Pavlo KryvenkoAccording to different reports, more than a hundred nations are able to carry out state-sponsored cyberattacks. The conflict between Russia and Ukraine serves as a case study of how two strong cyberpowers might use their resources to pursue their respective countries’ goals while working continuously against one another. This war has shed light on an eight-year cyber conflict that erupted last year into kinetic elements. Given that international confrontations increasingly regularly take place in the gray area between peace and war, many national governments ought to use Ukraine’s cyber defense as a teaching tool. Reorganizing to enhance capabilities in cyberspace and better protect against cyber threats was already a top priority for many nations before this conflict. Although two-thirds of all countries have put policies in place to protect against dangers in cyberspace, more extensive measures are required. The huge number of nations capable of conducting offensive cyber operations and the efficiency of Ukraine’s defense underscore the need for the right structures and connections to tackle cyber defense comprehensively and successfully. This cyber battle is remarkable for the way Ukraine waged a potent cyber defense against a top-tier cyber power with assistance from national governments, public society, and the business sector.
Russia’s cyberattacks on Ukraine and maybe NATO allies will most certainly intensify till the end of 2023 in order to achieve its goals. There are a few important lessons that other governments should learn from the previous year as they confront cyberattacks from sources other than Russia, even if it is difficult to generalize the lessons from Ukraine’s cyber defense so far.
Value of Cyber Defense in the Russia-Ukraine War
Prior to Russia’s invasion of Ukraine, there has never been a kinetic battle between two extremely powerful cyberpowers. In contrast to the devastating loss that many believed Russia would hand over to Ukraine, Ukraine has been able to effectively protect its interests while highlighting the importance of cyber capabilities in conventional combat. For many years, Ukraine has been urged to strengthen its cyber defenses and put in place a “whole-of-society” cyber defense. The peculiar setting of this war, which includes an ongoing gray zone conflict and unprecedented resources from international players and the private sector, makes it difficult to generalize the lessons learned from it. However, other national governments seeking to fortify their own in the future should consider Ukraine’s cyber defense to date.
Professional Cyber Defenders
Despite the fact that Russia invaded Ukraine on February 24, 2022, Since Russia’s unlawful takeover of Crimea in 2014, Ukraine has been defending itself against Russian cyberattacks. Attacks also increased in intensity before the invasion. Russian assaults on Ukraine’s public, energy, media, financial, commercial, and charitable sectors have occurred often during the past ten years. A portion of Ukraine’s energy grid was cut off by Russia in 2015, leaving 230,000 people without power for six hours. The GRU (Russian military intelligence) used the NotPetya virus in 2017 to attack hundreds of businesses and hospitals throughout the world, including Ukraine’s power infrastructure. Since the start of the kinetic confrontation, Russia has used its cyber capabilities to do everything from block access to essential services to data theft, misinformation, wiper malware, DDoS assaults, phishing emails, and surveillance software. Despite these obstacles, Ukraine has been able to coordinate its talents, resources, and connections to block and bounce back from cyberspace setback after cyberspace setback. Investment in both financial and human resources to guarantee the recruitment and retention of qualified cybersecurity specialists is a critical part of cyber defense. It is difficult to ignore how mature Ukraine’s security operations and incident response are, together with its battle-tested cyber defenders.
Holistic National Cybersecurity Plan
Over two thirds of nations today have a cybersecurity plan in place to direct their total cyber defense. The approval of Ukraine’s 2016 National Cybersecurity Strategy, which acknowledged the significance of all players in bolstering Ukraine’s cyber defense, both inside and outside of government, was a significant milestone in the country’s consolidation of its national cyber capabilities. The introduction of laws and regulations on cybercrime and cybersecurity, the implementation of technical measures to ensure that expertise is available to enhance cyber resilience, the establishment of organizational measures to ensure coordination between government agencies and relevant actors, and the development of capacity through the growth of domestic cybersecurity industries, investments in R&D programs, and securing funding for research and development are just a few ways that national governments can increase their cyber resilience. To strengthen Ukraine’s comprehensive cyber security, the Ukrainian government worked to increase cooperation across all governmental organizations, local governments, military units, law enforcement, research organizations, and civil society.
The best cyber defense plans incorporate military operations and information collection into a nation’s larger national goals. Furthermore, to keep up with changing threats and boost national resilience, cyber plans must be regularly updated and modified. After Russia invaded Ukraine in 2022, Ukraine’s 2021 strategy underwent significant changes that included a wider range of participants, including business entities, public associations, and individual citizens of Ukraine in order to address the country’s cybersecurity system.
