DEFENCE IN CYBERSPACE: LESSONS FROM RUSSIA-UKRAINE WAR

#1 · 17th August 2022, 5:22 am

Quote from Jamal Nasir on 17th August 2022, 5:22 am
The Russia-Ukraine war was perceived as a modern conflict between two technologically advanced states. Many analysts were of the view that this would be a high-tech war where both countries would employ their state of the art arsenal, including cyber weapons. However Cyber-Armageddon is yet to be witnessed.
Russia is an established cyber power with proven cyber-attack capabilities. During the Crimea annexation campaign in 2014, the Russian Federation was able to launch significant cyber-attacks to undermine the cyber defence capabilities of Ukraine. During this campaign, Russian hackers crippled the banking system to inflict economic loss and defaced official websites to undermine the will of people of Ukraine. Russia used wormable malware which had the capability of affecting cross domain networks by jumping from one domain to another. However this malware also affected networks outside of Ukraine. Russia also used its cyber capabilities during the conflict with Georgia in 2007; these cyber-attacks preceded a military campaign and helped to create a favorable environment by overloading the Georgian government’s official computer networks
Ukraine, which once has the third largest stockpile of nuclear arsenal, opted for denuclearization under the Budapest Memorandum in 1994. The Memorandum consists of a series of political assurances whereby the signatory states committed to “respect the independence and sovereignty and the existing borders of Ukraine”. According to this memorandum, the U.S., Great Britain and Russia offered security assurances to the nation that had won independence when the erstwhile Soviet Union dissolved.
However due to the anarchic character of the international political system, states tend to maximize their power by adjusting their policies. Moreover, offence-defence theory highlights the importance of hardened defence to maintain the status quo. Thus, the weakening of Ukrainian defence provided an incentive for the Russian invasion, first in 2014 with Crimea, and then in 2022 when Russia invaded with more power and broader objectives. Nevertheless, Ukraine responded well, particularly in the cyber realm, defending itself vehemently with the assistance of allied countries and their private tech companies.
Russia has tried to limit the conflict to Ukraine’s geographical boundaries. Attacks aimed at cyber infrastructures are mainly intended for denial of service, espionage, data extraction and data destruction activities. Russia is also harnessing cyber capabilities for influencing operations that are meant to engage its domestic audience to muster support for the government’s policies, against Ukraine populace to undermine their will as a nation and prepare them to demand that their government refrain from further resistance, as well as to influence other nation states and dissuade them from supporting Ukrainian.
While Ukraine is quite successful in impeding cyber-attacks directed against its infrastructures, Russian influence operations have reportedly impacted domestic audience as well as those abroad, especially areas which are against colonialism such as Africa.
Russian cyber influence operations are building on and are connected to tactics developed for other cyber activities. Like the Advance Persistence Threat teams that work within Russian intelligence services, Advance Persistent Manipulator (APM) teams associated with Russian government agencies act through social media and digital platforms.
These actors are pre-positioning false narratives in ways that are similar to the pre-positioning of malware and other software code. They are then launching broad-based and simultaneous “reporting” of these narratives from government-managed and influenced websites and amplifying their narratives through technology tools designed to exploit social media services. Recent examples include narratives around bio-labs in Ukraine and multiple efforts to obfuscate military attacks against Ukrainian civilian targets.
Due to low barriers to entry into cyberspace it is observed that less sophisticated actors can even undermine defence due to availability of off the shelf tools.
Investigations by security studies expert on cyber security give more weightage to cyber offensive actions than cyber defensive measures. They are of the opinion that the ever changing character of cyber threats, such as zero day exploits and capability of cyber weapons to attack surreptitiously, undermine defence in cyberspace. The stealth nature of cyber weapons make them more effective and result in an uphill task for cyber defensive measures to detect. Layering or segregation of different information systems based on their classification can reduce their vulnerability. However, such hardened cyber defensive measures complicates the ease of use, thus defeating two primary objectives of information systems i.e. connectivity and availability. There lies the root of the dilemma: an impregnable system is inaccessible to legitimate users while an accessible machine is inherently vulnerable to pernicious code. Hence, primitive studies of cyber security greatly emphasize gaining ascendance in cyber offensive capabilities.
Ukraine learnt lessons from the 2014 cyber-attacks. The country hardened its cyber infrastructure and launched a cyber-strategy in 2016 to streamline efforts to avert the recurrence of a cyber debacle. The strategy pledged to complete implementation by the year 2020. The country also went into cyber security cooperation with allied countries as well as tech companies to safeguard its cyber infrastructure by incorporating robust defensive measures. International cooperation facilitated Ukraine in relocating its cyber critical infrastructure to safer places in friendly nation states without compromising connectivity and access.
Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyber-attacks. Artificial Intelligence based threat intelligence systems are helpful for early detection of cyber threats. In this regard the country has been benefited from western tech companies such as Microsoft.
Moreover, Internet-connected end-point protection has made it possible to distribute protective software code quickly both to cloud services and other connected computing devices to identify and disable malware.
Ukraine, with the assistance of western tech giants such as Microsoft is able to carry out early detection of Russian cyber influence operations. Sophisticated systems based on AI and broader data sets, and the availability of an increasingly expert staff is helping to forecast and mitigate influencing cyber threats. Social networking platforms including Facebook and Twitter have removed some suspicious accounts associated with the Russian government and which were used to for influencing operations.
For cyber defense, the conflict in Ukraine is instructive. Ukraine’s defensive measures ushered in a new era in cyber security. International cooperation, public private partnership and a well-orchestrated cyber strategy has ostensibly helped Ukraine to thwart a bigger challenge which could have consequential effects on outcome of the war.
Nation states such as Pakistan can benefit from the cyber conflict between Russia and Ukraine. Pakistan has been targeted by different hostile agencies, including being subjected to malicious disinformation campaigns. However, it is a heartening fact that the country has withstood all these endeavors aimed at compromising its cyber structure. According to a UNDP report, Pakistan is currently one of the youngest populations in the world and the second youngest in the South Asian region after Afghanistan. Out of the total population of the country, 64% is below the age of 30, and 29% is between the ages of 15-29 years. The country has a reasonably good literacy rate of almost 63%. Thus the country is well poised to harness emerging technologies such as AI and big data analytics to counter the ever changing cyber threat landscape. A robust national level cyber strategy will play a pivotal role in steering national efforts to safeguard critical cyber infrastructures. International cooperation for relocating cyber infrastructure at a time of crisis can be further explored without compromising access and connectivity.

