Between Two Nerds: The evolution of Russia's cyber operations in Ukraine - Risky Bulletin

Summary4 min read

Risky Bulletin Podcast Summary
Episode: Between Two Nerds: The Evolution of Russia's Cyber Operations in Ukraine
Host: risky.biz
Release Date: December 16, 2024

1. Introduction

In this episode of Between Two Nerds, Tom Uran engages in a deep-dive discussion with Gruk, a recent Master's graduate from King's College London, about his thesis on the evolution of Russia's cyber operations in Ukraine amidst the ongoing conflict. The conversation explores the dynamics of cyber warfare, the strategic shifts in Russian tactics, and the broader implications for future conflicts.

2. Overview of Gruk’s Thesis

Gruk introduces his thesis, which examines the real-time cyber warfare unleashed by Russia during the war in Ukraine. He emphasizes that unlike earlier cyber attacks, which were limited and less sophisticated, the conflict in Ukraine represents one of the most advanced and prolonged instances of state-sponsored cyber operations against another technologically adept nation.

Gruk [00:55]: “All of the previous examples have been pre-iPhone, so it doesn't really count. It was mostly DDoS and defacement, so it wasn't.”

3. Initial Russian Cyber Operations in Ukraine

The discussion begins with the onset of Russia's invasion, highlighting the immediate and significant cyber attacks aimed at disrupting Ukraine's military communications and internet service providers (ISPs). Gruk points out that these operations were not just preliminary but were part of a larger, strategic plan.

Tom Uran [04:34]: "On the very day of the invasion, the Russians disrupted a Ukrainian military satellite communication network... they also disrupted one of the major Ukrainian ISPs."

4. Phases of Cyber Warfare

Gruk outlines the initial phase of the cyber war, marked by massive attacks that swiftly followed the physical invasion. However, he notes a subsequent unexpected lull in cyber operations, which he attributes to the failure of Russia's invasion plan and the resultant confusion within their cyber units.

Gruk [03:22]: “We saw the cyber war we expected on day one, but then it stopped. No one ever talks about that one-week pause where cyber operations just stopped.”

5. Shift from Effects to Espionage

As the invasion progressed, Russia pivoted its cyber strategy from broad, disruptive effects operations to more targeted espionage and intelligence-gathering efforts. Gruk explains that this shift was driven by the realization that direct cyber attacks had limited strategic value compared to espionage, which provided actionable intelligence.

Gruk [13:42]: “They pivoted into actually doing useful espionage for the military, and that became the dominant thing.”

6. Analysis of Russian Cyber Strategy

The conversation delves into the structural and operational aspects of Russia's cyber forces, particularly the GRU (Main Intelligence Directorate). Gruk contrasts the hierarchical, regimented approach of the Russian cyber units with the more decentralized and adaptive strategies employed by Ukraine, suggesting that these differing methodologies influence the effectiveness of cyber operations.

Gruk [19:04]: “The Russians have a long history with a hierarchical system... whereas the Ukrainians have been building up and have done it differently.”

7. Lessons Learned

Gruk articulates several key takeaways from Russia's cyber campaign in Ukraine. He emphasizes that cyber "effects" operations—those designed to cause immediate disruption—must be strategically exploited to be meaningful. Without a complementary strategy, such operations may appear chaotic and yield limited long-term benefits.

Gruk [23:02]: “A cyber effects operation is useful if it can be exploited. If you knock the lights out so that you can take advantage of the darkness to do something.”

8. Future Directions and Gruk’s PhD

Looking ahead, Gruk shares his aspirations to pursue a PhD at King's College, focusing on the broader trends in cyber conflict and comparing Russian and Ukrainian approaches. He aims to uncover fundamental principles of cyber warfare by analyzing how different organizational structures tackle similar challenges.

Gruk [26:46]: “My ultimate hope is that this will allow some insight into the principles of cyber conflict... that there's something fundamental about cyber conflict that these two different approaches both encounter and solve in their own ways.”

9. Conclusion

Tom Uran wraps up the episode by acknowledging Gruk's insightful analysis and wishing him success in his academic pursuits. The discussion provides listeners with a comprehensive understanding of the complexities and evolving nature of cyber warfare in the context of the Russia-Ukraine conflict.

Tom Uran [29:06]: “Longtime listeners of Between Two Nerds will recognize that they've been getting those pearls of wisdom over the last couple of years. And good luck with the PhD.”

