As you read this, Israel’s annual Cyber Week, the leading international cybersecurity event where experts from around the world share their knowledge on the challenges and opportunities in the field, is taking place. Omree Wechsler, a senior researcher on cyber security and featured speaker at the conference shared his insights regarding the current Ukrainian war.
With the amassing of Russian forces on Ukraine’s borders in January and February 2022, many observers believed that the world is about to witness the first cyber war. Given that Russia ranks very high in terms of offensive cyber capabilities, and that many Ukrainian infrastructures are built on Russian software and hardware, many believed that Russia would paralyze and knock off Ukrainian critical infrastructure and services. Despite the predictions, the Russian war effort was not accompanied by any successful major cyber blows to Ukrainian critical infrastructure, and its distributed denial of service (DDoS) and wiper attacks failed at large to curb Ukraine’s ability to defend itself.
Alongside the partial results of its cyber warfare efforts, even greater failures plagued the performance of the Russian armed forces on the physical battlefield. If anything, the war has demonstrated the severe challenges facing an invading army attempting to overcome fierce resistance that enjoys international support. Before the invasion, many observers warned that any Russian success would encourage other states to pursue their geopolitical goals with military means. However, given these difficulties, states are unlikely to resort more to military invasions and are more likely to continue to develop gray-zone warfare tactics, including cyberattacks and disinformation campaigns.
Current and future risks of cyberattacks and information warfare necessitate the understanding and applying of lessons from Ukraine. While the perceived failure of the Russian cyber effort is also rooted in internal Russian gaps and challenges, it is crucial to look at the lessons from Ukraine’s perspective. First, it is wise to take notes of years of preparations made by Ukraine. These efforts revolve around common measures that are relevant for states as well as organizations and may sometimes be neglected due to budgetary or organizational issues. According to Viktor Zhora, Deputy Chair of the State Service of Special Communications and Information Protection, Ukraine has moved to tackle challenges such as the widespread use of old and sometimes, unlicensed software, which has raised the awareness amongst operators of critical infrastructure and has connected them to Security Operations Centers (SOC) to quickly detect and respond to cyber incidents. Moreover, the country has established new facilities to conduct cyber defence exercises and simulate attacks.
Second, much of Ukraine’s ability to thwart Russian cyberattacks could be attributed to the heavy technical assistance the country has received from its allies, headed by the U.S., since the infamous BlackEnergy cyberattack that had targeted its power grid in 2015. In recent years, the U.S. Cyber Command has been sending teams to Ukraine as part of the so-called “Hunt Forward” operations. These teams, many of which arrived in Ukraine around October 2021, helped to detect, and clean up a so-called “wiper” malware – one that deletes files that are crucial for the operation of systems from the national railway systems.
The third lesson is about maintaining redundancy. Just hours before the invasion on February 24, Russia successfully knocked off satellite communications connectivity provided by the American satellite company Viasat, which was used by the Ukrainian military to communicate with front-line troops. However, internet connectivity was quickly regained as SpaceX’s Starlink system terminals started arriving in Ukraine at the request of the country’s deputy prime minister, Mykhailo Fedorov.
A fourth lesson should focus on Ukraine’s success in defending against Russian information warfare and in gaining supremacy in the information domain. Crucial to increase morale, maintain internal unity, and receive international support, Ukraine has managed to control strategic narratives and fully capture the media space via social media channels etc. Gaining an advantage in information warfare requires an understanding of the opponent’s methods and modus operandi and acting proactively. Ukraine's success could be attributed to familiarity with Russian (or Soviet) tactics and the fact that the country has been struggling with hybrid warfare and disinformation campaigns at least since the annexation of Crimea in 2014.
Some countries, such as China and Iran have been learning and incorporating the Russian playbook into their own tactics. In October 2019, Cyber Command and NSA’s director, General Paul Nakasone pointed out Chinese efforts to subvert pro-democratic demonstrations in Hong Kong with a social media disinformation campaign. Iranian hackers stole the personal information of American voters prior to the 2020 presidential elections and used it to intimidate voters and spread false information regarding electoral frauds.
While many political, cultural, and contextual differences exist between states, there are many lessons to be learnt from Ukraine’s success in fending off Russia's cyberwarfare efforts that could be applied around the world.
No comments:
Post a Comment