This session provided insights into the practical application of digital tools in modern conflict, using Ukraine as a case study, followed by a perspective on military thinking and cyber capabilities, particularly from a Swiss viewpoint.
The Ukrainian Way of Digital Warfighting (Stefan Soesanto)
This presentation examined Ukraine’s digital approach to the conflict with Russia, focusing on the applications used, the significant role of volunteers, associated cyber operations, and the resulting questions regarding compatibility with the Laws of Armed Conflict (LOAC/IHL).
DELTA: The Core Situational Awareness Platform
At the heart of Ukraine’s digital war effort is DELTA, a cloud-based situational awareness platform providing a unified operational picture. Hosted primarily on servers within Ukraine, its deployment outside the country was authorized in February 2023 for security reasons. DELTA originated from the volunteer group Aerorozvidka in 2015, later transitioning into a military unit. Since 2020, it has been managed by the Ministry of Defense’s Center for Innovation and Development of Defense Technologies, was officially adopted by the Armed Forces in February 2023, and mandated for all units and operations by August 2024.
DELTA’s purpose is to integrate disparate digital tools (like Discord, Google Meet, MS Teams – none built for military ops) and diverse data sources into a cohesive system. Accessible anywhere via Starlink, it provides secure communications, near-real-time battlefield updates, and allows access for partners, including NATO members. It effectively organizes Ukraine’s “war space.”
The platform integrates information from numerous sources:
- Crowdsourced Intelligence: Gathered via Telegram bots (e.g.,
e-Enemy/eVorog) and mobile apps (e.g.,STOP Russian War,Bachu), where civilians report sightings of Russian assets, ordnance, or collaborators using text, photos, and videos. - Intelligence Cells: Civilian-military units feeding information into the system.
- Situational Centers: Hubs (initially run by Aerorozvidka) integrating drone feeds, camera data, informant reports, OSINT, and partner intelligence, while also providing training.
- Military Assets: Linked directly to systems like Patriot air defense, Polish TOPAZ fire control, Link 16, and potentially F-16s.
- Partners: Governments and companies supplying satellite imagery (e.g., Palantir, ICEYE).
- Direct Feeds: Information from frontline units and Military HQs via Starlink or landlines.
DELTA reportedly processes vast amounts of data, claiming to capture over 600,000 enemy targets and plan over 106,000 UAV missions monthly (as of Nov 2023), with users generating over 35,000 reports monthly. It’s credited with contributing to the destruction of over $15 billion worth of enemy equipment (Aug 2024). An AI system, GRISELDA, is mentioned as supporting intelligence analysis within this ecosystem.
Security Challenges & Countermeasures
Securing DELTA is a constant challenge. Mandatory Yubikeys are used for Authentication. Robust Access Control involves rapid deletion or blocking of compromised users/devices, sometimes necessitating asset recovery operations to prevent capture by Russian forensic teams. The Insider Threat is managed through polygraph tests, surveillance, and social media monitoring. The system undergoes Constant Monitoring for suspicious activity, vulnerabilities, and intrusions, though a breach by JokerDPR occurred in August 2022.
Ukraine’s digital infrastructure faces external vulnerabilities. Its reliance on Starlink makes it susceptible to Russian electronic warfare (e.g., the Kalinka system) and potential service disruptions controlled by providers like Elon Musk. The use of non-military Comms Apps like Telegram raises security concerns, leading Ukraine to ban its use on state devices. Dependence on commercial Satellite Imagery is also a risk, as services can be suspended (e.g., U.S. suspending Maxar). Furthermore, Malware campaigns distribute fake apps mimicking Ukrainian military systems (like GRISELDA and DELTA) via messengers to steal credentials and exfiltrate location data.
Crowdsourcing Examples & IHL Concerns
The extensive use of crowdsourcing tools raises significant IHL questions. The e-Enemy (eVorog) Telegram bot, integrated with the Diia e-government app for identity verification, allows civilians to directly report Russian military activities. This potentially constitutes Direct Participation in Hostilities (DPH) by civilians. Similarly, the Bachu web application facilitates reporting Russian troop movements, even offline, and is linked to individuals previously involved in criminal hacking now recruited by the military.
