Russia's Cybergeddon

10466096655?profile=RESIZE_400xJust yesterday, I gave a very brief talk on the ethics and morals of hackers.  My focus was centered on the criminality of hacking, but the same holds true with nation-state level cyber actors.  The Russia Matters publication has provided a series of opinions on why Russia has not initiated a full scale cyber-attack, often called ‘cybergeddon’ upon its adversaries.  Russia’s war in Ukraine, now nearing its 10-week mark, has been devastating, killing thousands of civilians, and forcing millions to flee their homes.  Thus far, this devastation has been wrought primarily by conventional military means, without Moscow launching the “full-scale cyber assault” or “cybergeddon-scale attacks” feared early on.  As various authors have pointed out, “Ukrainian air defense and aircraft didn’t appear to be affected by cyber disruptions, and there are no reports of critical infrastructure damage from cyberattacks;” “Ukraine’s electricity grid, its communications systems and other infrastructure are still largely up.  Its president is streaming from his government office.”  The question is posed - Why?

One group of scholars has long argued that expectations of cyber apocalypse have been overblown, with doomsayers ignoring that cyber and military campaigns serve different purposes.  Cyber operations, these experts say, are neither “catastrophic weapons of destruction” nor good for “managing destruction at scale” — meaning they are unlikely to be the game-changers many anticipated in modern warfare.  “It’s much simpler,” four of these authors write, “for Russia to launch an artillery barrage at a [Ukrainian] power substation than to hack it from Moscow.”[1]  Other experts have pointed out that, even without catastrophic attacks, Russia has done plenty of cyber damage in Ukraine—part of its holistic, hybrid approach to warfare—and “the digital confrontation is playing out in the shadows, as inconspicuous as it is insidious.”

Still others have offered additional possible reasons for the Kremlin’s relative cyber restraint: 

  • No need: If the Kremlin expected its invasion to succeed quickly, as many analysts have assumed, it may not have given its cyber teams orders to launch major attacks, deeming them unnecessary (then, once the campaign stalled and Russia began bombing Ukrainian cities, cyber weapons that could damage infrastructure became “largely beside the point”);
  • “Don’t break what you buy”: Moscow may have wanted to keep Ukrainian infrastructure intact during and/or after the invasion—whether for its own use or for intelligence gathering—making cyberattacks counterproductive;
  • Improved Ukrainian defenses: Compared to 2014-2015—when Moscow annexed Crimea, fomented an armed uprising in eastern Ukraine and temporarily disabled the country’s power grid by cyber means—Kyiv’s ability to fight cyber-attacks has increased, bolstered further by support from Western governments and the global tech sector;
  • Cyber pros out of the loop/busy with other tasks: Russian groups that could have planned and carried out major cyber operations were either kept out of the decision-making process on Ukraine and thus were unable to prepare or have been too busy with disinformation campaigns to launch offensive strikes;
  • Eye on NATO: Russia could be loath to do damage that might draw NATO members deeper into the war or it’s holding onto the cyber card for more leverage against the West at a later stage;
  • Over-hyped skills: Maybe Russia never had the capabilities its adversaries ascribed to it;
  • Hacker free-for-all: “Maybe the widespread skirmishing of cyber ‘partisans’ from both sides has got in the way.”

Indeed, the proxy hacker war is on: While Microsoft and others have enumerated the cyberattacks against Ukraine by Russian actors, Russia itself has been “plundered” by “digital assailants,” according to The Washington Post.  The paper reported this month that “one recent survey showed more passwords and other sensitive data from Russia were dumped onto the open web in March than information from any other country.”  Whatever the reasons that the world has not yet seen cataclysmic cyber actions by Moscow, even those experts who saw predictions of cyber doom as exaggerated point to pressing cyber threats and caution against complacency.  Below, we share excerpts of expert opinion on Russia’s use (and non-use) of cyber means in the war on Ukraine.  Comments are listed from most recent to earliest.

