본문 바로가기
IFANS FOCUS Cyber Warfare in the Russo-Ukrainian War: Assessment and Implications 송태은 안보통일연구부 조교수 발행일 2022-08-04 조회수 4476
페이스북 트위터 카카오톡

이메일 보내기

* 모든 항목은 필수 입력 사항입니다.

* 받는 사람 이메일
* 컨텐츠 주소
* 제목
* 메시지
Ⅰ. Introduction
Ⅱ. Patterns of Russia’s Cyber-attacks
Ⅲ. Ukraine and the West’s Response
IV. Assessment
V. Policy Implications



Ⅰ. Introduction

The Russia-Ukraine war which began earlier this year is the first full-fledged conflict involving cyber operations. With the war raging on, observers around the world have been presented a rare opportunity to take a closer look at how cyber warfare activities could unfold in a full-fledged long war and how these activities shape the developments on the battlefield. For many years, the international community has engaged in a series of discussions to shape global norms on cyber-attacks, but discussions have largely been confined to cyber operations in low-intensity, localized, and short-term military conflicts or cyber-attacks that do not accompany military action. The war in Ukraine has demonstrated the potential of cyber warfare in full-fledged conflicts and how it could shape modern warfare. The situation unfolding in Ukraine also tells us much about the inherent limitations of cyber operations.

Russia had orchestrated a series of high-profile cyber-attacks against its opponents to pose “hybrid threats,” prompting speculations that the Kremlin might once again leverage its cyber warfare capabilities to gain an edge in Ukraine. Contrary to expectations, Russia’s cyber activities against Ukraine appear to have had a limited impact on the battlefield. As Russia’s cyberattacks in the ongoing war appears to be less destructive, the question is whether cyber operations in a full-blown war could be as effective as military operations involving physical attacks, as is the case in localized wars in which cyber operations play a significant role.

The ongoing cyber warfare between Russia and Ukraine, however, is much more complicated than how it is portrayed in the media. Various forms of cyber-attacks and defense strategies used by each party are complicating the picture, which requires close observations to get an accurate assessment of the situation. Russia has used multiple tactics to launch cyber-attacks since it invaded Ukraine, but the attacks have had a limited impact so far, given the magnitude of Russian cyber capabilities. This is in part because the West has fully supported Ukraine to bolster its cyber response. The West and Ukraine have also built a solid defense posture to stay resilient on the cyber battlefield.

Moreover, the recent cyber warfare between the two countries involves multiple actors conducting cyber assaults with complex strategies. And while countries tend to avert escalation on the ground, things spiraled out of control in cyberspace. The unfolding cyberwar between Russia and Ukraine has unleashed the potential of various actors at all levels, allowing them to engage in cyber-attacks in an unbridled manner. In other words, the cyber battlefield is becoming more unstable and unpredictable. 


Ⅱ. Patterns of Russia’s Cyber-attacks

The latest cyber-attacks on Ukraine could be seen as part of the Kremlin’s attempt to achieve an advantage before a physical war plays out on the ground. Russia carried out a string of extensive cyber-attacks on Ukraine for several months before invading the country on February 24. Since it invaded Ukraine, the Kremlin has deployed the largest and longest cyber-attacks in the history of cyber warfare. 

On January 14, 2022, Russian hackers attacked and defaced about 70 Ukrainian government websites, including those of the country’s foreign ministry, energy ministry, finance ministry, and other crisis management agencies. And on January 15, 2022, the so-called WhisperGate attack took down Ukrainian government websites. On February 15 and 16, more DDoS attacks temporarily defaced the websites of two Ukrainian state-owned banks as well as the country’s defense ministry, the foreign ministry, and culture ministry. And just 10 hours before Russia began its military assault on Ukraine, Russian hackers used another wiper known as HermeticWiper against Ukrainian government computers and those of about 300 companies in the country. Tom Burt, Microsoft’s corporate vice president, said the Russian invasion of Ukraine started on February 23, given the scale of cyber-attacks Russia orchestrated before its military action.  

