Rethinking what constitutes resilience is essential for understanding the complex web of incentives, interests and dependencies that have come to define how the internet works – and, often, does not work – in conflict.
As part of their invasion of Gaza in October 2023, Israeli armed forces cut off all telephone and internet communications to the territory on several occasions, for multiple hours each time. The effect on media reporting of the conflict was immediate – a previously constant stream of images, videos and live updates virtually ceased for the duration of the outage. In a thread on X (formerly Twitter), Elon Musk responded to demands for his platform to facilitate internet access through the Starlink satellite network (which Musk also owns) by stating that ‘Starlink will support connectivity to internationally recognized aid organizations in Gaza’. Musk had reacted similarly in Ukraine, where Starlink terminals and connections had enabled the Ukrainian military in its operations in early 2022.
In some ways, the two events – armed forces’ severing of telephone and internet communications and the offer by a private company to fill gaps in service – are neither new nor surprising. Information channels have always been a crucial aspect of any conflict, and states have long targeted the strategic communications routes of their adversaries to gain a military advantage, while also developing and reinforcing their own communications technologies and processes. In the digital era, intentional internet shutdowns are frequent occurrences, both to facilitate military manoeuvres and to enable authoritarian states to dampen and repress popular dissent or protest. Likewise, private companies have been important actors in conflict for centuries, providing logistical support, arms and other advanced technological equipment to one party or another, and quickly becoming entangled in the geopolitical ramifications of their actions.
However, in the ‘internet era’, there are qualitative differences in the extent to which non-state actors – such as technology companies and non-profit internet governance organizations – can directly or indirectly influence conflict dynamics. For example, the large-scale transfer of Ukrainian government data to cloud-based infrastructure in February 2022 – facilitated technologically by major Western companies, legally by swift action on the part of Ukrainian legislators, and diplomatically by NATO states – would have been unthinkable only a few years ago. The decision by the non-profit Internet Corporation for Assigned Names and Numbers (ICANN) in March 2022 to maintain Russia’s access to core internet services (namely, the domain name system – DNS) was another striking novel development. This example was notable not only because ICANN resisted strong pressure to restrict these services (in contrast with a decision by the Swift international banking network to cut Russia off from its services two months later), but because the power to decide a nation’s relationship with the global internet sat with a multi-stakeholder and largely technocratic organization, rather than with states or private companies. Questions remain regarding the power of other non-state actors in ‘internet era’ conflicts, particularly when such actors directly supply military or dual-use technologies, such as software used for tracking
troop movements or facilitating targeting decisions.
Defining internet resilience
Significant parts of modern conflict are increasingly defined by the internet and digital technologies. Seeking to untangle and understand the rapidly changing roles of technology and private sector actors in these settings, policymakers and experts alike increasingly turn to the idea of resilience. The concept of resilience is essential for understanding the complex web of incentives, interests and dependencies that have come to define how the internet works – and, often, does not work – in conflict.
However, as a term and concept, resilience is inclusive of a wide variety of issues. In the case of Starlink in Ukraine, the issue is the technical resilience of telecommunications networks and their effect on the resilience of the Ukrainian military. In Gaza, urgent questions revolve around the implications of the resilience of internet and telecommunications infrastructure for social and medical infrastructure, in a rapidly worsening humanitarian crisis. While both cases revolved around the availability of the internet in a particular location – and hence Starlink was proposed as a solution in both instances – the state and social functions that internet connectivity sought to enable were vastly different. In the ICANN case, pertinent questions arose around the resilience of the global internet governance architecture, and its vulnerability to future politically motivated intervention.
The key question is then how the concept of resilience can be refined in order to understand the changing role of the internet in conflict. This research paper’s starting point is that internet resilience should be thought of in two distinct types: technical and sociopolitical. While, in both cases, resilience concerns the ability of a system (for the purposes of this paper, the internet) to recover from a shock or incident, technical resilience focuses primarily on technological systems constituting the internet. Sociopolitical resilience meanwhile refers mainly to the human networks and groups that maintain and uphold those technological systems, enabling their continued availability and use.
Technical resilience focuses primarily on technological systems constituting the internet. Sociopolitical resilience refers mainly to the human networks and groups that maintain and uphold those technological systems, enabling their continued availability and use.
The distinction is not clear-cut. Technological systems are never purely technological, while sociopolitical processes are more technological than they may seem at first. More precisely, technological systems depend on practices developed in specific social settings and modern sociopolitical processes rely on the affordances of extensive technological infrastructure to function smoothly. Nonetheless, viewing internet resilience through either a primarily technical or sociopolitical lens helps to distinguish the roles and responsibilities of various stakeholders, and the kinds of impact that these stakeholders might mitigate or repair. This paper argues that the interplay between the two forms of internet resilience reveals significant (and, in some cases, surprising) dynamics around the use of internet and digital technologies in conflict.
To make its argument, the paper draws on two case studies. The first examines internet architecture and use before, during and after the US-led military coalition’s withdrawal from Afghanistan in August 2021. The second case study highlights the connections between global and local internet resilience and the resilience of internet architecture in Ukraine before, during and after the Russian invasion that began in February 2022.
