Why Russia's Cyber Attack on Ukraine Forebodes What's to Come
History suggests it is only the beginning.
Russia has showcased its offensive cyber capabilities for decades. Evidence now suggests Russia was behind a recent major cybersecurity attack on key Ukrainian government websites. The extent of the damage or its consequences are not yet known.
This past week we discussed the Two Main Reasons For Putin’s Ukraine Aggression, but when it comes to prognosticating what Putin will do next, these cyber attacks are particularly foreboding.
Cyber attacks preceded Russian physical attacks in both Georgia (2008) and Crimea (2014). The goal of these initial cyber attacks was to undermine trust in local government authorities. Recent comments by Putin’s spokesperson seem to suggest a similar motive here, despite the denials.
“We have nothing to do with it. Russia has nothing to do with these cyber-attacks. Ukrainians are blaming everything on Russia, even their bad weather in their country.”
The more Ukrainians distrust their government and institutions, the easier it will be for Russia to physically occupy the country.
Cyber is a relatively easy and hands-free way of compromising and destroying domestic will. While this particular attack on Ukraine targeted some 70 government websites, associated malware could have further reaching consequences and render digital infrastructure inoperable.
Let’s take a look at how Russian cyber attacks have set the foundation for their previous physical invasions.
Georgia - 2008
Russia’s invasion of Georgia in 2008 was unprecedented, not in the sense that it marked the first physical European confrontation in the new millennium, but that it ushered in a new era of warfare. Cyberwar. Russia’s cyber offensive against Georgia preceded its physical invasion. It was the first time that cyber attacks were part of a synchronized physical military effort.
Prior to the cyber attacks, there was a build-up of Russian military troops on the Georgian border. Some 8,000 infantry soldiers, in addition to heavy military hardware, engaged in “exercises”, similar to what Russia says they are conducting along Ukraine’s border today. As the confrontation escalated, Russia went on the cyber offensive. They targeted the overall information flow inside Georgia, defaced government websites with Russian propaganda, and attempted to steal military and political intelligence from Georgian networks.
The Russian cyber attacks against Georgia were executed weeks before any shots were fired. They left the local population in disarray from both a lack of information - amidst a crisis when people needed it most - and misinformation on government websites. Certain defacements portrayed the Georgian president at the time as Adolf Hitler. Other key government websites were shut down from Distributed Denial of Service (DDoS) attacks, which overload a website, effectively shutting it down to new legitimate visitors.
When Russian forces attacked Georgia on the night of August 7-8, 2008, it was preceded by a cyberattack, a disinformation campaign, and an all-out effort to meddle in that country's domestic politics.
- Brian Whitmore, Nonresident Senior Fellow, Atlantic Council
In the case of Ukraine today, over 70 government websites were defaced and disabled in a similar manner. In addition, Microsoft discovered malware planted in Ukrainian government systems, which was designed to look like ransomware, but lacked a ransom recovery mechanism. Instead of obtaining a ransom, it was intended to render infected devices inoperable.
Point being, the recent cyber assault on Ukraine is very similar to the Russian cyber attacks on Georgia from over a decade prior. Russia's next move in Georgia was a physical invasion, which they were largely able to execute with impunity from the international community.
Crimea - 2014
Six years after Georgia, Russia had expanded its cyber capabilities. Crimea this time was in its crosshairs. Similar to the invasion of Georgia, the invasion and seizure of Crimea was preceded by cyber attacks.
In the case of Crimea, Russia disrupted its telecommunications systems, which also jammed mobile devices belonging to Ukrainian members of parliament. Russia denied these cyber attacks too, but the timing, targets, and paper trail all pointed to the Kremlin.
“When Russian forces entered the Crimean peninsula on March 2, 2014, they had already shut down Crimea’s telecommunications infrastructure, disabled major Ukrainian websites, and jammed the mobile phones of key Ukrainian officials.”
Crimea and Ukrainian telecommunications systems were primarily built during the Soviet Union era, making them particularly vulnerable to Russian cyber threats. The fact members of parliament simply had their phones jammed in 2014 shows the breadth and depth of Russian cyber capabilities. It is sobering to think of the advances they have likely made almost ten years later.
Next Move - Physical Invasion of Ukraine
The international community’s treatment of the Russian invasions of Georgia and Crimea has set the table for what we are seeing today. Putin was not punished in 2008 for invading Georgia, nor was he deterred in 2014 from annexing Crimea. Thus far, he appears to be following a similar playbook to the moves he made in both of those prior military invasions. First, cyber attacks. Next, physical invasion.
The scariest scenario for both Ukraine and the international community is what a full-scale cyber assault on Ukraine might look like. Russia did not go all the way in either Georgia or Crimea. Crucial websites and telecommunications systems were affected, but the power grid and military communications were largely left alone.
If Russia really wanted to have a devastating impact, it could likely take down Ukraine’s power grid, turn off its heat in the middle of winter, and disrupt military communications. How this would affect the Ukrainian people’s support of a Putin-run regime is another calculation, but regardless, Russia’s cyber capabilities cannot be underestimated.
The likelihood of a physical assault should not be underestimated either. Russia did it on both occasions in Georgia (2008) and Crimea (2014), with far less troops amassed on those respective borders when compared to the approximately 100,000 plus troops on the Ukrainian border today.
With cyber attacks already well underway, the international community cannot stand by as it has done in the past. The United States, Germany, and others must aggressively counteract the cyber threats with offensive measures of their own, targeting critical Russian websites and infrastructure. Unless the responses by the international community are coordinated, swift, and immediate, Putin’s next move is likely a physical invasion of Ukraine if history is any indicator.
And unless he’s effectively deterred and punished, he is unlikely to stop there.