Many aspects of Russia’s war against Ukraine have surprised analysts in the West, from the fact that the Russian offensive ran aground to the lack of a cyberwar to the fact that the invasion happened at all. But Molly McKew isn’t one of those people — she’s been arguing for years that Russia was at war with the West and that the primary battlefield was the information space and cyberspace.
Since those warnings now seem prescient, I went back to her this week to ask what has surprised her about this conflict. One of those things is good news — that the West, led by the United States, has learned some important new tricks to counter the Russians, from dismantling their cyber networks to undermining disinformation with real information.
“I think the reason we haven’t seen as much happening in the cyber domain as was anticipated is that a lot of work has been done to be sure that that was not going to happen,” she told me.
McKew writes on Russian influence and information warfare for the website greatpower.us. She is a former adviser to the Georgian government and to former Moldovan prime minister Vladimir Filat, and in 2016-17 she was the strategic director of a British government-funded project to strengthen independent Russian language news and media in the Baltic states. She just returned from a reporting trip to Lithuania and Estonia and has traveled extensively in Ukraine to research security cooperation and patterns of Russian hybrid activity.
McKew argues that the U.S. and the rest of the West now need to apply the lessons they’ve learned about winning in the cyberspace to the other fronts of the confrontation with Russia. If tactics that have succeeded in cyberwar and information war are adopted more broadly, she says, the tide of the war can turn.
“There is a time when wars actually need to be fought and won, and the Ukrainians believe that this is a war that needs to be fought and they’re hoping it’s a war they can win,” McKew said. “And if they have to pay the price for that, they will. And I think they’re really hoping the rest of us show up in time for it to matter.”
This transcript has been edited for length and clarity.
Konstantin Kakaes: There have been Russian cyberattacks in Ukraine, but not at the scope and scale that I think a lot of people had anticipated. Why do you think that is?
Molly McKew: It’s pretty clear that there’s some sort of Frankenstein group of agencies — [U.S. Cyber Command], Estonian, Lithuanian, probably Dutch and Danish, U.K. contributions — figuring out what the likely Russian attacks were going to look like. I think the reason we haven’t seen as much happening in the cyber domain as was anticipated is that a lot of work has been done to be sure that that was not going to happen.
From the U.S. side, a key motivation was the fact that you can’t really keep cyberattacks to a geographical area. So from the U.S. perspective and for NATO, the goal of not allowing some sort of attack on Ukraine to become something that would trigger Article 5 was really important to everybody.
It seems like that has been extremely successful. I don’t know the details — but I think that story is going to be a great story for someone to tell someday.
Kakaes: It seems like Paul Nakasone [the head of the National Security Agency and U.S. Cyber Command] alluded to this when he testified to Congress about American “hunt forward” teams in Kiev.
McKew: This speaks to and validates the work that Nakasone has done. It seems to confirm the concept he was arguing for, that there is an offensive part of defense that’s really important. The fact that the cyberspace has been empty of the attacks that were expected to me is a really big validation of what he has been trying to convince people that we should be doing.
What we now hear from the White House — there’s a belief that as Russia becomes more desperate in its situation in Ukraine, cyber could be a key domain where you might see activity where [Vladimir] Putin thinks he can get away with something and not really pay too much of a direct price.
Kakaes: Have Russian cyber capabilities been exaggerated?
McKew: I think it is fair to say that that the cyber contingents working with and for Russian intelligence are quite capable and deserve the reputation that they have. But for a long time, they have essentially been uncontested in an open space. This is a piece of what Nakasone has been trying to push: Just don’t leave the space open. There are so many things you can do to not leave that space open.
As a result, there’s been less opportunity for the sort of gleeful troublemaking that a lot of the “patriotic Russian hackers” have been allowed to do for years. A lot of that space is closed. There are people watching them. They’re not able to sort of masquerade as “patriotic hackers” anymore. Everybody understands who they are and what their alignments are.
This is a new mindset from our side, and we need to see it across every domain: Just don’t leave space open for the Russian mischief.
Kakaes: Can you specify a bit what you mean when you say, “Don’t leave space open”?
McKew: From the U.S. side you’ve efforts to go after the botnets that were propagating malware across systems, to shut down servers that were pushing attacks forward. You’ve seen efforts to slow that, to take apart the ability to act. The assumption now is that if it is a Russian thing, it is a Russian thing and we’re going to treat it as a state action that we need to counter, particularly in a time of war.
Kakaes: Do you give credence to the idea that Putin has held cyberattacks back as a deterrent to greater American involvement in Ukraine?
McKew: It definitely could be. But I think I don’t think cyber is something Putin actually understands in great detail or spends a lot of time thinking about. I think for him the most important deterrent is what we hear him say, which is: nukes, nukes, nukes, nukes, nukes, nukes.
I don’t think he himself is spending a lot of time thinking about the cyber domain, right? Not to say others within the defensive structures are not, but I don’t think that’s the thing he’s keeping in reserve.
Kakaes: How do you weigh the threat of nuclear escalation?
McKew: Putin is not a blaze of glory guy. He does not want to start global annihilation that will probably take out him too. He would, I think, consider using a small nuclear weapon or some other weapon of mass destruction in Ukraine if he thinks he can do it without specific retaliation — that if something happened in Ukraine, nobody’s going to nuke Moscow.
