.⁦@olliecarroll⁩ & I write on lessons from the cyber conflict in Ukraine. Tho’ it’s been intense, many say Russia has underperformed. That’s partly due to Ukraine’s superb defence. Others argue that offensive cyber power has also been misunderstood. economist.com/science-and-te…

The early view was that cyber had played a minimal role in the war. Officials pushed back strongly against that. In September NCSC head said Ukraine was "most sustained and intensive cyber campaign on record". Two NATO officials published below in April.
foreignaffairs.com/articles/ukrai…

Many argued that Russia's cyber campaign looked misleadingly feeble because Ukraine's defence was so strong. In August the head of GCHQ called it "arguably seen the most effective defensive cyber activity in history." economist.com/by-invitation/…

In June, Microsoft wrote about "a new form of collective defense. This war pits Russia, a major cyber-power, not just against an alliance of countries. The cyber defense of Ukraine relies critically on a coalition of countries, companies, and NGOs." blogs.microsoft.com/on-the-issues/…

This Carnegie piece summarised the intensity of international co-operation around Ukrainian cyber defence. "diverse partners are rallying to shared values and upending previous assumptions that the cyber attacker will always get through."

Clearly, extensive (and in some cases secret) foreign assistance was a crucial part of this defensive effort. For instance @US_CYBERCOM had a sizeable in Ukraine from December, identifying Russian operations on Ukrainian networks. UK & others also involved

Many have drawn broader implications from this. In September Lindy Cameron, CEO of UK's defensive cyber-security agency @NCSC, argued the key lesson was not that cyber is defence "dominant", but "in cyber security, the defender has significant agency"

.@gavinbwilde pointed out Russia has far less experience of integrating cyber into military ops than the US. @ILDannyMoore described "significant operational failings in almost every single [known] attack that they have ever carried out in cyberspace" economist.com/science-and-te…

On top of all that, there's the view that cyber power has been misunderstood. Some argue we under-estimate how hard & costly big destructive attacks are (@LenMaschmeyer: direct.mit.edu/isec/article/4…) or degree to which cyber is an intelligence contest (tnsr.org/roundtable/pol…)

.@ciaranmartinoxf points out Stuxnet may have distorted expectations. "In truth, argues Mr Martin, Stuxnet was the “Moon landing” of offensive cyber, an exquisite one-off that required superpower resources to execute rather than...a staple of cyberwars" economist.com/science-and-te…

As Thomas Rid wrote in March: "Cyberwar has been playing a trick on us for decades..It keeps arriving for the first time, again & again, & simultaneously slipping away into the future." Cyber is: "digitally upgraded intel. operations at the edge of war" nytimes.com/2022/03/18/opi…

Final thought: the war is ongoing, the cyber campaigns on both sides are evolving and there is a great deal we don't know or can't see. The lessons are contested & preliminary. I hope the piece gives a flavour of the debate & the views on different sides. economist.com/science-and-te…

I also wrote a short survey of some of the ideas in the piece for @TheEconomist's weekly science newsletter. Sign up here: economist.com/newsletters/si…

We write in the piece: "judging a cyber-campaign by the volume of malware is like rating infantry by the number of bullets fired". @DanWBlack of NATO offers a contrary view: Russian campaign as a "cumulative strategy" to create "critical mass of pressure"

Another excellent survey of Ukr cyber ops, by @JonKBateman. "Russian cyber “fires” (disruptive or destructive attacks) may have contributed modestly to Moscow’s initial invasion, but since then they have inflicted negligible damage on Ukrainian targets" carnegieendowment.org/2022/12/16/rus…

"Intelligence collection—not fires—has likely been the main focus of Russia’s wartime cyber operations in Ukraine, yet this too has yielded little military benefit." carnegieendowment.org/2022/12/16/rus…

"To meaningfully influence a war of this scale, cyber ops. must be conducted at a tempo that Russia apparently could sustain for only weeks at most. Moscow worsened its capacity problem by choosing to maintain...global cyber activity v non-Ukr targets" carnegieendowment.org/2022/12/16/rus…

"Militaries that plan for major war should ask whether they can realistically meet the high bar of producing and sustaining cyber fires at meaningful levels. Meeting this bar may require huge standing cyber forces" carnegieendowment.org/2022/12/16/rus…

"The rapid regeneration of cyber capabilities is another key hurdle. Given limited wartime cyber capacity, militaries may need to experiment with wave tactics: short bursts of intense cyber fires followed by periods of stand-down and regeneration." carnegieendowment.org/2022/12/16/rus…

"China’s cyber forces are probably larger than Russia’s, but they have carried out far fewer cyber fires. Would they execute an even bigger and more effective cyber salvo at the outset of a Taiwan invasion, or bungle the opener due to inexperience?" carnegieendowment.org/2022/12/16/rus…