Cyberwar in Crimea? Franz-Stefan Gady for U.S. News & World Report

Commentary | March 10, 2014

There is evidence of cyber warfare in Ukraine, Gady writes, but Russians will be cautious in carrying out cyber attacks or risk retaliation from NATO or Ukrainian hackers. 

Read the full piece on U.S. News and World Report's World Report blog. 

The current crisis in Ukraine has again made one thing very clear: Any future conflict will involve military activities in cyberspace. Last Friday, unidentified men seized several control centers in Crimea run by Ukrtelecom JSC, Ukraine’s telecommunications provider, essentially cutting off the peninsula from mobile, landline and Internet services. Conversely, RT (formerly known as Russia Today) was hacked by unknown assailants. There have also been reports that members of the Ukrainian parliament’s cell phones have been jammed. So far no other confirmed reports have emerged about cyberstrikes on Ukraine’s critical information infrastructure, and up to now hacker forums—a good indicator for “cyber mobilization”—have been remarkably quiet.

Of course, complex government-sponsored cyberattacks can evade detection, but the restraint shown by Russia is not without reason: Sophisticated cyberweaponry, such as the Stuxnet worm, is hard to contain and may affect Russia’s own network and communication nodes. A historical analogy would be the use of poison gas during World War I that could blow, depending on the wind direction, either way. However, the reach of cyberweapons transcends front lines.

The “blowback fear” is not as farfetched as it seems. Unlike Syria, where the country’s critical information infrastructure is highly centralized and where the Obama administration was contemplating cyberstrikes, Ukraine hosts a decentralized critical information infrastructure network and is served by many Internet Service Providers. As an analysis by Internet intelligence company Renesys states:

Ukraine has a strong and diverse Internet frontier, with more than 200 domestic autonomous systems purchasing direct international transit (out of a total of more than 1,650 domestic ASNs). The roads and railways of Ukraine are densely threaded with tens of thousands of miles of fiberoptic cable, connecting their neighbors to the south and east (including Russia) with European Internet markets. The country has a well-developed set of at least eight regional Internet exchanges, as well as direct connections over diverse physical paths to the major Western European exchanges.

Consequently, a “cyber knockout blow” will certainly have repercussions in Russia and other parts of the world. Also, unlike warfare in the real world, cyberwars are won and lost by private sector companies and their ability to protect their networks and spot attacks. Companies such as Gazprom and the Russian nuclear plants bordering Ukraine would be more affected by cyberstrikes due to their mere geographical proximity to Kiev. For now, both Russia and Ukraine appear to be limiting their cybercampaigns to minor exchanges mostly consisting of patriotic propaganda, low-key hacks, as well as physical protection and seizure of network infrastructures.

Russia also showed restraint during its 2008 invasion of Georgia when conducting its cyberwar campaign against the country’s digital assets. The attack consisted mostly of Distributed Denial of Service Attacks, which knocked websites offline for a few hours to days, jammed network communications and disrupted military communication nodes. Russia refrained from destroying civilian critical information infrastructure, such as power plants or digital records in hospitals. Some analysts argued Russia feared that a revelation of its more sophisticated cyberweaponry would tilt the asymmetrical cyberarms race between Russia and NATO even more in favor of the latter.

Today, NATO is playing a role in Russia’s consideration about launching a full-scale cyberwar against Ukraine, as well. NATO could quickly be drawn into the cyberaspects of the conflict by Ukrainian hackers planting false digital leads, which attribute attacks on NATO’s critical information infrastructure to Russia, pitting both sides against each other. Attribution, after all, is still one of the most complex problems in cyberspace, and the greater and more intense a cyberconflict is, the more difficult it will become to trace back the origins of cyberstrikes.

As during the Georgia-Russia War, patriotic hackers are the frontline troops in this conflict—the grunts of cyberspace. Ukrainian hackers have a reputation for talent and ingenuity, and it will be a hard battle for Russian cyberwarriors to obtain what the U.S. Air force calls “cyber superiority” (i.e., network domination), even if it is to Russia's advantage that much of Ukraine’s telecommunications infrastructure was built during the Soviet era.

Almost by definition, this will be a covert war, and we will see only some marginal reflections in public. In reality, there is no certain way to assess Russia’s true intentions and activities in cyberspace.

Yet, given what we know from open-source intelligence, Russia, will most likely exercise constraint in its activities in cyberspace during this crisis regardless of its outcome. The question whether cyberwar will happen over Ukraine is a non sequitur: Cyber may be the fifth domain of warfare, but it is the only domain that permeates all other spheres (air, land, sea, space); therefore, it will play a role no matter what. If a shooting war starts, cyberattacks—particularly on anti-aircraft systems, military and civilian communication nodes—may occur, but Russia will surely think twice before deploying the most sophisticated cyberweapons in her arsenal. 

Photo Credit: mediageek