Cyberattacks on Ukraine part of wider Russia strategy - ex cyber officials

Russian President Vladimir Putin “works by the book, which also includes critical infrastructure,” they said in an interview.

 Figurines with computers and smartphones are seen in front of the words "Cyber Attack", binary codes and the Ukrainian flag, in this illustration taken February 15, 2022. (photo credit: REUTERS/DADO RUVIC/ILLUSTRATION)
Figurines with computers and smartphones are seen in front of the words "Cyber Attack", binary codes and the Ukrainian flag, in this illustration taken February 15, 2022.
(photo credit: REUTERS/DADO RUVIC/ILLUSTRATION)

Two former cyber intelligence officials said on Thursday that Russia’s cyberwarfare on Ukraine could be a part of Moscow’s wider strategy.

“The news about cyberattacks in Ukraine clearly are just part of the overall campaign,” said Amit Meltzer, who served for a long time in the intelligence community of the Israeli government. “In warfare, the prime targets are the military C&C [command and control], comms [communications], electronic weapons and after that support infrastructure. You can assume that the overt bombings and missile strikes are accompanied by cyberattacks.”

Regarding how much Russian President Vladimir Putin will order cyberattacks on Ukraine’s critical infrastructure, Meltzer said it depends “on the real goals of war. If Putin aims to conquer all of Ukraine, he will likely degrade power, water, trains, airports, roads and retail depots. This is a dangerous gambit, as it is still winter, and taking out the civilian infrastructure could cause millions of deaths even without meaning to. I doubt if Putin wants such scenarios.

“The second phase of occupation is using cyber tools to control public media, the web, and use it to grab whoever opposes the occupation. Cyber monitoring tools will likely be the primary method to populate concentration camps in a prolonged occupation.”

Some had expected Ukraine to put up a better cyberdefense this round, having learned lessons from multiple Russian cyberattacks dating back around a decade. But Meltzer – now a cybersecurity consultant – said that “the West’s ability to help Ukraine is limited mostly to the infrastructure and communications.”

 THE WORLD of cyberattacks has changed in the last year.  (credit: Adi Goldstein/Unsplash) THE WORLD of cyberattacks has changed in the last year. (credit: Adi Goldstein/Unsplash)

He warned that though Western cyber assistance has been in place for some time, many of the cyber personnel who are on loan “will likely evacuate if the Russians break to capture the main municipal hubs. After that, help will take a similar path as in Afghanistan four decades ago, supporting guerrilla and attrition warfare” against Russia.

Former Shin Bet (Israel Security Agency) cyber official Dr. Harel Menashri said that Russia “already undertook cyberattacks against Ukrainian infrastructure in December 2015 and January 2016, knocking out around one-third of its electricity and the Kyiv Airport.”

Currently the head of cyber at the Holon Institute of Technology, Menashri said that Russia this round already undertook “a big cyberattack against the Ukrainian financial sector and critical infrastructure one week ago, and then again yesterday with a broad cyberattack.”

He said that Putin “works by the book, which also includes critical infrastructure.”

NOTING THAT Ukraine’s financial sector has “gone silent,” Menashri said that Moscow could also “shut down the ability of the government to access funds in order to purchase” items that it needs to function and mount a defense.

Regarding Western help with cyberdefense, he said that the US “sold cyber to Ukraine through private corporations, not through the government... Ukraine wanted much more than what it was given. The Ukrainians were given cyberdefense tools and some knowledge, but the US is not handling the cyberdefense itself,” but instead has been trying to empower the Ukrainians.

One hope that the US and Ukraine had, he said, was that cyber is an asymmetric playing field, where a normally weaker and smaller party can potentially have a better chance of keeping up with a physically stronger and larger party.

“The US is trying to help Ukraine with its cyberdefense,” said Menashri. “That does not mean they’ll succeed. Cyber offense is always stronger than defense. No defense is 100% against Russia even if Ukraine has US help.”

Menashri said that Russia managed to pull off a major mega-hack against the entire US government, including intelligence and cyber agencies, in December 2020.

He said that if Moscow has the cyber capabilities to hack the NSA and even steal US cyber weapons, then its cyberattack powers cannot be underestimated.

This is true even though the US is still considered the world’s No. 1 cyber power.

But he noted that there has been no indication that the US gave Ukraine any of its cyberattack tools that could have been used to deter Russia more actively.

He speculated that Ukraine’s improved cyber defenses might slow down Putin’s cyberattacks somewhat, but not completely.

Furthermore, he said that there are lots of different ways to hack infrastructure.

For example, if in 2015-2016 Moscow managed to directly hack a turbine’s system, and Ukraine was able to defend against such a hack, this time, with US help, Putin could still knock out that same turbine by hacking its separate electrical or other systems, which it needs to operate.

“It is very clear that for Russia, cyberwar is part of a full menu of tools... including psychological warfare, disinformation and other methods to support the war effort, harm the adversary and increase the chances of winning the war,” said Menashri.