Amid mounting fears over a possible Russian all-out invasion, Ukraine is facing a threat on two fronts – land and cyberspace.
“Cyberattacks look like an ideal way for Russia to achieve its goals (to destabilize the country),” Yegor Aushev, co-founder of the Kyiv-based Cyber Unit Technologies and Cyber School, told the Kyiv Independent.
Russia is infamously known for using Ukraine as a laboratory to test out its cyberweapons, flirting around with new tactics to stir panic while occasionally causing serious damages that lead to financial losses.
Since Moscow’s illegal annexation of Crimea and invasion of Donbas in 2014, Ukraine has repeatedly been targeted. The country suffered roughly 288,000 cyberattacks in the first 10 months of 2021, The Guardian reported, citing official figures. Russian state-backed groups were linked to a growing tide of cyberattacks in Ukraine, though proving the source of such actions is notoriously difficult.
So far, the purpose of the cyberattacks has been to destabilize the situation in Ukraine and frighten Ukrainians with fake bomb threats and other fictional scenarios, according to Aushev.
But given Russia’s extensive experience in the cybersphere, no one knows what it’s capable of doing or whether it already has control over Ukraine’s critical infrastructure, Aushev said.
Ukraine claimed that Russia was behind the recent massive cyberattack that crashed dozens of Ukrainian government sites on the night of Jan. 13-14, though Moscow has denied being involved.
The hackers left behind a message warning Kyiv to “expect the worst” after months of tensions over the Russian military descending near Ukraine. Russia massed over 130,000 troops, a wide range of military equipment and aircraft along the Ukrainian border and in the occupied parts of Ukraine.
With no spatial or time limits, cyberspace has transformed modern warfare and introduced countries to an artificial battlefield with no clear borders dividing the nations. Unlike the conventional battles, there is no broad consensus on what constitutes an act of war in the cyberworld, nor an agreement on how deeply Moscow can harm Ukraine without triggering a Western response.
In the modern world, it’s impossible for a country to be completely immune to cyberattacks, according to Jaak Tarien, director of Tallinn-based NATO Cooperative Cyber Defence Centre of Excellence (CCDCE). A well-funded enemy such as Russia with all its capabilities can still find a way to break into the system, he said.
According to Tarien, Moscow would eventually like to see Ukraine’s democratic regime collapse, and it hopes to do so by spreading misinformation, panic and doubts about the government among the Ukrainian people. Russia is practicing its cyberweapons and tools, and this poses a danger to the whole world because it can be used against other nations as well, he said.
“What every nation should do, and what Ukraine is doing really well, is to make it as difficult as possible for your opponent,” Tarien told the Kyiv Independent. “Your (Ukrainian) specialists are now the most battle-experienced cyber specialists in the world for the last eight years.”
In 2021, Ukraine applied to join the NATO cyber defense center led by Tarien but was rejected. According to reports in Ukrainian media, Hungary blocked Ukraine’s membership.
Long record of cyber aggression
For over a decade, Russia has melded cyber into broader strategies that combine hacks with information war, hybrid war, or the old-fashioned war to advance its imperial ambitions.
Estonia became the first victim of a coordinated cyberattack against a nation-state in 2007, following a dispute with Russia over the government’s removal of a Soviet-era war monument from downtown Tallinn. Russian-backed hackers unleashed a three-week wave of massive attacks targeting state and commercial websites.
Just a year after the Estonia attack, Russia used its cyberweapons while invading Georgia with conventional forces. Russia forced nearly all government websites and banks offline during the 12-day war between the two nations.
Ukraine was the next target. When Russia illegally annexed Crimea from Ukraine in 2014, Kremlin-backed hackers also launched cyberattacks to destabilize communications and spread confusion whilst troops overran the peninsula. In the same year, a shadowy pro-Moscow hacking collective was also found hacking into Ukraine’s voting system ahead of the national elections, destroying the software and frying the hard drive.
Russia denied being involved in any of these cyberattacks while continuing to further assault its neighboring country.
In the closing days of 2015, regional electricity distribution company Kyivoblenergo became the world’s first power grid provider to be taken down by a cyberattack, leaving roughly 225,000 people in Ivano-Frankivsk Oblast without electricity for up to six hours.
The same thing happened in Kyiv in 2016, before the country was hit by the devastating NotPetya attack. The 2017 wave of the NotPetya virus targeted Ukrainian businesses but spilled over to the world. The cybersecurity fallout remains the costliest in history, with a total of $10 billion in damage. The U.K. and U.S. blamed the Russian military for the attacks, but the Kremlin continues to deny the allegations.
The most active phase of cyberattacks has been from 2014 to 2018, but this doesn’t mean that Moscow couldn’t be planning something even more serious, Aushev said.
“No one has cut us off from assets of critical infrastructure or caused other big problems, but it’s as if they are just playing around and trying to warn us about something,” he said.
Lack of unity
Ukraine’s cybersecurity infrastructure has significantly improved since 2014.