Key Takeaways:

Russia's cyber operations in Ukraine have evolved from initial broad attacks to more targeted espionage.
The effectiveness of cyber "effects" operations depends on their strategic exploitation.
Organizational structure significantly impacts the success and adaptability of cyber warfare strategies.
Ongoing research is essential to uncover fundamental principles governing cyber conflicts.

This episode offers a nuanced exploration of modern cyber warfare, highlighting the intricate interplay between technology, strategy, and organizational dynamics in contemporary conflicts.

Loading summary

Transcript84 lines

[00:04]
A
Hello, everyone, this is Tom Uran and I'm here with the Gruk for another between two nerds discussion. G'day, Gruk. How are you?
[00:10]
B
G'day, Tom. Fine, and yourself?
[00:12]
A
I'm well. This week's episode is sponsored by proofpoint. Proofpoint is known for its email security products, but it's branched out and it has a whole range of other enterprise products like data loss prevention and cloud security. So check them out@proofpoint.com. so we thought we'd spin back around and visit your thesis. So a couple of weeks ago, I congratulated you for completing a Master's degree at King's College London. And as part of that, King's College London War Department. And as part of that, you did both coursework and a thesis. So tell us about your thesis.
[00:56]
B
So, like, basically, the war in Ukraine started. It started during the first year that I was doing my Masters and obviously it took up quite a lot of time and attention and it gave direct access to a real cyber war for the first time ever, a proper one. So all of the previous examples have been, well, like, basically everything beforehand was pre iPhone, so it doesn't really count. And then it was very short, you know, like a week or two, and it was mostly DDoS and defacement, so it wasn't.
[01:36]
A
Right. So you're thinking of things like Russian actions in Georgia and.
[01:41]
B
Right, the attacks in Estonia around the same time.
[01:45]
A
Yeah, stuff like Glowing Symphony. Did you include that or is that.
[01:49]
B
I only included real cyber war attacks, not harassment campaigns. But it wouldn't count because what I was particularly interested in was technologically advanced states against each other. Because a cyber war against a terrorist organization is not particularly interesting because they don't have a lot of cyber infrastructure that runs their entire society. So this was. You've got near peers, they're in a prolonged war and they're technologically advanced and they have developed mature cyber operations groups, less so for Ukraine, but they're not.
[02:38]
A
Starting from zero and both have some capability. And so we've talked quite a lot over the last couple of years. No doubt the research you've done has fed into between two nodes already.
[02:53]
B
So technically, if you listen to this, you have a master's degree.
[02:58]
A
That's right, you have a master's degree. And listening to someone who's getting a master's degree and has got it now.
[03:05]
B
Yeah. This counts for two credits in your mind. Coursework.
[03:14]
A
So what did you find in a nutshell? And then we'll dive into the things that you found surprising or particularly interesting.
[03:22]
B
Sure. The big thing was we all saw the cyber war that we expected on day one. We had all these massive attacks. We had the viasat, we had things that looked like they were supposed to look and everyone was very happy. And then it took a little while.
[03:40]
A
For people to realize, though.
[03:41]
B
Right. And like, it stopped. Right. Like they, like. I went through a lot of papers on this stuff. No one ever talks about that one week pause where cyber operations just stopped.
[03:55]
A
Right, yeah. So just to recap briefly for people who haven't followed, on the very day of the invasion, the Russians disrupted a Ukrainian military satellite communication network, which was one of the ways that the Ukrainian military were going to communicate. Subsequently, it turns out they also at the same time disrupted or attempted to disrupt, I think it was a ISP, one of the major Ukrainian ISPs. And so both of those things you can imagine. If we can disrupt Ukrainian military command and control, that's a big win. Was there anything else? Is there anything I've missed?
[04:34]
B
No. I mean, there was a bunch of attacks on military targets, like they tried to DDoS.
[04:41]
A
There was wipers as well, weren't there?
[04:43]
B
Yeah, there was a lot of wipers. They did do a lot of destructive attacks. So they went heavily after the government and targeted military. But obviously we know very little about what they successfully did against the military.
[04:58]
A
Yeah. So I think the Wipers preceded the ground invasion by maybe a week or up to a week or something like that.
[05:05]
B