He repeats this as nuclear blackmail to keep us in our box of thinking of only limited war, of a war that cannot really touch Russia. But I just don’t think there is the threat of global nuclear annihilation looming.
Kakaes: From the 2016 election onward there has been a sense that Russia was somehow asymmetrically winning the information war. The war in Ukraine has arguably shifted this.
McKew: The way in which the U.S. and other Western allies have declassified and pushed information to blow holes through various pretext arguments the Russians were trying to build is very significant.
Those of us who work on this stuff have been trying to highlight frustration with the decisions that the Obama administration was making in the lead-up to the 2016 election. The best thing you could do about the Russian election interference is just tell people that it’s happening, because it takes away so much of the power of disinformation. By keeping it secret, it actually made the impact a lot worse.
Normally, what would be happening in the lead-up to a conflict like this is Putin would be saying this crazy stuff about Ukrainian Nazis and secret biolabs, and that would be printed as news stories, right? Like: “Russian foreign minister says, Ukrainian Nazis planning to kill babies,” or whatever. And in this case, the story instead every day was the White House saying the Russians are going to tell you this, and it’s not true.
And that really did change things. The official information actually does change how chatter in all of the social media networks impacts and amplifies.
Authority matters. Having authority amplified through media can effectively defuse the attempted rumor-based conspiracies on the internet.
The Russians got so used to not finding a contested domain when they were trying to do this work that they didn’t have a lot in reserve when what they had typically been doing stopped working.
Kakaes: What do you think the lessons of the war in Ukraine are for both the social media companies and people setting out to regulate them?
McKew: One thing that has become clear is the highly networked world of conspiracy that now exists. If you’re talking to a person who is a complete anti-vax conspiracist about Covid, then it is very likely they believe Putin is great and the Ukrainians are wrong in the war. All these conspiracy topics overlap.
What we’ve seen in the last two or three years from the social media companies is at least a vague understanding that allowing conspiracy networks to remain entrenched in their platforms amplifies other bad narratives. In specific cases, they’ve started to take action against networks that other people identify as amplifying conspiracy. If you take down a successful amplification echo chamber — the amount of time it takes to rebuild that echo chamber is significant.
There’s a reason that Russians and others on the far right and the far left spend so much effort trying to keep their big verified, established accounts from being taken off of social media platforms. Those matter as hubs of distribution. The more of those you can take off the board, the better.
Identifying pieces of Russian-funded disinformation networks matters. It provides the legal backing that the platforms sometimes need to be able to act — or the shame needed to force them to act, if nothing else.
I think you see the Russians reevaluating this right now, like shutting down RT America, shutting down a bunch of their state media because: What’s the point?
Kakaes: That seems like a way to square the free speech concerns with not wanting social media companies to profit by stoking conspiracy theories.
McKew: I think the other piece of the problem are the secondary networks and experts and quote-unquote journalists that the Russians have relied on for amplification. You don’t really need people retweeting Russia Today if Tucker Carlson is just saying what Putin would want anyway.
There’s a lot of this in the United States, certainly as things have gotten wackier and crazier. So there’s plenty going on, and I feel like the Russians understand that. The past decade or so, from 2011 to 2021, will have been this strange anomaly in history in terms of how online disinformation works with very little observation, right? And very little control. And that will change. But whether that changes enough or fast enough, I don’t know.
Kakaes: But there’s a distinction between legitimate political debate and a foreign intelligence operation, right?
McKew: This is a key distinction. Like there’s a big difference between a view that you don’t like and a network constructed by a hostile foreign adversary to deliberately subvert the thinking of a target nation as a tool of war. There is a really big difference between those things. The people using information as a tool of war should be stopped. It actually does matter that these are state-backed initiatives to target enemy states.
Kakaes: Is there a scenario where Putin realizes that he miscalculated and tries to find some sort of accommodation?
McKew: I think he already knows, and this is why you see the shift to the strategy of terror and carnage to try to convince the Ukrainians to stop fighting. What the Russians are missing is they’re creating the opposite argument for the Ukrainians, which is that there’s no point in stopping the fight because you will still kill us.
There is a time when wars actually need to be fought and won, and the Ukrainians believe that this is a war that needs to be fought and they’re hoping it’s a war they can win. And if they have to pay the price for that, they will. They’re hoping the rest of us show up in time for it to matter.
Kakaes: What should the rest of the world “showing up” look like?
McKew: What I would love to see is the innovation that has been allowed to happen in the cyber domain. There’s been more room for people to be creative about how we’re responding to Russia.
A big part of that has been a change in mindset of how we are approaching these threats. I would just love for all of us to see that success and understand that it could be the same in the more traditional venues where we’re considering how to deal with the Kremlin, even in traditional defense and conventional war.
Why are we so unwilling to apply the new thinking to actual concepts of conflict and actual times of conflict? When what we have done for the last 15 years has not worked in deterring the Kremlin, has not worked in making them pay a price, has not worked in changing their objectives in any way, shape or form?
If we can broaden that change in mindset across our entire strategy of how we deal with Russia, we will be in a much better place.