Ever since the beginning of the Internet Age, the potential to weaponize digital technologies as tools of international aggression has been known. This was exposed by Russia’s 2007 cyber-attack on Estonia, which was widely recognized as the first such act by one state against another. In 2016, NATO officially recognized cyberspace as a field of military operations alongside the more traditional domains of land, sea and air.
The current Russia-Ukraine War demonstrates the next major milestone in our rapidly developing understanding of cyber security. It is now becoming increasingly apparent that the invasion unleashed by Vladimir Putin on 24 February is the world’s first full-scale cyberwar. It will take many years to fully digest the lessons of this landmark conflict and assess the implications for the future of international security. However, it is already possible to draw several preliminary conclusions that have consequences for individuals, organizations and national governments around the world.
The current war has confirmed that while Russian hackers often exist outside of official state structures, they are highly integrated into the country’s security apparatus and their work is closely coordinated with other military operations. Much as mercenary military forces such as the Wagner Group are used by the Kremlin to blur the lines between state and non-state actors, hackers form an unofficial but important branch of modern Russia’s offensive capabilities.
One month before the current invasion began, hackers hit Ukraine with a severe cyber-attack designed to weaken government structures and prepare the ground for the coming offensive. Critical infrastructure was targeted along with private data in a bid to undermine Ukraine’s ability to defend itself.
Again and again during the first few months of the conflict, we have witnessed the coordination of cyber operations with more conventional forms of warfare. On one entirely typical occasion, a cyber-attack on the Odesa City Council in southern Ukraine was timed to coincide with cruise missile strikes against the city.
Just as the Russian army routinely disregards the rules of war, Russian hackers also appear to have no boundaries regarding legitimate targets for cyber-attacks. Popular targets have included vital non-military infrastructure such as energy and utilities providers. Hospitals and first responders have been subjected to cyber-attacks designed to disrupt the provision of emergency services in the immediate aftermath of airstrikes. As millions of Ukrainian refugees fled the fighting during the first month of the war, hackers attacked humanitarian organizations.
Individuals are also targets. Every Ukrainian citizen is potentially at risk of cyber-attack, with hacked personal data providing the Russian security services with opportunities to gain backdoor access to Ukrainian organizations and identify potential opponents or prepare tailored propaganda campaigns.
The scale of the cyber warfare currently being conducted against Ukraine is unprecedented but not entirely unexpected. Large-scale attacks began during the 2013-14 Euromaidan protests and initially enjoyed considerable success. This was followed by more ambitious attempts to hack into the Ukrainian electricity grid and spark power blackouts. Then came the Petya and NotPetya international cyber-attacks of 2016-17, which centered on Ukraine and caused huge global disruption.
It is clear that Russia’s current cyber offensive involves cybercriminals working in cooperation with military personnel while enjoying access to official intelligence data. This approach is relatively cheap, with cybercriminals often able to finance their operations using standard cyber fraud techniques. The idea of collaboration between the state and criminal elements is also nothing new. However, it is noteworthy that in this case, the state in question has a permanent seat on the United Nations Security Council.
Perhaps the single most important outcome of the cyberwar so far is that we now have a much better picture of the enemy. We are able to see the threats posed by Russia and also assess Moscow’s limitations. Just as naval threats are countered by missiles and mines, cyber security is achievable given sufficient knowledge and resources.
Ukraine has come under unprecedented cyber-attack on a daily basis for more than a quarter of a year, but the Ukrainian authorities have managed to maintain basic utility services for the vast majority of the country. Even more striking is the fact that mobile communications and internet connection disruption has been minimal. In many instances, Ukrainians have been able to access online information while under Russian bombardment.
One key lesson from the past few months is the need for everyone to take responsibility for their own cyber security. This applies to individuals and organizations alike. Neglecting cyber security risks creating weak links in wider systems which can have disastrous consequences for large numbers of people. Likewise, businesses should not rely on the state to take care of cyber security and should be prepared to invest in sensible precautions. This can no longer be viewed as an optional extra.
International cooperation is also vital for strong cyber security. Ukraine has received invaluable support from a number of partner countries while sharing its own experience and expertise. Much as the internet itself does not recognize national boundaries, the most successful cyber security efforts are also international in nature.
The Russian invasion of Ukraine has underlined the expansion of the modern battlefield to include almost every aspect of everyday life. The rise of the internet and the increasing ubiquity of digital technologies means that virtually anything from water supplies to banking services can and will be weaponized.
For years, the Kremlin has been developing the tools to carry out such attacks. The international community was slow to recognize the true implications of this strategy and is now engaged in a desperate game of catchup. The war in Ukraine has highlighted the military functions performed by hackers and the centrality of cyber-attacks to modern warfare. Restricting Russian access to modern technologies should therefore be viewed as an international security priority.
The Russo-Ukrainian War is the world’s first full-scale cyberwar but it will not be the last. On the contrary, all future conflicts will have a strong cyber component. In order to survive, cyber security will be just as important as maintaining a strong conventional military.
Author Yurii Shchyhol is head of Ukraine’s State Service of Special Communications and Information Protection.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www. redskyalliance. org/
- Website: https://www. wapacklabs. com/
- LinkedIn: https://www. linkedin. com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings