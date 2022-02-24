What does 21st-century cyber warfare look like? Russia might show us.

Russia's invasion of Ukraine will also give clues about what the future of warfare might look like.

Analysts have long speculated that hacking will be a major component of future wars. They’ve even described it as a fifth domain for conflict, in addition to fighting on land, air, sea and space.

Now we might see something like that play out. During the last decade, no highly cyber-capable nation has been in a military conflict as substantial as Russia would be in if it opts to send military forces all the way into Ukraine’s capital Kyiv.

“A Russian invasion of Ukraine may redefine how we think about cyber conflict because it will be the first time a state with real capabilities is willing to take risks and put it all on the line,” Jason Healey, a former White House official who’s now a senior research scholar in cyber conflict at Columbia University, told me.

That invasion appeared to begin in earnest last night as Russian forces hit Ukraine from multiple directions in what the country’s president Vladimir Putin described as a “special military operation.” President Biden condemned the attack, calling it “a premeditated war that will bring a catastrophic loss of life and human suffering.” He vowed “the world will hold Russia accountable.”

Here are some big questions cyber pros are looking at:

How big a role will hacking play in the conflict?

The Ukrainian government has already been hit with a series of digital attacks ranging from hacks that wiped data from computers to those that merely overwhelmed them with digital traffic. Another round of such attacks hit Ukrainian government sites and banks just yesterday.

Ukraine has also been a testing ground for some of Russia’s most brazen cyberattacks in recent years, including a 2015 attack that briefly shut down large portions of the nation’s power grid.

Those attacks could intensify as the conflict heats up.

Silverado Policy Accelerator founder Dmitri Alperovitch outlined three likely types of invasion-related cyberattacks in a recent Foreign Affairs article — attacks aimed at gathering intelligence, undermining Ukrainian military operations and psychologically battering the Ukrainian public.

But it’s not clear if those hacks will play a major role compared with conventional military operations or only a minor one.

A lot of researchers are betting on a smaller role. A recent War on the Rocks article by the scholars Lennart Maschmeyer and Nadiya Kostyuk argued the cyber role in warfare is generally overblown — and might distract from more pressing military concerns.

Yet, common wisdom could shift depending on what happens in the next few months.

“A Russian cyber offensive tied to Ukraine could change all of that, showing that cyber might have far more impact on the battlefield, more coercive power, more lethal and widespread effect than many doubters would expect,” Healey said.

How significantly can Russian hackers undermine Ukraine’s ability to defend itself?

One of the most prominent uses of cyber capabilities in future wars will be as an aid to conventional military actions.

For example, hackers could disrupt the adversary’s communications so leaders can’t send orders and troops don’t get to the right positions on time.

“They’re not going to win the war [with cyber], but they could definitely make it easier,” Aaron Brantly, a cybersecurity-focused political science professor at Virginia Tech, told me. “The whole goal is to create a more permissive environment for kinetic conflict.”

But a lot of questions remain about how effective those tactics will be and how nimbly an adversary might adapt to them.

“This is the first really large-scale conflict where cyber operations could be used extensively as part and parcel of battlefield campaigns, [so] there is a lot of uncertainty,” Jacquelyn Schneider, a researcher at Stanford University’s Hoover Institution focused on technology and national security, told me.

How much hacking will spill out and hit Western nations?

This is the most pressing question from a U.S. perspective.

One concern is that Russia might release a computer bug inside Ukraine that slips out and wreaks havoc elsewhere. This is what happened with the NotPetya bug in 2017.

The Kremlin might also unleash criminal hackers that operate on Russian territory to launch ransomware attacks such as those that hit Colonial Pipelines and the meat processor JBS last year, throttling key industries.

Least likely, but most concerning, would be a major Russian hack targeting U.S. critical infrastructure. That would likely prompt exceptionally strong retaliation from the United States, either through cyber or other means.

Here’s analysis from Ciaran Martin, former chief executive of the United Kingdom's National Cyber Security Centre:

That can't be ruled out. But there's no basis to assert it with confidence. Here are a number of reasonable assumptions which lead to a whole variety of scenarios about the cyber dimension of this crisis beyond Russia & Ukraine 7/ — Ciaran Martin (@ciaranmartinoxf) February 22, 2022

All those realistic scenarios validate the posture of, for example, the US & UK Governments, who warn organisations to be on heightened alert. But these warnings - correctly - are not phrased in panic mode. UK says explicitly 👇no specific threat. 8/https://t.co/mwLJCvOm3T — Ciaran Martin (@ciaranmartinoxf) February 22, 2022

There are some limits to what researchers could learn from this conflict.

Most notably, the vast majority of cyber operations are likely to come from Russia rather than Ukraine, which has far inferior cyberattack capabilities and will be more focused on defending itself.

