Assessing Russian Network Warfare Through the Lens of the Ukraine Conflict

Abstract

This article evaluates Russia’s integrated model of network-centric warfare, analyzing its execution across four critical domains: Computer Network Operations (CNO), AI-enabled Information Operations (IO), Electronic Warfare (EW), and Space-based capabilities. Rooted in Soviet-era doctrines of reflexive control and strategic deception (maskirovka), modern Russian strategy seeks to disrupt the “CIA triad” (Confidentiality, Integrity, and Availability) of adversary systems to degrade decision-making. The Ukraine conflict reveals a gap between Russian strategic design and execution. Despite initial technical successes, such as the Viasat attack, Moscow underestimated commercial resilience (e.g., SpaceX’s Starlink) and Ukraine’s adaptive defense, which utilized Western support to outpace Russian electronic and information warfare cycles. This article concludes that Russia’s doctrinal rigidity and poor tactical integration have been outmatched by Ukraine’s agile, commercially augmented architecture. It recommends that Western defense should prioritize machine-speed counter-disinformation, “hunt-forward” cyber operations, and formal protections for commercial space assets.

Introduction

Russia’s approach to warfare has never been strictly kinetic; it has extended beyond the battlefield through multiple forms of shaping tactics and subversive operations. Rooted in Soviet-era traditions like reflexive control and maskirovka, a long-standing doctrine of strategic deception, the Russian leadership at all levels and across domains has always treated conflict as something to be fought simultaneously in the cognitive, electromagnetic, and informational domains. In recent history, this mindset has fused with digital technology, producing a network-centric model of warfare that integrates computer network operations (CNO), artificial intelligence (AI), electronic warfare (EW), and space-based capabilities into a single operational posture.

The ongoing war in Ukraine has become the most expansive real-world test of this model since earlier campaigns such as the 2007 DDoS attacks on Estonia or the 2015–2016 BlackEnergy malware intrusions targeting Ukraine’s power grid. Russia started the Ukraine invasion in February 2022 with characteristic boldness while deploying the AcidRain wiper against Viasat’s KA-SAT network, an operation that disrupted communications across parts of Europe. This early stage of the war and Russia’s audacity have not consistently translated into the decisive strategic outcomes Moscow desired. Ukrainian adaptability, combined with Western technical support on one side and Russia’s own doctrinal rigidity on the other, has repeatedly blunted the impact of subsequent operations that could affect Europe’s technical infrastructure. As Michael Connell concludes in CNA’s assessment of Russia’s space operations, the scale of the Ukraine campaign has stressed Russian military capabilities beyond their design limits, revealing gaps between doctrine and execution that even almost two decades of modernization could not fully close.

Taken together, Russia’s modern network warfare capabilities span four interconnected domains: cyber operations, AI-enabled information campaigns, electronic warfare, and space-based assets. My assessment is that each of these domains has implications for the Confidentiality, Integrity, and Availability (CIA Triad) of either Ukraine’s systems or the West’s defensive measures, shaping how Russia seeks to influence, disrupt, or degrade their decision-making and operational effectiveness.

The following part of this research assesses Russian network warfare across four domains and draws analytical conclusions relevant to Ukraine and the West’s defensive strategies.

Computer Network Operations

Russian cyber operations are carried out by a sprawling mix of state‑directed groups whose missions overlap just enough to create friction, as well as to extend Moscow’s political objectives. As Ryan Maness and Brandon Valeriano analyze Fancy Bear Caged operations, Russian cyber strategy is inseparable from broader coercive diplomacy goals, and all its capabilities are deployed not merely to collect intelligence but to signal resolve, shape adversary perceptions, and extend the Kremlin’s political reach without triggering a kinetic response from the West. These missions don’t always align and cannot reach their desired outcomes. The Glavnoye Razvedyvatel’noye Upravleniye (Russian Military Intelligence Agency )’s appetite for disruptive, high‑visibility operations can directly undermine its objectives for deniable, stealthy intelligence collection, resulting in a cyber ecosystem with deep technical and occasional strategic incoherence.

