Wavell Room
Image default
Concepts and Doctrine Cyber / Information Land

The war for control of the net in Ukraine

Experimental Feature: Audio Read Version

The war in Ukraine is the first in history in which an aggressor has attempted to take control of the digital infrastructure network of seized territory and thereby control two indispensable aspects of modern life: the internet and mobile communications.1  This article offers an overview of the first six months of this war for the control of digital networks.  The campaign has largely been focused in southern Ukraine: Kherson and Zhaporizhzhia regions.  The Donbass, which the invasion was supposed to ‘liberate’, has become a depopulated and uninhabitable wasteland. Less than one third of the pre-war population remains in the separatist areas2; in government areas roughly four fifths have fled. A region the size of small European country is without reliable supply of water, gas or electricity.  Survival has overtaken other considerations. 

What was the Russian plan?

Despite Russian denials, acquired documentation and the subsequent behaviour of occupying authorities3 shows Russian forces entered Ukraine with the intention to occupy at least Southern Ukraine and the Donbass, and probably also the Dnipro left bank (Kharkiv, Sumy, Poltova and Dnipropetrovsk Oblasts).  In the mental landscape of nationalist Russians these are the ‘Russian historical lands’ that made up Novorossiya (‘New Russia’), although there is little agreement on the boundaries of this mythologised territory.  Before the expansion of Muscovite Russia in the 18th century, these lands were ruled by the Polish-Lithuanian Commonwealth and further south governed by Tatars under Ottoman suzerainty. A 1648 map drawn by a French cartographer records this steppe region as Camporum Desertorum vulgo Ukraina, or ‘wild fields commonly known as Ukraina’ – contradicting President Putin’s commonly stated view that ‘Ukraine’ was an invention of the Bolsheviks.

The model for the ‘special military operation’ was the crushing of the 1968 Prague Spring laced with some ‘shock and awe’ borrowed from the 2003 Operation Iraqi Freedom. If Washington could overrun a large country in a matter of two weeks, and topple a government, well why not Moscow? However, Ukraine in 2022 was not helpless Czechoslovakia overwhelmed by Warsaw Pact forces, and Russia’s armed forces boast neither the competence nor technology to copy American operations – as the Russian president has discovered to his great cost.

Czechoslovaks carry their national flag past a burning tank in Prague. Photo from “CIA Analysis of the Warsaw Pact Forces: The Importance of Clandestine Reporting”

The Russian ‘Plan of Action for the establishment of a control system over the economic and political processes in Ukraine’ was comprehensive.  It included detailed provisions for taking control of the banking system, transport, energy, trade, logistics, industrial agriculture, the ‘social sphere’, foreign trade, the ‘fiscal sphere’, ‘political and legal support’, and property relations.  However President Putin has couched the ‘special military operation’ – or its goals, which have shifted as the war has unravelled – this was a naked attempt to conquer and dismember a European country in the 21st Century – an act most opinion, including Russian opinion, would have judged inconceivable. Nobody on the evening of 23 February had prepared their piece for the Moscow morning editions. The shock was profound.

The authorship of the ‘Plan of Action’ is not known but its historical lineage is unmistakable stretching back through the KGB, NKVD, the Cheka, and ‘3rd Department’ of the late Romanov dynasty. The likelihood is that it was collaboration between the FSB, GRU and Interior Ministry, the latter two rivals. 

In a digital world, self-evidently, all aspects of the ‘Plan of Action’ demanded some measure of control over the internet and mobile communications.  In any circumstances this would have been a huge undertaking.  That it was based on a wholly unrealistic assumption – gross self-deception – that Ukrainians would collaborate or at least cooperate in a neutral way, compounded Russian woes.  However, what is striking about the ‘Plan of Action’ is that it does not include a specific section on control of digital networks and mobile communications.  It was as if Ukraine was viewed through a Soviet lens and as locus with factories, farms, power plants, railways, an education system (that had to be ‘de-Nazified’), but not as a modern country in a digital age.  When the Russian occupation authorities – overwhelmed by humanitarian catastrophes of their own making – finally did start addressing control of digital networks they typically focused on television channels (as in Russia; controlling the internet has proved far harder).  But blocking Ukrainian television channels in Melitopol, for example, and substituting with Russian channels, simply encouraged partisans to blow up the television broadcaster.  Such was the poor start to the Russian campaign; but how did the Ukrainian side fare?

