•Its defences have improved a lot since 2014, but weaknesses remain
“BE AFRAID AND prepare for the worst,” read a coded warning left by hackers after they targeted Ukrainian state databases on January 14th. A month later, a powerful cyber-attack paralysed services at two big banks and on the defence ministry’s website. On both occasions, Russia denied involvement. But the messaging was unsubtle, coinciding as it did with the presence of more than 150,000 troops on Ukraine’s borders.
America and Britain say these soldiers could soon be heading for Kyiv, Ukraine’s capital. At the very least, Moscow appears to be rekindling its eight-year-old proxy conflict in the Donbas region of south-eastern Ukraine. On February 22nd the two chambers of Russia’s parliament will meet in an extraordinary session, offering a chance for Vladimir Putin, the country’s president, to present his next move. Russia could recognise the “independence” of the self-proclaimed Donetsk and Luhansk republics, as it did in the case of Abkhazia and South Ossetia following its war with Georgia in 2008, and then use them as a bridgehead for a further push westwards.
But even if Russia does not make a physical move, Ukraine stands in line for an onslaught of a different sort, from the country widely recognised as the world leader in digital warfare.
Ukraine is not the easy target it was when the first Russian attacks hit its electoral systems in June 2014. It now draws on significant local expertise, and gets help from Western security services including America’s Cyber Command. Eight years of experience has made it a world leader in detecting and fixing threats. But Victor Zhora, the sleep-deprived deputy of Ukraine’s own Cyber Command, says Russia is probably keeping its most dangerous tools in reserve. “They are already trying a huge variety of ways to get control over our networks and critical infrastructure,” he says. “Of course, it’s only the tip of the iceberg.”
Andrei Baranovich, a spokesperson for the Ukrainian Cyber Alliance, an activist collective, reported that his group had found backdoors to critical parts of Ukraine’s IT and operations management within two weeks of searching in 2017. Some are even advertised for purchase on the black market: “Water canals, power stations, and even the atomic energy sector—you name it, we found a way in.” The “NotPetya” cyber-attack in 2017, considered to be the most damaging in Ukraine’s history and attributed to Russia by the White House, disabled a radiation-monitoring system at the defunct but still highly contaminated Chernobyl power plant.
The ferocity of Russia’s cyber operations will depend on its wider intentions: whether the aim is to cause pain and perhaps topple Volodymyr Zelensky’s government, to support a conventional military operation or both. Cyber operations could have devastating psychological effects on the Ukrainian population without a missile being fired. “Imagine the panic on Kyiv’s streets if people weren’t able to call one another, war or not,” says Volodymyr Omelyan, Ukraine’s infrastructure minister from 2016-2019. He argues that not enough has been done to protect mobile networks.
A bigger worry is that the Kremlin would shut down power, mobile and internet networks to create chaos ahead of a possible invasion. It could create scares around the country’s 15 nuclear power stations. Dmitri Alperovitch, whose CrowdStrike cybersecurity company uncovered the Russian hacking of the Democratic National Committee in 2015-16, says that Moscow has the capacity to do all of that. It could, he suggests, physically target the dozen data-exchange points that connect Ukraine to the internet, and use electronic-warfare capacities to jam the airwaves in places, affecting mobile phones and other radio-dependent means of communication. Satellite phones have been unavailable for purchase in Ukraine since the start of the year. In the event of a bloody war, internet outages would be particularly helpful for the Kremlin, preventing the dissemination of troop movements and atrocities. If Lenin focussed on the telegraph station, Mr Putin’s generals would be as concerned by TikTok.
But most cyber-security experts argue a complete communications outage would be difficult to achieve. Disabling broadband connections would, they reckon, require a risky physical operation inside Ukraine. The architecture of the country’s mobile network, with overlapping masts, also makes it resilient to nationwide disruption. “We have everything in place to protect the base network,” says Dmytro Shymkiv, a former government official who now serves as chair of the supervisory board of Kyivstar, Ukraine’s largest mobile network. “As long as Kyiv stands, we’ll have a network.”
It may be easier to disable crucial parts of energy, transport and supply-line infrastructure. In 2015 and 2016, Russia attacked the national grid, causing blackouts in three regions; the following year, Ukrainian air-traffic control was disrupted. Andrew Grotto, who was head of digital security for the US National Security Council at the time, says the attacks were a watershed moment. “We had always assumed Russia had the ability, but to see it used against a live target was a big deal,” he said. America sent digital-security teams to Kyiv to learn as much as they could about the emerging capabilities.
In the event, Ukraine was able to restore order by switching to manual control of air traffic and power stations—something that would be extremely difficult in America. Ukraine’s relative technological backwardness turned out to be a trump card. This advantage will probably persist. “What the Ukrainians have going for them is that there aren’t a load of master switches to go after,” says Mr Grotto. “The Russians could achieve some success, but it won’t be like a hot knife going through butter.”
Credit | The Economist