Assessing the documented Russian operations through the lens of the Cyber Kill Chain reveals a familiar pattern: the early phases that included reconnaissance, weaponization, and delivery seemed to be highly polished, while the later phases, maintaining command-and-control, coordination, reducing overlapping technical shortcomings, and executing large‑scale effects, often fell short and were inconsistent. The above-mentioned AcidRain wiper is a clear example of how strong Russia can be at the front end of an operation, but it also reveals its shortcomings in the long run. In its preparation phases, it was well-custom-engineered to target Viasat satellite modems, deployed within hours of the invasion, with careful mapping of the target environment and a level of operational discipline that Russia has repeatedly demonstrated in the opening moves of a campaign. However, the strategic payoff didn’t match the sophistication of the setup. SpaceX quickly stepped in with Starlink terminals, restoring Ukrainian connectivity far faster than Russian planners appeared to anticipate. That rapid commercial backfills, essentially a resilience play by the private sector, largely funded by Western support, neutralized much of Russia’s intended impact. It also exposed a recurring blind spot in Russian planning: an underestimation of how agile non-state actors can be in crisis conditions, such as SpaceX with Starlink, and how quickly they can offset even well‑executed early‑phase cyber operations. McCrory makes a similar observation about EW and cyber integration during the initial VKS (Vozdushno-Kosmicheskiye Sily; Russia’s Aerospace Forces) air campaign in Ukraine; the pre-planning was evident, but Russia failed to adapt when Ukrainian forces reconstituted faster than expected.

The patience and technical finesse behind the objectives set for these cyber operations stand in sharp contrast to Russia’s broader cyber performance during the war in Ukraine. That gap points to a plausible explanation, while its effectiveness drops noticeably when they’re forced to contend with real-time defenders, rapid countermeasures, and Western technical support. Ukraine’s most effective counter-campaign has been highly successful, consistently targeting Russian operational tempo and domestic information confidence rather than attempting to match Russian offensive capabilities directly.

 AI-Enabled Information Operations

Russia’s approach to information operations is built on ideas that predate the digital age. The core logic on shaping how an opponent thinks and reacts by controlling the flow and framing of information has been carried forward from the Soviet period into today’s sophisticated digital environment. While old-age information operations relied on carefully crafted narratives and covert influence campaigns, they have now been reshaped by the mechanisms and tools of social platforms and even large language models run by artificial intelligence. Technological advancement, large language models have not changed Russia’s strategic goals and show the remarkable continuity of its purpose. What has changed is the production economics. Research by Marigliano, Xian Ng, and Carley provides empirical grounding for this argument, while Russia, since the initial days of its invasion of Ukraine, deployed multiple sophisticated tools and mechanisms across social networks and other platforms to advance its narratives. These researchers examined Twitter activity across three stages of the 2022 war and found a layered influence system. State media outlets set the core storylines, automated bot networks blasted those narratives outward, and a mix of human and automated accounts then reshaped the messaging to land with specific audiences.

OpenAI’s October 2025 disruption report pushes this story into the AI era, showing how Russian-linked groups have begun to fold advanced language models into their influence toolkit. These clusters were found using GPT‑4‑level systems to fabricate quotes attributed to real officials, publish opinion pieces in multiple languages, and build social media personas complete with believable posting histories and engagement patterns. This also confirms a hypothesis raised by Claudia Wallner with Simon Copeland and Antonio Giustozzi in their RUSI disinformation analysis: that generative AI has crossed the threshold from experimental to operationally routine for Russian IO actors. The takeaway I emphasize is that creating and running a disinformation outfit is becoming almost costless. Since AI can generate endless content on demand, the old defenses that rely on people, moderators, fact‑checkers, and manual takedowns simply can’t keep pace since volume is and will continue to be too high, and the speed will evolve, being faster.