The steps to boost the country’s cybersecurity include a decree President Volodymyr Zelensky signed in 2021 regarding the establishment of cybertroops in Ukraine and the formation of a cyberalliance in 2016 that hacked websites spreading Russian propaganda.
While experts claim that the laws on data protection are outdated and the cybersecurity industry still lacks proper financing, top Ukrainian cyber official Victor Zhora believes Ukraine’s defense capability has been improving “rapidly” and is “much stronger than eight years ago.” It will only get stronger with time, he said.
Russia has been steadily increasing the number of attacks on Ukrainian cyberspace but “we have managed to avoid powerful cyberattacks,” Deputy Chairman of the Committee on Digital Transformation Yegor Chernev told the Kyiv Independent.
The total number of the attacks has been growing by 10-12% quarterly, most of which can be attributed to Russia, he said.
Government officials view the Jan. 14 attack as a sign that Ukraine’s defense mechanism is steadily improving, given that there are no official reports of leakage yet. But cybersecurity experts warn that it was only a trick to show how easy it is to penetrate into the Ukrainian system.
Experts claim that the lack of cooperation with the public sector is dangerously exposing Ukraine’s fragile cyberspace for more serious attacks in the future.
There are a lot of good hackers who are willing to volunteer their time to help find cybercriminals, fix current vulnerabilities of government sites and provide other services, but they are reluctant to do so because they could get arrested, Nikita Knysh, CEO of Hackcontrol and co-founder of HackIT, told the Kyiv Independent.
Knysh said that such a private-public partnership requires the hackers to go through a long process of paperwork to gain permission to the assets of the government. But without the right paperwork, there have been many incidents where the “good” hackers have been accused of unauthorized access and were put in jail by law enforcement, according to the expert.
“So, would you, after this, try to cooperate with the cyberpolice?” he asked.
Knysh, who previously worked at the Security Service (SBU) and at the Presidential Administration as an advisor, also accused the state officials of unwillingness to cooperate with the private sector despite not understanding the industry well enough to tackle the issue.
“We want to show them (law enforcement) that we can help,” Knysh said. ”There is talent in Ukraine and the hackers are very talented there.”
When Russian tanks crossed Ukraine’s eastern border in the spring of 2014, Kremlin-affiliated hackers were sending malicious code onto Ukraine’s IT systems to provide political chaos as a smokescreen.
If Russia were to launch a further invasion of Ukraine, cyber is going to be part of the plan, Justin Sherman, a fellow at the Cyber Statecraft Initiative at the Atlantic Council, told the Kyiv Independent.
Cyber expert Knysh believes that the telecommunications system is likely to be the biggest target, followed by electricity, water and supply chain.
Despite the Ukrainian government’s ongoing effort over the past eight years, Russia is a “very sophisticated actor” in cyberspace and is constantly looking for ways to launch an attack on Ukrainian targets, according to Sherman. “The threat from Russia is huge,” he said.
Sherman described how easy it would be for Russia to disrupt much of Ukraine’s internet traffic in a recent blog post. He warned that Russia could easily do so by slicing a single undersea cable in the Kerch Strait that was installed in 2014 by a Kremlin-owned telecommunications company. The move comes with the cost of cutting occupied Crimea from internet communications, the expert said.
Cyber official Zhora said that the government is aware of all the risks that the country may face in the nearest future and the focus has been on protecting critical infrastructure, particularly assets in the energy sector such as the power grid since it is “a very attractive target.”
At the same time, it won’t be an easy task to attack systems of infrastructure through the internet because a lot of them operate manually, according to the deputy chair of the State Service of Special Communication and Information Protection. It’s unlikely that a cyber attack can cause “massive and long blackouts,” he explained.
But nevertheless, Ukraine should still take all potential risks in its cyberspace seriously and build resilience because “we are an object of cyber aggression over the last eight years,” the official said.
Experts have also warned that Ukraine, along with several other former Soviet states such as Moldova, still relies on a Kremlin-controlled electrical transmission system. Ukraine’s grid is still technically connected with Russia, though Moscow dispatchers no longer control the operation of Ukrainian power stations. ConnectingUkraine to the continental European power grid has been on the political agenda for a long time.
Following the attack in mid-January, NATO inked a deal to bolster its cybersupport for Ukraine. The U.S. and the U.K. have also quietly dispatched cyberwarfare experts to help Ukraine defend itself from possible cyberattacks that may take down the electric grid, the banking system, and other critical components of the country’s economy and government.
NATO will continue to help strengthen Ukraine’s defense capability, according to Tarien. But at the end of the day, cybersecurity is “a personal matter” to each nation so every nation must be able to do it on its own, he said.
Russia’s objective is unclear at the moment but it seems to be that the Kremlin wants to turn Ukraine away from the West, and it would use all available instruments to fulfill its objective, including cyber, the NATO expert said.
Cybersecurity expert Aushev said that Ukraine shouldn’t be scared but get ready for the worst case scenarios.
“We need to be ready for the most frightening and unpleasant attack that could happen any moment,” he said.