WESTERN OFFICIALS AND EXPERTS cited by ANTON TROIANOVSKI, Moscow Bureau Chief, and JULIAN E. BARNES, National Security Reporter, New York Times (NYT, 05.03.22)

“American and allied officials have debated why [Russian President Vladimir] Putin hasn’t tried widespread or more damaging cyber strikes.  Some say … Putin has been effectively deterred. The Russian military, struggling to make gains in Ukraine, cannot handle a wider war with NATO and does not want to give the alliance any excuse to enter the war more directly.  Others argue that a cyber strike on a NATO country is one of the few cards Mr. Putin can play and that he may be waiting for a later stage in his campaign to do that.”

TOM BURT, Corporate Vice President, Customer Security and Trust, Microsoft (Microsoft, 04.27.22)

 “Starting just before the invasion, we have seen at least six separate Russia-aligned … actors launch more than 237 operations against Ukraine—including destructive attacks that are ongoing and threaten civilian welfare … [as well as] broad espionage and intelligence activities.  Russia’s use of cyberattacks appears to be strongly correlated and sometimes directly timed with its kinetic military operations…  For example, a Russian actor launched cyberattacks against a major broadcasting company on March 1, the same day the Russian military announced its intention to destroy Ukrainian ‘disinformation’ targets and directed a missile strike against a TV tower in Kyiv.”

Microsoft has observed close to 40 “destructive attacks … targeting hundreds of systems”; more than 40% of these “were aimed at organizations in critical infrastructure sectors that could have negative second-order effects on the Ukrainian government, military, economy and civilians.  Russia-aligned actors began pre-positioning for conflict as early as March 2021 … to gain a larger foothold into Ukrainian systems.  When Russian troops first started to move toward the border with Ukraine, we saw efforts to gain initial access to targets that could provide intelligence on Ukraine’s military and foreign partnerships.  By mid-2021, Russian actors were targeting supply chain vendors in Ukraine and abroad to secure further access not only to systems in Ukraine but also NATO member states.  In early 2022 … Russian actors launched destructive wiper malware attacks against Ukrainian organizations with increasing intensity.  Since the Russian invasion of Ukraine began, Russian cyberattacks have been deployed to support the military’s strategic and tactical objectives.  It’s likely the attacks we’ve observed are only a fraction of activity targeting Ukraine. … [W]e believe cyberattacks will continue to escalate as the conflict rages.  Russian nation-state threat actors may be tasked to expand their destructive actions outside of Ukraine.”

LAUREN ZABIEREK, Executive Director, Cyber Project, Belfer Center for Science and International Affairs, Harvard Kennedy School of Government (RM, 04.20.22)

“Just because certain expectations of the use of cyber have not matched what we have thus far observed does not mean that Russia is not using cyber to achieve intended effects against Ukraine.  We have seen major cyber operations such as disrupting access to the internet, denial of service attacks against websites, deployment of malware intended to disrupt services and most recently a breach of a Ukrainian energy company and a thwarted attempt to shut down power.  Activities in the cyber domain don’t compare to battlefield operations when trying to achieve lethal effects.  But it's still important to understand that disruption of services … can have major impacts on the physical safety and psychological wellbeing of the people of Ukraine—sowing confusion, chaos, panic, distrust, for example—and that falls squarely into the Russian playbook of information operations.  Look at the latest discoveries this past week: Two new, very sophisticated malware families designed to disrupt and even have destructive effects upon industrial control systems—those devices that take a computer command and translate it into physical action in things like water treatment plants, energy substations and gas pipelines—were discovered before, it appears, they had a chance to infect these systems, but this is further evidence that the intent and the capability are there. We must remember that great harm to people can result after a cyberattack due to disruptions in essential services and public safety.”

