Editor’s note: This MWI Report analyzes the cyber dimension of the 2008 Russia-Georgia War. Read the full report here. Research was conducted in conjunction with an MWI Contemporary Battlefield Assessment that made a broader analysis of that conflict and identified lessons on the Russian way of war.


Cyberattacks had become an established tool of statecraft by the time they were used against the Republic of Georgia in the summer of 2008, albeit one without a legal framework and whose long-term implications remained poorly understood. Nevertheless, the war between Russia and Georgia that took place in August of that year was remarkable for its inclusion of a series of large-scale, overt cyberspace attacks that were relatively well synchronized with conventional military operations. Conducted by an army of patriotic citizen hackers, the cyber campaign consisted of distributed denial of service (DDoS) attacks and website defacements that were similar in nature but different in method to what had occurred in Estonia the year prior. In total, fifty-four news, government, and financial websites were defaced or denied, with the average denial of service lasting two hours and fifteen minutes and the longest lasting six hours. Thirty-five percent of Georgia’s Internet networks suffered decreased functionality during the attacks, with the highest levels of online activity coinciding with the Russian invasion of South Ossetia on August 8, 9, and 10. Even the National Bank of Georgia had to suspend all electronic services from August 8–19. While there is strong political and circumstantial evidence that the attacks were encouraged by the Russian state, definitive technical attribution—and thus definitive legal culpability—have remained elusive.

The cyberattacks had little effect on conventional forces and were not decisive to the outcome of the conflict, but they nevertheless offer significant lessons on the character of modern warfare for scholars of conflict and military studies. This MWI Report offers a brief analysis of several of those lessons. First, the attacks reinforced the Russian interpretation of cyberspace as a tool for holistic psychological manipulation and information warfare. By impeding the Georgian government’s ability to react, respond, and communicate, the cyberattacks created the time and space for Russia to shape the international narrative in the critical early days of the conflict. Second, the attacks highlighted the role of third forces on the modern battlefield. These forces ranged from the citizen hackers who perpetrated the attacks to the private companies who were relied on to defend against them. And third, the attacks provide a useful demonstration of how the technical concepts of cyberspace can be understood through conventional operational concepts in order to more effectively integrate them with military operations.

Read the full report here.


Capt. Sarah P. “Sally” White is a cyberspace operations officer in the US Army. She is currently pursuing her PhD in the Harvard Department of Government, where her research interests include military innovation and comparative cyberspace doctrine. She has served in the 82nd Airborne Division and the 780th Military Intelligence Brigade (Cyber).

The views expressed in this article are those of the author and do not reflect the official policy or position of the Department of the Army, the Department of Defense, or the US government.