Russia’s most effective influence efforts through Information Operations haven’t relied on inventing new social tensions but on spotting the ones that already exist. Their operators have shown a successful approach for identifying real cultural and political rifts, issues tied to race, immigration, or trust in elections, and then using automated networks to magnify those divides. Russia launched propaganda and IO campaigns to disrupt internal affairs in different countries. As part of their IO and cognitive warfare, Russia puts the human element first, identifies where fractures exist, and then uses bots to push and stretch those cracks until they begin to shape internal dynamics in other countries. In the Ukrainian context, its counter-IO approach implicitly recognizes that its most impactful responses have been human-led, real-time narrative interventions, most famously Zelensky’s February 24 Kyiv broadcast, that collapsed Russian framing before it could be amplified.

Electronic Warfare

Russia’s push into electronic warfare over the last two decades wasn’t accidental; it was a calculated move shaped by what its military had been watching for years while seeing how heavily the West, especially the United States, focused on developing precision-guided weapons. Russian strategists and defense industry engineers concluded that the best way to blunt this advantage wasn’t to match it, but to interfere with the signals those systems depend on. This push into electronic warfare became the backbone of Russia’s entire modernization effort after the Georgia conflict, a guiding idea that shaped what the military chose to build and field. That focus produced systems like the Krasukha-4, designed to blind radar; the Borisoglebsk-2, which targets tactical communications; and the Murmansk-BN, a sprawling high-frequency jammer capable of reaching across continents. Together, they reflect a force structure built around the belief that controlling the electromagnetic environment is just as important as controlling physical terrain. This approach was designed precisely throughout Russia’s preparations for the Ukraine scenario, while aiming to degrade Ukraine’s ongoing development in NATO-standard communications, navigation, and precision munitions. However, this success did not last long, as Russia’s EW interceptions declined due to Ukraine’s adaptation. In reality, in the early stages of the invasion, Russian EW achieved genuine tactical effect, rendering commercial Unmanned Aircraft Systems (UAS) inoperable within 3–5 km of Russian positions, temporarily degrading the accuracy of reconnaissance platforms, jamming satellite-based fire-control radars, and degrading the accuracy of UAVs and missiles. But those advantages didn’t last. Within a few weeks, software updates brought accuracy back to where it needed to be, and Ukrainian units shifted their FPV drones to guidance methods that didn’t rely on GPS at all.

This cycle, initial success followed by quick and effective countermeasures taken by Ukraine and its partners, highlights a deeper issue that Jack Watling and Noah Sylvia point out in their RUSI disinformation work. They argue that Russian electronic warfare was built for a very specific kind of fight, the one where forces stay put, emit predictably, and operate on stable, well‑mapped frequencies. That environment simply didn’t exist along the shifting front lines of 2022–2023, nor in the chaotic, close‑quarters battles inside contested cities. In those conditions, the systems Russia invested in were often mismatched to the reality on the ground, and the Ukrainian Armed Forces were very successful in adapting their methods to counter Russia’s EW. McCrory makes the same observation from the NATO air power perspective, emphasizing that Russia’s EW superiority in suppressing known emitter locations breaks down against adversaries who refuse to emit predictably. Ukraine’s success in countering these interceptions is not merely its innovation story; it reflects a fundamental tension in any EW-heavy force design between optimizing for a known threat environment and maintaining adaptability to an evolving one. Thus, the lesson learned from the Ukraine case remains that EW capability must be evaluated not only on its nominal suppression success but also on its adaptation cycle time: how quickly can it be reconfigured when adversary emission patterns change? And it shows that Russia’s response in Ukraine has not been adaptable enough compared to theirs.   