ERICA D. LONERGAN, Assistant Professor, Army Cyber Institute, West Point, and Research Scholar, Saltzman Institute of War and Peace Studies, Columbia University (Foreign Affairs, 04.15.22)

“The negligible role of cyberattacks in the Ukraine conflict should come as no surprise.  Through war simulations, statistical analyses and other kinds of studies, scholars have found little evidence that cyber operations provide effective forms of coercion or that they cause escalation to actual military conflict.  For all its potential to disrupt companies, hospitals and utility grids during peacetime, cyber power is much harder to use against targets of strategic significance or to achieve outcomes with decisive impacts, either on the battlefield or during crises short of war.  In failing to recognize this, US officials and policymakers are approaching the use of cyber power in a way that may be doing more harm than good—treating cyber operations like any other weapon of war rather than as a nonlethal instrument of statecraft and, in the process, overlooking the considerable opportunities as well as risks they present.”

WESTERN OFFICIALS AND EXPERTS cited by DUSTIN VOLZ, Cybersecurity and Intelligence Reporter, and ROBERT McMILLAN, Computer Security Reporter, Wall Street Journal (WSJ, 04.12.22)

 “While cybersecurity analysts and intelligence officials are working to understand why the scale of the Russian cyber-offenses has been so much more limited than feared, several theories have emerged.  Russian strategists assumed the conventional campaign would wrap up in a matter of days and didn’t appear to deploy their toughest cyber weapons, U.S. officials said.  Ukraine’s cyber defenses have improved in recent years, under constant attack from Russian hackers.  Some of Russia’s intelligence agencies may be engaged in waging propaganda and disinformation campaigns instead of launching offensive strikes, analysts say.  And, as in the conventional fight, Russia may have overestimated its own capabilities and underestimated Kyiv’s.”

DAVID CATTLER, Assistant Secretary General for Intelligence and Security, NATO; and DANIEL BLACK, Principal Analyst, Cyber Threat Analysis Branch, NATO (Foreign Affairs, 04.06.22)

“All available evidence indicates that Russia has employed a coordinated cyber campaign intended to provide its forces with an early advantage during its war in Ukraine.  The apparent disconnect between these observed incidents, on the one hand, and the public analysis that Russian cyber operations have been minimal, on the other, is jarring.   The belief that cyber operations have played no role in Ukraine does not stem from a lack of real-world impact.  To the contrary, the magnitude of Moscow’s pre-kinetic destructive cyber operations was unprecedented.  On the day the invasion began, Russian cyber units successfully deployed more destructive malware—including against conventional military targets such as civilian communications infrastructure and military command and control centers—than the rest of the world’s cyber powers combined typically use in a given year.  With the likelihood that the conflict will become a protracted war, Russia will probably not exercise restraint in its use of additional disruptive and destructive cyber actions.”

NADIYA KOSTYUK, Professor, Georgia Institute of Technology; and ERIK GARTZKE, Professor, University of California San Diego (The Conversation, 04.04.22)

“Cyber operations did not replace the military invasion and, as far as we can tell, the Russian government has not yet used cyber operations as an integral part of its military campaign. … Cyber and military operations serve different political objectives. … Cyber operations are most effective in pursuing informational goals, such as gathering intelligence, stealing technology or winning public opinion or diplomatic debates. In contrast, nations use military operations to occupy territory, capture resources, diminish an opponent’s military capability and terrorize a population.”

CHRISTOPHER WHYTE, Assistant Professor, Homeland Security and Emergency Preparedness Program, Wilder School of Government and Public Affairs, Virginia Commonwealth University (Foreign Policy, 03.24.22)

“What’s interesting about the digital dimensions of the ongoing conflict in Ukraine thus far is the fact that events seem to bear out much of what cybersecurity scholars have said for years about the utility of cyber instruments for enhancing state power. … [They] aren’t good tools for controlling escalation or affecting the battlefield.  The strategic utility for using cyber tactics in Ukraine in support of the invasion itself just wasn’t there.  Cyber tools produce only temporary victories and so aren’t all that good for direct coercion.  And an expected quick victory on Russia’s part took sophisticated cyber tools off the table immediately by the logic of ‘don’t break what you’re about to buy.  That said, it’s important that we exercise caution as we look to learn from the digital dimensions of this conflict thus far.  … Several features of the crisis suggest that the peculiarities of the Russian state’s security apparatus may have played substantially into decisions on whether or not to deploy cyber assets. … The message here is simple.  General principles about the practicality of cyber operations only tell us what is likely.  Parochial political, social and institutional contexts determine what transpires.”