Just an hour before Russian troops invaded Ukraine, Russian government hackers targeted the American satellite company Viasat, which is arguably the largest publicly known cyber-attack to take place since the invasion. The purpose of the attack was to cripple Ukrainian command and control, which relied on Viasat’s satellite terminal. Microsoft tracked almost 40 large-scale cyber-attacks carried out by Russia on Ukraine from February 23 to April 8, and as the war drags on, Russian cyber-attacks continue to hit various government agencies and private firms in Ukraine. 

One of the distinctive features of the cyber-attacks launched by Russia since its invasion of Ukraine is that Russia’s military and cyber-attacks have operated in tandem throughout the war. Russia seems to be repeatedly coordinating cyber-attacks with its military campaign. This suggests that cyber-attacks are no longer a new type of campaign - they are now an integrated tool used alongside the military to disrupt an adversary. 

 
Ⅲ. Ukraine and the West’s Response

In response to Russia’s February 15 cyber-attack on Ukraine, U.S. deputy national security adviser Anne Neuberger said on February 18 that Americans have evident data showing that infrastructure connected with Russia’s military agency, generally known as the GRU, “was seen transmitting high volumes of communication to Ukraine-based IP addresses and domains.” It was unusual for the U.S. to publicly hold a country accountable for malicious cyber activity. A quick response from the U.S. signifies the broad scope of Russian cyber-attacks and highlights the urgent need for the West and Ukraine to build resilience against cyber-attacks. 

After Russian airstrikes on Ukraine’s internet infrastructure, Ukrainian officials pleaded for Elon Musk’s SpaceX to dispatch their Starlink terminals to the country to boost Internet access, and Starlink service is now active in Ukraine. Starlink is a commercial satellite provider, but in embattled Ukraine, its services are being used on the battlefield. Ukraine’s aerial reconnaissance force has used Starlink to connect directly to drones that have executed high-precision attacks on Russian forces. 

The Ukrainian government had previously banned the country’s key agencies from using Microsoft cloud service, but a spate of Russia’s wiper attacks on Ukraine prompted the country to change its stance. On March 16, 2022, the Ministry of Digital Transformation revised the country’s data policy to allow Ukrainian agencies to use cloud services to store data. 

In a rare move, the U.S. government recently confirmed that military hackers have conducted cyber operations in support of Ukraine. The government acknowledged that it has conducted a series of operations across the full spectrum; offensive, defensive, and information operations. This is to send a warning that the Kremlin’s malicious cyber activities will be met with the West’s aggressive response.

 
IV. Assessment

1. Russia’s Cyber Warfare Capabilities

As the war in Ukraine approaches the six-month mark, it is generally considered that Russia’s cyber warfare capabilities are not as formidable as expected when the Kremlin unleashed a war on Ukraine. Russia’s limited use of cyber warfare capabilities could be related to President Putin’s failed blitzkrieg in Ukraine. Nonetheless, numerous international observers view that Russia’s cyber warfare capabilities had been overrated as the Kremlin’s wartime cyber campaign falters. So far, Russia seems unable to afford to wage destructive cyber warfare outside of Ukraine, struggling to prevent cyber-attacks on its networks from Ukraine and the West. With some observers in the international community raising concerns about Russia’s cyber retaliation for U.S. and Western aid to Ukraine, the West’s experts view that the Kremlin is unlikely to launch full-scale cyber-attacks on the West as such moves will likely drain its resources that should be focused on striking Ukraine.
 

2. Cyber Platforms and Space as a Domain of Military Operations

Russia’s first target was Ukraine’s information and communication infrastructure and its cyber platforms. This shows that securing platforms in cyberspace manifests a country’s actual warfighting capabilities. Starlink’s services promptly activated after Russia’s invasion, played out as the critical element while the civilian population and the Ukrainian military are making a defiant, perseverant stand against Russian forces by providing them with access to cyberspace. This has resulted in fully-fledged efforts to recognize and foster space as a domain of military operations.


