Home : SSI Media : Recent Publications
Dec. 5, 2022

What Ukraine Taught NATO about Hybrid Warfare

By Dr. Sarah J. Lohmann

The Russian invasion of Ukraine has highlighted the long-term energy dependencies on Moscow that Europe will neither be able to resolve quickly nor without great sacrifice. Russia’s hybrid warfare—a combination of kinetic strikes against key infrastructure, information manipulation, malign finance, economic coercion, and cyber operations—has used Ukraine to target the heart of Europe’s energy security. This war has forced the Continent to consider how to realize its economic, environmental, and geostrategic energy goals on its own. This study found systemic dependencies and cyber vulnerabilities in critical energy infrastructure throughout the European continent could impact the Alliance’s political stability and threaten military effectiveness. Forward mobility and troop readiness are affected directly by energy shortfalls and increasing cyber vulnerabilities across NATO. The main findings related to cyber and malign influence provide a sobering view of the challenges of hybrid warfare on energy security in NATO nations.



Keywords: NATO, Russia, Ukraine, hybrid warfare, Internet of Things, critical energy infrastructure 

Read the monograph: https://press.armywarcollege.edu/monographs/956/

Episode transcript: What Ukraine Taught NATO about Hybrid Warfare

Stephanie Crider (Host)

Welcome to Decisive Point, a US Army War College Press production featuring distinguished authors and contributors who get to the heart of the matter in national security affairs.

The views and opinions expressed on this podcast are those of the podcast guests and are not necessarily those of the Department of the Army, the US Army War College, or any other agency of the US government.

Decisive Point welcomes Dr. Sarah J. Lohmann, editor and author of What Ukraine Taught NATO about Hybrid Warfare, which was published by the US Army War College Press in 2022. Lohmann is an acting assistant professor in the Henry M. Jackson School for International Studies at the University of Washington and a visiting professor at the US Army War College. Her current teaching and research focus on cyber and energy security, counterterrorism, and emerging and disruptive technology. She received her PhD from the Universitat der Bundeswehr, her masters from American University, and her bachelors from Wheaton College.

Hi Sarah, welcome to Decisive Point.

Dr. Sarah J. Lohmann

Thanks for having me.

Host

Let’s talk about What Ukraine Taught NATO about Hybrid Warfare. How did you get involved in the research for this book?

Lohmann

Thanks for asking. That’s a great question. We, that is NPS based in Monterrey, and I, focused on this particular topic around energy security. We’ve both been doing research in our own areas. And then we went to NATO headquarters, and we launched a research map, inviting scholars from across NATO countries to brainstorm with us. This was about three years ago, and we launched it right there from NATO headquarters. NATO did bless the project, and then Army War College brought me on to work on this specific research.

Host

What were your main takeaways on what’s defined hybrid warfare during the Ukraine War, specifically as it pertains to energy security and critical infrastructure?

Lohmann

So, there are three main landmarks. It’s targeting the emerging tech environment. It’s using cyberattacks and kinetic attacks as two sides of the same sword. And it’s leveraging information operations and malign influence to create greater impact.

So let me talk a little bit more about what that looks like in the energy security environment. What does it look like with emerging tech? Basically, this creates a lot of new vulnerabilities to the energy critical infrastructure environment during hybrid war because malicious cyber actors, whether nation states or cyber criminals, are taking advantage of the vulnerabilities created by the Internet of Things environment. When I say that I mean things like smart grids, renewable energy sources, and the IT and operational technology environment. They can be compromised remotely and that sometimes switches off the lights and the heat for an entire city or region. This landscape has been tested and attacked in the early months of the war in both the Ukraine as well as NATO member states.

We’ve seen Russian-backed hacker groups who’ve targeted everything from satellites to wind turbines and technology for distribution of coal and thermal power plants. We saw in the years and months in the lead-up to the war that the Russian FSB have actually previously carried out malicious cyber intrusions into grids in places like the US and Germany. This is publicly known information, but this was just preparation for what’s happening now. Secondly, if we look at how it is targeting energy security through cyber means in tandem with kinetic attacks, we often see the timing happening pretty simultaneously—so within a 24-to-48-hour time range. Thirdly, as we look at information operations, there’s a lot of malign influence going on, and there’s a partnership with China. China has helped to soften the impact of sanctions. They’ve also helped Russia to track technology. So, for example, in Ukraine, the Ukrainians are using drones that have parts made by China. China has given Russia the means to track those drones on the battlefield. In addition, China has laid the foundation by controlling critical infrastructure and the supply chain in many NATO countries. This, in turn, is impacting food security and the supply chain across NATO as well as transportation and logistics. And, ultimately, it affects our national security.

