue that it was more of a typical battle or campaign framed in an on-going long term geopolitical cold war between the combatants, a cold war punctuated with occasional outbreaks of small to large scale violence. On the surface, it represents one of many cold wars (with periodic renewals of formal national-level military conflict) fought every day on the "near abroad" of the Russian periphery. A conflict which may not end for a very, very long time. But while much of that is true, a deeper analysis of the cyberspace domain operations conducted by both sides in this conflict indicate that image is illusory and incomplete. The Russian-Georgian war was quite historic and precedent setting for several reasons.
Download The Full Article:Cyberwar Case Study: Georgia 2008
David M. Hollis is a Senior Policy Analyst with the Office of the Undersecretary of Defense for Intelligence (OUSD(I)). He has spent a total of four years on the OSD staff with three as Cyberspace Security Division Chief for the ASD NII/DoD CIO's office prior to working at OUSD(I). He is also a drilling USAR officer with US Cyberspace Command (USCYBERCOM); currently the senior USAR officer responsible for 25 USAR personnel supporting a wide range of USCYBERCOM J-codes and projects, and was previously a Joint Plans Officer with the USCYBERCOM J5. He was with the Army's 1st Information Operations Command from 2000 to 2006 as Red Team Chief, S2/Director of the Army's CyberIntelligence Center, and Senior Operations Planner. He has previously published cyberwarfare articles in the Joint Forces Quarterly and Armed Forces Journal magazines.
Share this Post
About the Author(s)
David M. Hollis
David M. Hollis is a GG-15 Senior Policy Analyst/Planner with the Office of the Undersecretary of Defense for Intelligence’s (USD(I)) Cyberspace, Warfighter Integration, and Strategic Engagement Division (CWISE). Prior to this position, he was the Chief of the Cyberspace Security Division for the Office of the Assistant Secretary of Defense for Network & Information Integration /DoD Chief Information Officer (ASD NII/DoD CIO). Lieutenant Colonel David M.
What does cyberwar look like? In 2008, Georgia found out.
In most ways, the brief war between Russia and Georgia in August 2008 was a throwback to the mid-20th century. A border dispute, inflamed by propaganda and whipped-up ethnic tension, resulted in a murky case of who-shot-first, an armored blitzkrieg, airstrikes, a plea for peace by the defeated, signatures on a piece of paper, and the winner’s annexation of some territory. So far, so 1939. But one aspect of this little war was very much in the 21st century, namely Russia’s integration of offensive cyber operations into its overall political-military strategy. The August war was a preview of how military forces will use cyber operations in the future and what commanders and policymakers need to prepare for.
In a new piece for Small Wars Journal, David Hollis, a senior policy analyst with the Office of the Undersecretary of Defense for Intelligence and a reserve Army officer at U.S. Cyber Command, describes how the Russian government integrated cyber operations into its campaign plan against Georgia. Hollis notes that though the Russian offensive cyber operations in the Georgia war were obvious, they were masked through third parties and by routing the attacks through a wide variety of server connections, all standard practices of cyber operations. As a result, Georgian and other investigators cannot conclusively prove that the Russian government conducted these cyberattacks. Indeed, the Kremlin denies using cyberwarfare in the conflict, a somewhat odd thing to be embarrassed about while Russia’s tanks roamed around the Georgian countryside and its aircraft bombed Georgian targets.
According to Hollis, Russian offensive cyber operations began several weeks before the outbreak of the more familiar kinetic operations. Russian cyberintelligence units conducted reconnaissance on important sites and infiltrated Georgian military and government networks in search of data useful for the upcoming campaign. During this period, the Russian government also began organizing the work of Russian cybermilitias, irregular hackers outside the government that would support the campaign and also provide cover for some of the government’s operations. During this period the government and cybermilitias conducted rehearsals of attacks against Georgian targets.
