Thoughts on the Cyberwar Between Russia and Ukraine (and the Rest of the World)

Posted in: Resources » Blog

In the early 2000s, I began to hear colleagues talk about cyber warfare and declare that the next battlefront wasn’t going to be fought with “boots on the ground” but in cyberspace. These statements had credibility because those saying this were retired high-level officers from the US armed forces. If anyone knew about the future of warfare, it was them.

In the ensuing two decades since I first heard about the concept of cyberwar, it became a matter of accepted doctrine in the cybersecurity community that we in the west need to prepare to defend our nation’s critical infrastructure and information assets from attacks by hostile nation-states. And so here we are — and we weren’t wrong. Russia started its attack against Ukraine with cyberattacks. To quote poet Maya Angelou: “when someone shows you who they are, believe them the first time.”

And Vladimir Putin definitely showed us who he is — and not just starting last Thursday when Russian forces invaded Ukraine, but over the previous two decades. The Russian government and Russian organized crime (with a wink and a nod from the Russian government, despite showy but hollow “arrests”) has waged a global cyberwar that includes intrusions and exfiltration of massive amounts of data, Distributed Denial of Service (DDoS) attacks, and ransomware. And now it appears, from leaked conversations, that the Russian FSB (their Federal Security Service) collaborated with the Conti ransomware gang to compromise Bellingcat, an investigative journalism company based in the Netherlands, which then allegedly led to FSB’s attempt to assassinate government reform advocate Alexei Navalny.

Now don’t get me wrong, Russia isn’t the only country out there that uses cyber operations and offensive cyber weapons to project power and settle grudges — they’re merely the most consistently brazen about it.

What has surprised me is that as good as the Russians are at cyberattacks (and they’re very, very good), it doesn’t appear, at least as of this writing, to be crippling Ukraine’s resistance. I suppose when you attack a country over and over again, they eventually learn how to defend themselves. The “damage” thus far has been to websites, not really anything related to command and control of critical military operations or intelligence — besides, those things aren’t done over Internet-connected networks. They’re on isolated networks.

What’s also surprised me is the open call by the Ukrainian government for anyone and everyone to conduct cyberattacks against Russian targets. This may be the first time in history that has happened, and I think it is indicative of the understanding that Ukrainian president Volodymyr Zelenskyy has of the modern age. He certainly has an excellent understanding of the power of social media. I doubt this call for cyber assistance would occur to an aging leader who can barely understand how to use a smartphone. Its brilliance is its simplicity both from the standpoint of tangible assistance and as a propaganda tool.

Speaking of the assistance of cybercriminals, the hacker gang known as Anonymous got into the act and landed squarely on the side of Ukraine. Make no mistake, Anonymous has given me plenty of sleepless nights, but as the old saying goes, “even a blind squirrel finds a nut once in a while.”

What is clear from all this are a few things:

  1. Open and brazen cyberattacks as a means of projecting power between nations are here with us to stay, much like my colleagues predicted those decades ago.
  2. Even the organizations most prepared against cyberattacks can still be compromised — the question of whether adversaries achieve their desired outcomes is how much targets can limit the damage and quickly return to operations.
  3. Most organizations are nowhere near as prepared as they need to be against amateurs, much less state-sponsored threat actors and cybercrime rings — those who ignore or dismiss the “shields up” Cyber Heads-up we sent over the weekend do so at their own peril.

I’m not one for histrionics, but the fact is that the more you know about how systems are compromised and are a front-line witness to the lamentable state of cyber defenses and readiness throughout the public and private sectors, the more scary and real this all becomes. Russia vs. Ukraine is the inflection point that officially starts the epoch of open cyber warfare. Get ready or get “pwned“.