1. Comment
March 21, 2022

Russia’s cyber warfare front goes missing in Ukraine

The Russia-Ukraine war is the first large-scale conflict in which cyber warfare was expected to play a significant role. But as the fighting escalates, that has yet to happen.

Although there has been low-level activity—with cyberattacks underway in Ukraine before Russian forces invaded on 24 February—the war has not been fought in cyberspace, but on land. It is a move that may ultimately require a rethink of government strategies regarding cyber warfare as a substantial weapon of war.

But this development has not stopped several European countries from fearing a series of cyberattacks since the invasion of Ukraine. The Irish Foreign Affairs Minister Simon Coveney has warned of an increased cyber threat, for which the country is taking “appropriate precautions.” Increased cyber activity may still happen as Western sanctions on Russia start to bite.

A war of conventional brutality

Despite being one of the world’s foremost offensive cyber powers, the Russian invasion of Ukraine has, in the words of former UK National Cyber Security Center head Ciaran Martin, been “conventional in its brutality”. And that has implications for investment in defense by Western governments.

In an analysis article, ‘Cyber Realism in a Time of War’ written for the Lawfare blog, Martin cited a November 21, 2021, exchange between UK Prime Minister Boris Johnson and Tobias Ellwood, chairman of the House of Commons Defense Committee, in which Johnson argued that fighting through tank battles in Europe was over and that the future of warfare was cyber. Ellwood, a critic of the British government’s decision to cut army personnel in favor of investment in cyber capabilities, responded that “You can’t hold ground in cyber.”

Martin made the point that even those who were skeptical about the mischaracterization of cyber operations and cyber risk as catastrophic weapons of destruction had been surprised by how little cyber operations featured in the early part of the invasion. One minor exception is hacktivist group Anonymous hacking Russian TV news channels to show footage of scenes from the assault on Ukraine.

Even a continuing Russian cyber campaign against Ukraine, ongoing since 2014, which led to energy outages and the disruption of government and banking payments, was considered unsuccessful because the hacks made no real impact on the Ukrainian leadership’s decision-making.

A history of mishandled cyber attacks

The cyberattacks launched against Ukraine after Russia’s 2014 annexation of Crimea did have an impact. In 2017, Kremlin-linked hackers launched a ransomware program known as NotPetya, which encrypted any data it reached and left data owners locked out from their own files. Victims were told to pay a ransom of $300 in bitcoin if they wanted access to their data returned.

The problem was that the ransomware attack spread beyond Ukraine’s borders, infecting computer networks of companies around the world, resulting in estimated total damages of more than $10 billion. Companies such as shipping giant Maersk and pharmaceutical specialist Merck were among those badly affected.

For Martin, the irony of the NotPetya case was that had the hackers done their jobs better, the global impact would have been far less. There is a fear that if there is an intensification of Russian cyber aggression against Ukraine, the risk of a NotPetya-like miscalculation increases—with an unknown but potentially significant impact on global businesses. Martin believes national security communities charged with thinking about cyber as a national security risk (and capability) must now evaluate three things: what the risks of cyberattacks against the West are as the conflict continues; how to analyze the role of cyber in the potential escalation of the conflict; and what this means for the West’s cyber posture and capabilities.

Related Report
img
GlobalData Thematic Research