Catastrophic’ cyberwar between Ukraine and Russia hasn’t happened (yet), experts say
As military conflict has mounted between Ukraine and Russia, so have fears of unprecedented cyberwar.
Experts are monitoring both countries closely, fearing a volatile crisis involving one of the world’s leading hacking super powers could lead to a huge conflict playing out online – one that could outlast the physical battles.
Joe Biden pre-emptively warned Russia that the US is “prepared to respond” to any attacks on critical infrastructure, and others have warned for years of a “Cyber Pearl Harbor”. But thus far, experts say, it has been relatively quiet on the cyber warfront.
“Though it would be foolhardy to rule it out in the future, we have not yet seen the completely destructive attacks on Ukraine infrastructure some anticipated,” said Glenn S Gerstell, former general counsel of the National Security Agency and Central Security Service.
Fears of cyber warfare are stoked by a long history of international attacks coordinated out of Russia. The country was behind a large-scale attack on Ukraine’s power grid in 2015 in coordination with its annexation of Crimea. In 2017, Moscow unleashed on to Ukraine the data-wiping NotPetya virus, a destructive malware that ultimately spread globally.
In addition, non-government Russian hackers have been linked to several brazen hacking schemes in past years, including the debilitating 2021 ransomware hack of the Colonial pipeline in the US.
Coinciding with its invasion of Ukraine, Russia unleashed a number of smaller hacks – starting in January when more than 70 Ukrainian websites were defaced and separate cyber-attacks knocked out government websites including the ministry of foreign affairs and the education ministry.
While these attacks have been “significant and unprecedented”, according to Aaron Turner of California cybersecurity firm Vectra, they have “not yet been catastrophic”. That is largely because no international power yet wants to be the one to cast the first stone in a cyber third world war, he said.
“We have most likely reached a sort of detente, where both sides understand that catastrophic cyber-attacks will most likely result in mutually assured destruction of systems,” he added.
National powers are also now better prepared to stave off attacks than they were previously, so it is possible some larger hacks have been quietly thwarted, experts said. The US has invested billions in cyber defense resources – both from private and public sources. Ukraine spent the past seven years in the wake of its power grid attack in 2015 steeling its infrastructure.
“There has been a lot of thought and hard work put into preparing for an all-out assault on the cyber domain,” said Theresa Payton, cybersecurity expert and former White House chief information officer. “If we were to experience a hit to critical infrastructure, there are many playbooks in place to avoid sustained outages.
Russia also seems to be investing more resources in coordinated disinformation campaigns than overt hacking operations, said Payton. Several US tech firms have been forced to take measures after Ukrainian officials pleaded with them to address the stream of Russian disinformation that has exploded on their platforms.
Disinformation experts have reported Russia is leading a coordinated campaign to push false narratives around the invasion of Ukraine, including doctored videos and disinformation. Russian officials have blocked access to social media in the country to prevent the spread of information that does not fit its narrative.
Gerstell, the former NSA general counsel, said it was not unexpected for Putin to preference a disinformation-heavy strategy over destructive hacks. An attack on infrastructure would be treated as “equivalent to a physical attack by a bomb or missile”, he said, while propaganda falls into a gray area.
“These are all acts that fall below the threshold of an act of war, but are very malicious and damaging nonetheless,” he said.
Payton also noted that just because there have not yet been major attacks does not mean that there will not be in the future – or that there are not others in progress now.
Many covert operations, especially those on a large scale, take time to unfurl, she said. In the case of the Solarwinds hack, for example, Russia’s massive breach of US organizations started in March 2020 was not revealed until December 2020.
“There could be incidents already under way that we are not yet aware of,” she said. “With Russia, I always say that if you have not seen anything yet, just stay tuned.”