Why did not Russian cyber warriors hit Ukraine hard?

Two months into the Russian war on Ukraine, we are beginning to understand the Internet's role in Europe's largest ground war since World War II.

While there were some initial surprises, we now find Ukraine and the United States in a position focused on limiting Russia's digital operations within the war zone and preventing it from escalating cyberattacks internationally.

On the other hand, Russia is trying to abandon its technical tools from a tactical logic, reassert itself as a force to be feared, and keep world leaders guessing about its capabilities and intentions.

In his article published by the National Interest, writer Clone Kitchin says that he believed that the conflict in Ukraine would begin with large-scale Russian cyber-attacks on Kyiv's military command and control, air defense, civilian communications, and critical infrastructure networks.

The rationale was that these operations would provide significant military advantages, fall within Russia's known electronic capabilities, and would not pose a significant threat to the attacker.

While the early hours of the invasion included a hack of US communications company Viasat and limited “wiperware” and “distributed denial-of-service” attacks known as DDoS, the expected cyber attack did not materialize. .

The three reasons

There appear to be 3 main reasons why Russia did not take this step:

First, it appears that Moscow has made a strategic choice not to carry out a large-scale destructive cyber attack, in order to control the military escalation.

While Russian hackers have previously used attacks like the NotPetya worm in Ukraine, the fact that this attack eventually spread around the world and caused at least $10 billion in damage including within Russia may have convinced the Russian president. Vladimir Putin not to use similar attacks.

This was certainly the right decision, given that NATO is already concerned about cyberthreats, and it is unclear whether large-scale cyberattacks hitting a member would result in the alliance's Article 5 obligation to mutual defense.

Second, Russia may have left Ukraine's critical infrastructure intact because its military needed it. The ability to deploy secure and tactical communications is an essential capability of modern combat.

However, Russia has completely failed to do so on the scale needed in Ukraine.

Instead, the Russian military frequently used commercial radios and civilian telecommunications that were easily intercepted and exploited.

While this dependency is surprising from a military capabilities perspective, it explains the lack of offensive cyber operations against communication networks.

According to the report, Moscow refrained from carrying out a large-scale cyber attack;

To control the military escalation (Reuters)

Likewise, critical infrastructure may not have been targeted because Russian forces assumed they would quickly achieve a decisive victory, and that isolating vital services such as water and electricity would be necessary to restore order and prevent significant civilian opposition.

This also - although very optimistic - helps explain why these sectors are not isolated.

Finally, Russia attempted other cyber attacks, but was successfully repelled.

Last week, General Paul Nakasone, the commander of US Cyber ​​Command (USCYBERCOM), testified before Congress that the so-called "hunt" teams deployed in Eastern Europe in December of last year were working with Ukraine to strengthen its networks and expel Russian hackers.

These teams have been in the ring and have been engaging in face-to-face online combat with the Moscow Black Hat hackers ever since.

Last week, for example, the Department of Justice revealed that the FBI had secretly removed Russian malware from computer networks around the world, including from some networks owned by US companies without their permission.

The FBI took similar action last year and appears ready to do so again, justifying the move as these threats are too large to delay responses due to slow or unequal efforts by the private sector.

The administration of US President Joe Biden also issued a warning to commercial owners of critical infrastructure, asking them to redouble their defenses against threats such as ransomware. prevent or mitigate attacks tomorrow."

The US government is also cracking down on Russian-backed non-state hackers, such as various ransomware groups operating within Russia's borders.

In the weeks before and after the war on Ukraine, the US Cyber ​​Command and the FBI dismantled many of these groups' technical infrastructure, cut and even recovered some of their cryptocurrency funding, and charged key members.

Tech giants are at war

But the government is not alone in this fight.

Microsoft, Google, Meta-owned Facebook, and other private companies are also actively working against Russian cyberattacks, removing destructive software, blocking advertising, and helping Ukrainian users secure their data.

These and other efforts aim to secure America and its allies and partners from malicious cyber-attacks. This requires sustainable, multidimensional operations, and will only succeed if implemented in partnership with the private sector.

Anything less than this will result in failure.

Russia, for its part, is still dangerous and out of the game.

The Office of the Director of National Intelligence, for example, says that Russia remains the "largest cyber threat" that "is particularly focused on improving its ability to target critical infrastructure."

While its military operations in Ukraine have exposed many previously hidden weaknesses, its cyber capabilities are formidable and well-defined, and Putin's online strategy is driven by political calculations, not by a lack of capabilities.

In short, it would be wrong to conclude that the conflict in Ukraine undermines the idea that cyber operations are an important part of modern warfare that poses a serious threat to international peace.

Indeed, other global competitors such as China are likely to note Russia's failures and conclude that the lack of decisive digital attacks has been a key variable in Moscow's losses.

Putin himself may soon conclude that large-scale disruptive cyberattacks, in the United States or elsewhere, are the best way to reassert himself, intimidate his opponents, and regain the advantage;

But this miscalculation would be very costly.