The recent invasion of Ukraine by Russian forces has brought to light a subject that’s been discussed ad nauseum over the years in the cybersecurity industry: what role would cyber have in a conventional ground war?
While the cybersecurity field initially witnessed the use of data wipers and ransomware targeting Ukrainian organizations during the initial days of the invasion, the feared worst-case scenarios have yet to materialize and the actual deployment of cyber as a “fifth domain” by the belligerents in this conflict has been minimal. In fact, General Paul Nakasone, Commander of U.S. Cyber Command recently said, “It has not been what we anticipate when we went into this several weeks ago,” regarding the muted use of cyberattacks during the invasion.
What’s more interesting, however, is the knock-on effects that involve cybersecurity information sharing, regulation and legislation and the pressuring of information technology (IT) providers to drop services in Russia.
Cybersecurity response to the Russia-Ukraine conflict
Early on, the cybersecurity community began sharing samples, analysis, Indicators of Compromise (IoCs) and detection techniques to curtail the effects of a data wiper (dubbed HermeticWiper) that was masked by a ransomware campaign. This allowed defenders at every organization to quickly update and upgrade their defense capabilities and, in general, served as a notice that the entire billion-dollar-a-year industry was ready to jump in and leverage its collective brainpower to protect against new (allegedly) Russian malware and ransomware attacks.
Sharing information and resources
Security professionals have seen widespread alerting and unified messaging from the Cybersecurity and Infrastructure Security Agency (CISA) and Department of Homeland Security (DHS) warning U.S. organizations about a rise in attacks, and they’ve built a resource center to help organizations understand and improve their security posture. The more collaboration between federal entities, U.S. businesses and the cybersecurity industry, the better. This type of collaborative effort has been inherently difficult over the years, but, with a common focus on an unjust situation, tends to bring down walls and minimize hurdles to bring together a unified front against malicious actors.
As sanctions continue, the pressure has been put on many global IT suppliers to pull out of Russia, which not only will impact normal business operations but in turn impacts some of the infrastructure upon which criminal ransomware groups have relied.
Bolstering Ukraine's cybersecurity posture
Cybersecurity leaders know that nation-state level adversaries have countless groups and abilities to infiltrate computer systems, exfiltrate information, destroy data and run influence operations, but the lack of widespread use of these techniques in Ukraine gives pause. Without impacting the telecommunications networks, Ukraine’s administration has been able to effectively wage an effective campaign of personality, building international support for a resistance campaign against the invasion.
If Russia had been able to wage a full scale cyberattack across a broad spectrum of communications targets, not only might this have blunted Ukraine President Zelenskyy’s ability counter disinformation that he had left the country as well as organize and mobilize the fighting force, but it also could have blocked viral videos and images from the front lines that have decimated the perception of Russia’s military capabilities. Videos of farmers occupying Russian tanks going viral is not beneficial to Putin.
Passing cyber defense legislation
Lastly, the invasion has most likely influenced passage of the Strengthening American Cybersecurity Act of 2022 in the Senate, which covers updated guidance on vulnerability and breach disclosures, threat hunting programs, zero trust architecture, developing quantitative cybersecurity metrics and, as typical of all bills, much more. While there was some initial pushback from CISA and the DOJ, it appears to have support of the White House. Clearly this bill was developed before the current situation in Ukraine, but undoubtedly the threats posed to American organizations by nation-state cyberwar will have had an effect on its passing.
While the initial impressions are that the use of cyber against Ukraine was not as expected, only time will tell if more advanced and covert attacks will be deployed. In the end though, the cybersecurity community appears to have rallied behind Ukraine and has offered solutions, technology and resources to help shore up defenses. This type of cooperation by thousands of individuals and hundreds of organizations is exactly what’s needed to ensure that the infrastructure everyone relies on is protected against all cyber threats.