WESTERN OFFICIALS AND EXPERTS cited by SUE HALPERN, Staff Writer, The New Yorker (The New Yorker, 03.22.22)

“The fact that devastating attacks haven’t occurred so far has raised doubts in some quarters about the viability and efficacy of using malicious software as a weapon of war. … It may be that the Kremlin, high on its own propaganda, believed that the Russian army would conquer Ukraine in record time and install a puppet government that would need to have those services intact.  When that didn’t happen and the Russians began bombing cities, it made cyber weapons that could turn off the lights, say, largely beside the point.  But it also may be that Russia never had the capabilities that its adversaries ascribed to it in the first place. …  Right now, the Russians appear to be spending a lot of time defending their own networks, which may be taking resources away from a cyber offensive.  Something that has largely been lost in the musings about Russia’s failure—so far—to use cyber weapons to crippling effect in the war: Ukraine has actually been under a constant barrage of cyberattacks that began before the invasion.  … While the world was waiting for Russia to turn off the lights in Ukraine, the Kremlin was, instead, engaging in more targeted and strategic attacks.  Russia might do something more comprehensive and destructive going forward.  … There is also no guarantee that, just because they haven’t done so yet, the Russians won’t retaliate against the U.S. and its allies for supporting Ukraine.”

CHRIS KREBS, Former Head of the U.S. Cybersecurity and Infrastructure Security Agency; Co-Founder and Partner, Krebs Stamos Group (Financial Times, 03.20.22)

“[T]here are several factors which would explain why Moscow’s proven cyber capabilities took a back seat in the overall strategy. For one, it seems the Kremlin kept battle-planning to a small group that may have excluded the Russian security services’ cyber personnel.  There’s also the matter of necessity.  Intercepted transmissions point to Russian forces using radio handsets and Ukrainian telecommunications networks to co-ordinate movements and update commanders back in Russia.  In this scenario, Moscow would keep networks operational for their own use.  The danger is that as political and economic conditions deteriorate, the red lines and escalation judgments that kept Moscow’s most potent cyber capabilities in check may adjust.  Western sanctions and lethal aid support to Ukraine may prompt Russian hackers to lash out against the West, sending a clear message: ‘Knock it off, we can make this much worse for you.’  Russian ransomware actors may also take advantage of the situation, possibly resorting to cybercrime as one of the few means of revenue generation.  Mitigating this risk means we need decisive action.  Government offensive cyber teams must continue to disrupt Russian attacks, while rapidly sharing information with industry on Moscow’s intent and capabilities.  We must accept, however, that stopping all attacks is not realistic.”

THOMAS RID, Professor, School of Advanced International Studies, Johns Hopkins University (New York Times, 03.18.22)

Claims that cyberattacks on Ukraine have been conspicuous by their absence “are misleading. Cyberwar has come, is happening now and will most likely escalate.  But the digital confrontation is playing out in the shadows, as inconspicuous as it is insidious.  First, some cyberattacks are meant to be visible and, in effect, distract from the stealthier and more dangerous sabotage.  On Feb. 15 and 16, Ukrainian banks suffered major denial-of-service attacks, meaning their websites were rendered inaccessible. Western authorities swiftly attributed the attacks to Russia's intelligence service, and Google is now helping protect 150 websites in Ukraine from such attacks.  Second, cyber operations in wartime are not as useful as bombs and missiles when it comes to inflicting the maximum amount of physical and psychological damage on the enemy.  An explosive charge is more likely to create long-term harm than malicious software.  Finally, without deeper integration within a broader military campaign, the tactical effects of cyberattacks remain rather limited.”

