The Russia–Ukraine conflict has demonstrated the need to balance defensive vs offensive cyber, challenging a narrative that has been prevalent among policymakers for a long time. This was the view of Dr Alexi Drew, technology policy advisor for the international committee, Red Cross, during DTX Europe 2022.
Drew noted that the war has demonstrated what is and isn’t possible in cyberspace, with predictions about ‘cybergeddon’ proving unrealistic. However, the idea of cyber-attacks bringing down critical infrastructure and causing potential death and destruction, have caught on in policy circles. It is important to “bridge the gap between those in the technology space and the policy space to challenge these misconceptions,” she stated.
As a result, politicians have increasingly invested in offensive cyber capabilities over the years, believing this approach will make their nations cyber superpowers. This viewpoint has been influenced by a strong offensive security market, according to Drew, and is further exacerbated by the fact that it is much harder to prove the effectiveness of cyber defenses compared to cyber-attacks.
“It’s much harder to say ‘here’s a defensive incident where the attack did not happen,’” she commented.
However, Drew believes the war in Ukraine has demonstrated that defensive cybersecurity is more effective than offensive capabilities, which is a perspective shared by the NCSC’s CEO, Lindy Cameron, and the US national cyber director, Chris Englis, in recent months.
While Russia is generally considered a major cyber power, it has not been able to strike any meaningful blows past Ukraine’s cyber defenses. The most notable attack to date occurred as Russia began its ground invasion of Ukraine in late February 2022, when the communications provider Viasat suffered outages that affected communications in the region and other parts of Europe, like Germany.
This reality provides a great opportunity to redress the balance and persuade policymakers to “realise that defense is something they need to be investing in,” said Drew.
Drew added that Ukraine’s cybersecurity successes have shown the value of cooperation in cyberspace. NATO countries like the US and UK have provided significant expertise and capacity building, while private companies, including Microsoft, have taken a proactive approach to helping Ukraine defend itself through threat intelligence and security solutions. This is “proving the necessity of public–private cooperation,” Drew said.
In addition to cyber, the conflict has seen significant influence operations taking place, for both domestic and foreign audiences. This is a “common Russian tactic.”
A major difference in this war is that Western allies have been proactive in countering these narratives, such as with strategic communications. This includes NATO countries publicly sharing intelligence with a non-NATO member in a manner that’s never before occurred. There has been a “cooperative means of defending the information space,” outlined Drew.
Despite these positives, Drew ended the presentation on a cautious note. She noted that there is every chance of the conflict escalating beyond Ukraine’s borders, with Russia increasingly being backed into a corner. This includes in the cyber realm, as past incidents like NotPetya have demonstrated.
Therefore, it is vital that there is more cooperation and alliances to strengthen cyber defenses across the board. Crucially, the cybersecurity industry must “continue to challenge the narrative” around misconceptions of ‘cybergeddon’ and the value in focusing on defensive security.