When the kinetic battle broke out on Aug. 7, Russian government and irregular forces conducted distributed denial-of-service attacks on Georgian government and military sites. These attacks disrupted the transmission of information between military units and between offices in the Georgian government. Russian cyberforces attacked civilian sites near the action of kinetic operations with the goal of creating panic in the civilian population. Russian forces also attacked Georgian hacker forums in order to pre-empt a retaliatory response against Russian targets. Finally, the Russians demonstrated their ability to disrupt Georgian society with kinetic and cyber operations, yet refrained from attacking Georgia’s most important asset, the Baku-Ceyhan oil pipeline and associated infrastructure. By holding this target in reserve, the Russians gave Georgian policymakers an incentive to quickly end the war.
Faced by overwhelming Russian air power, armored attacks on several fronts, and an amphibious assault on its Black Sea coastline, Georgia had little capability of kinetic resistance. Its best hope lay with strategic communications, with transmitting to the world a sympathetic message of rough treatment at the hands of Russian military aggression. According to Hollis, Russia effectively used cyber operations to disrupt the Georgian government’s ability to assemble and transmit such a plea. Meanwhile, Russia’s own information operations filled in a narrative favorable to its side of the case, removing Georgia’s last hope for strategic advantage.
Hollis points out that the effectiveness of cyber operations, especially denial-of-service attacks, can be fleeting; in the recent duels between cyberattackers and defenders of WikiLeaks, both sides mostly fired blanks. But in August 2008, Russian planners tightly integrated cyber operations with their kinetic, diplomatic, and strategic communication operations and achieved cyber disruptions at the moments they needed those disruptions to occur. The Georgia episode provides a good case study for cyberwarriors preparing for the next such conflict.
Stuart Levey, Treasury’s sanctions supremo, didn’t get results. What now?
On Jan. 24, the Wall Street Journalreported that Stuart Levey, U.S. Treasry undersecretary for terrorism and financial intelligence, will leave his post in one month. David Cohen, Levey’s deputy with long experience in the Treasury Department, will very likely succeed Levey. For nearly seven years, Levey has labored to isolate the North Korean and Iranian governments from the international financial system. Levey used diplomacy, moral suasion, and his deep connections with the global banking system and in the process revolutionized the employment of financial sanctions as a tool of statecraft. Unfortunately, he will leave office having failed to achieve his goals, namely to obtain leverage sufficient to change the behavior of the North Korean and Iranian governments. His bosses will now have to decide what to try next.
Last week’s negotiation in Istanbul between Iran and the P5+1 group ended in quick failure, revealing that many years of increasingly restrictive sanctions against Iran have failed to produce effective negotiating leverage. And in spite of being the most commercially and financially isolated country in the world, it took North Korea only a year and half to build a large uranium enrichment facility, equipped with 2,000 centrifuges and advanced control systems.
Levey’s disappointing results do not mean that sanctions should not have been tried or that the U.S. government and its partners should not continue to tighten them. Western policymakers surely hope that sanctions will eventually produce effective negotiating leverage without inflicting deep pain on civilian populations. It is worth questioning whether such fine-tuning — effective leverage without civilian pain — is realistic. The civilian population in North Korea suffers more than any (something for which Kim Jong Il is responsible), without the achievement of much negotiating leverage. And if things became really uncomfortable for a targeted regime, it could play the "victim card" to fight back against sanctions, as Saddam Hussein did with increasing success before 2003.
If sanctions aren’t working, what then? Policymakers will inevitably look to their military and paramilitary assets to produce negotiating leverage. Military and intelligence staffs will be asked to prepare options involving the use of covert action, unconventional warfare, or the recruitment of proxy combatants. Political leaders generally first chose sanctions in order to avoid the privations of war. Next will be the hope that "small wars" will preclude a large one. In Iran, some entity has employed covert action — the Stuxnet computer worm and the assassination of two nuclear scientists — in an attempt to slow down Iran’s nuclear program. How many other realistic "small war" options exist against Iran and North Korea remains a mystery.
When civilian masters have concluded that sanctions aren’t working, they will put pressure on their military planners to come up with some practical "small war" options. If the Treasury’s leverage isn’t enough, the Pentagon’s planners will likely be asked to produce more. These planners need to be careful that their plans produce more leverage instead of more trouble.
Tags: Default, Free, Small Wars, Web Exclusive
More from Foreign Policy