Role of Cyber in Russian Sabotage Operations
A review of a recent IISS report of attacks against Europe critical infrastructure
The International Institute of Strategic Studies released a report in August taking a look at Russian sabotage operations against European critical national infrastructure (CNI).
It is interesting to see not only physical events - cable cutting as one example - versus the increasing role of cyber as part of a broader information warfare operations play.
Cyber operations are described as a core enabler and integral component of Russia’s wider sabotage strategy — not a separate or secondary activity. The report situates cyber activity within Moscow’s “gibridnaya voyna” (hybrid warfare) doctrine, where physical, informational, and digital tools are fused to weaken adversaries below the threshold of open war.
A a breakdown of cyber’s specific role in Russia’s sabotage attacks, includes:
1. Integrated in Hybrid Sabotage Doctrine
Russian military doctrine treats cyber operations as part of information warfare, combining “information-technical” (cyber, hacking, electronic attacks) and “information-psychological” (propaganda, disinformation) methods.
Cyber is therefore used alongside physical sabotage—for instance, hacking logistics or communications systems to support or conceal physical attacks.
The goal is to blur the line between war and peace, disrupting without triggering a conventional NATO response.
2. Cyber as Reconnaissance and Targeting Tool
Russia’s intelligence services (especially the GRU and SVR) use cyber intrusions to map critical infrastructure networks—energy grids, transport hubs, and communications links—identifying single points of failure for later physical attacks.
These cyber intrusions often precede or accompany physical sabotage (e.g., rail disruptions, water-supply incidents, or cable damage), providing operational intelligence and coordination.
Russian operatives have used cyber-espionage to track NATO logistics and supply routes for Ukraine, and to help recruited proxies locate targets such as energy substations or communication nodes.
3. Cyber as a Tool of Coercion and Confusion
Cyber activity is paired with disinformation and deepfake campaigns to amplify fear and distrust after sabotage incidents—portraying them as government failures or accidents.
Such “information-psychological” operations aim to erode public confidence, increase societal anxiety, and divide allied responses.
The IISS notes that the “grey-zone” framing has allowed Russia to use cyberattacks to intimidate Europe while staying below the escalation threshold.
4. Exploitation of Civilian Digital Infrastructure
The Kremlin leverages commercial IT supply chains, weak network defenses, and the private ownership of 90% of NATO transport and communications infrastructure.
Cyber intrusions into dual-use civilian networks (e.g., rail control systems, air logistics software, port communications) increase the impact of physical sabotage.
Russia’s “gig economy” approach—outsourcing low-skill acts to recruited proxies—relies on encrypted messaging, dark web payments, and online coordination, all of which are cyber-enabled.
5. A Blended Threat Environment
Russia’s hybrid operations use a continuum of effects:
Cyber reconnaissance → physical sabotage → disinformation amplification.
Attacks on undersea cables and satellite links combine both physical damage and digital disruption, impacting internet traffic, GPS, and secure communications.
NATO data show that energy and communication networks, often targeted by Russian cyber groups, overlap with physical sabotage zones (Baltic Sea, Poland, Germany).
6. Strategic Impact
While no mass-casualty cyberattack has occurred, the cumulative effect is to undermine resilience, complicate attribution, and delay collective response.
The report warns that the cyber-physical convergence in Russian sabotage campaigns is raising the risk of escalation and strategic miscalculation — where a blended attack could unintentionally cross NATO’s Article 5 threshold.
In summary:
Cyber operations are the connective tissue of Russia’s sabotage campaign — enabling reconnaissance, coordination, psychological impact, and plausible deniability. The IISS assesses that Russia’s use of cyber tools is not about stand-alone attacks but about amplifying and concealing physical sabotage, forming a seamless part of its hybrid war against Europe