Cyberattacks don’t win wars

By Doron Tamir

As Russia’s war on Ukraine enters a new phase, Western countries are on heightened alert for Russian state-sponsored hacking attacks. Yet, while Moscow is capable of unleashing considerable disruption and damage through the cybersphere against Ukraine and its Western adversaries, there is no evidence to suggest that current cyber capabilities, as possessed by any state, can win wars.

Russia has developed its cyber capabilities over decades, using its large concentration of high-quality mathematicians and physicists. It only takes 20 to 30 top-level cyber attackers to build up advanced, persistent cyberattack capabilities. Russia has a tradition of doing this well — as well as it excels in the related fields of signals intelligence, encryption, and electronic intelligence.

The Russian private cyber sector is also well known around the world. The cyber capabilities of the Russian military feature one of the most advanced technological arrays of its kind. The Ukrainians are also good at cyberwarfare, due to their access to high-quality, advanced personnel, who have been “leased” by companies all over the world in recent years.

And yet, despite the above, the war in Ukraine has made clear a simple fact: Cyberwarfare won’t decide the conflict. Russia’s less-than-sweeping achievements on this front may have helped encourage it to rely increasingly on devastating conventional firepower.

It is important to address what cyber domain activities can do during a war. During Russia’s 2008 war with Georgia, the Russians disrupted their adversary’s ability to function by attacking communications systems. These systems can be blocked, but when an attacker does this, they are also blocking their own intelligence units’ ability to eavesdrop on the enemy, which can no longer communicate.

This represents a fixed dilemma when it comes to cyberattacks on communications systems. It is usually resolved by finding a balance — through the right “dosage” between cyberattacks and eavesdropping — to avoid harming the interests of those initiating the attack.

Other targets for cyberwarfare during conflicts are a state’s critical infrastructure, such as electricity networks and other sensitive core systems. Harming these targets disrupts the enemy’s ability to function and supply itself.

Transport forms another attractive target in the cyber domain. The long Russian military convoys traveling great distances in Ukraine could form a cyber target, particularly when it comes to vehicles built in the past 20 years, which have many computers onboard. Modern vehicles come with 30 to 40 computers onboard, making them highly vulnerable to cyber disruption, which in turn can significantly damage an adversary.

During wartime, states are more likely to activate state-level attacks, which require deeper technological, analytical and research capabilities than those possessed by ordinary groups of hackers. And yet the conflict in Europe demonstrates that the ability of militaries to conduct ground maneuvers remains the most influential factor in deciding the outcome of wars. Cyberattacks can disrupt and harm, but alone, they cannot win, much like an air force cannot win a war by itself, although it can play a significant role. Ultimately, even in 2022, boots on the ground are what decides armed conflicts.

There is a substantial difference between pulling a trigger and pushing “Enter.” Without the trigger, concepts of battlefield victory remain disconnected from reality. The Ukraine war has taught us that wars for territory are not a thing of the past.

One of the key lessons from the Russian invasion of Ukraine for other militaries is to not abandon land-maneuvering capabilities in favor of investing too much in technology. Both abilities are needed, but not at the expense of one or the other.

The fact of the matter is that until today, we have not seen dramatic, historic, game-changing use of cyberwarfare. No cyberattacks have sparked comparisons with the 1917 deployment of tanks by the British Army at the Battle of the Somme in World War I, or the appearance of fighter jets in 20th century combat decades later.

Rather, the cybersphere has become an additional domain together with another new domain: space. These have joined the three traditional domains of land, air and sea. Each domain requires intelligent use of tool kits, and a suitable command structure, to prove effective.

Just as there are no easy wars, there is no easy cyberattack solution that shuts down an enemy overnight.

When it comes to the West, heightened alert and readiness are certainly necessary at this time. Russian cyberattacks can target banks, hospitals and other key civilian infrastructures. But simple, basic preventative actions can solve some 70% of these problems. Basic steps, like changing passwords and software, can create real hurdles for attackers. This is particularly true if a large number of defenders change their passwords and software at the same time.

Another key lesson rapidly emerging from the war in Europe is the centrality of the cognitive struggle — or as it is more commonly known, psychological warfare. Such campaigns have very significant value in war and are easier than ever to conduct today in the digital age of social media networks.

As a result, many units from Russia and Ukraine are engaged in this struggle. It is a parallel effort to the cyber campaigns currently raging, and its significance on the battlefield, the motivation of soldiers and the understanding of each side of the general picture should not be underestimated.


Brigadier General Doron Tamir General Doron Tamir had a distinguished military career spanning over 2 decades in the Intelligence Corps and Special forces - as the Chief Intelligence Officer in the Israeli military, where he commanded numerous military units in all aspects of the intelligence field, from signal, visual, and human intelligence, through technology and cyber, to combat and special operations. Read full bio here.