Russia, Ukraine and many of the latter’s Western allies have the ability to launch cyberattacks on other nations, and both sides seem ready for digital skirmishes
23 February 2022
Tensions continue to rise between Russia and the West, as Russian president Vladimir Putin mobilises his troops on the border of Ukraine, but in 2022 wars aren’t only fought on a physical battlefield. Russia, Ukraine and the latter’s Western allies have all built up the capability to launch huge state-sponsored cyberattacks. Are we lurching towards the world’s biggest cyberwar?
Western authorities certainly seem fearful of potential cyberattacks. The UK’s National Cyber Security Centre warned organisations to improve their cyber defences on 22 February, though declined to elaborate further when asked by New Scientist.
There are similar warnings in the US. On 16 February, the Cybersecurity and Infrastructure Security Agency warned companies that provide services to US armed forces to be on the lookout for an increased number of attempts to break into their IT systems. That followed a 23 January memo from the US Department of Homeland Security warning that “Russia maintains a range of offensive cyber tools that it could employ against US networks”. In early February, the European Central Bank also warned against cyberattacks.
Part of the risk to these nations isn’t from a direct Russian attack on IT infrastructure outside Ukraine – though that could happen – but instead an attack on Ukrainian IT affecting Western businesses. One in five Fortune 500 companies rely on Ukraine’s IT outsourcing sector, according to Ukraine’s Ministry of Foreign Affairs.
“We’ve seen in the past that Russia has the intent and capability to cause major disruption through cyberoperations,” says Jamie MacColl at the Royal United Service Institute, a UK think tank. Harvard University’s Belfer Center for Science and International Affairs places Russia fourth in its National Cyber Power Index, behind the US, China and UK.
Russia has at least three military units within the GRU, Russia’s military intelligence agency, that are capable of launching cyberattacks, according to research produced for members of the US Congress in February 2022. Two of those units – Unit 26165 and Unit 74455 – were responsible for attacking political campaign servers and stealing documents and emails that were used to derail Hillary Rodham Clinton’s attempt to become US president in 2016.
In October 2020, the US Department of Justice announced the indictment of members of Russia’s Unit 74455 for their connections to a year-long cyberattack against Ukraine between 2015 and 2016. Unit 74455 has also been linked by US authorities to attacks against Georgia in 2018 and 2019 – which Russia has previously sought to bring under its influence – and the 2017 NotPetya attack against Ukraine, which caused widespread disruption to IT systems worldwide. “It’s the NotPetya case that fuelled a lot of fears about spillover, either intentionally or unintentionally,” says MacColl.
Russian cyber forces have been working against Ukraine since 2014, when Russia last launched a landgrab against the country, says the Ukrainian government. In the first 10 months of 2021, Ukraine was bombarded with 288,000 cyberattacks, with the government again pointing the finger at Russia. In the past few weeks, what’s believed to be one of the largest distributed denial of service (DDoS) attack in Ukraine’s history was launched. It took down many of Ukraine’s banks and government departments. The UK and US governments attributed the attack to Russia’s GRU.
Ukraine’s allies are mustering cybersecurity forces to repel Russian attacks. On 22 February, the Cyber Rapid Response Team, led by Lithuania’s Ministry of Defence, was stood up to help Ukrainian institutions cope with the increased cybersecurity threat.
Some nations may go beyond defence. UK defence minister Ben Wallace told parliament on 21 February that a long-planned offensive cyberattack agency, the National Cyber Force, had “already been established” and was growing in size. While Wallace said he couldn’t comment on actions it could launch, he added: “I am a soldier and I was always taught that the best part of defence is offence.” The UK Ministry of Defence declined to expand when asked by New Scientist.
“People at a senior level in Western governments have for a decade or more been calling for calibrated cyberattack options to respond to both kinetic and cyber incoming attacks,” says Lynette Nusbacher, former head of the UK government’s Strategic Horizons Unit.
Clearly, all of this is pointing to digital attacks being a big factor in the Russian conflict, but will it be a massive cyberwar? Experts think not. “For the moment it seems that most such incursions are considered digital espionage and sabotage, more so than full-out conflict,” says Agnes Venema at the University of Malta. Any attacks by the UK wouldn’t be against Russian civilian infrastructure, says MacColl. “It will be about degrading their ability to conduct cyberattacks against us.”
Venema also believes international law will limit Western attacks on civilian networks. “Those countries who consider the international legal order as worthy to uphold will always apply human rights law and principles such as distinction between military targets and civilian infrastructure when acting,” she says. There is also the risk of escalating the conflict. “You need to consider what happens when you release such a weapon,” says Venema. “After all, it can be used against you in the future.”
More on these topics: