Defence in cyberspace, lessons from Russia-Ukraine war
RUSSIAN invasion in Ukraine was envisaged as a modern conflict between two technologically advanced nations.
Many analysts were of the view that this would be a high-tech war where both the nation states would employ their state-of-the-art arsenal including cyber weapons.
However, Cyber-Armageddon is yet to be witnessed Russia is an established cyber power with proven cyber-attack capabilities.
Previously, in 2014 during the Crimea annexation campaign, the Russian Federation was able to launch significant cyber-attacks to undermine cyber defence capabilities of Ukraine.
During this campaign, Russian hackers crippled banking system to inflict economic loss as well as defaced official websites to undermine the will of people of Ukraine.
The Federation used workable malware which had capability to affect cross domain networks by jumping from one domain to another.
However, this malware also affected networks outside Ukraine. Ukraine once having third largest stockpile of nuclear arsenal, opted for denuclearization under Budapest Memorandum in 1994.
The Budapest Memorandum consists of a series of political assurances whereby the signatory states commit to “respect the independence and sovereignty and the existing borders of Ukraine”.
According to this memorandum the US, Great Britain and Russia offered security assurances to the nation that had won independence when the erstwhile Soviet Union dissolved.
During ongoing conflict, Russia has tried to keep conflict limited to Ukrainian geographical boundaries.
Hence, now cyber-attacks intended against cyber infrastructures are only targeting those networks and other cyber infrastructures which are geographically residing inside Ukraine.
These cyber-attacks are mainly intended for denial of service, espionage, data extraction and data destruction activities.
The Federation is also harnessing cyber capabilities for influencing operations. These operations are engaging domestic audience to muster support for the government policies against Ukraine populace to undermine their will as a nation and prepare them to pursue their government to refrain from further resistance and influencing other nation states to dissuade them to support Ukrainian.
Whereas, Ukraine is quite successful to impede cyber-attacks directed against its cyber infrastructure, Russian influence operations have reportedly impacted domestic audience as well as abroad especially areas which are against colonialism such as Africa.
Russian cyber influence operations are building on and are connected to tactics developed for other cyber activities.
Like the Advance Persistence Threat teams that work within Russian intelligence services, Advance Persistent Manipulator (APM) teams associated with Russian government agencies act through social media and digital platforms.
These actors are pre-positioning false narratives in ways that are similar to the pre-positioning of malware and other software code.
They are then launching broad-based and simultaneous “reporting” of these narratives from government-managed and influenced websites and amplifying their narratives through technology tools designed to exploit social media services.
Recent examples include narratives around bio-labs in Ukraine and multiple efforts to obfuscate military attacks against Ukrainian civilian targets.
Due to low barriers to entry into cyberspace it is observed that less sophisticated actors can even undermine the defence due to availability of off the shelf tools.
Investigations by security studies expert on cyber security give more weightage to cyber offensive actions than cyber defensive measure.
They are of the opinion that ever changing character of cyber threats such as zero day exploits and capability of cyber weapons to attack surreptitiously undermine defence in cyberspace.
The stealth nature of cyber weapons make them more effective and result uphill task for cyber defensive measures to detect.
However layered or segregation of different information systems based on their classification can reduce their vulnerability.
However, such hardened cyber defensive measures complicate the ease of use, thus defeating two primary objectives of information systems ie connectivity and availability.
There lies root dilemma; an impregnable system is inaccessible to legitimate users whereas an accessible machine is inherently vulnerable to pernicious code.
Hence primitive studies of cyber security greatly emphasize on gaining ascendance in cyber offensive capabilities.
Ukraine learnt a lesson from 2014 cyber-attacks. The country hardened its cyber infrastructure and launched cyber strategy in 2016 to streamline efforts to avert recurrence of cyber debacle.
The strategy pledged to complete implementation by year 2020. The country also went into cyber security cooperation with allied countries as well as tech companies to safeguard its cyber infrastructure by incorporating robust cyber defensive measures.
International cooperation facilitated Ukraine to relocate its cyber critical infrastructure to safer places of friendly nation states without compromising connectivity and access.
Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyber-attacks.
Artificial intelligence-based threat intelligence systems are helpful for early detection of cyber threats.
In this regard the country has been benefited by western tech companies such as Microsoft.
Moreover, Internet-connected end-point protection has made it possible to distribute protective software code quickly both to cloud services and other connected computing devices to identify and disable malware.
Ukraine with the assistance of western tech giants such as Microsoft is able to early detect Russian cyber influence operations.
For cyber defence, the conflict in Ukraine is instructive. International cooperation, public private partnership and well-orchestrated cyber strategy has ostensibly helped Ukraine to thwart a bigger challenge which could have consequential effects on outcome of the war.
Nation states such as Pakistan can be benefited from inference of cyber conflict between Russia and Ukraine.
According to a UNDP report, Pakistan is currently one of the youngest populations in the world and the second youngest in the South Asian region after Afghanistan.
Out of the total population in the country, 64 per cent is below the age of 30, and 29 per cent is between the ages of 15-29 years.
The country has a reasonably good literacy rate of almost 63%. Thus the country is well poised to harness emerging technologies such as AI and big data analytics to counter ever changing cyber threat landscape.
A robust national level cyber strategy will play pivotal role to steer national efforts to safeguard critical cyber infrastructures.
International cooperation for relocating cyber infrastructure at the time of crisis can be further explored without compromising access and connectivity.
—The writer is contributing columnist, based in Islamabad.
