What does Ukraine tell us about cyber warfare?

The participants included representatives from NATO, from the Swiss Armed Forces, from the International Committee of the Red Cross and security analysts. It was a thought-provoking event, and it prompted me to devote our latest episode of Inside Geneva to the same topic.

Some of our readers and listeners will remember the Arab Spring. Back in 2011, the term “citizen journalist” defined some of the events. Thousands of people, many of them young, took to the streets in Tunisia, Egypt, eventually Syria, demanding change, demanding more representation, and more democracy.

They shared their thoughts and experiences online, and the immediacy of the news of what was happening across the Arab world led many of us, myself included, to think that this was a new freedom, a way to defy the autocratic governments who controlled the media.

Sadly, many of those countries still have autocratic rulers, and they have learned to use cyberspace too, not to liberate but to repress. At the same time defence departments around the world have all had to look at cyberspace and assess how could they use it in a war, and how it might be used against them in a war.

More

Inside Geneva: Cyber Wars

This content was published on Jan 24, 2023 The war in Ukraine is almost a year old. In this episode of the Inside Geneva podcast, we ask our guests what role cyberwarfare has played.

Read more: Inside Geneva: Cyber Wars

Russian trolls

Long before Russia invaded Ukraine, western countries knew Moscow was using cyberspace to spread disinformation, and, it is believed, to influence policy and elections in western democracies.

Russian troll factories, communicating in English, and using fake identities, set up thousands of accounts on social media platforms, and used them to promote positive views of Vladimir Putin, and to sow doubt and division among western countries grappling with big issues from Brexit to Black Lives Matter.

So when Russia invaded Ukraine, everyone expected Moscow’s aggression to consist of more than the usual tanks rolling across the border. Cyberwarfare can extend from disinformation, to knocking out vital infrastructure, to disabling the enemy’s communications systems in preparation for a kinetic attack. Russia, it was believed, was well versed in all of this.

“Everybody was expecting when cyber was used in warfare, that there would be some cataclysmic, major humanitarian impact of the use of cyber,” Charlotte Lindsey, the Cyberpeace Institute’s Director of Policy told Inside Geneva.

In fact, the cataclysmic use of cyber did not happen; Russia’s ground and air attacks on Ukraine’s towns and cities have had a devastating humanitarian impact, but there were no visible ‘knock out’ cyberattacks of the kind many expected.

That does not mean, NATO’s head of Cyber Defence Section Christian-Marc Lifländer pointed out at that debate, that there had been no cyber aggression from Russia. “Cyberspace has been central to the war in Ukraine,” he said. “It has been used to shape the battle space, cyberattacks were used to lay the ground for the invasion.”

There were attacks on Ukrainian communications, to disable the government’s ability to communicate with the population, he said, to sow disinformation, and there were data wiping malware attacks on Ukrainian institutions. So the perception that there had been little in the way of cyberwarfare was, he said “a dangerous misdiagnosis.”

Control of information

The picture that is beginning to emerge then, is a stealthier one than we might have expected, but nevertheless harmful. As Max Smeets of Zurich’s Centre for Security Studies told the debate: “In the case of Russia what we have seen are very specific efforts to make sure that some of the key parts of the Ukrainian internet will be connected to the Russian internet, that then provides them with new ways of ownership, control and monitoring.”

Or, as Lindsey puts it more bluntly on Inside Geneva, we have seen “the Russification” of the internet in parts of Ukraine. The message, in effect, is in the hands of the invaders.

Added to that are persistent attempts to knock out critical infrastructure – in the traditional kinetic way, by bombing power lines or hospitals, but also electronically, by infecting IT systems with viruses and malware. Interestingly, since this had been happening before Russia’s invasion (Moscow staged a cyberattack on Ukraine’s power grid way back in 2015) Ukraine was at least partially prepare, and a number of these attacks were thwarted.

Geneva Conventions?

There is no discussion about warfare in Geneva, of course, without mention of the Geneva Conventions. Deliberately attacks on hospitals, or other infrastructure which is vital to life, such as water or power supplies, are violations of the conventions – in effect war crimes.

So how do the conventions apply to a cyberattack? Balthasar Staehelin of the International Committee of the Red Cross argues that while the weapons of cyberwarfare may be new, the conventions still apply.

“We clearly believe that in the situation of armed conflict, regardless of what technology you use, there are clear rules. Luckily we have these rules,” he told the debate. “Rules around distinction, proportionality, precaution. Long standing rules that would make a huge difference if they were respected on all sides.”

So what conclusions can we draw from this very first conflict in which cyberwarfare has so clearly played a role? First, perhaps, the one made by the ICRC: even if you are thousands of kilometres away from the battlefield, if you are devising and using a computer programme which will disable civilian infrastructure, then you risk violating the Geneva Conventions…and eventually you could be prosecuted for war crimes.

Second, that cyberwarfare, in this conflict at least, comes not with a devastating bang but with a thousand stealthy attacks. “We need to keep our guard up”, was a much-repeated phrase at that panel debate.

Finally, that cyberwarfare is not limited to the battlefield, or even to the countries which are at war. Lindsey and her colleagues at the CyberPeace Institute have documented hundreds of cyberattacks since the conflict began, some of them aimed not at Ukraine, but at its allies in Europe and the United States.

“What has come out clearly from the conflict in Ukraine and Russia,” said Lindsey, “is just the scale and extent of cyber operations which are happening way beyond the boundaries of those countries and are affecting many others.”