#CYBERUK22: Cyber Trends from the Russia-Ukraine War

The cyber implications of the Russia-Ukraine conflict were discussed by a panel of international security leaders during the opening plenary session at CYBERUK 2022.

The discussion was moderated by NCSC’s CEO Lindy Cameron, who was joined on the stage by the director of the US’ National Security Agency (NSA), Robert Joyce, head of the Australian Cyber Security Centre, Abigail Bradshaw and executive director of The European Union Agency for Cybersecurity, Juhan Lepassaar.

Detailing the current cyber trends he is observing in his role at NSA, Joyce noted that “ransomware attacks are actually down” in the past few months. This is partly due to the fallout from the Russia-Ukraine conflict, with unprecedented sanctions making it harder to move money around. Worryingly, however, the number of zero-day vulnerabilities is “off the charts.” Joyce added that there are signs of cyber spillover from nation-state activity emanating from the Russian invasion of Ukraine. This is “impacting civil society, and that’s a real problem.”

Bradshaw said she was encouraged by growing government involvement in cybersecurity, particularly recent actions taken by the Biden administration. These include last year’s executive order mandating zero trust principles among federal agencies and recently passed legislation mandating critical infrastructure organizations report cyber-incidents. She believes such approaches “will have quite a lot of impact.”

The cyber aspect of the Russia-Ukraine conflict was then discussed by The European Union Agency for Cybersecurity’s Lepassaar. He observed that while there have been spillovers from cyber-attacks relating to the war, this has not been as significant as expected. One aspect that has particularly surprised Lepassaar has been “the level of hacktivism” that has occurred. This includes groups like Anonymous taking Russian government websites offline or pro-Kremlin groups supporting Russian disinformation campaigns. This trend should be viewed with concern in his view.

Encouragingly, he noted there has been “a good deal of resilience from the Ukrainian state in maintaining their connectivity.” This is highlighted by their ability to hold press conferences in besieged cities. It also shows the value of partnerships, according to Lepassaar, enabling the Ukrainians to build “distributed systems that are difficult to take down and attack,” which “is a lesson to all of us.”

Joyce said that in the US, the crisis has led to an “operationalization of our intelligence,” with the government more willing to make the information public. In cybersecurity, “we’re trying to take the intelligence about threats and operations and get that out there.” This is highlighted by numerous recent advisories published by agencies like CISA, often in conjunction with allies.

He concurred with Lepassaar’s observations about the impressive cyber-resilience being shown by Ukraine during this conflict. “I can think of at least eight unique variants of wipers that have been deployed against Ukraine, and they responded, kept their systems up and rebuilt their systems,” noted Joyce. This was partly due to the emergency plans they had developed amid a continuous barrage of cyber-attacks from Russia since 2014. “They have been able to practice and they understand what their incident response is,” he noted.

Cameron then asked Bradshaw about the relevance of the cyber aspect of the conflict to the Asia-Pacific region. She expressed concern that other nation-state actors with potentially nefarious aims “will be watching this playbook for the purposes of learning from its highs and lows and fine-tuning that.” In addition, she believes the Ukrainians robust cyber-defenses emphasized the importance of government-industry partnerships in this space.

Bradshaw also expressed her surprise at the scale and impact of hacktivism in the conflict, which she described as “civil vigilantism.” This can “produce extreme unpredictability,” leading to outcomes like “wrongful attribution, retribution and escalation, which is problematic.”

She added that it is vital to call out these activities as they “break those global norms we hold so dear.”

Encouragingly, the panel observed that business leaders are becoming more attuned to the need to protect against cyber-threats resulting from the Russia-Ukraine war. Cameron said: “I am seeing chief executives asking their security teams the right questions rather than leaving them to it.” This is also the case at government level, and increasingly “we’re seeing politicians talking about cybersecurity at a strategic level.”

Joyce agreed that events over the past 12 months, including the Russia-Ukraine war, have focused minds in respect of cybersecurity. “We have spent many years focusing on counter-insurgency and counter-terrorism; we haven’t been resourcing our IT and weapons systems which are computers these days.” He added that “we will now do the things we should have done 10-20 years ago.”

What’s Hot on Infosecurity Magazine?