Ukraine War

• Russia still seems to be concentrating its efforts on eastern Ukraine. Mariupol’s mayor says the city’s humanitarian corridors have fallen under Russian control: “The Russian Federation has been playing with us since day one.” He also said almost 5,000 people have been killed in Mariupol during the war, and around 90% of the city’s buildings have been damaged—with another 40% destroyed.
• Meanwhile, Russia’s Deputy Defense Minister, Alexander Fomin, confirmed plans to “dramatically” reduce its military operations in other parts of the country like Kyiv and Chernihiv. Fomin said Russia’s intent was to “increase mutual trust” so as to “create the necessary conditions for future negotiations” with Ukraine. (One could argue that a better way to build trust is by not invading your neighbor in the first place.)
• Naturally, Ukraine and the West are skeptical of Russia’s intentions, and Western countries are leaving sanctions in place.
• The Ukrainian military’s internet service provider was hit by a massive cyberattack on Monday. Service has since been restored, but it was the most significant cyberattack on Ukraine since the war began a month ago.
• Russia really hasn’t been making as much cyber mischief during the war as analysts had expected. An insightful Economist article pasted below ponders why not: did Russia try cyberattacks that failed? Is Russia keeping Ukraine’s cyber infrastructure intact because it’s leveraging it too? Is it just easier / more effective at this stage to launch physical attacks than cyberattacks?
• In the same “not as bad as it could’ve been” vein, a Kremlin spokesman downplayed Pres. Putin’s earlier allusions to the possible use of nuclear weapons, saying Russia would only use nukes if the “existence of the state” was threatened.

End Game

• Talks between Russia and Ukraine in Istanbul failed to secure a ceasefire, as expected, but they seem to have opened the door to a possible first meeting between Presidents Zelensky and Putin. Pres. Erdogan, who mediated the talks, said Russia and Ukraine have already agreed on four of the six points of contention they discussed.
• The Economist says Russia is reportedly willing to let Ukraine join the EU as part of a compromise with Ukraine, although it would probably demand major concessions in return—like recognition of its annexation of Crimea and independence for the Donbass.
• Ukraine, meanwhile, is reportedly seeking guarantees from the world’s “leading armies” that they’ll intervene on Ukraine’s behalf if it’s invaded again. It’s hard to imagine NATO countries making such a contentious commitment right now.

DRC

• Eight UN peacekeepers were killed in a helicopter crash over Tshanzu in North Kivu, eastern DRC. The army says M23 rebels—who control that area—shot it down, but M23 preposterously said the Congolese military was responsible for the crash.
• M23 has been terrorizing villages in that area recently, which is why peacekeepers were flying a reconnaissance mission there in the first place: they were trying to track the ~13,000 people who fled M23 violence into Uganda this week.

Nigeria

• Gunmen attacked a train near Abuja, Nigeria, killing an unconfirmed number of the 1,000 aboard. No terrorist group has claimed the attack, and witnesses blamed “bandits”—a loose term for thieves, kidnappers, and murderers (but generally not jihadists).

Afghanistan

• China will host representatives from the U.S., Russia, and Pakistan in Tunxi for talks on Afghanistan this week. U.S. special representative for Afghanistan Tom West will attend, as will Russian Foreign Minister Sergei Lavrov. The U.S. hopes to rally the other members of the “Extended Troika” to pressure the Taliban to reverse its decision against reopening girls schools.

U.S.

• Pres. Biden proposed a $5.8 trillion budget that boosts military spending by 10% vs. last year to $773 billion. It also adds funding for police departments.
• The FDA authorized a second COVID booster dose of either Pfizer or Moderna for people aged 50 and up or with certain immunodeficiencies. However, as the NYT points out: “the scientific evidence for fourth dose is incomplete, at best, and researchers do not agree on whether the shots are needed.”