Space-Enabled Capabilities

Russian military doctrine, as Connell notes, builds in the idea that the opening moments of a conflict should include a concentrated push to disrupt the enemy’s ability to see, communicate, and coordinate. The AcidRain attack on Viasat and the pre-invasion GPS spoofing campaign over Ukraine were direct expressions of this doctrine. What Russia’s doctrine didn’t foresee was Ukraine’s ability to quickly fill its satellite gap. At the start of the war, Ukraine had no space infrastructure of its own, yet it managed to close that vulnerability through rapid support from Western commercial providers, such as SpaceX. In practice, that meant the “information strike” Russia counted on to blind Ukraine never fully materialized, because private‑sector space services stepped in and kept Ukraine connected. Indeed, Russia’s own use of space-based intelligence in Ukraine shows what years of limited funding and poor system integration can lead to. Even when Russian satellites captured useful imagery, the military often couldn’t get that information to frontline units quickly enough to benefit from it. The data existed, but the pathways to move it from analysts to soldiers were slow, fragmented, or simply not built for the pace of modern combat. The RAND analysis of space lessons from Ukraine reinforces this assessment, noting that Russia’s space forces were a work in progress when hostilities began, and that the scale of Ukraine operations exceeded their design capacity and could not cope with the dynamics, and failed to provide important battleground information. This creates an analytical paradox: Russia possesses credible counterspace capabilities, reversible cyberattacks on ground terminals, and wide-area GPS-jamming platforms, but its ability to leverage its own space assets for battlefield advantage has consistently been outmatched by Ukraine’s commercially augmented architecture.

Conclusion: Assessments of Strategic Implications

Assessing across the four domains analyzed above, a coherent picture of Russian network warfare emerges, one that is more strategically sophisticated in design than in execution. The argument is that Russia has built an integrated multi-domain network warfare architecture grounded in a coherent doctrinal logic: shape the information environment before hostilities and degrade the adversary’s Command, Control, Communications, Computers, Intelligence, Surveillance, and Reconnaissance (C4ISR). Meanwhile, exploiting cognitive and political vulnerabilities in parallel with kinetic operations, and using reversible non-kinetic tools to achieve coercive effects below the threshold of conventional military response. This architecture is not improvised but reflects decades of institutional development. The problem Russia has encountered in Ukraine is not a failure of strategic design but a failure of execution under conditions its planners did not adequately model: a prepared, adaptive adversary with real-time Western intelligence support, commercial space resilience, and the institutional will to iterate faster than Russian countermeasures.

The capabilities assessed as the ones that will shape its battlefield success, most persistently showed not only that they were showpiece systems but also revealed the devastating integration failures on the Russian side. Russia’s inability to sustain Command and Control under Ukraine pressure, the inability to adapt EW configurations to changing emission patterns, and the inability to translate space-based collection into frontline tactical decisions in time have shown that it matters a lot. McCrory sees the same strategic conclusion, mentioning that the competitive advantage in network warfare belongs to the side that can close the sensor-to-shooter cycle and adapt its electronic environment faster than the adversary can respond.

Russia’s approach to network warfare capabilities and Ukraine’s ability to rapidly adapt and respond to these threats raise a few lessons for the West. First, cyber defense works best when it’s active and forward‑leaning, and as seen while U.S. Cyber teams helped partners hunt for intrusions inside their own networks, proving far more effective than simply trying to harden systems from the outside. Second, the RAND recommendation to establish robust commercial space contract arrangements and clear protection frameworks for commercial assets in conflict zones should be treated seriously. Third, toward a disinformation defense architecture that must operate at machine speed, there should be investments in exploiting the ability to use platform-level data access for detection and integrating into strategic communications before adversary amplification reaches saturation.

To conclude, the war in Ukraine has made it clear that Russia’s rigidity can be turned against it only by an opponent that can adapt just as quickly as the fight evolves. Ukraine’s edge of success hasn’t come from having better platforms or systems in technical categories.  What has made the difference is Ukraine’s ability to fuse Western intelligence and technical help with a military culture willing to test, adjust, and reinvent its methods at high speed. That combination of external support plus rapid internal adaptation has allowed Ukraine to outmaneuver Russia in the broader contest over networks, sensors, and information warfare.