Government’s Centralized Cyber Defenses
National governments are increasingly consolidating the multiple departments in charge of various facets of cyber operations. Structures like intelligence agencies, the military, law enforcement, and the foreign service all have distinct functions within governments; but, for cyber protection, these frequently independent parts must cooperate. The National Cybersecurity Coordination Center (NCCC) was established as a result of the Ukrainian government’s cyber policy from 2016. The NCCC oversees and evaluates the condition of national cybersecurity, including preparation for combatting cyber attacks and identifying and predicting possible and current threats. The NCCC brings together parts of Ukraine’s National Security and Defense Council. Additionally, the NCCC offers interdepartmental and international training programs. The efficient organization and coordination of Ukraine’s federal cyber defenses show how these tools must integrate flawlessly for optimal efficacy.
Allies Share Technology And Intelligence Prior To And During Conflict
The international help Ukraine has gotten and is still receiving is one of the cyber defense’s game-changing features. This assistance has been provided by countries, like the United States and the United Kingdom, as well as international organizations like the European Union and NATO, in the form of cyberexpertise and intelligence.
Long before the invasion in February, Ukraine received backing and collaborations from the international cyber community. Since 2014, foreign allies have mobilized resources to strengthen Ukraine’s cyber defenses while simultaneously bolstering their own, notably the European Union, the United States, and the United Kingdom. The first bilateral cyber conversation between the United States and Ukraine was held in 2017, and participants shared their methods for setting up cybersecurity organizations and protocols for responding to cyberincidents. Since then, the US has helped Ukraine enhance its cyber capabilities to the tune of $40 million. In order to improve Ukraine’s cybersecurity resilience and regulations, the European Union started a cyber conversation with it in 2021. Cyber professionals from U.S. Cyber Command and Ukrainian Cyber Command collaborated on defensive cyber operations in the months before the invasion to strengthen the cyber-resilience of crucial networks.
Since the start of the invasion, allies have kept bolstering Ukraine’s online security. For instance, the US and UK have shared information briefings on Russian cyber operations, including cyber threat intelligence on future and existing harmful assaults like the Industroyer2 virus, defensive firewalls, and DDoS protection. Additionally, the U.S. government has helped Ukraine find and purchase software and hardware to bolster network protection. Notably, since the start of the conflict, the U.S. Agency for International Development (USAID) has offered 6,750 emergency communication devices, including satellite phones and data terminals, to strengthen the resilience of critical infrastructure networks and the government. USAID has also provided technical experts to support essential service providers. The European Union sent a cyber fast reaction team to Ukraine after Russia invaded the country in February 2022 and gave Ukraine €29 million (approximately $31 million) to strengthen its cyber and digital defenses. Additionally, Germany has set aside a portion of its 2023 budget to protect Ukraine from Russian cyberattacks.
Due to the confidentiality surrounding individual vulnerabilities, the full scope of Russia’s cyber activities against Ukraine and NATO allies have not been made public, although communication between Ukraine and its partners has been two-way. Senior cyber defense representatives from Ukraine have also had bilateral meetings with national governments to share information as the war drags on. Allies who have supplied individuals as reinforcements are then given the knowledge necessary to better protect their own national networks from similar attacks. With Ukraine joining NATO’s Cooperative Cyber Defence Center of Excellence in May 2023, this two-way learning is expected to continue, increasing the alliance’s experience through knowledge exchange.
Cyber Defenders From The Private Sector
In addition to traditional armed troops and proxies, the Russia-Ukraine war has also encompassed technological corporations, which are particularly significant for Ukraine. This is hardly unexpected given that private businesses control and run the majority of the digital infrastructure in Ukraine. Furthermore, it has long been understood that effective cyber defenses require extensive cooperation between the public and commercial sectors. The combined strength of the private sector has improved Ukraine’s defensive capabilities, particularly its capacity to recover from assaults, increase its efficacy on the battlefield, and broaden its appeal internationally.
For instance, Microsoft, albeit by no means the only business to do so, was crucial in protecting Ukraine against Russian assaults. Early in 2022, Microsoft discovered the FoxBlade trojan horse wiper virus, which was intended for Ukraine’s financial institutions and government agencies. Microsoft contacted Anne Neuberger, the U.S. deputy national security advisor for cyber and emerging technologies, after upgrading its virus detection systems to stop the malicious code, and set up a secure channel of communication with cyber officials to support Ukrainian defenses. Since then, Microsoft and other companies have continued to collaborate with NATO, EU, and US government cyber experts to provide any proof of threat actor activities expanding outside of Ukraine.
Although Microsoft has made a substantial contribution to the cyber security of Ukraine and the larger community, it is only one of several private sector organizations that have stepped in to help Ukraine. Along with the large contributions made by particular organizations, the private sector has made a significant contribution to Ukraine through its cooperation with other organizations to collectively supply the country’s cyber security. Since the start of Russia’s invasion, a group of corporate sector and civil society groups have offered to provide and sustain Ukraine’s emergency cyber security needs.
