What the Russia-Ukraine war means for the future of cyber warfare
Russia’s war on Ukraine has been largely defined by indiscriminate shelling and grinding exchange of artillery, but it has also shown how cyberspace will be a central battleground in the future of global conflicts.
Early Russian cyberattacks were a harbinger of a ground war to come, and the battle for hearts and minds is now largely playing out online. And Russia has strategically timed cyberattacks for advantage in its on-the-ground assaults.
Experts said all of these components will likely be present in future global conflicts, with the Russia-Ukraine war cementing cyberspace as an intrinsic component of modern warfare.
“I believe the future of cyberwarfare is going to be more complex, more sophisticated and a lot more destructive,” said Paul Capasso, vice president of strategic programs at Telos, a cybersecurity firm based in Virginia.
“It’s not going away; it’s here to stay,” he added.
In particular, he said more countries will learn to weaponize the internet and social media to influence the public in their favor.
“Everybody wants to win the hearts and minds of their enemies without firing shots,” Capasso said. “The battle of the mind is real.”
According to a report released in May by cybersecurity firm Mandiant, Russian-backed hackers launched several disinformation campaigns intended to demoralize and alienate Ukrainians.
In one of the campaigns, the hackers falsely claimed that Ukrainian President Volodymyr Zelensky committed suicide in a military bunker in Kyiv because he had failed to keep his country safe.
The report also found that the disinformation campaigns happened concurrently with cyberattacks that targeted Ukrainian government websites.
“Russia is very mature in the way that they conduct information operations,” said Matt Marsden, vice president at cybersecurity firm Tanium.
While cyberattacks are becoming an increasingly popular tool to use in wars, Marsden said its more likely to be deployed in tandem with conventional warfare, rather than replacing it.
“Personally, I don’t think that cyber is ever going to replace conventional warfare,” he said. “I see cyberwarfare as a force multiplier and as a way to increase or decrease the effectiveness of conventional or kinetic military operations.”
Though Russia’s effectiveness in cyberattacks has likely been blunted by Ukraine’s cyber defenses, strengthened through Western support in recent years, Moscow has not shown any signs of retreat.
Since the invasion, Russian-backed hackers have repeatedly launched cyberattacks against Ukraine, targeting the country’s critical sectors and key government institutions. Some attacks were successful, while others failed.
In April, Ukrainian officials said they successfully thwarted a Russian cyberattack intended to disrupt the country’s electrical grid. The attempted attack was aiming to hit computers controlling an energy firm’s high-voltage substations. The officials said the hackers behind the thwarted attack were affiliated with Russia’s military intelligence agency, GRU.
Experts said Russia underestimated Ukraine both on the military and cyber fronts.
“I think the Russians expected a walk in the park,” Capasso said, adding that the Ukrainians have learned from past Russian cyberattacks.
Ukraine has made significant investments to improve its cyber defenses following two separate destructive cyberattacks in 2015 and 2017 that targeted its power grid and key institutions.
The 2015 power grid hack left more than 200,000 people without power for several hours, while the 2017 Petya malware attack disrupted key Ukrainian institutions, including banks, government ministries and companies.
In the days leading up to the invasion of Ukraine, there was a sharp increase in cyberactivity before Russian troops crossed the border in late February, and a recent Microsoft report found that Russian-backed hackers unleashed a series of cyber operations against Ukraine as early as last year.
Emil Sayegh, president and CEO of data security firm Ntirety, said that moving forward we’re likely to see other countries follow suit.
“[Cyberattacks] are almost a leading indicator that something physical is about to happen,” Sayegh said.
The Microsoft report also uncovered that cyberattacks were sometimes directly timed with kinetic military operations that targeted Ukrainian services and institutions. In one of their operations, the hackers targeted a Ukrainian broadcasting company on March 1, the same day that Russian forces directed a missile strike against a TV tower in Kyiv.
As cyberattacks continue to evolve and become more sophisticated, experts said hackers will continue to use popular weapons including wiper malware, ransomware and distributed denial-of-service attacks.
“Nothing is off the table,” Marsden said. “Cyberwarfare largely revolves around the [tools] that are most applicable or most effective at the time.”
While cyber warfare has obvious benefits over kinetic attacks — it’s relatively cheap and much harder to trace and attribute — there are also risks for the aggressor, such as attacks spreading beyond the intended target and bringing unintended consequences.
Some Western officials have also indicated that cyberattacks against NATO members, for instance, could trigger an agreement for the entire bloc to respond to provocations against one of its members.
Still, Marsden said the rewards of a well-timed cyberattack make it an appealing option for any military.
“If you can create effects in the right place at the right time, there can be a significant pay off for those efforts,” he said.