Title: Considering Cyberwar Efficacy: Is Mitigation Possible?

Introduction

The 2022 Russian invasion of Ukraine displayed one of the first full-on cyberwars. As the war passes its one-year anniversary, Russia continues to utilize a broad range of cyber techniques designed to hack, intimidate, disinform, surveil, and disrupt the citizens, government, military, and infrastructure of Ukraine.

While fake news, social media propaganda, and infrastructure hacking have been around for years, this war marks the first massive cyberwar effort designed to synergize with physical warfare. Beginning with pre-invasion data wipes and system hacks to taking down satellite communications at the start of troop deployment, Russia’s cyber efforts have been well-documented. Microsoft stated in its 2022 Ukraine Special Report that “from February 23 to April 8, we saw evidence of nearly 40 discrete destructive attacks that permanently destroyed files in hundreds of systems across dozens of organizations in Ukraine.”

With cyberwar headlines worrying populations around the world, we ask the following questions: How effective are cyber operations in a real war? What determines their success?

After a year of relentless digital attacks, Ukraine’s continued persistence indicates that cyberwar efforts, in the Russia-Ukraine conflict at least, are less effective than previously thought. Understanding how and why could help minimize the threat of cyber warfare in the future.

Cyberwarfare

Cyberwarfare is a coordinated long-term strategic operation composed of many tactical operations and potentially thousands of cyber soldiers. The most institutionalized evolution of malicious cyber activities, it is composed of highly organized attacks deployed by nation-states against enemy states, often in conjunction with physical conflict. Such extensive coordinated efforts may result in damage comparable to traditional warfare. Cyberwarfare doesn’t need to drop bombs to render a target helpless. An aggressor may instead disrupt power grids, gas lines, internet service, and water supplies, and, like traditional warfare, employ propaganda, spying, and disinformation as part of their arsenal.

This global issue impacts national security, defense budgets, and technology resources by requiring extensive monitoring, elaborate contingency plans, costly security measures, and ongoing threat assessments and management that cost billions of dollars. Deploying computer technologies is expensive and 70% of organizations still fail at digital transformation, according to recent consulting group surveys. When these technologies have life-and-death consequences, the stakes are that much higher; as such, the levels of impact must therefore inform the defenders’ decisions. Such choices may include how much money should be spent on cyber defense, how to fill cyber security positions with a global shortage of tech workers, and how to deal with intentional and unplanned hardware and equipment shortages and inability to update systems.

During the war in Ukraine, a multifaceted approach has been key to tackling various threats posed by an array of cyber actors and techniques. To date, the cyberwar in Ukraine has featured disinformation, hacking, hacktivism, and cyberterrorism—all related yet varied concepts.

Disinformation

When Russia annexed Crimea in 2014, disinformation and propaganda abounded, primarily in the form of fake news, to justify the invasion in the eyes of the world. However, in 2022, the United States and others learned from the mistakes of 2014 and quickly deployed a primed “re-information” campaign to expose Russian lies and mobilize Western partner nations into a coherent support body for Ukraine. The success of these sunshine tactics proves Brandeis’ 2013 statement that “[s]unlight is said to be the best of disinfectants; electric light the most efficient policeman.”

This is an important strategy in combatting disinformation, and one that is not particularly expensive or difficult. But it does require preparation, a unified response, and commitment to openness by all parties. Fake news has been weaponized, but its effects can be reduced through proactive measures such as improving media literacy, introducing or promoting objective public broadcasting, and promoting internet openness and accessibility.

Hacking

Hacking, a term coined shortly after computers began their rise in the latter 20th century, has two definitions: unusual applications of a technology beyond its original intent or unauthorized usage of a system with often negative consequences. We generally focus on the latter, which includes hacking into systems to steal data or trade secrets, intercept communications, or disrupt operations, among others. For example, Notpetya, a 2017 Russian wiper virus initially deployed to disrupt Ukrainian ministries, banks, and metro services, cost governments and businesses around the world over $10 billion in damages.

Working to identify enemy actions, Microsoft found that hackers targeting Ukrainian systems “use a variety of techniques to gain initial access to their targets, including phishing campaigns, exploiting unpatched vulnerabilities in on-premises Exchange servers, and compromising upstream IT service providers. This initial access allows them to conduct operations for destruction, data exfiltration, and persistence for longer-term espionage and surveillance.”

Microsoft noted that nearly half of the exploits employed against Ukrainian systems have been aimed at critical infrastructure. Attacking infrastructure tends to be more concerned with taking down facilities and networks, disrupting civil infrastructure such as trains or utilities, generating denial of service attacks, disrupting communications, and generally seeking to obstruct enemy operations.

To combat enemy hacking, Ukraine has taken advantage of the formidable resources of nation-state allies and individuals, along with Western tech giants like Microsoft. Microsoft was not only able to identify these activities but also defend against them and put proactive fixes in place. This collaboration has demonstrated that cyber partnerships can be invaluable in wartime for non-war-related organizations, such as regular businesses, to avoid unintended consequences from the war, and to defend against Russian efforts against Ukrainian allies.

Digital Activists and Hacktivists

Digital activists mobilize through social media, document injustice through shared cellphone videos, or use digital tools like Change.org for petitions. During the war in Ukraine, digital partnerships have illustrated that defense isn’t always about hacking or fighting. Websites run by Ukrainian and Belarus partisan groups elicit donations and supplies from individuals to augment sometimes meager financial resources.