3. Private Sector Actors’ Fully-fledged Involvement in Cyber Warfare

Russian-Ukrainian cyber warfare has led non-state actors to carry out all-out military activities in cyberspace. The West IT companies, with their tight monopoly on the world’s digital platforms, stemmed the flow of technologies critical to Russia’s cyber psychological warfare. Due to the fully-fledged intervention of non-state actors in cyber warfare, the international community’s efforts to form norms related to cyber warfare in the future will likely face complex challenges in the day ahead.
 

4. Cyber Warfare Preparedness in Peacetime and Effectiveness of Efforts to Boost Resilience in Assisting Allies 

The cyber warfare between Russia and Ukraine tested the effectiveness of the West’s response to “hybrid threats,” including cyber-attacks on NATO members and Eastern European allies, which have been led by NATO since 2016. At the 2016 Warsaw Summit, NATO officially recognized cyberspace as a domain of joint military operations. Since then, NATO has braced itself for various types of cyber warfare and conducted multiple large-scale cyber warfare drills with member states and partners. Ukraine also endeavored to respond to Russia’s cyber-attacks and psychological warfare by forging cooperation and conducting simulation exercises with the West before the war.
 

V. Policy Implications

Recently, the Ministry of Foreign Affairs of the Republic of Korea mentioned the possibility of establishing a Science and Technology Cyber Bureau (tentative name) to address cyber security issues in both economic and military domains, and it is anticipated that the new Bureau will strengthen Korea’s responsiveness to cyber threats and diplomatic capabilities. As the U.S. State Department just established the new Bureau of Cyberspace and Digital Policy (CDP), which will be the counterpart of the ROK’s new Bureau, the two sides could accelerate efforts at advancing cooperation on cyber security issues. 

The most urgent task that tops the priority list of the ROK’s Ministry of Foreign Affairs to prepare for cyber warfare is to establish the strategic communication system, which is the most important element in addressing various “hybrid threats” that frequently coincide with cyber security threats. And it seems that the Ministry needs to forge and deepen close interagency cooperation in building such systems. In preparing for possible cyber attacks and various threats, it is imperative that all government agencies establish and utilize the strategic communication system in facilitating information sharing, sending out messages, and making prompt decisions, to effectively formulate and implement responses to cyber-attacks and other security threats. 

Additionally, the Ministry of Foreign Affairs needs to craft and implement consistent cyber security policies in terms of foreign and military affairs by promoting multi-dimensional cyber security cooperation in sync with developments in cyber security cooperation between the U.S. and ROK and other types of multilateral security cooperation. Furthermore, it is advised that the Korean government should create a detailed, multi-layered plan for its cyber security diplomacy by calibrating the scope of issues, level, and the nature of cooperation to deal with cyber security threats in tandem with like-minded countries such as the U.S., Japan, Australia, Canada, New Zealand, and European countries. 

What deserves attention about the cyber warfare between Russia and Ukraine is that private sector actors have been significantly contributing to transnational cooperation in terms of cyber-attacks, defense, and the conduct of cyber psychological warfare. It should also be noted that cooperation with the private sector does not come into being overnight when a contingency erupts. Rather, consistent efforts to share information on the cyber security environment with a shared perception of threats and to foster tangible cooperation in response to cyber-attacks in peacetime are prerequisites. Therefore, it is imperative to facilitate information sharing between IT companies and the government, obtain private-to-public assistance, exchange experts, conduct joint research projects, and make concerted efforts to increase presence in relevant international cooperation. On top of that, the government needs to continue efforts at advancing cooperation and partnerships with the private sector by strengthening partnerships and solidarity with private sector actors and establishing various channels for strategic discussions and joint drills to create a shared perception of security.


* Attached the File
#CyberWarfare #RussoUkrainianWar #DigitalPlatform #ITCompanies #NonStateActors
다운로드
The Full Text.pdf
이전글
Legal Accountability For the Crisis in Ukraine
다음글
Legal Accountability For the Crisis in Ukraine
메뉴 담당자 정보 안내
메뉴담당자연구행정과 전화02-3497-7760