Cyber's Role in Ukraine-Russia ConflictWill West Respond in Cyberspace to Russia's Actions?
Russia's offensive military actions in Crimea and its threats to the rest of Ukraine are raising concerns about how the conflict could play out in cyberspace.
See Also: Implementing a Zero Trust Framework at Scale
On March 4, at a news briefing, the head of Ukraine's security service said the country's telecommunications system had been attacked, with equipment installed in Russian-controlled Crimea used to impede the mobile phones of members of parliament, according to Reuters.
Paul Rosenzweig, a former Department of Homeland Security deputy assistant secretary for policy, has identified three other cyber-related actions that have occurred in the past few days in the budding conflict: the degrading of telecommunication links to Crimea; Russian social networks blocking links to sites and pages with pro-Ukrainian messages; and Russia Today - the pro-Kremlin, English-language website - briefly being hacked with the word "Nazi" prominently inserted into headlines describing Russian actions.
But do these actions signal a more aggressive posture to be taken, not only by the Russians, Ukrainians and their respective sympathizers, but by Western nations critical of Russia's military stance in Ukraine?
"Russia has a very able set of cyber capabilities, of the sort that it deployed through 'patriotic hackers' in the Russia-Georgia conflict," Rosenzweig says, referring to a five-day war in 2008 in which Georgia tried to regain control of the breakaway territory of South Ossetia, which is occupied by Russian troops. During the war, cyber-attacks by what were believed to be Kremlin backers compromised the websites of Georgia's parliament and foreign affairs ministry (see Is U.S. Too Big for Georgia-Style Cyber-Attack to Succeed?).
The Georgia Model
Richard Stiennon, the author of the book "Surviving Cyber War," doesn't expect cyberspace conflicts to emerge unless it's part of physical warfare (see Cyberwar: Reality or Exaggeration?).
"Cyberwar will only break out coincident with military aggression if the Georgia playbook is being followed," Stiennon says in response to questions posed by Information Security Media Group. "If it does, I expect an escalation beyond simple DDoS [distributed denial of service] and defacement of websites. If orchestrated properly, it will involve attacks on communication infrastructure, including severing Internet connections in and out of Ukraine, disabling cell phone access, cyber-attacks against air traffic control and military communications and control."
A lack of a full-scale cyberwar doesn't preclude attacks from various parties, including governments as well as individuals and groups sympathetic to the causes of each side.
Rosenzweig, writing in his Lawfare blog, says Ukraine has its own set of very capable cyber-actors - many linked to criminal enterprises - that offer substantial network attack capabilities, though likely not as strong as those with ties to Russia. Plus, he says, it's unclear how many of these actors are sympathetic to Ukraine or Russia.
Still, he says, Ukraine has a large diaspora of cyberprofessionals in the West who could be motivated by nationalism to participate in a conflict.
"Given the asymmetric nature of kinetic force in the region and Russia's military superiority, it is very likely that Ukraine will see cyber-operations as an avenue of response that has a better chance of success," Rosenzweig says. "Look for Ukrainian disruptions of Russian communications and transportation. Hopefully, they will have the wisdom to avoid CNA [computer network attack] against larger critical infrastructure."
If cyber-attacks by Ukraine or its sympathizers get out of control, that could prove problematic for the West and the rest of the world. Attacks coming from Ukrainian sympathizers could be seen by the Russians as emanating from NATO or the United States, Rosenzweig says, "given the difficulties of attribution and the likely suspicion with which Russia will view cyber-actions generally, and the West."
So far, the West has only threatened Russia with economic and diplomatic sanctions over Crimea; no one is suggesting that the U.S. and its Western allies get involved in a shooting war with Russia. And Stiennon extends that lack of threat to the cyber-domain.
"While the U.S. may have significant means of cyber recourse at its disposal, I doubt they would be used unless NATO were directly involved in a kinetic response," Stiennon says. "A cyber retaliation against Russia would be deemed an act of war, and no one wants that."
Still, Stiennon envisions how such a Western cyber response could take form, including the removal of the .ru Russian top-level domain from the Internet. "Undersea and land cables could be severed," he says. "Wireless communication could be jammed. Radar and satellite surveillance could be crippled. Cyberweapons could be triggered to take down critical infrastructure, such as power, oil and gas."
But Rosenzweig says the West seeks to avoid that type of scenario. "For NATO, the biggest issue is to avoid cyber-escalation," he says. "One could readily see CNA operations by the Ukraine that are intended as deterrents spinning out of control. We have no established triggers and red-lines in cyberspace in the same way we used to for WMD [weapons of mass destruction]."