CHRISTOPHER WHYTE, Assistant Professor, Homeland Security and Emergency Preparedness Program, Wilder School of Government and Public Affairs, Virginia Commonwealth University (The National Interest, 03.18.22)

“In spite of Russia’s relative restraint in cyberspace, media reports and even some practitioner assessments continue to expound on the possibility of a coming ‘cyberwar’ in which Moscow strikes back at the West for its support of Ukraine.   Certainly, there is some room for concern.  Russia has increasingly turned to the use of its ‘gray zone’ capacities for disrupting Western competitors and degrading their ability to act.  And yet, warnings about digital disasters to come persistently fail to place the Russian cyber threat in a strategic context.  Fears of ‘Cyber Pearl Harbor’ or ‘Cyber 9/11’ events in which digital actions produce devastating societal disruption are not just unrealistic; they are irresponsible.  While it’s true that Russia’s cyber capabilities are immense and include assets prepositioned in Western networks, there is little strategic utility to be found in such an attack.  Absent the outbreak of conventional conflict between NATO members and the Russian Federation, the truth is that cyber spectacles would be walked back in days or weeks at most.  Victory in the ‘cyberwar’ predicted by some will always be temporary and so generally not worth the effort.  What’s more likely in the near to medium term is that Russia will continue to seek out lateral means of disruption to address its new, more isolated state. …  Sanctions are likely to push Russia to increasingly use cyber to ease economic tensions and retaliate against specific Western political factions without fearing escalation.  Just as sanctions have pushed North Korea toward cybercrime as a method of bypassing economic hurt, Russia will likely feel freer to utilize its substantial cyber capabilities in months to come.  Businesses and societal institutions in Europe and the United States would be foolish if they did not expect … Russian digital antagonism to find its way into networks closer to home.”

JELENA VICIC, Postdoctoral Scholar, Center for Peace and Security Studies, University of California, San Diego; and RUPAL N. MEHTA, Associate Professor, Department of Political Science, University of Nebraska-Lincoln (War on the Rocks, 03.14.22)

“Policymakers and experts remain concerned about the cyber escalation potential and speculate about several explanations for the lack of large-scale cyber events launched by Russia to date.  First, as media reports suggest, the United States took on some of the early work to prepare Ukraine for cyber onslaught in the aftermath of the invasion of Crimea.  … Since then, the United States has deepened strategic defense cooperation with Ukraine, including intelligence sharing.  In addition, NATO has worked with Ukraine to boost its cyber defense and counter ‘Russian aggression in cyberspace.’  These defenses may have worked well, causing Russian attempts to fail.  Second, Russia may be holding some of its cyber assets in reserve, and waiting for the right moment to strike—ostensibly using cyber as a force multiplier as they push deeper into Ukraine… Security researchers also speculate that as sanctions continue to wear Russia down, governments, financial and other institutions may become targets of reprisals both in Ukraine and the West.”

MARCUS WILLETT, Senior Advisor for Cyber, International Institute for Strategic Studies (IISS, 03.10.22)

“Theories abound as to why Russia has not used destructive cyber operations in its offensive on Ukraine so far.  Perhaps Ukrainian cyber security has improved, especially with Western help.  Maybe the widespread skirmishing of cyber ‘partisans’ from both sides has got in the way.  It could be that the Russians are keeping Ukrainian networks operating for their own purposes, including to assist their intelligence gathering.  And it is of course unlikely that everything the Russians may be doing has been made public.  In extremis, the Russians might care less about the risk of an indiscriminate use of cyber capabilities in Ukraine causing damage beyond Ukraine’s borders.  As Western governments have been warning, we must be well prepared for that eventuality and not lulled into any false sense of cyber complacency, especially given the threat is likely to arise more from Russian desperation than strength.”