Other News

• A Palestinian gunman killed five people in the ultra-Orthodox city of Bnei Brak. It was the fifth attack in Israel in under two weeks. The Palestinian Authority condemned it, but Hamas praised it (though stopped short of claiming it) as a response to meetings the U.S. and Israel held with four Arab countries this week.

The digital war that wasn’t, yet

Cyber-attacks on Ukraine are conspicuous by their absence. There are several theories as to why. (Economist)

It is the dog that has yet to bark. Russia’s invasion of Ukraine has been fought with all sorts of high-tech weapons, from cruise missiles and helicopters to armed drones and a public-relations battle on social media. Conspicuous by its absence, though, has been something that many observers thought would be one of the defining features of a 21st-century conflict between high-tech opponents. “Cyber-attacks” aimed at Ukrainian computer systems seem to have played hardly any role.

That is a puzzle. Computer systems run more and more of modern society, and are riddled with bugs and inadvertent weaknesses. These can be exploited by attackers with grave consequences in the material world. In 2015 Russian hackers managed to knock out power for around 230,000 customers in western Ukraine. The attackers repeated the trick the following year. In 2017 another Russian attack featuring a piece of malware dubbed “NotPetya” disrupted Ukrainian airports, railways and banks.

The run-up to the invasion saw the websites of Ukraine’s government and banks knocked temporarily offline, and the discovery of malware designed to delete files on Ukrainian computer systems. Some attacks were mounted in the other direction. A group of Belarusian hackers opposed to the war claimed that it had disrupted the computer networks of Belarus’s railways. After the invasion began Anonymous, a diffuse fraternity of hackers, said it had broken into Russia’s defence ministry and stolen files. Hackers egged on by Ukraine used “distributed denial of service” attacks to knock Russian websites offline, including those of media companies and banks.

But all that is small beer compared with what many had been anticipating. “You might have expected significant Russian hacking of core Ukrainian internet infrastructure,” says Ciaran Martin, a former boss of Britain’s National Cyber-Security Centre, which is charged with defending against big cyber-attacks. “But that hasn’t happened. Communications seem to be working mostly fine.”

Theories abound. One, says Mr Martin, is that Russia may have left Ukrainian infrastructure intact because Russia, too, is making use of it. There has been evidence of logistical difficulties within Russia’s army, including armoured vehicles seemingly abandoned for lack of fuel. “It might be that Russian units are partly relying on Ukrainian networks themselves,” says Mr Martin, noting that some soldiers in modern conflicts occasionally use their own smartphones to communicate, despite the risks that can pose.

Another is that large-scale, damaging attacks were attempted but failed. Ukraine’s armed forces, after all, have offered much stronger resistance than expected. Perhaps its digital defences were likewise stronger than presumed. The cyber-attacks on the power grid in particular were a “wake-up call”, says a Western official. America and its allies have been providing technical assistance for years.

And once a war has started cyber-attacks may become less enticing. Missiles and bombs can take out power stations, railways and other infrastructure more quickly and more lastingly than computer code can. Big cyber-attacks need careful preparation that can often take months. That is not a problem when it comes to espionage or low-level harassment. Once battle is joined, however, that is far too slow.

Less than a week into the war, though, few experts are willing to stick their necks out and say definitively that no big cyber-attacks will happen. Unlike infantry battalions, field hospitals and tank columns, cyber-attacks cannot be seen by spy satellites. The best make use of vulnerabilities defenders are unaware of—which means the first sign that a computer system has been breached is when it stops working. Absence of evidence, in the digital realm, never quite adds up to evidence of absence.

That dynamic is making people jumpy, even far from the battlefield. On February 28th Toyota, a big car-maker, suspended production in its Japanese factories after a cyber-attack on one of its suppliers. The attack came shortly after Japan announced that it would join other countries in imposing economic sanctions on Russia, leading to speculation that the attack was retaliation for that decision. It may have been, though it was feeble retaliation if so. It is just as plausible, however, that it was merely a run-of-the-mill criminal attack. One of the problems with cyber-attacks is that it is often hard to be sure.