Yeah. So, like there was the January attacks, as you mentioned. So there's these January attacks which were sort of quite big. And then there's a lull, and then there was the attacks that sort of coincided with the invasion. They slightly preceded it. And that's because the invasion plan that they were following was essentially the Soviets had developed a way of dealing with states that have gone politically wobbly in their sphere of influence. And what happened was that in, I think it was 56, Hungary tried to get rid of their communists and the Soviets sent in tanks and they killed like 400 civilians or something. Basically, it was a complete bloodbath disaster. And they managed to get Hungary back under control, but it went very badly. And so they went and they looked at how to do it properly so that they wouldn't have such a debacle again. And what they did was they basically returned to the way that the Bolsheviks took over Russia, which was that you have small units take over the key points, like the telegram, the telegraph office, the newspapers, and then you arrest the government. And then, because there's no way to communicate and organize resistance. And you've sort of isolated the heads of the military and the government. You can just install your own one. And then because you control all the communication, you can then say, okay, everyone calm down, everything's fine, it's back to normal now. So that's the approach they did. And they did that in Czechoslovakia and it went very smoothly. And then they tried to do it in Afghanistan and they followed the formula very well, but Afghanistan is not a very strong state. So you had a lot of problems. Like it just, it didn't work. But they followed the same formula for Ukraine. Like they tried to do. What they were trying to do was they were trying to isolate the actual civilian command and the military from their military forces. And then they wanted to sort of thunder run in and seize all of the stuff. And then they could immediately go, okay, nothing to see here, it's all over.
[07:18]
A
Yeah, job done.
[07:19]
B
Right, job done, move along. Yeah, the new government is in charge. Everything's the same as it was before, you don't need to worry about it. There's just going to be some minor changes going. That was the plan, but it didn't work. So they were following a successful strategy and they failed to execute it. And that was partially luck. Like Hostamel Hossomel airport was held by chance. Like it was like a reserve unit of Territorial army volunteers with no heavy weapons commanded by like a major or a captain, like someone who is an officer but is not particularly high ranking. And they're the person who made the decision to shell the Runway.
[08:04]
A
Right.
[08:04]
B
Which is what prevented the planes from landing. Because with the runways destroyed, like you can't land. Right. Because they couldn't bring in those extra troops. That was basically the end of it. And that's not something that would happen in a Soviet army. Like a low level commander doesn't decide to destroy an entire airport just because he's been attacked. Yeah, like that sort of initiative is not rewarded generally, but it was obviously the right call. So I think part of the reason things succeeded for the Ukrainians was they had a little bit more of a NATO officer corps, like more of this initiative stuff and less of the Soviets books and tables. So like the whole thing was very, very interesting in that you had these different phases of the cyber war that tracked through the phases of the actual war itself where you had like this planned, coordinated, predefined invasion where you knew it was happening, who was supposed to be where and so on. And then when that failed, everything just kind of stopped because they didn't know what to do next. Right. They didn't have a plan B because plan A was going to work. So everyone just kind of stopped for a while. So there's a lot of debate about what actually happened. People will say, like, oh, they expended all of their arsenal and they had to recapture a lot of boxes. So for that period of time, you saw this weird activity because they were just restocking. Like, it wasn't directed. It was just restocking for future. Then there's people saying, like, it was part of a deliberate chaotic campaign to sow confusion. Like, so in my opinion, the cyber units were left to their own devices. Right. So the generals were busy trying not to lose a land war in Asia. They had things to do and they didn't have time to talk to the nerds about the nerd stuff with the computers. There were men dying. They had things to do. So there's not a lot you can do with a computer when you're at that kinetic level of war. So what I believe happened was that they did busy work. They very much had to show willing. We're part of this too. You haven't given us a role. We haven't been tasked with anything specific, but we're out there doing our part. And so an easy thing to do for that is to just gain access to boxes to do initial access, breaking into things, which they did a lot of. And it was very chaotic.
[10:40]
A
How long did this go for?
[10:41]
B
So this was the summer of 22, so it was up until around October, which was when the first sort of winter campaign started. And to me, this chaos and undirected action, a lot of which never amounted to anything afterwards. It looks a lot like line go up. You can very much say, like, hey, last month we had 200 new boxes, and this month we've acquired 300. So it's a 50% month on month increase in assets that we've acquired.
[11:16]
A
Yeah. So from my point of view, that looks good, even if you're not achieving anything sort of strategically for the war effort.
[11:24]
B
Right. And I think that there wasn't a lot of attention being paid to them. So as long as they were just showing that they were doing something, it was probably good enough. And then when winter came around and there was this switch to this counter value campaign. So counter value, it's the nice way of saying bombing civilians.
[11:44]
A
Right.
[11:44]
B