RAFAL ROHOZINSKI, Principal, SecDev Group; Senior Fellow, Center for International Governance Innovation (IISS, 03.09.22)

“While the expected cyber war in Ukraine has yet to materialize, this doesn't mean that all is quiet on the cyber front.  The extraordinary sanctions imposed on Russia … have significant implications for software programs, networks and devices. Companies such as Oracle and SAP—widely used by Russian banks, telecommunications operators and government institutions—suspended their operations in Russia, raising the prospect of licenses being revoked and thus rendering most databases inoperable.  … The net result is that Russia’s military and economy may be left bereft of the digital tools needed to build, field or employ weapons and materiel in pursuit of its objectives in Ukraine.  In fact, the entire Russian economy could be forced into a pre-information-technology age.  There are signs that Russia is belatedly waking up to the importance of the cyber front. Russia’s information warfare has been more present and robust in recent days, with the volume of pro-government disinformation increasing. … A government decree ordered Russian websites to remove scripts that make them vulnerable to cyberattacks, and to switch to domestic domain-name servers. … Digital defenses are starting to take shape, and this may signal a shift toward a more dangerous phase of the cyber war.”

JACQUELYN SCHNEIDER, Fellow, Hoover Institution, Stanford University (Foreign Affairs, 03.07.22)

“It seems unlikely, given the amount of indiscriminate damage currently being inflicted by Russia, that cyber operations will escalate the violence of the campaign within Ukraine.  That said, could cyber operations lead to horizontal escalation, drawing NATO into the fight, for example?  Or, given that the United States and Russia are the world’s largest nuclear powers, could cyber operations escalate to the worst possible outcome—nuclear war?  Recent wargaming research suggests that cyber exploits into nuclear command and control may be enticing for states looking to neutralize a nuclear escalation threat in the midst of a conventional war, and that actors may underestimate the danger of these exploits and vulnerabilities to nuclear stability.  A deliberate choice by Russia to use cyberattacks against the United States or NATO to ‘escalate to dominate’—deliberately ratcheting up the pressure to force Washington to back off—would likely fail.  A more troubling scenario involves accidental escalation from cyber operations—that is, when critical infrastructure is unintentionally damaged by a cyberattack or when a cyberattack is misattributed to Russia (or the United States).  This is especially dangerous for civilian infrastructure that also serves military or security purposes…  Plus, a jumble of actors has jumped into this space, from criminal syndicates to cyber militias to hacker collectives…  That increases the chances that one of these players will target civilian infrastructure and misattribution … could needlessly trigger retaliation.  Beginning in 2017, my team at the Naval War College and the Hoover Institution ran a [three-year, 580-player] wargame that … found that teams who were told they possessed cyber exploits against nuclear command-and-control systems overwhelmingly used them.  One way to avoid this type of escalation is resilience. … Resilient nuclear weapons and command-and-control systems, which make states more confident in their second-strike capability, … [are] less likely to find themselves vulnerable to counterforce campaigns and less tempted to launch their own preemptive nuclear attacks.”

ERICA D. LONERGAN (nee BORGHARD), Assistant Professor, Army Cyber Institute, West Point, and Research Scholar, Saltzman Institute of War and Peace Studies, Columbia University; SHAWN W. LONERGAN, U.S. Army Reserve Officer assigned to 75th Innovation Command; BRANDON VALERIANO, Senior Fellow, Cato Institute, and Distinguished Senior Fellow, Marine Corps University; and BENJAMIN JENSEN, Professor of Strategic Studies, School of Advanced Warfighting, Marine Corps University, and Senior Fellow for Future War, Gaming and Strategy, Center for Strategic and International Studies (The Washington Post, 03.07.22)

“Experts who inferred from Russia’s past behavior that the current conflict would be a ‘Cyber Pearl Harbor’ moment may have been drawing the wrong lesson.  … Cyber operations in combat contexts may not be as prolific or decisive as many expect, as demonstrated by evidence not only from Ukraine, but also from Afghanistan, Iraq and Syria. … These operations don’t win wars but instead support espionage, deception, subversion and propaganda efforts.  Here’s why the current cyber operations are neither as easy nor as effective as the conventional wisdom would suggest.  First, the global tech sector plays a major role in cyber defense, with firms such as Microsoft, Alphabet and others working overtime to identify threats to Ukraine, patch vulnerabilities and share information.  Additionally, … the United States and Britain dispatched cyber defensive teams to Ukraine in December.  Reporting suggests that US cyber mission teams continue to support Ukraine’s cyber defense.  Second, preemptive actions may have boosted Ukraine’s resilience. Ukrainians were downloading encrypted communications applications such as Signal and offline maps—but the Ukrainian military also relied on old-school wired communications.  Third, low-cost cyber operations readily available to hacktivists and proxy groups … disrupt and distract more than they create tangible battlefield gains.  In contrast, offensive cyber operations tailored to shut down another country’s command-and-control or air-defense systems, for instance, can be challenging.  It takes years of investment and human capital, pre-positioned access points and a mature, well-resourced organization to plan and carry out this type of complex cyber campaign.  And even the most sophisticated offensive cyber operations can’t compete with conventional munitions.  It’s far easier to target the enemy with artillery, mortars and bombers than with exquisite and ephemeral cyber power.  Notwithstanding any cyber vulnerabilities, it’s much simpler for Russia to launch an artillery barrage at a power substation than to hack it from Moscow. Russia’s airstrikes against a Ukrainian television tower may be a case in point.”