This second study is chosen as the inverse of the first. In demographic terms, Afghanistan is a poor, developing country with low levels of internet penetration and other, more pressing infrastructural priorities. By contrast, pre-war Ukraine had a booming IT sector closely tied to European and US markets. In addition, Ukraine continues to receive extensive policy and media attention, with overlapping and mutually reinforcing incentives for private sector actors to contribute, although significant gaps remain. After the chaos and political fallout of the hasty withdrawal of forces after over 20 years of fighting and reconstruction, issues of internet resilience in Afghanistan have received less international attention.
Most commentators examining internet and cybersecurity issues in the context of Russia’s 2022 invasion of Ukraine have focused on the role (or lack thereof) of Russian offensive cyber operations, with some seeing a surprising lack of effect from ‘wiping’ and other disruptive operations, and others identifying a concerning ‘civilianization’ of cyber operations towards cybercriminal groups, hacktivists and ‘cyber militias’ such as the Ukraine IT Army. In contrast, an analysis in terms of resilience highlights a more central role for early decisions by private companies and non-state actors to provide cloud infrastructure in support of Ukraine, and for broader efforts to build Ukrainian cyber defence capabilities to prevent complete internet shutdowns or loss of communications. While these efforts are usually discussed in terms of cybersecurity capacity-building, this paper argues that a framing in terms of resilience helps to connect technical cybersecurity protections with their broader sociopolitical purpose in resisting occupation. Such a frame also provides a clearer understanding of the motivations for different actors – especially those in the private sector – to contribute to such efforts.
Investigating internet resilience in Afghanistan provides an equally important insight into the motivations and roles of similar stakeholders to those in Ukraine (for example, government contractors, IT companies or telecoms providers), but in a situation where the priorities are almost reversed. Dividing the Afghanistan case study into pre-, during and post-crisis environments also reveals a landscape (including the internet and digital technologies themselves, and the variety of actors interacting with and impacting the internet and digital technologies in different ways) that shifts over time. More generally, the case of Afghanistan is important not just in its own right, but because it offers indications for current or potential future scenarios (e.g. Gaza or Taiwan) where international support may be more ambiguous, as well as the dangers of what might be termed ‘support fatigue’ as Russia’s war on Ukraine continues.
Methodology
The paper relies empirically on extensive research from a range of primary and secondary sources, including documents from government and international organizations, private sector statements, media and news reports, commentary and analysis prepared by civil society organizations, and research reports. It also builds on Chatham House’s research on the changing dynamics of the cyber policy threat landscape.
The paper – and especially the featured case study on Ukraine – also draws on 11 interviews conducted with UK-based stakeholders (from government, the private sector and civil society) in May and June 2023. Interviewees were selected from among the participants in a Chatham House event on ‘Internet in Conflict: Trends and Future Challenges’, held in May 2023 under the Chatham House Rule. The interviews shed light on how key stakeholders from government, the private sector and academia are tackling the notion of resilience, particularly in response to Russia’s war on Ukraine.
Notwithstanding this, the interviewees were mainly UK-based and, in most cases, offered UK- or Western-centric perspectives. Consequently, while attempts to balance this with a wider range of interviews were regrettably beyond the scope of the work conducted for this paper, each chapter seeks to ensure interview insights are critically accompanied by other sources.
Gathering primary data on Afghanistan was also a challenge, in part due to the interviewees’ primary focus and expertise on Ukraine, and the research team’s existing expertise on Ukraine, but also partly to the operational challenges of interviewing in-country experts. To compensate for these deficiencies, the authors sought additional research assistance focused solely on internet resilience in Afghanistan, and convened several evidence-based reviews and discussions of secondary research. Their work also benefited from an informal conversation with a regional digital policy expert, whose experience underlined the difficulties of conducting research interviews with Afghanistan-based experts.
Both case studies would undoubtedly have been strengthened by interviews with individuals and organizations on-the-ground. Nonetheless, the authors are confident that the content of both case studies presents others with potential avenues for further research.
About this paper
The paper is structured as follows. Chapter 2 sets out the background in more detail, outlining the relationship between technical and sociopolitical resilience; the role of private sector technology companies in conflict; and how internet resilience may change in these settings. Chapters 3 and 4 then address the case studies of Afghanistan and Ukraine, applying the conceptual approach and drawing on the data sources above to unpack the roles and responsibilities of different stakeholders in maintaining or improving internet resilience in each setting. Chapter 5 highlights some preliminary conclusions and proposes a typology for characterizing the roles of private sector stakeholders in internet resilience.
This paper encourages readers to apply a holistic approach to internet resilience. For state stakeholders (e.g. those involved in developing and shaping a strategic approach to engagement in international conflicts), the paper carries lessons, best practice and, in some cases, cautionary tales for providing resilience and in their engagement with private sector stakeholders – whether through procurement of services, information-sharing or in consultation. For private sector stakeholders (e.g. technology and telecommunications companies involved in the provision of connectivity in conflict areas), the paper may include familiar and novel characterizations of their own complex roles in ensuring resilience, encouraging them to map more comprehensively their web of interests and incentives in recognition of the fact that, in conflict and crisis settings, this web will face severe and unpredictable disruption.