Basically, you can either attack the military to degrade them, or you can attack the civilians to make them want to stop fighting Demoralize.
[11:52]
A
Yep.
[11:53]
B
Yeah, it doesn't work, but that's one of the options. So when the Russians switched to doing that for the winter, that's when we saw a lot of these attacks against the power plants, like the ones that were actually successful.
[12:06]
A
You mean kinetic attacks against power plants?
[12:09]
B
No, no, they did cyber attacks. There was actually a cyber attack that was successful twice. They had like eight hours of outage or something.
[12:18]
A
Okay, right. Yeah.
[12:19]
B
Over two days, it was.
[12:20]
A
So I would describe that as tactically successful.
[12:24]
B
It was so unimpressive compared to, like, one shahed. It was obviously far more expensive and far less effective.
[12:32]
A
Right.
[12:34]
B
I think the Russians realized this, which was why the cyber forces committed were so lightweight. So the analysis that was done at the time was like, they're making it lightweight and easy to execute with a smaller team so that they can do it faster in more places. Whereas to me, it looks like they don't want to commit to something that they know is a waste of time. So they're putting on the smallest team they could get away with to have an effect and show that we're part of the effort without actually putting too many resources into it that they could use on something they felt was more effective.
[13:09]
A
Right.
[13:10]
B
That's my take on it, which I have nothing to back it up with, but it feels true to me. So until the Russians tell us otherwise, who knows? I guess.
[13:19]
A
Yep, yep, yep.
[13:20]
B
That sort of took them through the first year. Right. This sort of chaotic. We don't know what we're doing. Then there was the let's go after civilians, because that's the thing we can do. And then they started doing this pivot into actually doing useful espionage for the military, and that became the dominant thing. For the next couple of years, it's probably going to be the dominant thing overall.
[13:43]
A
Right. So that's still going on today, still?
[13:45]
B
Yes, it's currently what they're doing. So there's very few effects operations because there's not a lot that you can do with effects that's actually strategically meaningful. Whereas there's a lot you can do with espionage that is strategically meaningful. And it's going to use pretty much the same resources. If you have access to a Ukrainian military network, you could take it down, or you could learn what the Ukrainians are doing with all of their forces. And if you ask the high command, which would you rather we do? Cause them to be confused for, like, one day or know exactly what they're doing for the rest of the war?
[14:22]
A
So what sort of useful espionage are they doing?
[14:26]
B
So one of the problems that the Russians have is their spy satellites are very old and not very good, and there's not a lot of them. So things that they are doing was they would hack into the CCTV and IP cameras. So they did it at coffee shops, on the railway lines, so they could track Western military aid coming into the country by using the cameras. They would also hack the ones in civilian areas so that they could monitor regions where they were pointed to. So if I was looking at a factory, then they could use that to observe a factory. And then they could do battle damage assessments, which is if you shoot a missile at something, you want to know if you've hit it, and if you hit it, did you destroy it or damage it? And so that's sort of what they were doing. So that you'd look at something beforehand and see, okay, like it's still standing. Then you'd shoot a bunch of missiles and drones at it. You'd look at it afterwards, through again, just the IP camera, and you'd see if it was still there and you could figure out, okay, we need to hit it again or not. So sort of very basic stuff like that, but also slightly more clever, was they were going after, like the municipal officers for the regions that they're going after, because that's where the emergency services reports were aggregated to. So if you shoot a bunch of missiles at a factory, the fire department is going to make a report. You know, a whole bunch of missiles fell right next to the factory, burned an apartment building. Like all of this stuff happened. And it will give you actual data about what happened, because the reports that go internally need to be accurate so that the state can track what's being damaged and everything. And so if you have access to that information, you have battle damage assessments based not on visual cues, but on actual people responding to the emergencies saying what happened. So they were collecting that?
[16:29]
A
Yeah, yeah. And so is that what they've settled on? Is that the kind of apex of cyber in a war?
[16:38]
B
