(CNN)US officials warned that a wave of debilitating cyberattacks could accompany Russia's war on Ukraine. So far they haven't materialized, and US and Ukrainian officials are contemplating why as they prepare for the next phase of the war.
Russia's cyber offensive against Ukraine has been limited so far. Experts are divided on why
There have been several hacks of Ukrainian organizations, but no reports yet of the sort of high-impact cyberattacks on transportation or electric infrastructure that some feared.
The possible explanations for this, analysts say, range from disorganization in Russian military planning to hardened Ukrainian defenses, to the fact that bombs and bullets take precedence over hacking in wartime.
The reason Russia has so far not flexed in cyberspace during the war may be unattainable — or require being inside the minds of Russian spy chiefs. But how US, European and Ukrainian officials perceive the situation shapes how they allocate resources to defend Ukrainian computer networks as the war continues.
"What we have seen to date from Russia's state cyber actors appears to reflect the same challenges seen in their conventional forces," said a US cyber defense official, who spoke on the condition of anonymity because they were not authorized to speak to the press. "It is likely that inadequate preparation and bad assumptions have resulted in a haphazard performance that underplays their known capabilities."
Cyberattacks have played a supporting, not a central, role in the war and hacking incidents preceded and accompanied Russia's bombardment of Ukraine:
• February 15: Cyberattacks temporarily knocked the websites of Ukrainian agencies and big banks offline. The White House blamed Russia for the incident (the Kremlin denied involvement).
• February 23: Hours before Russian airstrikes began hitting Ukraine, a cyberattack deleted data at multiple Ukrainian government agencies and private companies.
• February 25: Ukrainian government officials accused hackers working for the Belarusian Ministry of Defense of trying to break into the private email accounts of Ukrainian military personnel.
• March 10: Unidentified hackers caused disruptions at Ukrainian internet service provider Triolan, which has customers in big Ukrainian cities. Triolan blamed "the enemy" (a reference to Russia) for the incident but did not provide evidence to support the allegation.
Gen. Paul Nakasone, the most senior military cyber official in the US government, offered a vague, multi-faceted explanation for the relatively muted Russian cyber activity to lawmakers this week.
Defensive work by Ukrainians, "some of the challenges that the Russians have encountered, and some of the work that others have been able to prevent their actions" explained the situation, said Nakasone, who heads the National Security Agency and US Cyber Command.
Ukrainian computer defenses have indeed improved since 2015 and 2016, when cyberattacks cut power in parts of Ukraine, and 2017, when devastating malicious software known as NotPetya emerged in the country and spread to organizations around the world, costing billions of dollars in damage. (The Justice Department blamed Russia's GRU military intelligence directorate for all three attacks; the Kremlin denied involvement.)
But many analysts say that heightened Ukrainian cyber defenses cannot be the sole reason for the lack of visible Russian cyber operations. And US officials are predisposed to crediting Ukrainian network defenses in which Washington has invested millions of dollars, and countless hours on the ground in recent years, in building them up.
Yegor Aushev, a Ukrainian cybersecurity executive who helped organize an ad hoc group of hackers to target Russian organizations during the war, offered a simpler explanation.
"The first phase of the war was a hybrid war," Aushev said by phone from Ukraine this week.
The Russians, he said, used cyberattacks because there is plausible deniability in doing so. But the second phase of the war has been out in the open.
"They bomb critical infrastructure," Aushev said. "So they don't need to hack it, in hidden mode."
John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant, echoed that point.
"Cyberattacks are often reversible and they are often carried out for their psychological effects," Hultquist, a US Army veteran, told CNN. "And in a situation when the Russ