Star Wars

Two days after the Russian invasion of Ukraine, Ukraine’s Vice Prime Minister and Minister of Digital Transformation Mykhailo Fedorov tweeted a plea to American billionaire and SpaceX founder Elon Musk. ‘We ask you to provide Ukraine with Starlink stations…’ it read. The system he was referring to – Starlink – is the world’s largest constellation of advanced communications satellites operating in a low earth orbit.  Subscription connects the user to a high-speed, low-latency broadband internet system.

Musk replied the same afternoon: ‘Starlink service is now active in Ukraine.’ In less than 280 characters he collapsed a regulatory process that can take months or years.  Forty-eight hours later the first terminals had arrived in Ukraine.  A digital lifeline arrived.  The ramifications were huge, not least the Kremlin now had no hope of digitally severing Ukrainians from the outside world or monopolising information.  Head of Roscosmos and Kremlin-loyalist Dmitry Rogozin fumed Starlink was yet another example of ‘the West we should never trust.’

What has Star Link provided?  The short answer is the full range of services a subscriber might expect, from the Zoom calls made by President Zelensky to the transmission of drone imagery for artillery targeting.  By the end of July, 12,000 terminals had been provided (United States Agency for International Development (USAID) supplied 5,000).  Rescuers, firefighters, ambulance crews and volunteers have depended on the service.  On 24 August, subscription costs were reduced from $100 to $60 per month.

A StarLink system. Credit unknown.

Elon Musk’s alacrity aside, Ukraine enjoyed important advantages anyway when Russia invaded.  The first was precisely the Ministry of Digital Transformation and competent leadership provided by the youthful Mykhailo Fedorov – a ‘geek’ in the best sense and not a government functionary without technological understanding.  One example suffices.  Under the auspices of the Ministry the chatbot eVorog was launched.  This has allowed contributors to report Russian troops and equipment. In the first four months, 326,000 reports were received.  ‘All information is automatically placed on the map,’ Fedorov explained, ’into which systems of automated combat and situational awareness…are integrated.’ eVorog has effectively created a digital army of reconnaissance troops behind enemy lines, also a first in the history of warfare.  This is currently proving invaluable in support of the HIMARS strikes against bridges, ammunition storage sites, and command posts.

The second advantage was described by The Economist in ‘Ukraine’s internet connectivity: The degrading treatment of Ukraine’s internet’, an article published in the first month of the war.  ‘For one thing,’ the journal explained ,’Ukraine boasts an unusually large number of internet-service providers—by one reckoning the country has the world’s fourth-least-concentrated internet market. This means the network has few choke points, so is hard to disable.’  This resilience was described in more technical detail by Emile Aben in an article for RIPE Labs. In Aben’s words:

‘There are no dominant players in the market, so if an individual network goes down,   this has a relatively small effect on the whole network. It is also relevant to note that, for the most part, the networks with significant amounts  of users are Ukrainian companies. For the Russian regime to shut down Ukrainian      networks, they would have to force these Ukrainian companies to do so. This is different from situations where a government shuts down the Internet in the country it governs, as we saw in Egypt in the Arab Spring. In that case, the Egyptian government ordered Egyptian networks to shut down the Internet and the networks complied.’

Additionally, Ukraine has many Internet Exchange Points (IXPs) so there are many options between networks. No IXP is dominant.  The same resilience is evident in the physical infrastructure (routers, transport mediums (fibre mostly), and power). Ukraine boasts diverse fibre paths from multiple organisations providing services over these fibres. Damage is quickly addressed by engineers ‘doing incredible work to carry out repairs under profoundly difficult circumstances.’ Outages occur but are speedily resolved.  Mariupol remains the only example of a total and irreparable collapse of the internet reflecting the near total destruction and collapse of the city. Today, sewage runs through the streets and there were food riots recently.

The same story unfolded with mobile communications. When Russia invaded more than 90% of Ukrainians had 4G coverage. During the first weeks of the war, hundreds of base stations were damaged, mostly deliberately.  Transformer substations were also damaged or destroyed. This wanton destruction, incidentally, was another example of Russian haplessness and lack of coordination.  The FSB prepared information campaigns it was unable to roll out because the army was destroying the very infrastructure it had intended to use.

In response, in early March, national roaming was launched by the joint efforts of mobile operators. If the network of one operator in a settlement stopped working, subscribers could connect to the network of the active operator.  In normal circumstances this network reconfiguration would take several months. Kyivstar, Vodafone and Lifecell, among others, took a week and a half to reconfigure and test the systems.  Combined with the increasing coverage provided by Star Link, these measures have kept Ukrainians talking.