I don't know if it's the apex, but I think what's like, what I find interesting is that they do not have a capability. They're spy satellite. For all intents and purposes, it's useless, it cannot do what they need it to do. And cyber has stepped up and replaced that functionality with something better but different. I think that's very interesting. I don't know what that's going to do, because it probably. Does it mean that you don't need spy satellites anymore? You can just Use IP cameras? Well, like, obviously not. The things I always find interesting about cyber is when it can do something that is not a replication of a kinetic or a physical thing, but it's something that you couldn't do except with cyber. Right. And so all of these are just replications of existing real capabilities. Right. Like, so if you had spies in the municipal offices, you could get copies of the reports from that, or you could get functioning spy satellites. These would be alternate options. They did some other stuff that was quite interesting. So there were a lot of mobile phone apps that allowed you to do gambling. And when they were investigated, it turned out that all of them were owned by Russia and were hosted in Moscow. And so that's an interesting thing because that's a lot of insight that you can collect just by saying, hey, we need access to your location. Hey, we need access to your camera to verify you. Right. And then you can abuse that, or you can have someone get into debt, and then Uncle Sasha can show up and be like, hey, you want to know a good way to make quick money? We can help you with that problem. So there was that, but then there was also the. Like, the map application that people were using for driving was Yandex Maps, Right?
[18:22]
A
Yep.
[18:23]
B
Right. So they weren't supposed to, but it was better than the alternatives. So convention follows convenience, right?
[18:33]
A
Yep, yep. And so, again, you could use that for battle damage assessment or.
[18:37]
B
Right. And also finding out where things are. So.
[18:41]
A
Yep.
[18:41]
B
Like, because, for example, like, the drone factories are inside people's apartments and in underground parking lots. They don't have factories sitting out in the open with big signs in them saying, you know, war munitions made here. So a lot of that just espionage replacement or, like, espionage substitution.
[19:03]
A
Yep, yep, yep.
[19:05]
B
What's interesting is in 2024, so, like, 2023 was basically figuring out how to do military espionage using cyber and integrating that more tightly into the actual military. So, like, the GRU is military intelligence, but for a very, very long time now, it's basically just been an intelligence arm that happens to report to the military in a lot of ways. And what's happened during the war is they've become much more tightly integrated. They're actually the intelligence arm of the military.
[19:34]
A
Right? Yep, Right, yep. So they're providing tactical and direct military support, I guess.
[19:39]
B
Right. And there's more cooperation and integration. Like, there's more generals can do tasking of things that they need, whereas before it was a lot more like, the politicians would do tasking of things that they need. And the military you know, they were involved, but it wasn't. Wasn't the primary customer. I mean, I speculate, again, we don't really know, but from the observations of what's happening, that seems to be the case. So February 22nd until June of 23, sort of that period was when I covered and you had these, like, these five phases that the war, the cyber war went through, and it really stabilized by that final phase. Like they'd figured out what they were doing and how they were going to contribute and they had a plan and they executed on that very well. Then in 2024, they have done what I'm calling the pivot to military. Right. So rather than changing the tasking of their. Of the existing units, they've stood up a new unit or new units that are now specifically going after military targets. So they're going after mobile phones, they're going after military servicemen and things like that. They're very, very specifically a military unit that's looking for military information exclusively from the military. And so I think there's still a learning process going on. We haven't reached the final form of cyber war.
[21:08]
A
Yeah, I guess that's what I was asking you before.
[21:10]
B
Yeah, so we haven't reached that final form and there's still learning new things that they can do and learning what's effective and what isn't. For example, In December of 23, they wiped out KevStar, which is the largest mobile phone network of Ukraine. It's 50% or something. There's three of them, and 50% of all the users were Kevstar, and they got wiped completely. So they were compromised, I believe, in March of 23, and then in December, they got wiped. And I can't help thinking that when they wiped KevStar, they must have lost so much useful information for one week's worth of annoyance.
[21:58]
A
Yeah, yeah. I couldn't understand that at the time.
[22:03]
B
My guess is what happened is that the political. The political need to do something counter value outweighed the operational value of maintaining access. That's what I believe to happen, is that when they were doing an equities evaluation, they were looking at like, well, we could have Putin angry at us and we can keep getting this information, or we could have Putin happy with us and we'll figure something out for the information later on.
[22:30]
A
Yeah. And so I guess in that case, the reason you think that is because there was no surrounding conventional campaign that could take advantage. Because if Keefstar had happened on the first day of the invasion, you would go, yeah.
[22:47]
B
Tick.
[22:47]
A
That makes sense. Right. So it's the surrounding context that makes it seem like maybe pointless is too strong, but misguided or at least appears to us to be misguided operation at this point.
[23:02]
B
Right. So I think one of the clear takeaways and like we knew this beforehand, but a cyber effects operation is useful if it can be exploited.
