Small Wars Journal

Cyberwar Case Study: Georgia 2008

Thu, 01/06/2011 - 11:20am

Cyberwar Case Study: Georgia 2008


by David Hollis

Download The Full Article: Cyberwar Case Study: Georgia 2008

The Russian-Georgian War in August of 2008 represented a long history of geostrategic conflict between the two nations and was based on many complex factors: ¬geopolitical, legal, cultural, and economic. The 1992 South Ossetia War and the 1993 Abkhazian War resulted in the loss of the regions from Georgia to internationally unrecognized, pro-Russian local governments. Tensions had been building in the region for several years prior-to the initiation of conflict in August 2008. The war officially started on 7 August 2008 after several weeks of growing arguments over the future of the South Ossetian territory. Georgian troops initiated a military attack against South Ossetia and began a massive shelling of the town of Tskhinvali in response to alleged Russian provocation. Russia deployed additional combat troops to South Ossetia and retaliated with bombing raids into Georgian territory. Russia deployed naval forces to formally blockade Georgia and landed naval infantry (marines) on Abkhaz coast (near Georgia). The decisive ground combat operation of the campaign resulted in mechanized Russian military and Ossetian militia forces defeating the more lightly armed Georgian military forces in the only large-scale major ground combat of the war (battle for the town of Tskhinvali). Georgian tactical military defeat at the battle of Tskhinvali, operational defeat via Russian uncontested invasion of the western part of Georgia, unchallenged naval blockade of Georgia, and Georgian difficulty getting their media message out to the world, led to Georgia's strategic defeat in the war. The conflict forced approximately 25,000 Georgian residents to flee from ground combat as refugees into internal displacement. The two countries signed a ceasefire agreement a week later but tensions remain high to this day. Russia has failed to implement some of the terms of the ceasefire agreement, resulting in further loss of Georgian territory to Russian occupation.

As wars historically go, it wasn't very big, did not involve vast amounts of military forces, nor did it last long. One might argue that it was more of a typical battle or campaign framed in an on-going long term geopolitical cold war between the combatants, a cold war punctuated with occasional outbreaks of small to large scale violence. On the surface, it represents one of many cold wars (with periodic renewals of formal national-level military conflict) fought every day on the "near abroad" of the Russian periphery. A conflict which may not end for a very, very long time. But while much of that is true, a deeper analysis of the cyberspace domain operations conducted by both sides in this conflict indicate that image is illusory and incomplete. The Russian-Georgian war was quite historic and precedent setting for several reasons.

Download The Full Article: Cyberwar Case Study: Georgia 2008

David M. Hollis is a Senior Policy Analyst with the Office of the Undersecretary of Defense for Intelligence (OUSD(I)). He has spent a total of four years on the OSD staff with three as Cyberspace Security Division Chief for the ASD NII/DoD CIO's office prior to working at OUSD(I). He is also a drilling USAR officer with US Cyberspace Command (USCYBERCOM); currently the senior USAR officer responsible for 25 USAR personnel supporting a wide range of USCYBERCOM J-codes and projects, and was previously a Joint Plans Officer with the USCYBERCOM J5. He was with the Army's 1st Information Operations Command from 2000 to 2006 as Red Team Chief, S2/Director of the Army's CyberIntelligence Center, and Senior Operations Planner. He has previously published cyberwarfare articles in the Joint Forces Quarterly and Armed Forces Journal magazines.

About the Author(s)