‘Hacktivists’ tend to have more complex motives and methods than digital activists. The term hacktivism combines activists and hackers and focuses on a social agenda and achieving change. Hacktivists often engage in high-visibility acts that draw attention. Previous hacktivist actions against Russia and Ukraine have included Distributed Denial of Service Attacks (DDOS), virtual sit-ins, defacing websites, and other acts of mischief designed to disrupt the regular operations of government websites and services, strategic private organizations, financial institutions and major utilities such as power plants or gas lines.

International volunteer hacktivists who fight for Ukraine from around the world have been a key resource in the war effort. One of the most well-known groups involved in the Russia-Ukraine conflict is Anonymous, which took down PayPal, Visa, and Mastercard in 2010. For instance, Anonymous exposed millions of Russian records including emails and personal data in one exploit, and created a monumental traffic jam in central Moscow in another. Such actions hit Russian citizens hard and aimed to shake confidence in the Russian government.

Another hacktivist organization, Cyber Partisans, partnered with the Kastuś Kalinoŭski Regiment, an anti-Russian Belarussian military group made up of volunteers fighting for Ukraine. As Belarus has been used by Russia to bolster its invasion operations, the partnership between Belarussian partisan groups is a strategic relationship that fortifies cyber defense and offense efforts. Coordinated actions align virtual attacks with physical attacks, producing more effective results.

While the Russian cyberwarfare effort has been infamous for its usage of synchronized cyber and military strikes, the same tactics can and should be used in Ukraine’s defense. Engaging in partnerships or coordinating action with hacktivists can both weaken support for the adversary government and provide logistical and offensive support for physical operations.

Cyberterrorism

Sometimes hacktivists evolve into cyberterrorists, although this step is not inevitable. Cyberterrorists may include nation-states, social movement organizations (SMOs), and occasionally lone-wolf actors. The purpose of cyberterrorism is similar to terror in general: illegal acts that frighten and disrupt populations, recruit members, spread propaganda, and support terrorist operations.

Cyberterrorism in this conflict has exploded, impacting regular citizens around the world along with governments. Just the existence of cyberterrorism causes concern for citizens and is one of the primary worries for Americans in 2023 according to a recent Gallup poll. Thus, just by its existence, cyberterrorism succeeds in its aim to sow fear.

However, it should be addressed through proactive measures and effective response protocols. From another perspective, we see that American ingenuity and optimistic capitalism have leveraged this danger into opportunity, such as the recent success of Silicon Valley cybersecurity startup CrowdStrike, which uses modern “adversary-focused” strategies to foil attackers.

Conclusions

We have entered a new stage of warfare and conflict. Cyberwar is no longer experimental or kept under Top Secret protections, and leaks abound. It is a specter that has haunted us for decades with science fiction and enthralling headlines. However, for once, the hype may not be as devastating as we feared as new defense strategies emerge.

When Russia invaded Ukraine, many believed it would be a quick battle due to Russia’s technical superiority and greater numbers— especially when Viasat communications fell early in the war due to cyberattacks. However, a combination of Ukrainian tech skills and commitment, savvy diplomacy among Western tech companies and friendly nations, and engagement with international pro-Ukraine hacktivists produced an effective cyber defense that appears to be keeping pace with new attacks.

In short, the ability of thousands of virtual soldiers to fight in the war against Russia has made a significant difference for Ukraine. Their actions often promote physical outcomes and battle success, but perhaps more importantly, reduce faith in the Russian government for both Russian citizens and global watchers. This in turn impacts how neutral parties and potential Russian allies stand in the conflict.

Other governments working to defend against Russian cyber incursions should look to Ukraine as an example. Ukraine’s multifaceted response has revealed the means by which future cyber combatants can shore up defenses and weather cyberwar. By preemptively combatting disinformation, engaging in partnerships with tech giants, and leveraging civilian digital engagement, a country can assemble an effective response to a multi-front cyberwar.

The future is likely to hold more creative partnerships, such as Microsoft and Ukraine or Cyber Partisans and the Kastuś Kalinoŭski Regiment. Diverse multi-national defense efforts are also likely to continue as cyber warriors around the world flock to support nations under attack, engaging individuals on a personal level in addition to national-level efforts. The information age has also afforded massive defense benefits through the coordination of real-time communications, such as we’ve seen in social media posts and videos. When nations, individuals, and private organizations work together for freedom, transparency, and democracy, maybe humanity really does have a chan

…

Jordana J. George is an Assistant Professor of Information Systems in the Mays Business School at Texas A&M University. She earned her Ph.D. in Information Systems at Baylor University. She holds an MBA from Penn State University and an MFA from the University of California at Davis. A former manager with two decades in technology management roles, she researches the social impact of information systems. Her work has been published in the Journal of Operations Management, Journal of Management Information Systems, Information and Organization, Communications of the AIS, and Information Systems Management, among others. She is on the editorial board of the Journal of the AIS, serves as a JAIS managing editor for workshops, has co-chaired a societal impact minitrack at the Hawaii International Conference in Systems Science since 2019, and is a frequent contributor on Data Philanthropy topics at The Conference Board.

Image Credit: Microsoft