With cyberattacks, the Ukraine war could enter a far more dangerous phase

The cyberwar aspect of Russia’s invasion of Ukraine may be just beginning.

Russia’s campaign may be the century’s first major example of multifaceted war, or “360 War” as the Pentagon has called it. In that kind of war, “kinetic” weapons—such as guns, bombs, and planes—are just one part of a strategy in which tools like disinformation, bioweapons, and cyberwarfare also play important roles.

In Ukraine, the “soft” warfare part of the campaign continues to intensify. Russian military has unleashed a flurry of cyberattacks that have taken Ukrainian websites offline and compromised hundreds of computers. The cyberattacks probably began long before the first Russian tanks crossed the border into Ukraine this week, experts say.

While the Russian military assembled its troops and gear along the Ukrainian border, experts believe it was very likely planting malicious code within the networks of Ukrainian organizations, which it could simply “turn on” after the ground attack began. Some of that code could be waiting, dormant, right now, says Stanton Jones, director and principal analyst at ISG, a global research and advisory consulting firm.

“I think it’s safe to assume there is already a lot of malicious software in Ukrainian systems, and potentially even around Western Europe, that is going to be deployed, and that is really the biggest risk right now,” Jones said on a Zoom call Friday. Such attacks could be aimed at disrupting critical infrastructure, such as pipelines and electrical grids, he added.

U.S. officials are warning that Russian cyberattacks could reach American soil, too. Russian cybercriminals have attacked U.S. institutions and companies before, but with a Russian invasion already underway and NATO on alert, such an attack now could have geopolitical repercussions.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), created in 2018 to protect critical infrastructure from cyberthreats, has been warning of the possibility of Russian digital aggression for months. It’s been working closely with U.S. companies to harden their defenses against the possibility of Russian cyber attacks.

“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” President Biden said on Thursday. The question is one of proportionality. The U.S. could theoretically respond to a Russian cyberattack with a cyberattack of its own, or it could respond with traditional warfare, a result the Biden administration very much wants to avoid.

The U.S. and its allies might also threaten cyberwar to prevent Russian cyberaggression, says Josh Wolfe of Lux Capital, a venture capital firm that invests in science and defense technologies.

“The U.S. may signal as a potential deterrent, or actually show, that it and allies—Israel, U.K., Ukraine hackers, in particular—can deploy direct digital disruption without direct kinetic or conventional forces,” he said via direct message. “That could be digital hacking or physically sabotaging internet connectivity, electric power, rail relays, or disrupting resupply [lines].”

Wolfe believes that if the war moves into a phase where Putin is actively overthrowing the Ukrainian government and trying to install a pro-Putin puppet government, the allies’ offensive cyberwar strategy could shift.

“Then the cyber options are to disrupt Russian communications inside Ukraine and help native insurgents thwart the offensive and take back strategic cities with the help of foreign aid in their efforts to defend their own homeland,” Wolfe says.

The risk of miscalculation

The danger in all this may be the potential for miscalculation and error. It may be easier to misconstrue or misattribute aggressive actions that happen in the shadows, within communications and infrastructure networks. Kinetic actions, such as airstrikes, happen in the open and leave physical evidence. Wolfe suggests that Putin could attempt to play the ambiguity around cyberattacks to his advantage.

“It would be reasonable to expect to see . . . some hospitals or other key systems held hostage via crypto-demanding hackers, who will then claim they are doing it independently and with Russian sympathy,” Wolfe says. Putin might then publicly insist the attackers are rogue actors whom he denounces. But the damage would be done, and deciding the correct response would be difficult and risky.

Meanwhile, much of the U.S. population is just now digesting the idea that cyberterror is one of the ways in which the Ukraine war might hit home. Some experts have urged people to download and install security updates available for their personal devices.

U.S. businesses are responding in a number of ways.

“We advise investment management shops, so we are always thinking about ways to prevent things from happening,” said Daniel Strachman, managing partner at A&C Advisors LLC. “A lot of guys who do algorithmic trading are downloading their data onto external hard drives away from the cloud to protect their data. It doesn’t matter who is running the cloud.”