How Russian occupation forces attempt to control the internet

At a most basic level, Russian occupation forces have attempted to control digital communication by confiscating (stealing) Ukrainian smartphones and mobile phones in the scores of checkpoints civilians must navigate to travel anywhere in occupied areas. (Thieving of computer hardware and fibre-optic cables has also been widespread generally).

The same forceful coercion has been used in other measures. A few weeks after the capture of Kherson, Russian soldiers stormed the office of a local internet provider and ordered the company’s employees to surrender control of the network.  Owner Maksym Smelyanets related: ‘They came, put a machine gun to his head and simply said: ‘Do this.’ And that’s how they did it step by step with each company.’ They then redirected data from mobile and internet networks in Kherson to Russian networks; blocked access to social media such as Facebook, Instagram and Twitter, as well as to Ukrainian news sites or other independent sources of information; and finally cut access to the networks of Ukrainian mobile operators by forcing Kherson residents to use the services of Russian companies.  To obtain a (Russian) SIM card, citizens must present a passport, thereby identifying and linking themselves to a mobile phone.

The New York Times reported Russian control over the internet in Ukraine has been possible due to infrastructure built following the annexation of Crimea. This involved Russia’s state telecommunications company laying a cable across the seabed in the Kerch Strait. On 30 May, traffic from Kherson companies Skynet4 and Status Telecom suddenly disappeared. The connection was restored, but now re-routed through a Russian state company in Crimea (Miranda Media that connects to Russian national telecom provider Rostelecom).  Head of data analysis David Belson, at internet monitoring firm Cloudfare, has written with technical insight on the subject.

Russian tactics can be bypassed with Virtual Private Networks (VPNs) (which have soared in Russia: before the invasion, daily downloads of popular VPNs numbered around 15,000, post the invasion they jumped to 475,000).  The Ukrainian government has been encouraging citizens to connect to VPNs, and international media companies like the BBC have published guides on how to follow independent news despite Russian censorship. The scale of internet control attempted has slowed Russian efforts: across southern Ukraine there are as many as 1,200 ISPs.5 Each must be blocked or coerced to fully control the internet.  Russian corruption and incompetence has played in favour of Ukrainians. The Russian Telegram channel, ironically, has also served to access information. Even so, what is unfolding in southern Ukraine in terms of censorship and repression surpasses anything witnessed before, including the two-year Nazi occupation.  Like the latter only expulsion of the invader will end the nightmare.

Cover photo, a Russian attack onto communications infrastructure, March 2022. Credit: Ukrainian Interior Ministry.

Sergio Miller

Sergio Miller is a retired British Army Intelligence Corps officer.  He was a regular contributor and book reviewer for British Army Review.  He is the author of a two-part history of the Vietnam War (Osprey/Bloomsbury) and is currently drafting a history of the Russian invasion of Ukraine.

Footnotes

  1. In the August 2008 five-day Russo-Georgian conflict, Russia did re-route a proportion of Georgian internet traffic, but this act does not compare with the scale or scope of what Russian occupying authorities have been doing in southern Ukraine.
  2. As of mid-September, Russian authorities reported 4.2 million people had entered Russia, the overwhelming majority via the Rostov-on-Don crossing points. Gazeta.ru provides daily and weekly numbers.
  3. The Federal Security Service (FSB), Main Intelligence Directorate (GRU), Interior Ministry officials and troops (Rosgvardia – ‘National Guard’), and United Russia party officials
  4. On 3 September, a Ukrainian precision strike destroyed the ‘Lost World’ recreation complex in Kherson owned by collaborator Volodomyr Saldo, at the time of writing languishing in a Moscow hospital after falling ill in mysterious circumstances.  Saldo was renting out the complex to Russian occupation forces.  It appears internet operations may have been run from the facility as Kherson residents reported Skynet services stopped following the strike. https://www.pravda.com.ua/news/2022/09/3/7365969/
  5. According to the commissioner of Ukraine’s digital infrastructure and services regulator Liliia Malon, around 700 internet providers are based in Ukraine, and 1,500 ISPs. https://www.msn.com/en-gb/money/technology/russia-s-quest-to-seize-control-of-the-internet-in-ukraine/ar-AA115dOl

Related posts

The French intervention in Mali: A lesson in Mission Command

Ollie

The Soft Power Army of the 2020’s: An Alternative Perspective

Christian Tripodi

Srebrenica.  Europe’s Modern Genocide

Steve Maguire