Host

What solutions are there for cyber secure energy independence on military installations?

Lohmann

We looked at three different solutions. One we analyzed was small modular reactors. The second we looked at was micro gridding, and the third was cyber early warning.

Small modular reactors have the ability to provide resilient, independent energy delivery to installations in the event that connections to an electrical grid are compromised. The great thing about SMRS are that they’re power plants based on these that require refueling only every three to seven years in comparison to between one and two years for conventional nuclear plants. There are some SMR’s out there that are designed to even operate for up to 30 years without refueling. But, of course, there are a lot of challenges, as well, in terms of security. You’re not going to want these anywhere close to the battlefield for obvious reasons because you’re dealing really with nuclear energy, so the transport can also be a challenge, and licensing. NATO is not super excited about this option right now just because of all the regulation and licensing that goes along with it, how long it’s going to take, and some of those security issues.

On the other hand, this could be ready for deployment on US bases by 2026. So, because of the large amount of energy it could provide, it really could be a great independent energy solution that’s not vulnerable to cyberattack. The second thing we looked at was microgrids. Now I looked at a lot of different bases in terms of how successful microgrids are in islanding, so that they are cyber secure, but also in terms of providing that energy resilience needed during blackouts. It really depends on each base and their needs in terms of how successful these microgrids have been. Right now, the aim is to use renewables to power them, but what we found is the technology isn’t there yet. Basically, they remain fully resilient on fuel, but that can be a problem in forward positions near the battlefield because of the footprint that leads, and also, is often difficult to access fuel when you’re in a battlefield era. Secondly, only with the right kind of storage and batteries can this kind of micro gridding and islanding be successful. What we found is that in some of the islanding tests, the storage of the batteries actually caught on fire because the technology is not there yet. But it’s predicted to be there technologically within several years. SMR will likely get there faster, but both of these things are a political game, as well, in terms of what will be supported by NATO, what will be supported by the different countries. And then finally we looked at cyber early warning. Now what’s out there right now in terms of cyber early warning is basically anomaly detection. They’re looking to the past at what kind of attacks have already occurred. But in terms of the future and the environment in which you have Internet of Things and emerging technology, much of that is not taken into account when it’s looking at energy critical infrastructure.

So, a colleague and I brainstormed about how we could make this better. One thing that we’re looking at is virtualization of energy critical infrastructure, for example, of a natural gas pipeline, and then combining that with machine learning to protect that critical infrastructure. The great thing is here you can also combine it with the machine learning so that it’s constantly learning from the new attacks. And it can use a sophisticated network of behavioral analysis models that can at the same time conduct network monitoring to ensure security .That then can be used to build a next-generation early warning system. So, we do believe this technology can soon be developed and soon be finished. We’re not quite there yet, but those tools will soon be available.

Host

Why is this book so important for NATO and our commands in Europe?

Lohmann

We really do believe that the information we found and the general policy recommendations that we analyze are crucial for those commands because it provides actionable information. There’s not a lot of awareness out there about how the Internet of Things and the general emerging technology environment impact their military installations. Right now, it is making them more vulnerable because the cybersecurity does not yet exist for a lot of the energy critical infrastructure, so our hope is that this will make them aware of the vulnerabilities as well as make them aware of the innovation that’s being created and could be used very soon on military installations to help repel these kinds of cyberattacks.

Host

Thank you so much for your time. This was a. Real pleasure

Lohmann

I appreciate it, and thank you so much for your great questions.

Host

If you’d like to learn more about What Ukraine Taught NATO about Hybrid Warfare, visit press.armywarcollege.edu/monographs.


Author Information:
Sarah J. Lohmann is a visiting research professor of security studies at the US Army War College, an assistant professor of international studies at the University of Washington, and a nonresident fellow with the American Institute for Contemporary German Studies at Johns Hopkins University. She is a co-lead of the NATO Science and Technology project “Energy Security in an Era of Hybrid Warfare.” She holds a bachelor’s degree in communications and German from Wheaton College, a master’s of international service from American University, and a doctorate in political science from the Universität der Bundeswehr.