Lessons from Russia’s Cyber-War in Ukraine
Cybersecurity is a critical strategic tool in warefare. This is true more than ever in the war in Ukraine, and Russia has exploited it to weaken Ukrainian infrastructure and resolve. There have been numerous Russian cyber attacks over the war on satellite communication systems, energy grids, data storage systems, and more.
However, these attacks has caused less disruption to the Ukrainian war effort than anticipated, and most critical infrastructure has stayed operational in cities. One reason cited for this is Ukraine’s robust cyber defense mechanisms that have been developed in response to Russian cyber aggression dating back to the annexation of Crimea in 2014. Some of these responses included moving command posts to front lines and moving data services to other locations in Europe.
There were several other factors that helped mitigate damage to Ukrainian cyber infrastructure. First, NATO has provided Ukraine with state of the art firewall, malware detection, and forensic capabilities. Second, Ukrainian infrastructure is predominantly left over from the Soviet era, and contains “outdated” manual overrides/resets. Third, private corporations, particularly Microsoft and ESET, have provided their own intelligence and technical support. Lastly, Russian cyber offensive capabilities have been hamstrung by a lack of sophistication, precision, or coordination: “a recent book on the subject, says that every single one of Russia’s known attacks on critical infrastructure, in Ukraine and beyond, has been prematurely exposed, been riddled with errors or has spilled over beyond the intended target”. These errors have allowed Ukraine and it’s allies to better anticipate and respond to threats than they might have otherwise.
However, this war is still far from over. Russia has likely avoided completely destroying certain infrastructure because it assumed that it would soon inherit it. Cybersecurity experts also believe that many high-end offensive cyber capabilities have not yet been used. With the war dragging on and increasing levels of NATO interference, Russia’s risk tolerance may grow to allow targeting systems outside of Ukraine. There is also the possibility that some attacks have not yet been detected. This war has served to illuminate the importance of cyber capabilities, and the lessons learned will be far reaching and long lasting.