The absence of any crippling Russian cyberattacks against Ukraine is puzzling experts, but they warn that low-level assaults may be coming, including against the West in retaliation for sanctions.
Even before Russian troops poured across the border into Ukraine last month, Western observers had warned of massive attacks on Ukraine’s IT infrastructure, likely launched by Russian government agents or, by proxy, private hackers which give the government plausible deniability.
The entire range of cyberattacks is within Russia’s capabilities, from blocking banking systems, shutting down power grids and cutting the water supply, to sabotaging communication networks.
Hackers close to the government have in the past targeted corporate IT structures, government websites, planted ransomware and plundered sensitive data as part of espionage efforts, experts say. But in the war against Ukraine, the order for all out cyber-war does not appear to have been given or, if it was, has not translated into much success.
– ‘You don’t burn it down’ –
The most likely explanation is that Russia had been hoping for a quick victory without needing to resort to sophisticated and hugely damaging cyberattacks that require long preparation, according to Jason Blessing, a cybersecurity expert at the American Enterprise Institute (AEI).
“Strategic context is critical for unpacking the use of cyber operations,” he said.
[ Read: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar ]
“If your plan is to instal a puppet government, the last thing you want to do is obliterate Ukraine’s communications networks and other critical infrastructure.”
But President Vladimir Putin’s presumed plan to take Kyiv quickly and set up a Moscow-friendly regime was thwarted by a combination of Ukrainian resistance and the Russian army’s structural weaknesses.
Despite early setbacks, experts say Russia still sees political control of Ukraine as its ultimate aim and does not want to destroy more of the target country than needed to achieve that objective.
“When you think you’re going to take over the house, you don’t burn it down,” said Jim Lewis, who directs the Strategic Technologies programme at the Center for Strategic and International Studies, a think tank.
“This may change now that things are going so badly but the original reason is they thought it would be a quick victory and they wanted to maintain an intelligence advantage” by tapping into Ukrainian communications, he told AFP.
– ‘Know them intimately’ –
If Russia does decide to go after Ukraine’s networks, it will be helped by the fact that they are mostly Russian-made.
“They know them intimately and that gives them stupendous abilities to hack,” Lewis said.
Meanwhile the West is also bracing for possible Russian cyber-reprisals for sanctions, with experts agreeing however that Moscow would keep those limited so they do not come under the definition of acts of war.
“Russia will certainly punish us for what it believes we’ve done,” said David Stupples, a military intelligence specialist at City University London.
He said this would remain at the “nuisance” level rather than “taking down services” which could be considered as an act of war, Stupples said.
“But that nuisance level will be very high indeed,” he said. Last week, private cybersecurity company Mandiant said there could be cyber actions against western targets to find out what governments are planning against Moscow.
“Mandiant anticipates that Russian action against the financial sector outside of the conflict zone will include cyber espionage to gather information about implementation of Western and international sanctions,” it said.
To that end, Russian intelligence services “almost certainly have the ability to coopt criminals residing within Russia”, it said.
Government agencies, financial companies, energy utilities, service companies as well as transport and logistics faced increase risk of hacking, it said.
But Russia is sure to tread carefully, as any major cyber attack could trigger a response by NATO which, under article 5 of its treaty, considers an attack on any member as an attack on all of them.
Meanwhile Western governments are deploying their own cyber arsenal, some of it in direct aid to Ukraine, with the US dispatched soldiers of the US Cyber Command to eastern Europe, said Alexis Rapin, an expert in multi-dimensional conflict at the University of Quebec.
“From what we understand they are spying on hackers working for Russian intelligence so they can warn the Ukraines of any cyberattacks being prepared,” he said.
Related: Russia, Ukraine and the Danger of a Global Cyberwar
Related: Russia vs Ukraine – The War in Cyberspace
Related: Talking Global Cyberwar With Kaspersky Lab’s Anton Shingarev
