The war in Ukraine is raging on several fronts. One of them takes place in cyberspace, although this has not resulted in any physical damage so far. On February 23, a Slovakian security company discovered Wiper-type malware. This type of malicious code wipes databases and hard drives; it was apparently used against Ukrainian banks and government institutions. There is technical evidence that preparations for this attack date back to December 2021.
At the same time, Ukraine is also using cyberspace to defend itself against the Russian attack. Last Thursday, on the day the war began, the Ukrainian government called on hackers to get involved in the conflict and use cyber attacks to spy out information relevant to the military. The target list of an IT volunteer army announced by the Ukrainian government on Saturday also includes Russian banks and energy companies. Alleged members of the non-governmental hacking network Anonymous claimed over the weekend that they had penetrated the Russian army's communications systems and a gas supply company. The former claim has since been refuted, but such explanations presumably motivate others to imitate it.
 |
| Twitter: A podcast tab |
And they create additional confusion. Because the number of different state, semi-state or non-state hacker groups makes it difficult to identify who is attacking whom. This state of affairs harbors considerable, sometimes unintended potential for escalation – also between NATO and Russia.
Testing ground for Russia's cyber attacks
At least since the Russian annexation of Crimea in 2014, Ukraine has become something of a testing ground for Russian cyber operations . There were attacks on Ukrainian power grids in 2015 and 2016. In 2017, Russian hackers used the NotPetya malware to paralyze Ukrainian ministries, banks and airports.
During the Russian troop deployment in recent weeks, attacks on the websites of Ukrainian companies and authorities have increased. As a result, threats and false reports were spread or online services blocked. In neighboring Belarus, on the other hand, so-called cyber partisans attacked railway IT systems in January, possibly disrupting the military logistics of the Russian army.
 |
| The New WhatsApp Voice Calls |
However, the ongoing exchange of blows in cyberspace could take on completely different dimensions if Russia and NATO take action against each other. The Russian government could retaliate against tightened sanctions with cyber attacks, for example on the power supply of the eastern NATO states. The Kremlin has already explicitly announced asymmetric means. As early as 2019, then-Russian Prime Minister Dmitry Medvedev described a possible exclusion from the Swift financial system as an act of war. That is exactly what the western states have now decided.
A few days before the Russian invasion, NATO in turn reaffirmed that cyber attacks could in principle trigger the alliance and entail collective defense measures. So if Russia attacks in cyberspace, the NATO countries would defend themselves together. Some of them, such as France , reserve the right to classify cyberattacks that do not cause any physical damage as armed attacks. There is no international consensus on where to draw the line between cyberwar and "hot war" - which in turn is fertile ground for miscalculations.
 |
| Cyber War: A Digital Alliance Case Is Also Possible |
According to reports, intelligence circles in the US last week discussed using cyberattacks to sabotage Russia's military advance. This could be caused by power failures or a manipulation of rail traffic. Although the White House has denied the report, it has not ruled out offensive cyber attacks. The problem: How a cyber attack works or who it hits can hardly be precisely predicted or limited. The NotPetya malware was supposed to only hit targets in Ukraine in 2017, but then spread worldwide and caused billions in economic damage.
 |
| Sanctions And Cryptocurrencies |
State-controlled cyber attacks of an unprecedented scale could ultimately even take on a nuclear dimension. Little is known about this area. For example, the USA and Russia deliberately rely on so-called legacy systems in the nuclear chain of command. From a technical point of view, these systems are very simple, but this limitation significantly reduces the potential vulnerabilities and helps prevent cyber attacks. Only recently did the USA replace eight-inch floppy disks with modern storage solutions.
Both sides have also agreed to exchange information about possible digital taboo zones. Specifically, last year US President Joe Biden gave the Russian side a list of 16 infrastructure areas that should remain exempt from cyber attacks.
 |
| Apple's Cheapest iPhone |
A few days ago, the head of the Russian space agency declared that Russia would consider a cyber attack on satellites to be an act of war. A background to this explanation could be that systems used to control conventional and possibly nuclear weapons are increasingly digitally entangled. The US side, for example, also uses certain military satellites for both systems. If such a satellite is attacked digitally, the USA could interpret this as preparation for a nuclear first strike. Incidents such as the suspected cyber attack on a Viasat commercial satellite system a few days ago are all the more worrying.
A Russian cyberattack on Ukraine's power supply could also have nuclear implications. The US physicist James Acton recently pointed out that Ukraine's four active nuclear power plants are connected to the national electricity grid in order to be able to continue cooling the reactors in the event of an emergency shutdown. At the latest when the nuclear plant in Zaporizhia was shelled on Friday morning, Russia made it clear that it was ready for such an escalation. If Russia were to launch a successful large-scale cyber attack on Ukraine's power supply, the Ukrainian nuclear power plant operators would need functioning diesel generators and sufficient fuel to avert a worst-case scenario of a meltdown similar to that in Fukushima.
 |
| Crypto Refuses To Freeze The Assets Of Its Russian Users |
But there is also a risk of escalation from non-state actors. Determining clearly who attacked when and from where is one of the greatest challenges in cyberspace. The possibility that security authorities incorrectly attribute the activities of individual hackers to states cannot be ruled out. At the same time, there are plausible indications of close ties between Russian security organs and cybercriminals. In view of such entanglements, it could have fatal consequences if other hacker groups or individuals worldwide join the conflicting parties. The statement of the criminal Conti groupLast Friday's decision to retaliate against any attack on Russia, whether physical or by cyber means, with attacks on critical infrastructure in Western countries provides a foretaste of what could happen next.
How to avoid escalation
Against this background, the coming days and weeks must be about avoiding unintended escalations. Various measures are necessary for this. Companies, state authorities, but also private individuals should expect phishing attacks and be careful. You should also consistently update digital programs and connected devices. And companies and government agencies should update their contingency plans.
Second, civilian critical infrastructures in Russia should not be attacked due to the risks outlined above. This could set in motion an uncontrollable spiral of escalation and possibly also influence the political mood in Russia in favor of Vladimir Putin. At the same time, several EU countries have announced that they will provide defensive support to Ukraine with IT security forces. This initiative should be significantly expanded.
Third, NATO and EU countries must coordinate with each other and assess cyber incidents with alleged Russian involvement as uniformly as possible. This is the best way to avoid wrong conclusions and risky solo attempts. Fourth, regardless of the necessary sanctions and diplomatic punitive measures, Western states should not break off crisis communications with Russia.
Rather, all parties to the conflict must use existing instruments, such as the contact point network of the Organization for Security and Cooperation in Europe, to clear up misunderstandings and jointly defuse crisis situations in cyberspace.
Do You Know What We Have Posted on
0 Comments