David M. Hollis is a GG-15 Senior Policy Analyst/Planner with the Office of the Undersecretary of Defense for Intelligence’s (USD(I)) Cyberspace, Warfighter Integration, and Strategic Engagement Division (CWISE).  Prior to this position, he was the Chief of the Cyberspace Security Division for the Office of the Assistant Secretary of Defense for Network & Information Integration /DoD Chief Information Officer (ASD NII/DoD CIO).  Lieutenant Colonel David M. Hollis, (USAR, MI) is also currently serving as the Senior USAR officer & USAR Element OIC for the Joint USCYBERCOM.  He was previously a drilling Joint Plans Officer with the USSTRATCOM Joint Functional Component Command for Network Warfare (JFCC-NW) J5.  Prior to his current USAR assignment, LTC Hollis was assigned/mobilized with the Army 1st Information Operations Command as Senior Operations Planner, S2/Chief of the Army CyberIntelligence Center, and Army Red Team Chief.  Prior to 1st IOC, he was the Senior VP at Cryptek Secure Communications and Director of Federal Operations at Secure Computing Corporation.  His background encompasses almost 30 years of government, military and private sector/commercial cyberspace experience starting in 1982 as a GS-4 communications engineering technician with the Naval Electronic Systems Command.  He was commissioned through ROTC at Old Dominion University in 1985 with an undergraduate degree in engineering and earned an MBA from Strayer University in 1998.   He is a graduate of the Army’s Command and General Staff College and the Joint Forces Staff College’s Advanced Joint Professional Military Education.  He has previously written four articles on cyberspace domain operations for Joint Forces Quarterly, Armed Forces Journal, and Small Wars Journal; and one article for a Civil War magazine/blog on the strategic effect of railroads during the Civil War.


David Hollis (not verified)

Mon, 01/24/2011 - 4:29pm

I forwarded the SWJ article link to some of my associates in the cyberspace community to obtain their responses and stimulate debate. Many of them sent their responses to me (vice posting them here...) so I have aggregated them below (and anonymized them to protect the innnocent...):

1. "Great article. I attended a lecture last evening given by Gen Hayden and he said something to the effect that the only way we can truly secure our networks is start over and build it again the right way.

Until that happens, we can expect (and prepare for) that what occurred in Georgia will be SOP..."

2. "Thanks...will be good reading on the VRE tonight!"

3. "Thanks, I also forwarded it to our list for DHS cubersecurity R&D."

4. "I have been a fan of SWJ for some time, just hard to keep up with my reading. I liked your article and it got me thinking again about some things I have been working on for work.

How do you develop a good understanding of the target networks in virtualized or cloud environments? With traditional networks your recon can give you a good idea of the logical and sometimes physical layout of the target, but how do you do that in an elastic environment?

What are response/reaction times in when attacking a cloud? As you pointed out the cyber attacks acted like a suppressive bombardment, placing 'fires' on key targets and slowing or delaying response until too late. When new systems can be brought on line rapidly, how long is that window of suppression and how can you increase it?

What are the implications of compromising assets outside targeted national boundaries? If distributed or backup systems are running in a data center that is located in a neutral third country, what are the limits and targeting considerations?

Lots of other interesting aspects to doing this kind or work."

5. "Excellent and thought-provoking; worthy of a give and take when I'm back in the office. Thanks!"

6. "dave... where do you have the time to write all this stuff?"

7. "Great, thanks Dave. Please continue to let me know as you produce these... Im executive director for the ... Association and this material is directly in our mission statement. Im hoping to set up an essay contest later this year. Also, Im teaching a cyber conflict policy course at ... .. this semester and theres painfully few good sources.

David Hollis (not verified)

Mon, 01/24/2011 - 4:13pm

In response to Cannoneer No. 4 - thanks for the comment but I did not call for the development of a US patriotic hacker militia so I am not sure how the USG would motivate, 'sell,' synchronize, internal patriot hacker community. However, I suspect that it would be in the best interest of the nation for the USG to develop good relationships with the civilian cyberspace community. And there may be a future scenario where nations that do utilize an internal patriot hacker community might attack the US cyberspace community in the belief that we do the same thing they do.

Cannoneer No. 4

Fri, 01/07/2011 - 9:06pm


One of the first targets of enemy Civilian Irregular Information Operators will be <i>friendly</i> Civilian Irregular Information Operators.


How would the United States employ <i>our</i> peoples patriotic 'hacker militia?

What arm of the octopus could engage them, motivate and 'sell them on the concept, steer them toward appropriate targets; synchronize those cyberspace operations with combat activity in the physical realm; and discuss the most effective cyberspace tactics, techniques and procedures (TTPs) to be used?