JASON BLESSING, Jeane Kirkpatrick Visiting Research Fellow, Foreign and Defense Policy Department, American Enterprise Institute (The Hill, 03.04.22)

“There is every chance that we will see increased cyberattacks, but cyber hype about scope and scale … is completely unwarranted.  … Exaggerating the threat distracts us from hardening against much more likely Russian assaults that are short of cyber war.  One key threat is the potential spillover from Russian cyber operations in Ukraine.  … Disruption to U.S. supply chains is a second threat. … Finally, Russian cyber activity can target critical infrastructure with low-cost, low-sophistication methods that are indistinguishable from criminal activity.  Instead of preparing for cyber-doomsday scenarios, the US private and public sectors should be hardening targets against actual threats.  This means having a game plan for when networks go dark, rebooting quickly and using failure to better evaluate future risks.”

LAUREN ZABIEREK, Executive Director, Cyber Project, Belfer Center for Science and International Affairs, Harvard Kennedy School of Government (The Economist, 03.03.22)

“Conspicuous by its absence … has been something that many observers thought would be one of the defining features of a 21st-century conflict between high-tech opponents.  ‘Cyberattacks’ aimed at Ukrainian computer systems seem to have played hardly any role.  … The run-up to the invasion saw the websites of Ukraine’s government and banks knocked temporarily offline and the discovery of malware designed to delete files on Ukrainian computer systems.  … But all that is small beer compared with what many had been anticipating.  Theories [about why that was] abound.  One … is that Russia may have left Ukrainian infrastructure intact because Russia, too, is making use of it. … Another is that large-scale, damaging attacks were attempted but failed. … And once a war has started cyberattacks may become less enticing.  Less than a week into the war, though, few experts are willing to stick their necks out and say definitively that no big cyberattacks will happen.  … Absence of evidence, in the digital realm, never quite adds up to evidence of absence.”

CIARAN MARTIN, Professor of Practice, Blavatnik School of Government, University of Oxford (Lawfare, 03.02.22)

“Even those of us long skeptical about the mischaracterization of cyber operations and cyber risk as catastrophic weapons of destruction, rather than a still serious but quite different threat of chronic disruption and destabilization, have been surprised by just how little cyber operations have featured in the early part of the invasion. … The reasons for this underuse of Russia’s sophisticated cyber capabilities so far in the conflict are unclear.  Even though cyber operations have featured to an unexpectedly small extent in the conflict so far, the West still remains at higher risk of serious disruption—as distinct from catastrophic attack—via the cyber domain than it was before the invasion.  It is significant that the warnings coming from the likes of Washington and London to their own citizens are not about ‘cybergeddon.’  They are about the risks of overspill from Russian attacks and from Russian proxies, and the potential that the Putin regime may decide to take over from the proxies and do it better.  However this horrendous war turns out, the West will be left with … strategic cybersecurity weaknesses to tackle.  And in the meantime, the cyber domain may influence the war at the margins, but it will not decide it.”

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs. com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/5504229295967742989

[1] https://www.russiamatters.org/analysis/why-hasnt-russia-unleashed-cybergeddon-its-war-ukraine

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!