The Russia-Ukraine war was perceived as a modern conflict between two technologically advanced states. Many analysts were of the view that this would be a high-tech war where both countries would employ their state of the art arsenal, including cyber weapons. However Cyber-Armageddon is yet to be witnessed.

Russia is an established cyber power with proven cyber-attack capabilities. During the Crimea annexation campaign in 2014, the Russian Federation was able to launch significant cyber-attacks to undermine the cyber defence capabilities of Ukraine. During this campaign, Russian hackers crippled the banking system to inflict economic loss and defaced official websites to undermine the will of people of Ukraine. Russia used wormable malware which had the capability of affecting cross domain networks by jumping from one domain to another. However this malware also affected networks outside of Ukraine. Russia also used its cyber capabilities during the conflict with Georgia in 2007; these cyber-attacks preceded a military campaign and helped to create a favorable environment by overloading the Georgian government’s official computer networks

Ukraine, which once has the third largest stockpile of nuclear arsenal, opted for denuclearization under the Budapest Memorandum in 1994. The Memorandum consists of a series of political assurances whereby the signatory states committed to “respect the independence and sovereignty and the existing borders of Ukraine”. According to this memorandum, the U.S., Great Britain and Russia offered security assurances to the nation that had won independence when the erstwhile Soviet Union dissolved.

However due to the anarchic character of the international political system, states tend to maximize their power by adjusting their policies. Moreover, offence-defence theory highlights the importance of hardened defence to maintain the status quo. Thus, the weakening of Ukrainian defence provided an incentive for the Russian invasion, first in 2014 with Crimea, and then in 2022 when Russia invaded with more power and broader objectives. Nevertheless, Ukraine responded well, particularly in the cyber realm, defending itself vehemently with the assistance of allied countries and their private tech companies.

Russia has tried to limit the conflict to Ukraine’s geographical boundaries. Attacks aimed at cyber infrastructures are mainly intended for denial of service, espionage, data extraction and data destruction activities. Russia is also harnessing cyber capabilities for influencing operations that are meant to engage its domestic audience to muster support for the government’s policies, against Ukraine populace to undermine their will as a nation and prepare them to demand that their government refrain from further resistance, as well as to influence other nation states and dissuade them from supporting Ukrainian.

