Western allies initially feared a tsunami of cyberattacks against Ukraine's military command and critical infrastructure
Hackings, network sabotage and other cyber warfare campaigns are being intensely deployed by both sides as Russia’s invasion of Ukraine grinds on, though the covert operations have not proved decisive on the battlefield — at least so far.
Western allies initially feared a tsunami of cyberattacks against Ukraine’s military command and critical infrastructure, hindering its ability to resist the Russian forces pouring across its borders.
As of mid-September, the Cyber Peace Institute, an NGO based in Switzerland, counted nearly 450 attacks — roughly 12 a week — carried out by 57 different entities on either side since the invasion was launched in February.
Yet with European and US help, Kyiv has largely withstood the high-tech onslaught.
“Large-scale cyberattacks have indeed occurred, but it’s generally agreed that they have clearly failed to produce the ‘shock and awe’ effect some predicted,” according to Alexis Rapin, a researcher at the University of Quebec.
Writing for the strategic studies site Le Rubicon, he said the most devastating attacks often take months or even years to plan and execute, “making it very difficult to synchronise them with a conventional military campaign.”
Another factor may be the massive help Ukraine has had from its allies, including software and expertise to protect its systems as well as counterattacks that may be hampering Moscow’s cyber strategy.
“Russia has been under constant cyber assault over the last few months from an international coalition of volunteer, non-governmental hacking organisations, the most prominent being the ‘Anonymous’ movement,” said Arnault Barichella, a researcher at the Jacques Delors Institute in Paris.
While it remains unclear how effective these “spontaneous” attacks have been, “Russia simply underestimated Ukraine’s cyber resilience, in the same way that it underestimated the country’s armed forces,” he wrote in a recent report.
– Hybrid war –
Nonetheless, the war on Europe’s eastern flank offers on-the-ground proof that cyber assaults will be part and parcel of 21st century armed conflicts.
Even before the first Russian tank rolled into Ukraine, hackers in mid-January launched the WhisperGate malware against around 70 Ukrainian government sites, followed by a distributed denial of service (DDoS) campaign that disrupted banks, radio stations and websites.
Moscow was then suspected of being behind the Hermetic Wiper virus that knocked out some 300 IT systems in Ukraine, while hackers targeted the Viasat satellite operator to deactivated thousands of internet modems.
“Most people did not hear about the fact that almost every Russian attack came with a cyberattack before and during operations — cyber usually does not kill people,” said Eviatar Matania of the Israel National Cyber Bureau.
And in most cases, IT networks that come under attack can often be restored in a few days if not hours, limiting their use when hostilities have escalated to open warfare.
More likely, cyber campaigns will be ongoing between rival states, aiming to destabilise and demotivate as opposed to seeking a knockout blow on the battlefield.
“Currently cyber is more important in peacetime than in conventional war — in cyber we are all the time in conflict,” Matania told AFP.
Rapin agrees that cyber warfare is most suited to sabotage, espionage and information wars aimed at sapping morale — the sort of clandestine warfare waged before any shots are fired.
The tactics appear essential, however, when laying the groundwork for conventional military campaigns in which even just a few hours of having a communications or electricity network offline could offer a decisive advantage for ground and air forces.
“Cyber operations aren’t some magical dust that gets sprinkled on at the end of an operation,” said Colin Clarke, director of research at the Soufan Center security think-tank.
“They are woven into, or closely integrated, with the full suite of US military capabilities and security cooperation activities,” not least pre-battlefield planning, he told AFP.
But the impacts of cyber assaults are often not revealed until months or years after they are deployed.
It took nearly two years before the public learned about the Stuxnet computer virus that allegedly destroyed around 1,000 of Iran’s nuclear centrifuges, used to refine uranium for use in atomic weapons — widely thought to be the result of a US and Israeli campaign.
And if Russian President Vladimir Putin determines that his Ukraine invasion is faltering, the retaliation in the cyber domain could prove more potent than seen up to now.
“You cannot underestimate the danger of a cyber escalation, especially if the Russian military operations on the ground flounder and the Kremlin feels as if its back is against the wall,” Barichella said.