Russia’s Chaos Cyber ​​Campaign Should Fail


But Ukraine has already been here.

For years, it was the punching bag of the world for Russian cyberaggression. Its citizens suffered power outages due to disruptions to its power grid in 2015 and 2016, and Ukraine’s government and financial system were crippled by powerful malware attacks in 2017. The NotPetya virus then spread out of Ukraine and caused damages estimated at 10 billion dollars to companies. and organizations across the United States, Europe, and other parts of the world. As former US Homeland Security Advisor Tom Bossert once said, “It was the equivalent of using a nuclear bomb to achieve a small tactical victory.”

Attribution is never 100% certain, but cybersecurity researchers widely agree that Russia is likely the culprit of these attacks. By making Ukraine its most frequent victim, Russia has also become the world’s most serious cyber-aggressor, according to the International Institute for Strategic Studies (IISS), a geopolitical think tank.

The advantage is that the Ukrainian commercial and public sectors are better prepared for cyber-harassment. After Wednesday’s attack, military and banking websites reportedly recovered quickly thanks to their preparedness and quick work to mitigate the damage. The Kyiv Post website, at the time of this writing, was up and running.

The latest cyberattack has nothing to do with a targeted strike against a major system, like the Stuxnet worm that disrupted Iran’s nuclear program in the early 2000s. Russia’s goal is dispersed psychological disruption – to sow chaos, confusion and fear, not only in Ukraine, but among its Western allies.

This shouldn’t work. Western governments considering tough sanctions on Russia are weighing the risk of a cyber kickback, with the global damage caused by NotPetya a fresh memory. But Russia seems unlikely to deploy its full cyber arsenal against Ukraine, and its potential targets seem better prepared thanks to years of experience.

The UK, for example, has built up a formidable cyber defense force aimed at deterring aggressors like Russia. The US Cyber ​​Command, led by National Security Agency Director Paul Nakasone, takes a similar stance on deterrence and has no doubt also carried out its own offensives in Russian cyberspace.

Then there are the limits of Russia’s own resources. NSA’s Nakasone said he leads a cyber defense force of about 238,000. “I doubt Russia has half of those people, working in that many missions in the Russian Armed Forces,” Greg Austin, senior cybersecurity researcher for the IISS, said during a webinar on the conflict in Ukraine on Thursday. . “There is a question of how many do they have, how qualified are they and what is the connection between their skills, training and policy planning in the Russian Armed Forces.”

“What we’ve seen since 2013 has been largely harassment-type, low-level attacks. Some had effects that lasted a few months, but most were relatively short-lived,” Austin added. Russia’s military intervention in the Syrian civil war in 2015, for example, saw surprisingly little use of offensive cyber operations by Russia. This raises questions not only about the resources of Russia’s military intelligence division, the GRU, but about the “imagination” of senior Kremlin leaders to launch cyberattacks, according to Austin.

There is no doubt that a significant part of Russia’s assault on Ukraine will continue to be digital. But if it continues to be as limited and chaotic as some cybersecurity watchers expect, it should give Western allies the confidence they need to bring down sanctions, and bring them down hard.

Plus others in Bloomberg’s opinion:

• Vladimir Putin plays with fire in Ukraine: Clara Ferreira Marques

• Shocking and chilling sanctions could still stop Putin: Javier Blas

• Putin’s invasion of Ukraine is a sin all Russians will bear: Leonid Bershidsky

This column does not necessarily reflect the opinion of the Editorial Board or of Bloomberg LP and its owners.

Parmy Olson is a Bloomberg Opinion columnist covering technology. She has previously reported for The Wall Street Journal and Forbes and is the author of “We Are Anonymous”.


About Author

Comments are closed.