Opinion articles provide independent perspectives on key community issues, separate from our newsroom reporting.

Op-Ed

Ukraine has flipped the script on Russia, which has long instigated cyberattacks | Opinion

By Robert Peacock
Ukrainian critical-infrastructure enterprises have been strengthening their defensive cyber capabilities for at least five years.
Ukrainian critical-infrastructure enterprises have been strengthening their defensive cyber capabilities for at least five years. Michel Spingler AP

Over the past decade, Russia’s state-directed cyberattacks on Ukraine have earned it a formidable reputation for cyberwarfare. Whether temporarily shutting down 30 Ukrainian power substations or creating the NotPetya virus to permanently disable network servers across the country, Russian hackers have long used Ukraine as a proving ground for their cyber handiwork.

Despite cybersecurity professionals unanimously predicting that a Russian invasion of Ukraine would be accompanied by devastating cyberattacks on government institutions and critical infrastructure, this has so far not proved to be the case.

Russian President Vladimir Putin likely expected his invasion to start with the staggering, economy-wide interruption of Ukrainian networks in line with their release of NotPetya. As in that 2017 attack, Russian hackers first uncovered a vulnerability in network software and, in the days leading up to the invasion, were inserting “wiper” malware that would erase computer drives across Ukraine’s public and private networks.

What the Kremlin could not have predicted is that over the past five years, Ukrainian critical-infrastructure enterprises have cooperated with foreign donors and global network software companies on upgrading their defensive cyber capabilities. The Ukrainian information space, once dominated by illegal or out-of-date versions of U.S. enterprise software, is now much more integrated into the global cybersecurity community.

In the days leading up to Russia’s invasion, Microsoft’s global security and forensic teams had identified a previously unknown malware on Ukrainian networks. By warning key stakeholders in the government and updating network software, Microsoft prevented hackers from awakening the wiper code and, therefore, the further spread of the newly named FoxBlade malware.

Losing the likely centerpiece of its cyber campaign, Russia’s other efforts appear rushed and less strategic. A Russian cyberattack knocked out thousands of modems to a European satellite internet service on the morning of the invasion, but the impact on the Ukrainian military was limited, given uninterrupted local internet connections. The Russian volunteer hacking community is using phishing emails to steal passwords and send messages to Ukrainian soldiers’ relatives and flooding Ukrainian government and business websites with users to push some offline. Nevertheless, as the E.U. recently reported, the tempo and impact of this activity is no greater than the last few years of similar Russian cyberattacks.

The lack of change in Russian offensive activity contrasts with the dramatic impact the war has had on Moscow’s own cybersecurity. Over the first three weeks of the war, Moscow has struggled to deal with a much different cyber battlefield. The army of volunteer hackers that Russia wields to intimidate neighbors is now dwarfed by the hundreds of thousands of volunteers seeking to spread Ukraine’s version of events on the Russian information space while also bringing down ministry websites.

While neither side has succeeded in seriously disrupting the activities of a government ministry or private enterprise, Russia is suddenly experiencing a wave of small-scale cyberattacks. Several Russian competitors to Netflix suddenly began broadcasting images of the war instead of films while other websites have been temporarily taken offline, including the Gazprom energy firm, the Russian Space Research Institute, and even the Kremlin’s own web page.

Moscow’s sudden need to prioritize cybersecurity is occurring while key commercial cornerstones of Russian enterprise network protection, such as Oracle’s cloud and network services, have suspended operations in the country. Microsoft has limited its boycott to new services, but any disruption of Oracle and Microsoft’s participation in Russian network security arguably would have an impact on the country’s information security greater than the sum of all of Moscow’s past cyberattacks on Ukraine.

Media attention has focused on the efforts of Mykhailo Fedorov, Ukraine’s vice prime minister for digitalization, to stand up a “cyber army” of 280,000 volunteers that, along with the hacker organization Anonymous, is pursuing offensive cyber actions in Russia. This overlooks Fedorov’s greatest impact on the Russian information space, which is his relentless efforts to convince leading global information technology firms to shut down operations in Russia.

Fedorov, a tech entrepreneur, has led social-media campaigns that helped persuade Silicon Valley firms to end Russian access to their PayPal electronic wallets, Apple App Store purchases and Google map services related to Ukraine. He has helped spark more than three dozen other technology company boycotts of online services.

A shutdown of two decades of online economic development in Russia that could never have been accomplished through cyberattacks. Kyiv has managed in just a few weeks to flip the digital battlefield that Russia has long dominated to put Moscow on the cyber defensive for the first time.

Robert Peacock, Ph.D., is an assistant professor of criminology and criminal justice at Florida International University. He coordinates the higher-education component of USAID’s Cybersecurity for Critical Infrastructure program in Ukraine.

Peacock
Peacock


This story was originally published March 14, 2022 at 1:38 PM.

Get unlimited digital access
#ReadLocal

Try 1 month for $1

CLAIM OFFER