Ukraine’s Missing Cybergeddon

Experts have said for years that the next war would be fought in cyberspace, but the expected cyberwar is not the one we have seen, so far.

March 5, 2022
The Russian flag, a Guy Fawkes mask and binary code are displayed in this photo taken in Krakow, Poland, on March 1, 2022. The hacker group Anonymous has declared “cyber war” against Russia. (Jakub Porzycki/NurPhoto)

For years, experts have been saying that the next war will be fought in cyberspace. They warn of a “cyber Pearl Harbor” that would melt down government systems, cripple critical infrastructure and plunge modern militaries and societies into darkness. It hasn’t happened in Ukraine. Instead, it’s bullets, rather than bytes, that are raining devastation and misery on combatants and civilian populations.

The Ukraine war is without a doubt highly leveraged on technology. Modern warfare is fast and lethal. Turkey’s Bayraktar drones in the hands of Ukraine’s military caused significant damage to advancing Russian columns and supplies. Likewise, ground-to-air and ground-to-ground missiles and massed radar-guided artillery barrages may have caused upwards of 5,000 Russian military casualties in the first four days of the conflict.

Ukraine is also an information war, with messages on hundreds of Telegram channels and tens of thousands of videos, many of them deliberate mis- or disinformation, circulated by both sides. Ukraine’s information warriors were quick to seize on patriotic themes — and its history of defiance as a Cossack nation — to galvanize domestic and international support. Ukrainian President Volodymyr Zelenksy’s “This is Sparta!” speech with his cabinet proclaiming “We are here” to defend Kyiv, and a group of Ukrainian soldiers who cursed at a Russian warship when called on to surrender quickly became powerful memes during the first days of the war.

But beyond two instances of destructive malware aimed at Ukrainian ministries in the weeks prior to the war, the much-expected cyber offensive that would cripple command and control and shut off electricity and water systems — the oft-foretold cybergeddon — has not yet materialized.

To be fair, prior to the conflict, Ukraine was one of the most cyber-prepared nations in the world. After all, in the past four years, Ukraine survived two attacks against its critical infrastructure, as well as a wave of destructive malware, including NotPetya, which locked up thousands of accounts for small and medium businesses that were customers of the Ukrainian accounting software that was used as a vector for the attack. Ukraine’s cyber defences were bolstered by assistance from abroad in the form of advice and investment to strengthen Ukraine’s cybersecurity industry, which improved the national resilience to cyberattacks.

The private sector also stepped up. Technology companies including YouTube, Meta, TikTok and Twitter closed ranks to prevent monetization of disinformation, in particular by Russian-backed actors. Microsoft made its immense cybersecurity resources available to rapidly assess and repair damage caused by harmful malware.

Even Russia’s notorious cybercriminal gangs appear to be split. One group, responsible for the Conti ransomware, spilled its internal acrimony into the open with a massive leak of its internal messages. Hackers on both sides have threatened to escalate the conflict. Ukraine has made open calls for a volunteer IT army to wreak havoc on Russian cyber infrastructure. The shadowy hacking collective Anonymous announced cyberwar against Russia, threatening to take down the entire banking infrastructure. On the Russian side, hackers operating under the brand of “Killnet” equally threaten anyone who attacks or seeks to disable Russian IT systems, and allegedly took down the Anonymous webpage.

Cyberwar is a special kind of hell. Without a doubt, the lower threshold and restraint on cyberattacks brought about by the outbreak of Europe’s first all-out war since 1939 is going to cause a lot of damage. Much of it will likely be collateral damage as malware code spreads rapidly around the globe, impacting systems far away from Ukraine. The effect is akin to having a rock fight inside a glass house.

The good news is that, on the whole, governments and businesses are better prepared today than they were in the wake of the 2014 Ukraine war. This is driven in part by the fact that ransomware attacks have become so common that investment and awareness of cybersecurity has grown in priority for most corporate boards and governments.

But the real cyberwar in Ukraine is likely far away from the hyperbolic and hype conversations of hackers and hacker wannabes on Internet Relay Chat (IRC), Reddit or 4chan. The story of a cyberwar that was not, and yet that is, will likely be written years from now, when the truth comes out of how the United States and its North Atlantic Treaty Organization (NATO) allies were able to “pre-bunk,” and clearly signal Russia’s intentions for invading Ukraine, weeks if not months before Russian President Vladimir Putin finally admitted that this was his true intent.

According to some sources, the Russian General Staff, senior political leadership and, in fact, everyone within the Russian government and military community was thoroughly owned and penetrated for months, if not years. This shouldn’t come as a surprise. After all, Russia’s government and businesses use the same cellphones and computers as do all countries and businesses around the world. With few exceptions, most communications are passed by these channels, and through the internet rather than high-value, highly protected and low-bandwidth military systems.

While it’s hard to speculate this early in the conflict as to the causes of the significant failures of Russia’s military operations in Ukraine, it’s hard to imagine that cyberspace is not at least a supporting factor. Battlefield reports speak to lack of coordination and communication among Russian units, difficulty in bringing up supplies and units without communication with their headquarter staff. Russia has yet to establish full air superiority over Ukraine, and its much-vaunted electronic warfare capabilities have not disrupted Ukrainian communications. Nor have cyber means been effective at silencing the Ukrainian internet or taken Ukrainian telecommunications and cellphone systems offline.

According to some sources, the Russian General Staff, senior political leadership and, in fact, everyone within the Russian government and military community was thoroughly owned and penetrated for months, if not years.

The causes of these operational failures may well be brought about by a hastiness and lack of planning behind the invasion of Ukraine. But the Russian military’s proven ability to operate in theatres such as Syria cast some doubt that ineptitude and lack of planning are the only factors behind these significant failures.

In this context, the cyber war may well be the hidden war in Ukraine that is exacerbating Russian command and control and logistical problems. These cyber ways and means, highly classified and compartmentalized, are well outside of the hyped-up talk of hooded hackers threatening bit storms of destruction.

Military cyber capabilities are also likely to be critical in the difficult days ahead. President Putin has put his country’s nuclear forces on heightened alert. As a result, the status of Russia’s nuclear command and control systems and the officers responsible for operating them is inevitably the focus of attention for Pentagon and NATO planners alike. There are few options available to avert a nuclear exchange — and cyber is one of them.

In Ukraine, the cyberwar we expected to see in the first major clash between advanced industrial states of this century is not the one we got. Cybergeddon has turned out to be an Atari rather than a PlayStation 5. But this may be misleading. Cyber well may be a decisive factor in bringing about an end to the war in Ukraine and, if we are lucky, prevent it from becoming what might otherwise be a global catastrophe.

A version of this article first appeared in the National Post.

The opinions expressed in this article/multimedia are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors.

About the Author

Rafal Rohozinski is a CIGI senior fellow and a principal of the SecDev Group, where he leads its geopolitical digital risk practice.