Did Russia Underestimate Ukraine’s Cyber Security?
Dr. Alexi Drew, senior defense and security analyst at Rand Europe, said that when it comes to Ukraine, Russia may have underestimated its cyber defenses: “Russia has been surprised by the pushback it has faced in Ukraine, and it The same is true, most likely, in cyberspace.
He added: “We’ve seen continued escalation and a proliferation of actors involved. But cyber doesn’t do what most people think it does, in a military sense. Yes, it could achieve the shock and awe of a physical war.” . But it’s potentially not the best thing to do because it’s not convenient. The potential for further escalation, and the ramifications of that, are just too high.”
Red Goat Cyber Security’s Lisa Forte said the fear of a cyberattack getting out of hand could explain why Russia is holding back: “Cyberattacks are not inherently acts of war. The vast majority are to gain financial or criminal gain.
“The big flaw with cyber warfare is that it’s incredibly difficult to control, and maybe that’s why Russia hasn’t used it extensively. If a cyberattack went out of a Ukrainian network and into a network of a NATO member state or a NATO network, which intensifies the attack”.
But could there be a point in the war where it makes sense for Russia to use cyber attacks? Jen Ellis, of security solutions and services company Rapid7, and an adviser to the UK government, said Russia could have learned from deadly lessons from Mariupol. Its citizens were left without water and electricity after the relentless bombardment of their city by Russian tanks and missiles.
Jen said, “There is a game of chess being played on a grand scale. There is a profound mental impact on people when you roll tanks down their street compared to remotely hacking into their power grid.”
“But when do we get to the tipping point where the tank in the street doesn’t have as much of an impact? I think the question is whether Russia decides that leveraging hacking against critical infrastructure inside Ukraine is a more effective way to make it life is totally unbearable for its citizens.”
Prevention is better than cure
The NCSC has warned that organizations should not be complacent about cyberattacks because of previous incidents that affected UK interests, such as SolarWinds Orion software. He has reiterated his advice for all businesses to follow good practices to protect themselves.
There was a lively debate about whether the ‘patch, patch, patch’ advice was the best way to protect organizations from cyberattacks. According to Dan Card, cybersecurity consultant at PwnDefend, if someone is determined enough, they can get through the layers of protection. Still, he agreed that boosting cybersecurity was vital: “I think it’s crucial that organizations increase their investment, training and understanding.”
Patrick Burgess, from the BCS group of information security specialists and co-founder of managed IT services provider Nutbourne Ltd, added: “System vulnerabilities were already happening – it’s just that there are now more people involved in the security field. Cyberwar”.
He warned: “Because so many people are focusing on cyber right now, those zero-day cyberattacks can be exploited faster.”
Social networks and propaganda.
As for the role of social media platforms, Alexi said it was essential to understand the difference between disinformation – the deliberate spread of false “facts” – and unintentional misinformation.
During conflicts like the one in Ukraine, Alexi said that social media and messaging platforms become a communication lifeline: “It’s very easy to focus on the damage these platforms can cause and say we need to restrict and moderate.
“But it’s a balance. If we narrow this down to Ukraine, yes, it’s been used to spread disinformation and misinformation. But it’s also been a critical means of communicating information from the ground that we otherwise wouldn’t have had.”
“When conflict breaks out, that digital record is vital, as it allows these voices to reach a global audience, organize nationally and fight oppression and violence, and find out where it’s safe. I think nuance is important when It’s about these platforms, not just to moderate, ban and restrict.”
A recent BCS poll backed up this view. It found that 78% of industry professionals said they did not believe restricting encrypted messaging would protect users. Furthermore, 66% said that weakening the use of encrypted messages on platforms would have a negative impact on protecting society in general.