Storing Essential Data Outside The Conflict Area
Data-localization initiatives resulted in a concentration of Ukrainian government data on servers that were domestically based at the start of the war. However, due to pragmatism on the part of Ukraine, which recognized the likelihood of an attack on these servers, along with support from the private sector, the data from Ukraine was moved to servers outside of the conflict zone by Amazon Web Services (AWS), Google Cloud, and Microsoft to increase resilience. Building redundancy into networks and storing up data outside of war zones are both essential for protecting against assaults that aim to paralyze companies or data in order to protect against these attacks. This safeguards data storage systems and makes it easier to revive the economy later. There are now initiatives aimed at localizing data in several nations. Ukraine serves as a reminder of the necessity to safeguard cyberspace’s physical infrastructure and, in the event of damage, relocate data servers.
Volunteers And Hacktivism
The creation of a volunteer IT Army of Ukraine was formally declared on February 26. The Ukrainian government seems to be coordinating in some way. This unparalleled cyber force of more than 150,000 volunteers was created. The federal post office and pension fund, online banking, and video conferencing platforms are just a few of the more than 600 online resources in Russia that have been impacted by the IT Army. Hacking group Anonymous has also declared “cyber war” on Russia, claiming responsibility for DDoS assaults that brought down the official websites of the Kremlin and the Ministry of Defense, and posted pro-Ukraine information on Russian state TV networks. Although unconventional, this volunteer group has helped to strengthen Ukrainian cyber defenses.
Influence Campaigns And The Open Internet
This continuing war offers important insights into the nature of conflict on the “splinternet”, which refers to two or more internets that are divided and run in different ways. In this instance, Ukraine is a part of a more open data environment whereas Russia has a closely regulated information space. The narrative is in favor of Russia on Russian internet sites. China and a few other nations have joined Russia in endorsing that narrative. However, a number of influence operations have been directed against the information space in Ukraine, which is a component of the larger, more open internet.
The war between Russia and Ukraine has been nicknamed “the first TikTok war”, emphasizing the influence of social media in modern wars. Social media has been utilized not only by citizen journalists in combat zones, but also by persons in positions of power and authority. Ukrainian President Zelensky has utilized social media effectively to advocate Ukraine’s cause and gather worldwide support. Russian official media has used the same venues to spread fake news and propaganda. Meta, Twitter, Microsoft, Alphabet, and TikTok have all removed fake content from their platforms. The Biden administration has even gone so far as to advise TikTok influencers on US strategic objectives. While social media businesses have helped to reduce the spread of misinformation, graphic imagery, and hate speech, issues remain.
National governments that favor an open internet have considerable challenges since it is not practicable nor desirable to regulate all information flows, making them more susceptible to malicious attempts to sway public opinion. The psychological resistance and resilience of the individual to these effects must also be taken into account, in addition to the duties and obligations of platforms in the face of malicious influence efforts. Building societal psychological defense, or the ability of society to collectively resist foreign malign influence activities and disinformation, will likely become an institutionalized and extended part of many national cyber defense efforts in societies that intend to maintain a “free and open” internet.
Financing Allies In The Private Sector
The private sector was ready and able to help Ukraine’s national defense, which had an immediate impact on the ground reality. Although the private sector’s contributions to Ukraine’s military have been essential, they have also been expensive. Microsoft has invested nearly $400 million in the war and will spend an additional $100 million on free services through the end of 2023. According to reports, Starlink’s maintenance costs amount to $20 million a month while supplying Ukraine with essential connection infrastructure. At a significant expense, Amazon backs up academic data, the Ukrainian government, and crucial infrastructure from outside Ukrainian territory. Russian product and service deliveries have been halted by a number of American IT companies.
It is important to distinguish between these tech corporations’ actions and benevolence. For instance, spillover from the crisis may have an impact on Microsoft’s company outside of Ukraine; therefore, it is in Microsoft’s best interest to take action and protect against cyberattacks. More generally, if these mostly American tech businesses were to remain neutral or continue doing business with Russia, they may experience regulatory and societal reaction in significant markets in the United States and Europe. As a result, there are still some concerns about the long-term viability of this assistance. The length of time that these companies will be willing and able to contribute these pricey services to Ukraine for the duration of the war is still unknown, as is the question of whether this kind of support might be replicated for any other beleaguered country in the future.
