Russia’s cyber campaign of chaos should fail
Bloomberg Opinion February 24, 2022
By the time the shells started falling, the assault in cyberspace had already begun.
At close to 5 p.m. local time on Wednesday in Ukraine, and within hours of a military invasion by Russia, a new form of destructive software was already wiping out data on hundreds of Ukrainian computers, according to researchers at cybersecurity firm ESET. Time stamps on the malware suggested the attack had been in preparation for almost two months. Government, banking and media websites were shunted offline in distributed denial of service attacks. Kyiv Post, a popular English-language news site in Ukraine, said Thursday morning that its main website was under constant attack.
But Ukraine has been here before.
For years, it was the world’s punching bag for Russian cyber aggression. Its citizens suffered blackouts from disruptions to its electricity grid in 2015 and 2016, and Ukraine’s government and financial system were crippled by powerful malware attacks in 2017. The NotPetya virus went on to spill out of Ukraine and cause an estimated $10 billion in damage to companies and organizations across the U.S., Europe and other parts of the world. As the former U.S. Homeland Security Adviser Tom Bossert once said, “It was the equivalent of using a nuclear bomb to achieve a small, tactical victory.”
Attribution is never 100% certain, but cybersecurity researchers widely agree that Russia was the likely culprit of those attacks. In making Ukraine its most frequent victim, Russia has also become the world’s most serious cyber aggressor, according to the International Institute for Strategic Studies (IISS), a geopolitical think tank.
The benefit is that Ukraine’s commercial and public sectors have become better prepared for cyber harassment. After Wednesday’s attack, military and banking websites reportedly recovered quickly thanks to their preparedness and swift work to mitigate the damage. Kyiv Post’s website, at the time of this writing, was up and running.
The latest cyberattack is nothing like a targeted strike against a major system, like the Stuxnet worm that disrupted Iran’s nuclear program in the early 2000s. Russia’s goal is scattershot psychological disruption - to sow chaos, confusion and fear, not just in Ukraine but among its Western allies.
It shouldn’t work. Western governments contemplating harsh sanctions against Russia are weighing up the potential cyber blowback, with the global damage caused by NotPetya a fresh memory. But Russia looks unlikely to deploy its full cyber arsenal against Ukraine, and its potential targets look better prepared thanks to years of experience.
The United Kingdom, for example, has built up a formidable cyber defense force aimed at deterring action from aggressors like Russia. The United States Cyber Command, run by National Security Agency Director Paul Nakasone, has a similar stance on deterrence and has no doubt carried out its own offensives in Russian cyberspace, too.
Then there are the limits on Russia’s own resources. The NSA’s Nakasone has said he directs a cyber defense workforce of roughly 238,000 people. “I doubt Russia has got half that many people, working in that many missions in the Russian armed forces,” said Greg Austin, a senior fellow on cyber security for IISS, during a webinar on the Ukraine conflict on Thursday. “There’s a question of how many do they have, how skilled are they and what’s the link between their skills, training and policy planning in Russia’s armed forces.”
“What we have seen since 2013 have been largely harassment-type attacks, low level. Some had effects which lasted some months but most were relatively short-lived,” Austin added. Russia’s military intervention during the Syrian civil war in 2015, for instance, saw surprisingly little use of offensive cyber operations by Russia. That raises questions not only about the resources of Russia’s military intelligence division, the GRU, but the “imagination” of senior leaders in the Kremlin for launching cyber attacks, according to Austin.
There’s no mistaking that an important part of Russia’s assault on Ukraine will continue to be digital. But if it continues to be as limited and chaotic as some cybersecurity observers expect, that should give Western allies the confidence they need to bring down sanctions, and bring them down hard.
Parmy Olson is a Bloomberg Opinion columnist covering technology. She previously reported for the Wall Street Journal and Forbes and is the author of “We Are Anonymous.”