That means this conflict won’t tell us what it could look like if two cyber powerhouses — such as the United States and Russia or China — go to war with each other.

The keys

Twitter mistakenly deleted accounts exposing Russian disinformation

Researchers have posted evidence on Twitter in recent weeks showing that Russian-made videos claiming to show violence in Ukraine’s separatist regions were faked. But their accounts were deleted, sparking speculation that a Russia-led effort had gotten them banned from the platform, Craig Timberg reports.

In fact, Twitter was responsible. Its reviewers mistakenly concluded that videos posted by researchers were manipulated, Twitter spokeswoman Katie Rosborough said. She cited Twitter’s policy against “synthetic and manipulated media” and said she knew of less than a dozen accounts that were affected.

Bellingcat researcher Nick Waters said he counted 15 erroneously blocked accounts. “He welcomed the acknowledgment of error by Twitter but said such problems have happened repeatedly around the world, including in Syria, Turkey and India,” Craig writes.

The European Union sanctioned the head of Russia’s RT news agency

Russia Today head Margarita Simonyan was among 23 Russian officials sanctioned by the European Union. Others include Foreign Ministry spokeswoman Maria Zakharova and state television anchor Vladimir Soloviev, Bloomberg News’s Alberto Nardelli, John Follain and Natalia Drozdiak report.

Advertisement

Simonyan mocked the sanctions, saying on Twitter that she and Zakharova took out handkerchiefs to cry.

The European Union also sanctioned Kremlin Chief of Staff Anton Vaino, Defense Minister Sergey Shoygu and the Internet Research Agency troll farm, which the U.S. government sanctioned in 2018 over election interference.

In the United Kingdom, regulators are grappling with what to do about RT. Prime Minister Boris Johnson has come under pressure from opposition lawmakers to outlaw the broadcaster. Culture Secretary Nadine Dorries told the U.K. broadcast regulator Ofcom that RT is “demonstrably part of Russia’s global disinformation campaign” and could “look to spread harmful disinformation about the ongoing crisis in Ukraine here in the U.K.” An Ofcom spokesperson told the Guardian it “will not hesitate to step in” if broadcasters break its rules around “due accuracy and due impartiality.”

Advertisement

Stateside: RT’s U.S. subsidiary and a related production company registered as foreign agents in 2017 after they came under pressure from the U.S. Justice Department. In a letter, the Justice Department told RT that the outlet, which is funded by the Kremlin, is a “proxy of the Russian government.”

The Justice Department ended its controversial ‘China Initiative’

The initiative grouped together China-related prosecutions dealing with issues like economic espionage and trade secret theft, but it came under fire for targeting academics and after a string of cases were dismissed. The department is replacing the program with a broader strategy aimed at countering cyberattacks, espionage and other threats from a range of countries, Ellen Nakashima reports.

Grouping cases under the banner of the China Initiative “helped to” create a misperception that it unjustly targeted ethnic Chinese for prosecution, Assistant Attorney General Matthew G. Olsen said.

“On Wednesday, Olsen stressed that the national security threat posed by the Chinese government remains as great as ever,” Ellen writes. “But he also made clear that other countries pose similar challenges.” In recent years, countries like Russia, China, Iran and North Korea have become “more aggressive, more brazen and more capable,” Olsen said.

Global cyberspace

Chinese researchers say they uncovered an NSA cyberattack

The Chinese firm Pangu Lab says it found the malware when it investigated a hack of a “key domestic department” around a decade ago. In the years since, researchers connected the effort to an NSA-linked hacking team known as the Equation Group, Motherboard’s Lorenzo Franceschi-Bicchierai reports.

The Equation Group has been on cybersecurity researchers’ radars for years. In 2015, the Russian cybersecurity firm Kaspersky Lab said the hackers had figured out how to hide spyware within hard drives produced by Western firms. A year later, a group calling itself the Shadow Brokers posted Equation Group tools online. Chinese hackers have used Equation Group tools, researchers say.

Experts speculated about the timing of the Pangu Lab report. While the NSA certainly conducts cyber espionage against Chinese government targets, China has generally been tight-lipped about such hacking. The report could represent “a shifting strategy to become more name and shame as the U.S. government has employed” in calling out hackers backed by Russia and China, Dragos founder and former NSA analyst Robert Lee told Motherboard.

Industry report

Daybook

Jen Easterly and others CISA Directorand others discuss the film “WarGames” at an event hosted by Columbia University's Hacked Film Festival, DEFRAG, today at 7:30 p.m.

New America’s Open Technology Institute hosts an event on the next steps on consumer cybersecurity and privacy labels for connected devices on Tuesday at 2 p.m.