[23:12]
A
Right.
[23:12]
B
So if you knock the lights out, it's so that you can take advantage of the darkness to do something. If you do it just because you want people to be in the dark.
[23:22]
A
For a few hours using candles to read instead of.
[23:26]
B
Yeah, it's, you know, you want someone's like 8 year old daughter to be scared for a little bit because she's in the dark and her nightlight doesn't work. You know, you can do that, that's fine. That's probably not what a state should be spending its resources on. I think that lesson hasn't necessarily been adopted properly by the entire community that's been observing this stuff. They still think of cyber effects as these independent things that can be done for their own ends. And I think the Russians learned very rapidly that that doesn't work. They did a lot of wiping, they did a lot of attacks against random targets. And when people look at that phase of the war, we just call it chaos. Like it was chaotic and random and we don't know what they were doing. They didn't know what they were doing. That's my belief. And so they just picked this busy work that made it look good. They seem to have figured out that effects operations are not great. Like they're not a substitute for a kinetic operation. They might be during peace time you can do something that you can't do kinetically, but during wartime it's just you can always do espionage instead. And that's probably going to be a better use of that. Time effects need to be coupled with something that exploits that effect to really have an impact. And as we saw with Keefstar, it was coupled with absolutely nothing. There was no attempt to exploit that.
[24:54]
A
So do you think that the lesson from the war, which is that espionage works all the time effects work sometimes is a universal lesson or is that a lesson that's specific to Russia versus Ukraine?
[25:09]
B
I think it's a mostly true lesson. One way to put it would be like effect is a sometimes food and espionage isn't always food. If you want to have a bit of espionage, go ahead, it's fine. Whereas if you want to have a bit of effect, you have to wait until Dirt Day. Then you can have your effects. That's what it seems to be. Rationally, what actually happens in real organizations who have people with their own biases and their own perspectives. I don't know that that's how they operate.
[25:50]
A
Well, what's interesting to me is that in the US system you have a whole organization who is more focused on effects than espionage, which is cyber command. And then you have nsa, which is all about espionage, not at all about effects. And so then it seems to me that if you end up in a war, you've got this constant tension between those two organizations trying to.
[26:14]
B
Right. It might be misbalanced to have such a large effects group. When effects are of limited usefulness, you can use them only when you're exploiting them.
[26:26]
A
I mean, luckily for them, they've got the same head right now. So there is someone who can weigh up those trade offs. So that's the last two years. History of the war as you see it right now. What's next in terms of what you're doing?
[26:46]
B
Right. So I'm, I've applied to the PhD program at King's College war studies department. Yeah. So I've applied to the PhD program. Hopefully I get accepted. So my PhD proposal is I want to do basically more of the same. Right. So I've looked at sort of the Russian side of the war for the first, for my thesis was the first 18 months. I have been continuing to monitor it up till now for my PhD. The proposal is to continue to monitor it, to look at the broader long term trends, but also to look at what the Ukrainians are doing.
[27:29]
A
Right. So you've looked just one sided so far.
[27:33]
B
Right. And then my ultimate hope is that this will allow some insight into the principles of cyber conflict. And the reason I'm hoping to find that is that the Russians have a long history with a hierarchical system that's well organized, that's quite well understood, and they've directed that towards doing war. And that's one approach. The Ukrainians have done something else. They didn't have that existing infrastructure of cyber command or a GRU and stuff like that. They didn't have big cyber departments. So they've been building that up and they've done it differently than the Russians have. So they had the cyber IT army, which was one thing. So one of the things you could look at is how do you integrate civilian volunteers into your cyber force? Like what do you do with people who just show up and want to take part in your war? That's a tough question. So What I'm hoping to find is that the Russians, with their hierarchical approach, have encountered certain problems that they've solved in a certain way, and that the Ukrainians, with their more decentralized approach, have encountered the same problems, but they've solved it a different way, which would then suggest that the problem is innate to the space, not a result of the system. Right. That there's something fundamental about cyber conflict that these two different approaches both encounter and solve in their own ways. And that should say something about cyber conflict.
[29:06]
A
Right. Well, Grapp, thanks a lot for taking us through your thesis. Longtime listeners of Between Two Nerds will recognize that they've been getting those pearls of wisdom over the last couple of years. And good luck with the PhD.
[29:21]
B
Thank you very much, Tom.