Report of Monday Morning Meeting on Revisiting the Cyber Aspects of the Russia-Ukraine Conflict

Dr. Cherian Samuel, Research Fellow, in the Strategic Technologies Centre at the Manohar Parikkar Institute for Defence Studies and Analyses, spoke on “Revisiting the the Cyber Aspects of the Russia- Ukraine Conflict” at the Monday morning meeting held on 6 June 2022.  The session was moderated by Dr. Rajeesh Kumar, Associate Fellow, MP-IDSA.  Maj. Gen. (Dr.) Bipin Bakshi (Retd.), Deputy Director General, MP-IDSA and the scholars of the Institute were in the attendance.

EXECUTIVE SUMMARY

Over the past couple of months, the world has witnessed that conventional warfare has a brother in arms – namely cyber warfare. Microsoft’s report dated 27 April 2022 clearly underlined the extent of cyber attacks on Ukrainian soil. The effects of this are temporarily debilitating but it is bound to leave a permanent mark on the military strategy of any aggressor country in the years to come.

DETAILED REPORT

Dr. Rajeesh Kumar, the moderator, during his opening remarks, introduced the attendees to the capability of Russian cyber malware to target Ukrainian critical infrastructure. He also added that, this does not pertain only to the Russian-Ukraine war but every warfare has a cyber element present in it.

Dr. Cherian Samuel started with explaining why he chose the phrase revisiting the cyber aspects of the Russian- Ukrainian conflict. He mentioned that it was initially thought that the cyber element would take centre stage. He also opined that it was thought that the 2017 malware attack would provide lessons for the attackers which had resulted in gargantuan global financial losses and would, in turn, ensure that the extent of the attack stays localised. The software companies and cyber security providers were also staying ahead of the game this time around, providing patches and fixing software vulnerabilities.

Dr. Cherian elucidated the developments that took place over the three months after the war began. Different types of attacks ranging from espionage, data extraction, denial of services, phishing scams were meted out on the Ukrainians. A range of malwares to cripple the critical infrastructure were also deployed. He stressed upon the fact that the victims were not limited to only the Ukrainians but the spill over effects affected multiple governments, private enterprises and individuals.

The first of the big attacks took place on 24 February 2022 on the Viasat modems, where the malware erased every trace of data and affected the satellite internet rendering them inoperable. It is also the first example where synchronisation between kinetic warfare and cyber warfare was witnessed. The ripples of this cyber-attack were felt across Europe with 2000 German windfarms losing communications and internet service disruption was seen in Europe. Media companies and outlets were in the crosshairs of this synchronised attack campaign and on 1 March 2022, missiles struck Kyiv TV tower. Adding to the woes was the attempt to take down the electrical grid which was eventually thwarted by the Ukrainian cyber defence on 8 April 2022.

Dr. Cherian shed some light on the 27 April 2022 Microsoft report highlighting the evolving pattern of attacks, the unsavoury alliance of kinetic and cyber-attacks and the key Russian players involved both offline and online, such as GRU, SVR, FSB amongst other players as reported in the Microsoft study. Despite these cyber attack perpetrators remaining in the shadows, their impeccable coordination is noteworthy.

Another aspect which Dr.Cherian pointed out was the hostile reaction from Ukrainians towards the Russians. Some examples cited were the anonymous hacking of the Russian Ministry of Defence database and media outlets, releasing names of the Russian Army personnel who were involved in the warfare and Ukraine’s defence intelligence service penetrating the Beloyarsk Nuclear Plant. He also expanded on the statement of the US Head of Cyber Command, given to Sky News, on the US carrying out multi-pronged operations in this campaign, bolstering the Ukrainian side.

Dr. Cherian brought forth another critical question of why the news of Russian cyber salvo against the Ukrainians has been muted. Multiple reasons were cited namely, improvement in Ukrainian cyber defences, one time use nature of these attacks, Russia’s hesitancy to augment collateral damage, amongst other reasons. According to him, if less attention is paid to the extent of the collateral damages and no attempt to limit them is made then, these cyber attacks seem to have a higher chance of success.

Certain pointers were given by Dr. Cherian namely, cyber attack no longer being an attacker’s game, enhanced improvement in the coordination between the government and private actors, US cyber infrastructure operating in exile, in a manner of speaking, amongst other things. In his concluding remarks he made the observation that the US’ explicit declaration of cyber attacks was an attempt to move the needle further on legitimising such actions, to which the Russians did not have an adequate response since they have eschewed having equivalent structures, to maintain plausible deniability.

DISCUSSION

Deputy Director General, Maj. Gen. (Dr.) Bipin Bakshi stated that the Russians were the first to recognise the criticality of information warfare to  national security and cited the 2015 Russian National Security Strategy document to shed light on the centrality of this aspect. He also brought into attention the Crimean campaign and the extensive use of information warfare which was in turn meticulously studied by countries like UK and the USA. The US cyber command was given the status of a combatant command by the USA and the UK’s 77th brigade was turned into an information manoeuvre organisation as information is the lifeblood of the battlefield. He also highlighted the underplaying of the Russian cyber salvo by the media and the synchronisation between kinetic and cyber warfare domain. As a part of his closing remarks, he stressed upon the prospects of lessons for India in both in the defensive and offensive domain.

Krutika Patil highlighted the fact that the cyber conflict did not live up to the hype. One crucial aspect, according to her, is the role of non-state actors and their unbridled jurisdiction and the state’s inability to counter them. She raised the question whether there was a deliberate attempt to not put these non-state actors in check.

Dr. Swasti Rao shed some light on the series of patterns that can be witnessed in Russia’s Baltic States’ destabilisation attempts as the former are a part of the NATO. She also stated the fact that apart from the USA’s role in bolstering the Ukrainian campaign against the Russians, EU’s role cannot be ignored. They are equally important in the grand scheme of things. Her final observation was on the Russian cyber attack being muted. The reasons she stated for this were the Western backlash and the non availability of a justification for such an asymmetric conflict.

Captain Anurag Bisen raised questions pertaining to non-state actors and private companies and the push towards ‘atmanirbharta’ when it comes to interoperability between the state and the private companies keeping in mind the exiling of Ukrainian ministries to the cloud space within days.

Dr. Rajiv Nayan had put forward the question of the assessment of cyber damages to the Ukrainian side. He stated that the USA and other Western powers’ main talking points revolve around Russia and no considerable damage was seen in Ukraine. He further elaborated by mentioning the US defence report wherein cyber attack was labelled as a hyped threat, as multiplicity of firewalls would prevent any attack on the critical infrastructure. Questions on the nature of cyber threat being a hype or not, and limitations of cyber attacks were raised.

The Report has been prepared by Mr. Stephen Koshy James, Intern, Nuclear and Arms Control Centre, MP-IDSA.