A Cyber History Of The Ukraine Conflict
The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics and related cyber flare-ups, and explains why we should be concerned.
For the second time in recent history Russia has flexed both its military and cyber muscles. The latest incident is playing out in The Autonomous Republic of Crimea (Ukraine). The previous incident occurred in South Ossetia (Georgia) in 2008. Both countries were once integral pieces of the vast Soviet empire, which crumbed more than two decades ago. Russia has also flexed its cyber power in the former Soviet states of Estonia (2007) and Kyrgyzstan (2009).
Over the years, the international community has closely monitored each of these worrisome incidents. The Georgian incident was especially troublesome, because it was the first time cyber attacks were used in concert with traditional military operations, which included tanks storming across the border of a sovereign nation.
My post-analysis of this incident concluded that 11 Georgian websites were knocked offline prior to the Russian military invasion. The official website of the President of the Republic of Georgia and several media outlets (e.g., www.news.ge) were among those impacted by the initial cyber barrage. The attack method used to disrupt these key sites was a distributed denial-of-service (DDoS) attack, launched from botnets controlled by Russian cyber criminals — most likely cooperating with the Russian government. The attacks didn’t wane from their targets for the entire duration of the Russian military campaign against Georgia; they stopped immediately after Russia and Georgia signed a preliminary ceasefire agreement.
Flash forward to today and the situation in Ukraine. While the current state of affairs there is complicated, it’s clear that Russia isn’t running the same cyber playbook it used in Georgia. For instance, when Russian forces invaded Crimea they didn’t blind the Ukrainian government with massive cyber attacks. Such attacks were not launched, because the strategic and operational environments in Ukraine and Crimea were much different from those in Georgia.
In the current crisis, Russian forces severed the Internet and other communication channels that connect the Crimean peninsula with the rest of Ukraine. Some cyberwar experts have referred to this incident as a cyber attack, although information surrounding it points to physical sabotage by a military force, for example, cutting cables and destroying equipment. What this means is that the recent incident wasn’t a cyber attack in and of itself, even though it interfered with communication services delivered by cyber technology.