The hidden battle

Russia’s cyberwarfare against Ukraine and the West

Milon Gupta
Eurescom

A month after Russia’s invasion of Ukraine had started on 24th February 2022, some commentators were wondering why they could not see any signs of Russian cyberwarfare, which was expected to accompany the bombing of Ukrainian cities. As we know now, this first impression was completely wrong.

On 1st March, The Economist published an article under the headline: “Cyber-attacks on Ukraine are conspicuous by their absence”. [1] And an article in Nature, published on 17th March 2022, asked in the headline: “Where is Russia’s cyberwar?”, followed by this first sentence: “Many analysts expected an unprecedented level of cyberattacks when Russia invaded Ukraine — which so far haven’t materialized.” [2] It is a matter of debate what you consider “unprecedented” after the already constantly high level of cyberattacks by Russia against Ukraine since the annexation of the Crimea peninsula in 2014. However, just because the massive attack was not fully visible to some Western experts does not mean that it did not take place.

Russia’s cyberattack on Ukraine

At the end of March it emerged that intensive Russian cyber-attacks accompanied the Russian invasion. In a press conference on 29 March, the deputy director of the Estonian Information System Authority, Gert Auväärt, rang the alarm bell and announced that the cyber threat level in Estonia had risen following Russia’s invasion of Ukraine and the cyberwarfare efforts accompanying it. He mentioned that banks, authorities, agencies, telecoms firms, companies and other significant targets in Ukraine had fallen victim to denial-of-service or malware attacks. At the same time, Ukraine’s critical infrastructure had not been paralyzed despite the massive attacks.

Tom Burt, who oversees Microsoft’s investigations into big complex cyberattacks, commented the Russian cyberattacks by saying: “They brought destructive efforts, they brought espionage efforts, they brought all their best actors to focus on this.” He added that the Ukrainian defenders were able to thwart some of the attacks, as they had become accustomed to fending off Russian hackers after years of online intrusions in Ukraine. He praised the Ukrainian cyber defence: “They’ve been doing a good job, both defending against the cyberattacks and recovering from them when they are successful.” [3]

The conclusion from this is that the main reason why we have not seen too many devastating effects of Russia’s cyberwarfare in Ukraine seems to be that Ukrainians were defending well.

Apart from successfully defending against Russian cyber-attacks, Ukraine received effective support from Belarusian hackers.

Counter-attacks in Belarus

The first setback Russia suffered in the cyberwar against Ukraine already happened before the invasion began. A hacktivist group of exiled Belarus tech professionals called Cyber Partisans, who had been fighting against the regime of the autocratic Belarusian president Alexander Lukashenko for years, became active at the first signs of the Russian military buildup at the border to Ukraine. The Cyber Partisans attacked the Belarusian train system, which has been important for moving Russian soldiers, tanks, heavy weapons and other military equipment to the Ukrainian border. They exploited security holes in the more than two decades old Windows XP operating system on which large parts of the IT infrastructure of the Belarusian train system have been based.

In collaboration with Belarusian railroad workers and dissident Belarusian security forces, the Cyber Partisans managed to slow down Russian troop movements and supplies. This contributed to the logistical chaos of the Russian armed forces in the first weeks of the war, which left Russian troops stranded on the front lines without food, fuel and ammunition. In this way, the cyber sabotage of Russian logistics supported Ukraine’s successful military resistance against the Russian armed forces in the Ukrainian capital Kyiv and other cities in the north of the country.

Russia’s cyberattacks on Western countries

Ukraine is by no means the only target of Russian cyberattacks. Cyberwarfare by Russia against Western countries has a long history. [4] The most prominent event was the cyberattack on Estonia in April 2007. Although it had never been proven that the Russian government was behind it, the trail clearly led to Russia. Since the Russian annexation of Crimea in 2014, cyberattacks against Western countries like Germany, France, Poland, the UK, and the US have increased in both intensity and scope.

Cyberwarfare by Russia has included a plethora of different activities, from hacker attacks to disinformation. There are indications that Russia interfered through disinformation and other measures with the Brexit vote in the UK and the US presidential election in 2016.

