As the attack on Ukraine deepens, Russia has taken to indiscriminate shelling and targeting civilians and military organisations equally. But what is surprising is the conspicuous absence of cyber warfare, which has been a key element of Russia’s military strategy over the last decade. The Federation has often used state-backed hacker groups to carry out disproportionate cyber-attacks against its adversaries.
It should be mentioned here that before the war erupted on the ground, the greatest threat that the West envisioned was an escalation in cyber-attacks on Ukrainian critical infrastructure. But that has not come to pass.
Cyber Warfare Isn't Completely Absent
That is not to say that cyber warfare has been completely absent in the ongoing war. At the onset, government websites in Ukraine faced dedicated Denial-of-Services (Dos) attacks. The Ukrainian Government also reported the use of a never-seen-before malware, dubbed Wiper, which is designed to completely wipe out all data from infected systems. But at no point in time did the Russians target Ukrainian critical infrastructure.
This is surprising given that in the past, Russia has aggressively targeted Ukrainian critical infrastructure. For instance, in 2015, the Ukrainian power grid was hacked using a Trojan virus, BlackEnergy, which resulted in almost 2,30,000 households losing power. In 2016, a similar attack took place as hackers targeted the power grid as well as banking and governmental networks. A similar attack at the onset of the war could have severely limited the ability of the Ukrainians to fight back.
Russia Perhaps Didn't Expect a Long-Drawn War
There could be three possible reasons behind the Russian Federation avoiding cyber escalations. First, Russia probably did not expect a long ground campaign and must have thought that the war would be over in a matter of days. In such a scenario, crippling the Ukrainian critical infrastructure would have been counterproductive for the invading army.
Second, cyber-attacks cannot be localised geographically. As seen in the case of the ‘NotPetya’ malware attack in 2017, which created major disruptions across railways, airports and banks in Ukraine and which was believed to have been carried out by non-state actors operating from Russian soil, the effect could not be confined to Ukraine and spilt over across the world. The malware severely affected the operations of major multinational corporations such as Maersk and Merck TNT Express, among others, and caused damage of about $10 billion.
With the ongoing hostilities in the current war, attribution would not have been a problem and any global spillover could have led to increased sanctions against Russia – and perhaps even military action – something that Putin would have preferred to avoid.
Putin seems to be weighing his options carefully and is probably not going to do anything to force retaliation.
The third possible reason why we are witnessing less-than-expected cyber aggression from Russia has been articulated by Viktor Zhora, Deputy Chairman of the State Service of Special Communications in Ukraine. He maintains that Ukraine is facing a continuing barrage of cyber-attacks but has repelled a majority of these. There is evidence, too, for this possibility. On the day the Russian invasion started, ViaSat, a provider of high-speed satellite broadband service, experienced a massive outage due to a malfunction in one of its satellites. The satellite serviced 55 nations, mostly across Europe. Some of the clients that were severely affected were the Ukrainian armed forces, police and intelligence services. Interestingly, the incident originated from Ukraine and then spread to multiple nodes across other nations.
But the situation on the ground is evolving fast. Russian forces have not managed to break through Ukrainian defences to date, and at the same time, global sanctions have started biting, especially the SWIFT measures, resulting in a precipitous drop in the value of the ruble (more than 90% of the value of the ruble has been wiped out) and unprecedented hyperinflation. This means that the cumulative effects of any further sanctions will not be very different as Russia has been pushed into a corner.
Will Russia Escalate Cyber Action?
Russia has, in any case, termed the punitive sanctions against itself as an ‘act of war’, and that could be motive enough to bring out more sophisticated cyber weapons to retaliate against the West. At the same time, non-state actors, such as hackers’ collectives, Anonymous, or the homegrown IT Army in Ukraine, have started taking on Russia in cyberspace.
The IT Army is noteworthy as it is made up of volunteers connected on a Telegram group with almost 2,70,000 members, though some believe that almost 4,00,000 hackers are currently part of the initiative.
These hackers are attempting to disrupt enemy transport and power networks. While the attacks lack the sophistication of the Russian-backed hackers, the continuing onslaught can trigger an escalation by the Russian Federation and even prompt cyber-attacks against western targets.
However, what seems certain is that any cyber aggression initiated by Russia against the West will be seen through the veil of plausible deniability and will not involve any loss of life or cause any kind of structural damage; Putin is well aware that such an act can trigger Article 5 of the NATO. It’s likely that any kind of cyber offensive in the coming days will be focused on misinformation campaigns rather than actual hacks.
What could emerge in the coming weeks is a war that will be fought both on the ground and in cyberspace. The Ukraine conflict gives a glimpse into how wars in the future may evolve into hybrid wars, and that is a sobering thought. Meanwhile, we still don’t have a global regime or the understanding to deal with cyberattacks against adversaries’ networks, both as standalone activities or as planned tactics for kinetic warfare. This is what has to be addressed by nations so that this emerging battlefield doesn’t become a bigger nightmare.
(Subimal Bhattacharjee is a commentator on cyber and security issues around northeast India. He can be reached @subimal on Twitter. This is an opinion piece and the views expressed are the author’s own. The Quint neither endorses nor is responsible for them.)
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)