The associated website 200rf.com, displaying images of dead or captured Russian soldiers for identification purposes, raises concerns regarding the protection of prisoners of war against public curiosity, as mandated by the Third Geneva Convention (GCIII).
Key Themes & Implications
Ukraine’s digital warfighting showcases several key themes:
- An initial phase of Fragmented Digitalization using disparate civilian tools.
- Centralization via DELTA, creating a sophisticated C4ISR system heavily reliant on Western technology.
- A significant Blurring of Lines between civilian and military spheres, with extensive civilian participation and use of civilian technology in military operations, challenging the IHL principle of distinction.
- Deep Partner Integration, incorporating data and systems from allied governments and private companies.
- An ongoing Cybersecurity Race between Ukrainian defenses and Russian countermeasures (EW, cyber ops).
Cyber 9/12 Challenge Involving the Military (Br Gen Rolf Imoberdorf)
This presentation offered a military perspective on cyber threats, capabilities, and strategic thinking relevant to the Cyber 9/12 challenge, primarily using the Swiss Armed Forces as a contextual example.
Military Thinking & Situational Awareness
From a military standpoint, comprehensive situational awareness across a wide Threat Landscape (extremism, terrorism, critical infrastructure attacks, espionage, cyber threats, etc.) is essential. This involves acknowledging the dynamic where Threats vs. Defense Capabilities evolve, sometimes leaving defenses lagging.
Geopolitically, the term “Cyber War” is rejected in favor of “Cyber in War,” emphasizing that cyber operations augment existing threats rather than replacing them, often manifesting as “Silent Warfare” with significant societal and economic disruption potential. Key concerns include the challenges of Attribution/Retribution, the exclusivity/inclusivity of cyber capabilities, rapid Innovation Cycles, and the impact of AI.
Military Cyber Capabilities (Swiss Context)
A robust military posture requires capabilities across several domains:
- Force Protection: Defending military assets against cyber and electromagnetic threats.
- Situational Awareness: Achieving a common operational picture through digitalization and data science.
- Robust/Secure Data Processing: Operating secure ICT infrastructure maintaining Confidentiality, Integrity, and Availability (CIA).
- Joint C2 Enablement: Providing timely information to command and partners.
- Electromagnetic Domain Action: Interfering with enemy communications.
- Cyber Domain Action: Preventing enemy information superiority and impairing enemy systems.
Rules of Engagement (RoE)
Military actions, including cyber operations, are governed by different rules depending on the context:
- Peacetime: Focuses on networking, force protection, detecting/preventing attacks, intelligence gathering (within legal limits), and subsidiary support.
- Tensions: Involves military cyber defense, increased force protection (potentially disconnecting systems), identifying attack paths, and potentially intelligence gathering in foreign networks (requiring high-level authorization, e.g., Federal Council resolution in Switzerland).
- Armed Conflict: Allows for combined cyber/electromagnetic actions against enemy systems and physical destruction/impairment of enemy ICT infrastructure.
Resilience Paradigm: Assume Breach
Modern military cybersecurity thinking shifts towards a resilience-focused approach, encapsulated by the “Resilience Over Risk” paradigm. This involves accepting that Everyone is a target and operating under the assumption of Assume breach. The focus shifts from solely prevention to ensuring operational continuity, which necessitates identifying and protecting Key Assets rigorously (“at any price”).
Knowledge and Decision-Making Advantage
Military decision-making often utilizes frameworks like the OODA Loop (Observe, Orient, Decide, Act), emphasizing the need to cycle through this process faster than the adversary to gain an advantage. Clear Structure and processes are seen as vital (“Structure will safe the day”), alongside Timeliness, echoing Patton’s sentiment: “A good solution applied with vigor now is better than a perfect solution applied ten minutes later.”
Strategy 101
Fundamental strategic principles remain relevant, drawing from classic thinkers:
- Clausewitz: “War is nothing but a continuation of politics with the admixture of other means.”
- Sun Tzu: “To win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.”