While Ukraine is quite successful in impeding cyber-attacks directed against its infrastructures, Russian influence operations have reportedly impacted domestic audience as well as those abroad, especially areas which are against colonialism such as Africa.

Russian cyber influence operations are building on and are connected to tactics developed for other cyber activities. Like the Advance Persistence Threat teams that work within Russian intelligence services, Advance Persistent Manipulator (APM) teams associated with Russian government agencies act through social media and digital platforms.

These actors are pre-positioning false narratives in ways that are similar to the pre-positioning of malware and other software code. They are then launching broad-based and simultaneous “reporting” of these narratives from government-managed and influenced websites and amplifying their narratives through technology tools designed to exploit social media services. Recent examples include narratives around bio-labs in Ukraine and multiple efforts to obfuscate military attacks against Ukrainian civilian targets.

Due to low barriers to entry into cyberspace it is observed that less sophisticated actors can even undermine defence due to availability of off the shelf tools.

Investigations by security studies expert on cyber security give more weightage to cyber offensive actions than cyber defensive measures. They are of the opinion that the ever changing character of cyber threats, such as zero day exploits and capability of cyber weapons to attack surreptitiously, undermine defence in cyberspace. The stealth nature of cyber weapons make them more effective and result in an uphill task for cyber defensive measures to detect. Layering or segregation of different information systems based on their classification can reduce their vulnerability. However, such hardened cyber defensive measures complicates the ease of use, thus defeating two primary objectives of information systems i.e. connectivity and availability. There lies the root of the dilemma: an impregnable system is inaccessible to legitimate users while an accessible machine is inherently vulnerable to pernicious code. Hence, primitive studies of cyber security greatly emphasize gaining ascendance in cyber offensive capabilities.

Ukraine learnt lessons from the 2014 cyber-attacks. The country hardened its cyber infrastructure and launched a cyber-strategy in 2016 to streamline efforts to avert the recurrence of a cyber debacle. The strategy pledged to complete implementation by the year 2020. The country also went into cyber security cooperation with allied countries as well as tech companies to safeguard its cyber infrastructure by incorporating robust defensive measures. International cooperation facilitated Ukraine in relocating its cyber critical infrastructure to safer places in friendly nation states without compromising connectivity and access.

Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyber-attacks. Artificial Intelligence based threat intelligence systems are helpful for early detection of cyber threats. In this regard the country has been benefited from western tech companies such as Microsoft.

Moreover, Internet-connected end-point protection has made it possible to distribute protective software code quickly both to cloud services and other connected computing devices to identify and disable malware.

Ukraine, with the assistance of western tech giants such as Microsoft is able to carry out early detection of Russian cyber influence operations. Sophisticated systems based on AI and broader data sets, and the availability of an increasingly expert staff is helping to forecast and mitigate influencing cyber threats. Social networking platforms including Facebook and Twitter have removed some suspicious accounts associated with the Russian government and which were used to for influencing operations.

For cyber defense, the conflict in Ukraine is instructive. Ukraine’s defensive measures ushered in a new era in cyber security. International cooperation, public private partnership and a well-orchestrated cyber strategy has ostensibly helped Ukraine to thwart a bigger challenge which could have consequential effects on outcome of the war.

Nation states such as Pakistan can benefit from the cyber conflict between Russia and Ukraine. Pakistan has been targeted by different hostile agencies, including being subjected to malicious disinformation campaigns. However, it is a heartening fact that the country has withstood all these endeavors aimed at compromising its cyber structure. According to a UNDP report, Pakistan is currently one of the youngest populations in the world and the second youngest in the South Asian region after Afghanistan. Out of the total population of the country, 64% is below the age of 30, and 29% is between the ages of 15-29 years. The country has a reasonably good literacy rate of almost 63%. Thus the country is well poised to harness emerging technologies such as AI and big data analytics to counter the ever changing cyber threat landscape. A robust national level cyber strategy will play a pivotal role in steering national efforts to safeguard critical cyber infrastructures. International cooperation for relocating cyber infrastructure at a time of crisis can be further explored without compromising access and connectivity.