The cyber war predicted in Ukraine may be yet to come

The author is a former head of the US Cybersecurity and Infrastructure Security Agency and a co-founder and partner at Krebs Stamos Group

In the run-up to Russia’s invasion of Ukraine, the national security community prepared for a campaign that combined military combat, disinformation, electronic warfare and cyberattacks. Vladimir Putin would use devastating cyber operations, the plan said, to cripple the government and critical infrastructure, blind Ukrainian surveillance capabilities, and cut lines of communication to aid invading forces. But that’s not how it turned out. At least not yet.

A few modest cyberattacks preceded the invasion, including defacing websites targeting Ukraine’s government and financial services in January and similar follow-up operations in February. Satellite broadband provider Viasat was hit by an attack that disrupted commercial and industrial operations across Europe, although the event has not yet been linked to Russia. Of course, that’s our take on it for now: the fog of war, combined with the fact that many Ukrainian businesses are closed, means there’s very likely more that we don’t know about.

We also need to be realistic about the role of cyber attacks – they are not in the same league as conventional warfare tools. To be perfectly clear, if your family is gunned down, does it really matter if you can’t check your email? Instead, cyber operations are better suited to the “grey zone” — the arena of conflict below the threshold of bombs and bullets — where tactical objectives are not just about disrupting services, but also about intimidation, distraction, and confusion.

The future think tank monographs and war college lectures that will inevitably expose Moscow’s strategy will likely focus on the surprising lack of cyberattacks in Putin’s invasion plan. Theories range from the Russians not trying too hard on the cyber offensive front to the idea that they did – but that Ukrainian and Western defenders proved too formidable.

In fact, there are several factors that would explain why Moscow’s proven cyber capabilities have taken a backseat to the overall strategy. For one thing, the Kremlin seems to have left the battle planning to a small group that may have shut out Russian security services’ cyber personnel. Successful cyber operations require careful planning, alignment, and development that often takes months, if not years. Instead, it seems that teams may have had to scramble existing network access and attack tools to fit them into the battle plan.

There is also the issue of necessity. Intercepted transmissions suggest Russian forces are using radio equipment and Ukrainian telecommunications networks to coordinate movements and update commanders in Russia. In this scenario, Moscow would keep the networks operational for its own use. If the Kremlin thought the Ukrainians would buckle in the face of a lightning strike on the capital, they would have wanted to keep critical infrastructure services running when they moved in.

But the war is far from over. The Ukrainians continue to retaliate militarily with amazing effectiveness while dominating the information warfare. Western unity against Putin’s tyranny, evident in the devastating sanctions, combined with international companies self-sanctioning their Russian activities, has ruined the economy and cut off essential services and supplies. Preliminary economic prospects for Russia are bleak, not just for the next few weeks or even months, but possibly for years.

The danger is that as political and economic conditions worsen, the red lines and escalation judgments that have kept Moscow’s strongest cyber capabilities in check could adjust. Western sanctions and lethal aid to Ukraine could prompt Russian hackers to take action against the West and send a clear message: “Stop it, we can make it a lot worse for you”. Russian ransomware actors could also take advantage of the situation, possibly resorting to cybercrime as one of the few means of generating revenue.

Let’s not forget that over the past decade, Putin’s henchmen have poisoned dissidents at home and abroad, meddled in dozens of democratic elections, wreaked havoc with offensive cyberattacks like NotPetya, and subverted the concept of truth and trust. A wounded bear can still thrash about and do a lot of damage as long as it’s breathing.

To contain this risk, we must act decisively. Offensive government cyber teams must continue to disrupt Russian attacks while quickly sharing information about Moscow’s intentions and capabilities with industry. However, we must accept that stopping all attacks is not realistic. Industry leaders should recognize that they have an obligation to set tougher targets so the government can focus on helping Ukraine rather than putting out fires at home. The cyber war predicted in Ukraine may be yet to come

Adam Bradshaw

TheHitc is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Related Articles

Back to top button