As the conflict in Ukraine escalates, expert cyber-watchers have been speculating about the kind of cyber-attacks that Russia might conduct. Will the Kremlin turn off Ukraine’s power grid, dismantle Ukraine’s transport system, cut off the water supply or target the health system? Or would cybercriminals operating from Russia, who could act as proxies for the Russian regime, conduct these activities?
Over the past decade, Ukraine has experienced many major cyber-attacks, most of which have been attributed to Russia. From election interference in 2014, which compromised the central electoral system and jeopardised the integrity of the democratic process; to a hack and blackout attack in a first-of-its-kind fully remote cyber-attack on a power grid in 2015, resulting in countrywide power outages; to one of the costliest malicious software attacks, NotPetya, in 2017, which significantly disrupted access to banking and government services in Ukraine and, subsequently, spilled over to France, Germany, Italy, Poland, Russia, the UK, the US and Australia.
On the eve of 13 January, as troops were amassing along the Ukrainian border, about 70 Ukrainian government websites were taken down due to “unauthorised interference”, dubbed WhisperGate. The following day, these websites were defaced with a political threat that Ukrainian data had been leaked and with a warning to “be afraid and expect the worst”. The attacks did not stop there. Almost a month later, further denial of service attacks took down government websites and state-owned banking services. The UK, US and Australia were quick to publicly attribute the attacks to Russia, and name and shame the military intelligence arm of the Russian armed forces (GRU) as responsible for the attacks.
In response to the Russian threat, there have been unprecedented efforts by private and government entities – and even individuals – to support Ukraine’s cyber resilience.
Responding to cyber-attacks and building national cyber resilience has never been – and will never be – the sole responsibility of governments. It requires a whole-of-society approach grounded in international cooperation efforts. For the first time since its inception, the EU rapid cyber response team, with capabilities to detect and respond to a variety of threats, and headed by Lithuania, was deployed to help defend against cyber-attacks targeting Ukraine. The Romanian national cybersecurity agency and a cybersecurity company called Bitdefender launched a public-private partnership to provide pro bono technical support and threat intelligence to Ukraine’s government, businesses and citizens for “as long as it is necessary”. Nato, which has been working for a number of years with Ukraine to increase its cyber defences, signed an agreement a few weeks before the invasion aimed at enhancing cyber cooperation with Ukraine.
The tech community leveraged its resources and knowledge to expose cyber-attacks and threats, and limit their spread. Shortly after WhisperGate, Microsoft shared technical analysis on the tools and techniques used in the attack and recommendations for those affected, and it continues to do so. The Slovakia-based cybersecurity firm ESET exposed the nefarious component of the HermeticWiper malware attacks in February, a malware designed with a component aimed at “wiping” the data out of systems. This timely technical analysis provided vital information to security experts and governments about the technical steps that should be put in place to mitigate and protect against hacks.
At the same time, efforts within Ukraine started to materialise. In what has been referred to as an unprecedented effort in the midst of an armed conflict, a whole “IT army” of volunteers was assembled in response to a request by the minister of digital transformation to support the country’s cyber-defence efforts, with reports of some even operating from within bomb shelters.
The solidarity shown so far is unprecedented and a testament to the benefits and potential of collective action across sectors and communities. As the war continues, this solidarity will become even more important.
Joyce Hakmeh is a senior research fellow for the International Security Programme at Chatham House. Esther Naylor is a research analyst at the International Security Programme