How important is the cyber factor in the war in Ukraine by Federica Nisticò

After more than a month of conflict, there are still few acts of cyber warfare by Russia in Ukraine. Federica Nisticò's in-depth analysis of Aspenia online The Russian-Ukrainian conflict demonstrates how, in the 21st century, the domination of cyberspace took on the connotation of the "fifth dimension" of conflict in addition to land, sea, air and extra-terrestrial space. The cyber sector has thus become an essential element of the new wars; yet, in the light of many more or less specialized and well-informed analyzes of Russia's own capabilities, after more than a month of conflict there seems to be very little evidence and confirmation. Parallel to the Russian military invasion, underway since last February 24 in various parts of Ukrainian territory, at least since 2015 at more or less prolonged intervals a more silent conflict has been fought, that in the domain of cyberspace. In fact, since 2015, Ukrainian infrastructures have been victims of sophisticated cyber attacks mainly of the Anti-DDoS (Distributed Denial of Services) type, however, proving to be rather weak compared to the prevailing assessments on Russian cyber capabilities. In 2022, before the outbreak of the armed conflict, the computer systems of Ukrainian organizations and institutions were again targeted by Russian hackers; a first malware known as "WhisperGate", was discovered on January 13, 2022. The parasite, launched against governmental and non-governmental organizations, has a purely destructive connotation of the system in which it settles: the modus operandi is very reminiscent of that of ransomware (destruction or encryption of data and information on a device, compromising the functioning of the operating system) but in this case the ransom note is absent. On February 23, Ukrainian government websites were hit by a continuing Anti-DDoS attack and a second malware, known as the "Hermetic Wiper". Subsequently, various types of cyber attacks occurred, aimed at compromising systems or stealing data concerning military and humanitarian personnel. Researchers from ESET, the world's leading Slovak digital security company, have identified a third malware called "IsaacWiper", aimed at erasing all files on devices in use in the health, energy and financial sectors. At the dawn of the military invasion, on February 24, there was the most serious cyber attack since the beginning of the war aimed at the partial blocking of satellite services provided by the American Viasat, a communications company contracting the US defense. Although the joint investigations by the French and Ukrainian American services have not yet officially attributed it, Moscow remains the main suspect. Not only is the timing highly suspicious, but the company in question provides satellite services to the Ukrainian army. The attack, caused by the "Acid Rain" wiper malware and aimed at damaging routers and modems, would have been functional in disrupting military communications at the very beginning of the Russian invasion. The side effects also had repercussions outside the Ukrainian borders: the modems of around thirty thousand users in Europe went irreversibly offline. Even today, the service has not been fully restored as it would be necessary to replace all modems damaged by malicious software. Although the Russian attacks, certainly prepared for some time, have a structured and evolved approach aimed at the constant "bombardment" of enemy cyberspace, they did not particularly affect Ukraine's ability to organize resistance. From the Western point of view, a demonstration of greater digital strength was expected, an invasion of the territory accompanied by spectacular hacking attacks capable of interrupting electricity, impeding communications and blocking industries. The reasons why Russia has not shown all its cyber power could be the following. First, the Russian leaders may have wanted to channel their energies into what they believed would be a rapid military campaign, determining that the moderate use of physical force could have been sufficient to achieve the politico-military goals set in the Crimean regions. and Eastern Ukraine. Therefore, the preparation of sophisticated destructive cyber operations would not have been necessary and would have perhaps (unnecessarily) revealed the strengths and the Russian technological superiority. States generally tend to safeguard the most destructive cyber capabilities until they need it, such as countering an existential threat. For Russia, the conflict in Ukraine probably did not fall into that category - at least in intention the initials. Secondly, cyberspace, characterized by the absence of physical borders and by an absolute pervasiveness, does not ensure targeted management of attacks, which could expand towards unwanted targets, like other states. The design of a discreet cyber weapon that responds perfectly to commands and hits a specific target is extremely complex. Putin did not seem to seek an escalation of the conflict with Western countries and fears a joint military response from NATO. Remember that since 2016, the countries of the Atlantic Pact have expressed themselves in favor of activating Article 5 (collective self-defense) even in the case of cyber infiltration, extending the concept of conventional attack to the cyber one. As a contextual figure, it must be considered that 2021 was characterized by an exponential increase in cyber attacks worldwide (+ 68% compared to the previous year) which resulted in a considerable increase in investments in the cyber security sector. by public and private entities. Greater investments mean strengthening of defenses and better resistance to malevolent external actors. A second, more specific consideration is related to the Ukrainian cyber-defensive capacity: in the last five years, the infrastructures of Kiev, continuously targeted by Russian attacks, have significantly strengthened their cyber security, achieving an excellent resilience capacity. This resulted in a rapid regularization of IT systems and an alignment with the global cyber security community and data protection directives. The extremely hybrid and fluid connotation of cyberspace leaves the possibility for non-state actors to actively participate in the conflict, and never as in the Russian-Ukrainian one has there been such a high level of engagement by these actors. Since the beginning of the conflict, Ukraine has been able to count not only on its excellent cyber defense capabilities, but on the strong support of state actors, and some non-institutional ones, such as the hacker collective Anonymous. Anonymous, declaring "cyber warfare" on Russia on February 26, has begun an escalation of cyber attacks, achieving unprecedented media coverage. The group's goal is to launch continuous attacks on Russian IT structures, especially government ones, with various purposes: data theft, service interruption, propaganda. The attacks launched by Anonymous, due to their scarce availability of means, engage Russian hackers at low intensity, but it cannot be excluded that behind the Guy Fox mask other states willing to carry out more sophisticated attacks have hidden or could hide. high intensity. In parallel, the Ukrainian government at the beginning of the war launched an appeal to the digital world by forming a sort of "global IT army" to which anyone with the necessary skills can join. The IT army uses a communication channel via Telegram (a very popular social network) in which target sites and their successes are freely shared. Furthermore, following the disconnection caused by the cyber attack on the Viasat satellite, Elon Musk himself, head of SpaceX intervened in favor of Ukraine by giving access to his company's Starlink satellites. While we have not yet witnessed a destructive cyber operation in the Russian-Ukrainian conflict, it does not mean that this should not happen in the future, or that it is not happening now. It should be borne in mind that the incidence and extent of a cyber attack take time to be measured and revealed, think of the Stuxnet malware, discovered in 2010 but developed since 2005, which hit the Iranian nuclear power plant in Natanz sabotaging the centrifuges devoted to enrichment and doing worse damage than a physical attack. However, the Russian-Ukrainian conflict to date confirms the opinion shared by many experts: the "Cyber War", as a completely autonomous phenomenon and distinct from the more traditional "kinetic" conflicts, will never take place, acting in effect as a mere additional tool, rather than a substitute for conventional acts of force. To quote Thomas Rid, world expert in cyber security, information technology and robotics, "Cyber Warfare has never happened in the past, it does not occur in the present and it is highly unlikely that it will disturb our future". (Extract from an article published on Aspenia online; here the full version)