NATO’s cyber defence

Since 2008, NATO has been building up its cyber defence, in response to growing cyberthreats by countries like Russia, China, and North Korea. A year after the cyberattack on Estonia, NATO founded the Cooperative Cyber defence Centre of Excellence in Tallinn. At the 2014 NATO Summit in Wales, after the Russian annexation of Crimea, NATO adopted an enhanced policy and action plan. It established cyber defence as part of the Alliance’s core task of collective defense and set out to further develop NATO’s cyber defence capabilities in collaboration with industry. [5]

Conclusion

At the time of writing, it is not clear, when and how the Russian war against Ukraine will end, and what types and levels of cyberwarfare will occur in within this conflict. What appears certain is that cyberwarfare has become a standard element of conflict between nations, which has expanded the arsenal of hybrid warfare. Challenges for maintaining cybersecurity will subsequently increase, making both the physical world and the virtual world a less safe place. Significant investments in cyber defence and cybersecurity will be needed on all levels, in order to ensure security and resilience of Western democratic societies.

References

[1] Cyber-attacks on Ukraine are conspicuous by their absence, The Economist, 1 March 2022 – https://www.economist.com/europe/2022/03/01/cyber-attacks-on-ukraine-are-conspicuous-by-their-absence

[2] Elizabeth Gibney, Where is Russia’s cyberwar? Researchers decipher its strategy, Nature, 17 March/ 18 March 2022 – https://www.nature.com/articles/d41586-022-00753-9

[3] Preston Gralla, Russia is losing the cyberwar against Ukraine, too, Computerworld, 2 May 2022 – https://www.computerworld.com/article/3658951/russia-is-losing-the-cyberwar-against-ukraine-too.html

[4] Cyberwarfare by Russia, Wikipedia – https://en.wikipedia.org/wiki/Cyberwarfare_by_Russia

[5] Cyber defence, article on NATO website, 23 March 2022 – https://www.nato.int/cps/en/natohq/topics_78170.htm

 

EU Digital Markets Act agreed


© AdobeStock

On 24 March 2022, the European Parliament and the European Council agreed to introduce new EU rules via the Digital Markets Act (DMA) to limit the market power of big online platforms. The DMA will ban certain practices used by large platforms acting as “gatekeepers” and enable the Commission to carry out market investigations and sanction non-compliant behaviour.

The text provisionally agreed by Parliament and Council negotiators targets large companies providing so-called “core platform services” most prone to unfair business practices, such as social networks or search engines, with a market capitalisation of at least 75 billion euro or an annual turnover of 7.5 billion euro. To be designated as “gatekeepers”, these companies must also provide certain services such as browsers, messengers or social media, which have at least 45 million monthly end users in the EU and 10,000 annual business users.

In three-way talks between Parliament, Council and Commission, also known as trilogue, EU lawmakers agreed that the largest messaging services, such as WhatsApp, Facebook Messenger or iMessage, will have to open up and interoperate with smaller messaging platforms upon request. Users of small or big platforms would then be able to exchange messages, send files or make video calls across messaging apps, thus giving them more choice. Regarding interoperability obligations for social networks, co-legislators agreed that such interoperability provisions will be assessed in the future.

The envisage new rules also aim to ensure that combining personal data for targeted advertising will only be allowed with explicit consent given to the gatekeeper. Furthermore, users should be allowed by gatekeepers to freely choose their browser, virtual assistants or search engines.

If a gatekeeper does not comply with the rules, the Commission can impose fines of up to 10% of the gatekeeper’s total worldwide turnover in the preceding financial year, and 20% in case of repeated infringements. In case of systematic infringements, the Commission may ban them from acquiring other companies for a certain time.

The Commission had proposed the Digital Markets Act in December 2020 to address the negative consequences arising from certain behaviours by online platforms acting as digital “gatekeepers” to the EU single market.

Further information

High digital dependence of EU countries


© AdobeStock

Digital dependence of EU countries remains high. This is a central result of a research report published by the Center for Advanced Security, Strategic and Integration Studies (CASSIS) at University of Bonn in April 2022. The report summarises the key findings of the Digital Dependence Index (DDI), which measures the dependence level on different technology sectors of 23 countries.

