At the time of writing, Russia is almost 2 weeks into its invasion of Ukraine. The conflict has been unprecedented in many areas, including that of cyber security & computer network operations. This is arguably the first time in recorded history that we have seen cyber-attacks being directly used as a precursor to or in conjunction with kinetic military operations.The Russian special military operation in Ukraine was followed by a wave of cyber-attacks against Ukraine’s infrastructure, including banking, energy, and military. In response to this, Ukraine stood up a cyber warfare unit and called upon its limited cyber warfare capabilities as well as the support of allied nations and individuals around the world. For the first time in history, we have seen an uprising of condoned (by Ukraine) civilian and state-sponsored cyber-attacks against an established nation.
Right wrong or indifferent, these attacks will likely be followed by retribution from Russia. In what form that takes place, we do not yet know. What we can be certain of is that Russia will leverage its extensive cyber warfare capabilities against the west.
The National Institute of standards and technology defines a cyber-attack as “an attack via cyberspace, targeting an enterprise’s use of cyberspace to disrupt, disable, destroy, or maliciously control a computing environment or infrastructure; or destroying the integrity of the data or stealing controlled information.”The rules of engagement on how cyber-attacks are classified in terms of warfare have always been a grey area. Whether Russian cyber attacks would constitute an act of war, is the subject of much debate as to whether a cyber-attack constitutes an act of war and more so, what an appropriate response to one must be by a nation-state.The North Atlantic Treaty organization has maintained for some time that Russian cyber attacks on a member nation could be constituted as an act of war the same way a kinetic attack would be. However, NATO has appeared to have widened its definition of what kind of cyber-attack could merit a response from the member nations. Specifically identifying that significant malicious and cumulative cyber activities would have to take place for it to be considered the same as mounting an armed attack.While Russian cyber attacks have yet to have had any impactful results against Western targets, as a part of the conflict in Ukraine, the country has said quite clearly that cyber-attacks made against them will be considered an act of aggression.
It’s difficult to predict when a cyber-attack may occur, and what targets it may occur against. However, such a cyber-attack would likely complement a kinetic invasion such as the one we are seeing in Ukraine currently. Cyber-crime and cyber-attacks typically increase when people are either distracted, distressed, or particularly vulnerable and susceptible to falling victim to such an attack.Russia’s military force is relying on outdated equipment when compared to its western counterparts. However, the cyber capabilities and aggressive tactics that they use to employ them, are a force to be reckoned with. Russia has a historical pattern of cyber-attacks and cyber-crime committed against the US and other western countries. With a formidable history of state-sponsored activities in the cyber realm. As such, we can predict and address the following five ways Russia could impact us:
Banks and financial institutions are no strangers to cyber-attacks. In recent times, we have seen some of the most high-profile cyber-attacks and preachers made against banks. This is especially prevalent during this time of heightened cyber awareness. Banks should be on the lookout for an increase in attempts both virtual and social engineering-based, banking customers should also be on the lookout for an increase in attempted phishing and fraud made against them.
It’s not a well-kept secret that national infrastructure is largely vulnerable to cyber-attack. This is due to many reasons, the dependence on legacy software and hardware is one of them. Such vulnerabilities leave our national infrastructure susceptible to cyber-attack. Furthermore, attacking national infrastructure is a way to directly impact the quality of life of a country’s citizens and could be used to aid a larger campaign.
Governments are one of the most targeted demographics by cybercriminals. During a time of conflict, attacks against government organizations are likely to occur to undermine and disrupt operations. This is already being witnessed in the Ukraine conflict on both sides: with government organizations' websites and systems being taken off-line for extended periods.
Small and mid-sized businesses are often looked upon as easy prey for cybercriminals. Last week, the cyber security and infrastructure security agency updated its guidance for organizations, pressing those businesses to remain laser-focused on resilience in a statement anticipating increases in cyber-attacks made against American businesses. This was in response to Russian cyber-attacks against Ukrainian government websites. It is a common myth that a small business is an undesirable target to a cyber-attacker.
Whilst not directly cyber-attack, Russia is vast, and extensive psychological operations and information warfare capabilities are not to be underestimated. As they continue to be increasingly in the press and under scrutiny from the international community, it is likely that in an attempt to disrupt international communications, influence foreign policy, and control the narrative, the Kremlin will ramp up its information manipulation tactics in the coming months.Overall we have not seen Russia truly flex its cyber warfare capabilities thus far. Organizations should be mindful of an increase in cyberattacks and a higher risk of attacks being made against them. As the conflict escalates and continues to get bloodier by the day on the battlefield, it is to be expected that these escalations will not just be limited to the physical and an increase in aggression in the cyberspace is very possible also.