Admiral Stavridis, former SACEUR (Supreme Allied Commander US European Command) and current Dean of the Fletcher School (International Affairs school at Tufts University), penned an article in Foreign Policy, here, entitled NATO Needs to Move Now on Crimea.
At the end, true to his multidisciplinary approach to most situations, he recommends cyber actions be considered:
Convening allies with cyber-capabilities (this is not a NATO specialty) to consider options — at a minimum to defend Ukraine if it is attacked in this domain (as Georgia was).
I do not know for a fact about any US Cyber Command plans or operations, but as a former plans chief, I know that many contingencies, once set into action, brush the dust off of plans which are often rehearsed in excruciating detail, and set into motion. Any plan executed by the US Cyber Command is going to be classified at least at the Top Secret Codeword level and the vast majority of the public will never hear a word of its effectiveness or even if it was executed. Certainly, years from now, we may heard about a plan number that was executed or even a codeword name, but probably never together.
What might they attack? The list itself would also be highly classified but let’s guess at a few of them, shall we?
We can prioritize some targeting. Communications at the strategic level. Intelligence networks. Communications on Command and Control networks. Air defense networks. Any operational networks. Logistical networks.
What would we do? Disrupt, deny, degrade, deceive, corrupt, usurp or destroy the information. The information, please don’t forget, is the ultimate objective of cyber. That will directly impact the decision-making process of the adversary’s leader who is the ultimate target.
How can this be done? Sometimes the most obvious target is not the answer. There are such things as direct attacks, indirect attacks, cascading effects, second, third and fourth orders of effects and so on. BUT we cannot forget about the Laws of Armed Conflict and we need to limit unintended consequences on non-military targets. We do not want to target hospitals in any way, religious objects such as a church or mosque. The target lists and taboo lists are done well in advance and are refined. In this case we are seeing thousands of extra soldiers, more vehicles and probably many new networks. This all has to be categorized and ranked. Then, when all this planning is done, the lawyers get involved. In my opinion, depending on the size and fit of the underwear they wore that day, the lawyers will confirm or deny targets, weapons and time schedules.
After all this is written and approved by the lawyers, then and only then will the commander be informed for a decision. Then politics gets involved and a decision has to be made depending on the possibility of exposure, how badly public opinion might result and if our leader has the… guts. NOT the word I want to use but it’s almost politically correct.
Bottom line, it’s good to see cyber options are being considered for use against Russia in Ukraine. It’s about time.