The primary indicators of the index focus on ICT trade, communication infrastructures, and intellectual property. The level of dependence is scaled from low sensitivity to high vulnerability. The DDI compares 23 dependence indicators based on three different data sets. The digital dependence status of countries can be distinguished as follows: DDI scores between 0.5 and 1 indicate being more digital dependent; DDI scores between 0 and 0.5 indicate being less digital dependent.

In 2019, 87 percent of countries were highly vulnerable. Although the global dependence structure remained stable since then, there are substantial changes.

China, South Korea, Russia, Kenya, and the US became more autonomous in the last decade. Japan and Indonesia, on the other hand, experienced the most pronounced increases in digital dependency while the positions of the other 16 countries changed very little.

The US is by far the least digitally dependent country and has even widened the gap towards the other countries since 2019. Only China and South Korea managed to reduce the gap towards the leader. China, in particular, made the greatest gains during the last ten years.

European countries have maintained a highly vulnerable status, while their autonomy gap to the US, China, and South Korea widened, as European countries have fallen behind in every dimension compared to the three most digitally autonomous countries. According to the report, Europe’s digital autonomy has eroded in the last decade. The reason is that digital interactions have become more asymmetric with China (ICT trade dependence), with the US (infrastructure and platform dependence), and the East Asian region (intellectual property dependence).

The authors of the report recommend that European countries should rethink their entire approach to digital technologies and employ a much more comprehensive and bold approach, in order to increase digital autonomy.

Further information

MWC Barcelona 2022

5G-PPP participation at the world’s largest telecoms event

From 28 February to 3 March, MWC Barcelona, still commonly referred to as Mobile World Congress, attracted a large crowd of 10,700 industry experts to attend in person. After two years of Covid-19 restrictions this figure was still below pre-Covid levels. Yet, the event clearly indicated a return of the industry to something closer to normality, despite the Russian invasion of Ukraine, which started four days before MWC opened its doors. Among the booths in the exhibition and the presentations in the conference programme were also a number of 5G PPP projects, which presented their latest results.

5G-TOURS results at the ATOS stand

One of the partners of the 5G-TOURS project is ATOS, who are leading the work package on use cases and requirements. As an active contributor to the network automation work within 5G-TOURS, ATOS has contributed both to the project use cases as well as external standards and open-source activities. At its own stand ATOS presented and demonstrated various research activities, including the 5G-TOURS activities around network automation based on AI.

Joint stand of 5G-TOURS, 5G-Heart and 5G-Solutions

5G-TOURS joined forces with two other 5G-PPP projects 5G-Heart and 5G-Solutions in order to have a stand in Hall 7. The experts at the stand answered the questions of numerous visitors and showed videos about the projects’ use cases, including 5G-TOURS from the three nodes in Turin (Italy), Rennes (France), and Athens (Greece).


Presentation by Diego Perino, Director of Telefónica I+D

MWC presence of the DAEMON project

The DAEMON project on Network Intelligence for Adaptive and Self-learning Mobile Networks was present at MWC through fliers and brochures available at the stands of several project partners like i2CAT and Software Radio Systems. This material provided a thorough description of the context, vision and objectives of the project and was freely available to all attendees visiting the partners’ booths. The project was also featured in a looped video displayed on a monitor at the i2CAT stand.

In addition, research results from the DAEMON project were presented on stage by Diego Perino, Director of Telefónica I+D. In his talk about the impact and benefits of integrating AI in future-generation mobile networks, he explicitly acknowledged the contribution by DAEMON.

Special session of Catalonia Tourism Cluster

5G-TOURS was invited to a special session of the Catalonia ICT Tourism Cluster. In addition to other projects and local contributors from Catalonia, 5G-TOURS technical manager Belkacem Mouhouche presented the tourism node of the project and explained how the 5G-TOURS use cases developed in Turin will help tourists and citizens enjoy museums and touristic places better, especially in the COVID era.

Conclusion

Mobile World Congress provided the opportunity for a few 5G-PPP projects to disseminate their results in person instead of online, as it had become usual in over two years of the Covid-19 pandemic. In this respect, the stands at MWC where very useful to make people aware of the 5G-PPP project activities. Presentations on stage and in special sessions added to the achieved impact.

Further information