Massive Cyberattack on Ukraine Shows the Network Cold War Is Heating Up

From June 15 to July 15, 2019, the Russian government ordered all Russia’s major telcos to demonstrate that the internet within Russia could continue to successfully operate after it was disconnected from the rest of the world. Not enough people appreciated the significance of these tests. Co-dependency is one of the strongest guarantees that countries will not go to war. The creation of the Russia-only internet, sometimes referred to as ‘Runet’, is the product of a strategy that prioritizes preparation for conflict. So it came as no surprise when Oleksiy Danilov, Secretary of the National Security and Defense Council of Ukraine, said he was “99.9% sure” that Russia was behind a massive cyberattack on 70 Ukrainian government websites that was launched at 2am on Friday morning. The defaced websites showed a message (pictured above) written in Ukrainian, Russian and Polish which was designed to induce terror amongst ordinary Ukrainians, including the chilling words: “be afraid and expect the worst”.

Both the Ukrainian and US administrations have since reminded the world that Russia engaged in cyberattacks as part of the destabilization of Georgia prior to their invasion in 2008. Russia was also blamed by Estonia for a series of cyberattacks in 2007 that targeted the Estonian parliament, banks and media. The 2007 and 2008 attacks on Estonia and Georgia set new precedents for cyberwarfare in terms of the level of sophistication of the techniques used, and Georgia represented the first instance of large-scale digital warfare alongside a physical invasion. Practice makes perfect in all matters, and training is essential to any military force, which is why we use the word ‘wargaming’ to describe the process of anticipating how to handle a crisis. With troops amassed on the border, there is concern that Friday’s cyberattack is a prelude to a physical assault on Ukrainian territory, but even if war is averted, the Russian government keeps learning more about how to conduct warfare in concert with the disruption of networks that most societies now rely upon.

Probing an enemy’s defenses can also be crucial to negotiating the terms for maintaining the peace because an opponent that has been made aware of their weaknesses may be more willing to grant concessions. Russia denies any intention to invade Ukraine but has threatened to take unspecified military action unless NATO makes a series of uncomfortable and unlikely promises. These include prohibiting Ukraine from joining NATO and not basing any troops or equipment within the NATO countries of Poland, Lithuania, Latvia or Estonia. The timing of Russia’s demands is astute, given there has been a recent change of government in Germany, the country within the Western alliance that was most opposed to basing NATO forces in countries to their East, and which has the most favorable opinion of Russia according to polls of the general public.

The new German administration is headed by the Social Democratic Party (SPD), who have historically been critical of NATO whilst seeking to appease the Russian government. Former SPD Leader Gerhard Schröder championed new pipelines to obtain gas from Russia whilst he was Germany’s Chancellor, and has since been appointed to top jobs at state-owned Russian gas producer Gazprom and oil producer Rosneft. In contrast to Russia’s internet, which can be run independently of the rest of the world, there are now serious concerns that Germany would be badly affected if Russia cut off supplies of energy.

This is the context for NATO Secretary General Jens Stoltenberg issuing an urgent statement about the cyberattack on Ukraine.

NATO has worked closely with Ukraine for years to help boost its cyber defences. NATO cyber experts in Brussels have been exchanging information with their Ukrainian counterparts on the current malicious cyber activities. Allied experts in country are also supporting the Ukrainian authorities on the ground. In the coming days, NATO and Ukraine will sign an agreement on enhanced cyber cooperation, including Ukrainian access to NATO’s malware information sharing platform. NATO’s strong political and practical support for Ukraine will continue.

Reassurance is needed because the West appears to be ill-prepared to counter Russian aggression in cyberspace. Russia’s invasion of the Crimean peninsula in 2014 relied upon troops whose uniforms were disguised so it was not immediately apparent who had instigated violence. The problem of attributing responsibility for aggression is far worse in cyberspace. Hackers do not wear uniforms and there is no conclusive way to distinguish between a hacker who works for himself and a hacker employed by the state. Too often it appears that vital network resources can be infiltrated, commandeered and abused by petty criminals. If lone hackers and organized criminals can disrupt networked services then there is every reason to believe states have the resources to do far more harm. Perhaps the best illustration of how the internet leads to blurred lines between crime and military aggression comes from lowly North Korea, whose hackers are estimated to have stolen USD400mn of cryptocurrency during 2021.

When discussing Cold War 2 it is tempting to imagine there is a simple divide between the West and East, but relations between Russia and China have never been perfect. An essay by Chinese President Xi Jinping that was published on Saturday referred to a broad swathe of digital risks, but it is worth noting sections that said China must improve national security within the digital realm. He particularly emphasized the need for early warning systems, and the maintenance of security around key industries and valuable intellectual property. The priorities being established by China could just as well be applied to any nation that is relying upon networked technologies to improve the quality of life for its population.

The sad irony is that we have all become used to the benefits of living in networked societies but our politics, culture and news still treats warfare as if it is oriented around guns, troops, tanks and planes. The invention of aircraft dramatically changed the way war was pursued, making it important to establish domination of the skies and creating the potential to bomb factories and civilians located far behind the front line. War has historically concerned the capture of land and people because both are important sources of wealth and power. However, cyberspace does not map to a physical terrain. Digital assets and network infrastructure are now incredibly valuable. They may be stolen or disrupted as a prelude or adjunct to physical invasion, but they can also be military targets in their own right. A misplaced naivety that networks need to be protected from spammers and fraudsters can blind us to the fact that anything a spammer or fraudster can accomplish could also be achieved by an enemy nation intent on wreaking havoc. But unlike any ordinary spammer or fraudster, the enemy nation will go after all networked resources at the same time.

If our networks are so poorly secured that small groups of criminals can do expensive harm, this means they are also vulnerable to far worse disruption by forces whose motivation is not limited to making money. The front line of a digital war is everywhere, unless you can cut off a country’s internet like Russia can. We must hence act as if any networked resource can come under sustained attack, whether they be government websites, phone networks, online services provided by banks, or the operating systems of water and energy utilities. We must identify and address all vulnerabilities before anyone else can.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.