Parting Shots (Q2 2022 Issue)
Deputy editor Benjamin David argues that cyber is a weapon, and it won’t be long until it costs lives
As we approach mid-2022 and watch the cybersecurity industry increasingly focus on the 2022 Russian invasion of Ukraine, there is popular rhetoric circulating that wonders, ‘where’s the cyber element in all of this?’ Even though many experts warn that cyber is a very real weapon in the conflict, many columnists have hurried to dispel such fears, even going so far as to sneeringly caricature the conflict as “the Ukrainian cyberwar that wasn’t” (The New York Times). Remarkably, this rhetoric shows no sign of abating, making one wonder what impact this is having in the minds of those outside of the cyber industry.
Although many in our industry have criticized such rhetoric as woefully premature, it’s important to also admit that there’s much fearmongering, with myriads of popular news publications, including the Wall Street Journal, going so far as to call the conflict a “full-scale cyberwar.” Thankfully, cyber experts generally know that it’s farcical to portray the Russian invasion of Ukraine as some sort of cyber armageddon. After all, Russia has been conventional in its brutality since the very beginning of the invasion, opting for tanks, guns, missiles and aircraft.
Yet, despite the devastating figure of 6546 civilian casualties in Ukraine since the start of Russia’s invasion as of May 2, we shouldn’t be so quick to judge the conflict as a straightforward onslaught either. Accompanying the bloodshed are widespread espionage and intelligence activities. These attacks have targeted institutions in Ukraine and have aimed to disturb Ukrainians’ access to crucial life services. There have also been espionage attack activities targeting NATO member states with disinformation activity. One of the major problems detailing this is that Russia’s hybrid tactics are challenging to delineate, comprising intelligence-gathering, informational operations, espionage, communication efforts and all in the darkness of cyber space.
Although a cyber armageddon this isn’t, cyber-attacks have nonetheless pullulated since the outset of the invasion, leveraged as an important weapon of war. Even leading up to the invasion, Russia and/or its proxies were identified as the likely perpetrators of Ukrainian website defacements, damaging malware and distributed denial of service (DDoS) attacks. Indeed, at least six distinct Russia-aligned nation-state actors launched over 237 cyber operations against Ukraine before the invasion.
