English
Estonian
Latvian
Lithuanian
Polish
Romanian
Russian
Ukrainian
SEOUL — Confounding pre-war predictions, Russia’s cyber offensive against Ukraine has proven unprepared, uncoordinated and unable to overcome a well-prepared, flexible series of Ukrainian defenses that have relied on experience and expertise. Kyiv has been widely assisted by overseas IT partners from both public and private sectors, while its ability to call on a dense network of civilian specialists has provided critical civilian-military coordination in cyber warfare, experts said.
The cyber combat was a leading topic of conversation at a major conference on the threat from state-sponsored threats in cyberspace held here in the South Korean capital.
Expectations of a swift Kyiv collapse after last February’s invasion were a key reason for failure of Russia’s cyberstrategy to date. analysts said. The Russian invasion plan, drawn up by a small staff and only belatedly disseminated across the different branches of the Russian military, left insufficient time for coordination of the online fight with the other facets of the offensive.
“They were not prepared, and they were not integrated with the rest of the Russian armed forces,” a source who works for a NATO government, speaking on background on the Kremlin’s cyber assets.
He offered an example.
“If you are a cyber-intelligence operation, and you have access to a communications system, you don’t want to destroy that communications system,” the source continued. “But if you are not integrated with other forces, well — we saw evidence of that.”
SEE ALSO: Google wages war with Russians on digital battlefield
Not only did the first wave of Russian cyber attacks fail to deliver a knockout blow, they used up their hacking toolbox early in the fighting.
“We saw a lot of malware, but it was a limited arsenal and it takes time to rebuild that capacity,” the source said. “They used it up in the first few weeks and exposed it.”
The Russian online operatives’ inability to short-circuit Ukraine’s command, control and communications networks mirrored the struggles of Moscow’s conventional units in the invasion’s early days and weeks. While Russia’s massed tactical artillery has caused significant damage, other arms of the Russian war machine have been found wanting.
A daring assault by airborne shock troops in the war’s early hours proved catastrophic, lacking backup to secure targeted sites. Russian armor, uncoordinated and advancing along the predictable axes of Ukraine’s road network, were badly mauled as they stalled on open ground.
Russia’s once-vaunted Black Sea Fleet lost its flagship and its surface vessels have been unable to launch or sustain landings from sea. Russia’s air force has been unable to win aerial dominance and even its missile and drone offensive is now being countered.
But Russian incompetence is just one side of the coin, conference attendees said. Ukraine’s forces have displayed unexpected competence, enlisting non-state and non-national actors to carry out unconventional strategies that have repeatedly taken the enemy by surprise.
A resilient defense
The experience of having battled Russia in the Donbas and over the annexed Crimea peninsula for eight years before the war — and the links to Western militaries forged since 2014 — are seen as critical to Kyiv’s successful defense to date.
“A number of us had been supporting the Ukrainians in advance of the Russian invasion, building up defensive capabilities since 2014 with bilateral and multilateral support,” said Will Middleton, cyber director at the UK’s Foreign and Commonwealth Office.
In addition to UK and U.S. support, NATO offered a training package in 2016 on command, control and communications and the EU provided a rapid-response team in the months prior to the conflict, Mr. Middleton said.
“It is clear that [Ukraine’s] experience and expertise was thorough,” said Joe Murphy, deputy head of the British government’s foreign office’s Cyber Policy Department Threats Team. “Every aspect of their resilience has been tested to the limit.”
While Western arms aid — from anti-tank missiles and long-range artillery to, more recently, heavy armor — was carried out openly, cyber support has been offered on a much more low-key basis.
“After the invasion, [the UK] shifted from long-term capacity building into direct support to give the Ukrainian defenders the tools, technology and equipment to better defend themselves,” Mr. Middleton said.
Similarly, the U.S. offered “Hunt Forward” services to Ukraine in the months before the war, helping identify and build defenses against Russian malware and tradecraft, and sharing what was found with a commercial provider.
Ukraine also adopted some unconventional tactics to defend its IT and communications links. In the immediate aftermath of the Russian assault, government organizations uploaded all data onto the cloud. Most governments hold national data in sovereign server farms, but Kyiv’s response put its data beyond the reach of Russian hackers.
“That was critical to their defense,” Mr. Middleton said. “It is very unusual for a sovereign state to put data somewhere else.”
Ukraine also opened up its networks to international partners in real-time, allowing them to identify threats and assist Ukraine more quickly.
National Security Agency Cybersecurity Director Rob Joyce told The Washington Times recently that his agency leveraged a “power collaboration” with cybersecurity and information technology service providers to identify and eradicate malicious cyberoperations with a large impact in Ukraine. Such partnerships sprang up in the aftermath of devastating breaches across the U.S. in 2021, when cybercriminal gangs deployed ransomware against computer networks to extort payments from victims.
Private sector outreach was central.
“Ukraine reached out to the private sector and moved incredibly fast to work hand-in-hand with it,” Mr. Middleton said, referencing U.S. tech companies such as Microsoft, Google and Starlink. “They were critical in helping Ukraine adjust. … They shared intelligence with Ukraine, patched problems and neutralized attacks.”
This strategy was enabled by Ukrainians working for overseas IT firms.
“What we saw in the early days of the response was private-sector companies being drawn in, using Ukrainian employees in the EU, the UK and the U.S.,” said Mr. Middleton. Those employees “drove companies to engage, and provided insights into Ukrainian systems.”
Google said last week that it saw cyberattackers on the digital battlefield in Ukraine that the NSA had warned about hitting U.S. infrastructure in 2021.
The search engine giant disclosed the links in a report entitled “Fog of War,” which said the Ukrainian government is under “near-constant digital attack” from hackers overseen by the GRU, the Russian military intelligence service.
“We’ve observed a notable uptick in the intensity and frequency of Russian cyber operations designed to maximize access to victim networks, systems and data to achieve multiple strategic objectives,” the report said. “For example, GRU-sponsored actors have used their access to steal sensitive information and release it to the public to further a narrative, or use that same access to conduct destructive cyberattacks or information operations campaigns.”
Pre-invasion Ukraine was a key IT outsourcing destination for EU companies. Post-invasion, a deep talent pool of IT-savvy, English-speaking volunteers was at Kyiv’s disposal.
Android apps guide artillery on the battlefield, while PR campaigns enlist global sympathies and support on social media. These private-public partnerships provide key learning for future combatants.
It ain’t over ‘til…
Russia, analysts at the conference warned, should not be counted out.
“A number of commentators have said we have not seen ‘Cybergeddon’ in Ukraine,” said Mr. Middleton. “But we are seeing cyberspace fiercely targeted and contested on a daily basis, with the Russians launching attacks against Ukraine’s communications and critical national infrastructure.”
The NATO country source noted that Moscow’s forces are now jamming Ukrainian signals, while effectively synchronizing human and electronic intelligence.
Indeed, Soviet and Russian armies have a history of suffering early-stage humiliations, integrating hard-won learnings, then ending conflicts with final victories, from the ultimate victory of the Nazis in World War II to the string of Chechen wars on Russian soil in the 1990s and 2000s.
“Don’t underestimate the GRU and the FSB,” the source said, referring to Russia’s military intelligence directorate and its state security bureau. “They are highly capable.”
— Staff writer Ryan Lovelace contributed to this report.