Dual-Use Technologies Control
Manufacturer of consumer-grade commercial drones DJI has unintentionally turned into an arms dealer in this war. Commercial drones, such the under $2,000 DJI Mavic 3, have been used by both Russia and Ukraine. The Ukrainian army’s combat reach has been increased thanks to these reasonably priced drones, which also offer improved intelligence and communication capabilities. Some of these recreational drones have even been converted by the Ukrainian army into unmanned kamikaze bombers that can direct toward Russian targets and carry up to 800 kilos of ammunition. Despite DJI’s announcement that it will stop selling drones to Moscow and Kyiv in reaction to their usage in the war, other vendors still sell commercial drones. The issue with some dual-use technologies is shown by this example of a technology that is first and foremost commercial yet has potential for application in defense. Additionally, it raises concerns about how certain allies would be able to obtain comparable technology that are largely used in defense and how these two difficulties might be resolved.
Future Industry Enemies
With the noteworthy exceptions of TikTok and DJI, which are owned by China, the majority of the major consumer tech businesses participating in this war are American. It is important to take into account other possibility, which involves war with China.
Due to Russia’s military actions in Ukraine, more than 30 nations, or more than half of the global economy, have issued sanctions and export curbs. These initiatives have had an effect on how Russian technology and e-commerce have developed. It is crucial to take into account the long-term repercussions of escalating the split in technology stacks, which is primarily motivated by U.S.-China tensions, even though sanctions against Russian technology make sense as a means of enforcing conformity with international will. Although bifurcation would reduce dependence, it is crucial to take into account the potential repercussions of establishing a more fragmented global technological scene with regard to access to resources and the allegiances of businesses with strong ties to competitors.
Responsibility Is Required
Norms on responsible state conduct for the appropriate use of cyber capabilities were negotiated at the UN. 11 cyber rules have been agreed upon by UN member states. These norms cover interstate cybersecurity cooperation, preventing the abuse of information and communication technologies on sovereign territory, protecting critical infrastructure from damage, ensuring supply chain security, and refraining from interfering with emergency response teams. Despite this important achievement, problems still exist, such as a lack of accountability.
States frequently use cyber operations to accomplish their aims at the federal level. With checks and balances in place at the national and international levels, however, some governments exercise more restraint than others, putting guardrails around their cyber operations – or, as the United Kingdom has put it, “responsible cyber power”. However, this leads to a situation in which there is a group of nations (such as Russia, China, and Iran) that are less restrained in their cyber operations, posing serious threats to other nations (such as the United Kingdom and the United States) that adhere to legal frameworks and exercise restraint. The United States and its partners have worked to appoint responsibility for state actors’ cyber actions, which has taken the form of attribution. There are several instances when state actors have been blamed for hacking efforts and corporate espionage. But attribution doesn’t seem to stop states from misbehaving. In order to keep governments accountable for upholding international standards, stronger accountability and punishment mechanisms need to be devised, which might ultimately improve global cybersecurity.
What Protections Do Volunteers Have?
Hundreds of thousands of IT volunteers have backed cyber operations against the Russian state as part of Ukraine’s cyber defense, but it is unclear if they are protected in any way by international law. The International Committee of the Red Cross lists a few actions as examples of participating in hostilities: interfering electronically with military computer networks; transmitting tactical targeting intelligence for a specific attack; directly causing death, injury, or destruction to a third party; or directly harming the enemy’s military operations or capacity. In the United States or the United Kingdom, for instance, hackers who participate in cyberattacks against Ukraine may be breaching international law. Thus, the participation of volunteer cyber troops from various geographical locations poses significant difficulties for international conventions and rules designed with states in mind.
Conclusion
The situation in Ukraine has important effects for the world’s cybersecurity sector. For cyber resilience in the face of increasing threats, a sizable defensive expenditure is necessary. This was known before to Russia’s invasion, but it was not immediately apparent that Ukraine’s cyber defense would be as successful as it has been thus far. What is evident in the case of Ukraine is that its strong cyber defense to date is a direct result of the nearly ten years it has spent having to defend its national interest in cyberspace, which required cooperation across government and with the entire Ukrainian society, in addition to working with allies and the private sector. The nation’s resilience and capacity to withstand Russian cyber and information campaigns have increased thanks to investments in cyber defense, preparation for hybrid warfare, placing a high priority on information security, and cultivating a culture of cyber awareness throughout society.
Russia will probably continue to pose a serious and ongoing danger to many members of the Western alliance. Because of this, there is much that can and should be learnt from Ukraine’s past experiences to help cyber defenders have a better chance against hostile assaults in cyberspace. There are still many unanswered concerns regarding the viability of replicating this unique and diverse partnership between allies, volunteers, and the commercial sector in cyberspace. But what everyone will take away from the Ukrainian situation thus far is the possibility that a strong defense might be just as successful as a strong offense.