Ukraine and the History of Cyberwar
People are much more drawn to images of blown-up buildings, fires, mushroom clouds, refugees in desperate situations, color pictures of pain that look better in black and white than they are to explanations of code or even fallout from code if it isn’t resulting in something blown-up, fiery, or pictures of people in pain that look better in black and white.
That is to say, while we hear a lot about ransomware, temporary business delays, and credit card and ID fraud, it’s not visceral. It flies by on the page and in our heads.
So, what happened to the tales we witnessed before the age of cyberattacks? When was the US Cybercommand only a glimmer in some geeky eyes? What happened to the idea that hacks would elicit physical responses? Not electrons, but bombs.
Perhaps it was a feeling of scale. Perhaps there was an understanding that if we responded to a rising cyberwar with weapons, we might simply end up seeing images of things that would be better in black and white on our own doorstep.
Did we pull back, or did the planners’ brains become sane?
Let’s go through some history.
Back in 2003, a cyberattack originating in China – dubbed “Titan Rain” by the US – gained access to a large amount of sensitive government material by breaching the networks of US government contractors as well as government systems itself. Although only unclassified material was obtained, the world was alerted to this type of attack.
The Joint Chiefs of Staff named cyberspace, along with the air, land, sea, and space domains, a major domain of war in 2004. This was undoubtedly triggered by Titan Rain’s reality. We were only just beginning to think about these issues on a national scale as a society.
In 2007, Estonia was subjected to a widespread cyberattack that targeted its government, banks, and media. It was thought to have started in Russia or with Russian performers. In 2007, NATO established the NATO Cooperative Cyber Defence Center of Excellence (CCDCOE). Continents were finally waking up to the threat and the need to take action.
The CCDCOE began to conduct significant research and write a code on how international law relates to cyber wars and cyberwarfare; past activities were being recognized as acts of war.
In 2012, the CCDCOE published the Tailinn Manual on International Law Applicable to Cyber Warfare, which drew on the expertise of legal experts and practitioners with experience in cyber challenges.
According to the Tailinn Manual, executing hackers in reaction to specific hacks is justified.
Are hackers being killed?!
Meanwhile, other state-sponsored hacks have made their way into the public eye. The Stuxnet Worm was designed to undermine Iran’s nuclear development activities, namely centrifuges used to enrich uranium gas. It is said to be the first virus to attempt and succeed in causing actual damage to physical devices. The first digital weapon, according to Wired Magazine.
It is commonly assumed that the United States and Israel worked together for 5 years to develop this virus. Recognizing the importance and vulnerability of computers and networks, Secretary of Defense Robert Gates authorized the formation of USCYBERCOM in 2009. It is the global and US-based unified command for the digital domain.
In 2016, the group called the 2016 espionage operations against the Democratic National Committee “serious business… [that] may damage democracy.”
Administration officials at the time believed that cyber weapons, like nuclear weapons, were so dangerous that they should only be used on direct orders from the Commander in Chief. I’m not sure whether there is a “Cyber Football” counterpart.
Individual countries can protect themselves and band together to defend each other under UN Charter Article 51. It also provides for the same thing if an armed attack is expected and acknowledges the right to use force in such a case. It permits cyberattacks to be classified as armed attacks.
In 2019, Israel did precisely that, conducting airstrikes on a facility suspected of housing Hamas members preparing a cyberattack against Israel.
The matter was brought up for public discussion again in 2021. NATO heads of state and government convened in Brussels for the North Atlantic Council and released a communiqué that compares cyberattacks with kinetic strikes and leaves the prospect of military action against hackers open.
Still, we observe that cyberattacks—or predicted cyberattacks—by nations are often met by preemptive and post-the-fact retaliatory cyberattacks. Tit for tat, if you will, and even before tat.
Cyberwarfare in Action
The “softening up” cyberattack has been observed in practice in Georgia in 2008, Crimea in 2014, and Ukraine in 2021. The attack is used to weaken and destroy defensive and living systems before launching a kinetic attack, as opposed to launching a kinetic strike in reaction to a cyberattack.
Many people said that the cyberattacks in 2014-2015 were on a completely different — and far larger — scale than had previously been observed. Several Ukrainian banks and government organizations became unreachable, and spyware wiped data from hundreds of PCs and servers using a program dubbed “HermeticWiper.”
However, in recent years, civilians have been accustomed to routine DDOS assaults, data wiping, and ransomware. It’s almost taken for granted that these things are continuous and widespread.
The employment of cyberwarfare and kinetic warfare in tandem has been dubbed “hybrid warfare.”
Nonetheless, the globe is startled that Russian cyberattacks on Ukraine in 2021 and 2022 were far less severe than predicted. To be sure, they were and continue to be ubiquitous. Hackers rendered the Viasat satellites inoperable. However, Russian soldiers and commanders may have also lost contact as a result of this. And Musk’s deployment of Starlink Internet satellites above Ukraine has helped to moderate the onslaught.
Furthermore, Russian malware zombie-fied Ukrainian modems, which were then utilized as nodes for targeted DDOD assaults within Ukraine.
However, the feared malware devastation does not appear to have occurred. We have not witnessed a cyber-Armageddon. Were they more public? Were the US and/or the EU bolstering Ukraine’s cyber defenses or fighting Russia’s offensive cyber capabilities? Newspapers are puzzled, and government insiders openly express astonishment and perplexity that there hasn’t been greater cyber harm.
I’m prepared to bet they know more about this than they’re putting on. But isn’t that nearly always the case?
The following days and weeks will reveal more about Ukraine’s cyberwar. It is likely that Ukraine’s Internet may be completely disrupted. We sincerely hope not.
But one aspect of this history sticks out. We have not seen the widespread kinetic response to cyberattacks that was predicted a decade ago.
Luck? What about cooler heads? Cyber counter-attacks that are invisible? Have you considered a cyber version of the Mutually Assured Destruction concept, which has, in principle, prevented the world from beginning nuclear war? Is huge physical damage enough to satisfy people set on dominance?
The times we live in will undoubtedly shape the periods we will live in. Let us hope and try to ensure that cyberwar does not outweigh the negative impacts we have seen thus far and that we witness fewer sad pictures in the future as a result of less dreadful conditions.