Decoding the cyber dimension of Russia-Ukraine conflict

On 23 February, a day before Russian forces commenced a “special military operation” on Russian President Putin’s orders, Ukraine was hit by multiple cyber attacks. While Distribution Denial of Service (DDOS) attacks targeted websites linked to the Ukrainian government and banks, a more sophisticated destructive data-wiping malware was detected by cyber security firm ESET on hundreds of computers in the country.

Over the course of the last two months, as Russia massed tens of thousands of troops on its borders with Ukraine, there were two other major cyber attacks. On 14 January 2022, a cyber attack targeted dozens of websites belonging to government entities including the Ministry of Foreign Affairs, National Security and Defence Council and the Ministry of Education and Science. The websites were defaced, warning Ukrainian people to “be afraid and expect the worst”. Last week, on 15 February, DDOS attacks affected the online networks of Ukraine’s defence ministry and two major banks. 

Given the timing of the attacks, the ongoing conflict, and the history of Russia’s cyber activities vis-a-vis Ukraine and other countries like Georgia and Estonia, Russia was suspected of being behind the attacks in many quarters, including the Ukrainian government, cyber security firms and Western governments. But Russia denied any involvement, taking refuge in the intractable attribution problem of cyberspace. 

As the Russian-Ukraine conflict unfolds with ongoing Russian “invasion” of the latter, it may be pertinent to ask how effective have been these cyber attacks and what role are they expected to play in the present conflict as well as future conflicts and wars.  

A history of cyber attacks

Ukraine has been a host to some of the most sophisticated and persistent cyber attacks since 2013. Russia, widely believed to be behind these attacks, has been engaged in antagonistic relations with Ukraine since late 2013, when protests began against the Pro-Russian President of Ukraine, Viktor Yanukovych (who subsequently went into exile in Russia). Russia annexed Crimea from Ukraine in 2014 and also fomented regional insurgency in the Russian-speaking eastern region of Donbas. In December 2015, long after the cease-fire took hold, the country’s electricity grid was targeted in a sophisticated cyber attack, blacking out 80,000 homes in Ukraine for many hours. 

How effective are cyber attacks?

Attribution is not the only challenge in the cyber domain; ascertaining the effectiveness of a cyber attack is equally challenging, contrary to the hyperbole prevalent in most media reports. Kostyuk and Zhukov in a 2019 paper published by the Journal of Conflict Resolution, undertook a seminal empirical study in the larger academic field of Cyberspace and International Relations. They studied the Ukrainian conflict raging since 2013 and found that neither cyber attacks shaped battlefield events nor vice-versa. They argued that there was “lack of discernible reciprocity” not just “between cyber and kinetic operations” but also “between the cyber actors themselves”. This was primarily due to “force synchronization challenges” (which, while not unique to the cyber domain, are much more complex for cyber as compared to other domains). They also found an insignificant relationship between cyber attacks and physical violence during the conflict. Finding consistent results in the case of the Syrian conflict, they argued that “cyber attacks are not (yet) effective as tools of coercion in war”. 

But Kostyuk and Zhukov also flagged two important caveats. First, cyber attacks do have short-term and long-term political and psychological implications – which, by their nature, are hard to measure. Second, what holds true in the case of the Ukraine conflict might not hold true for a symmetrical war or armed conflict between major powers. But “no armed conflict has yet provided researchers with the data needed to evaluate this possibility”.

The future of cyber attacks

Kostyuk and Zhukov suggest that the association between cyber attacks and kinetic attacks is similar to that between airpower and ground operations in World War I. “That revolution appeared on the battlefield twenty-five years later, with devastating effect”, they add, referring to the extensive use of airpower in World War II. 

Given the unlikelihood of any war breaking out between major powers in the near future, the unfolding Russia-Ukraine conflict would be an important case to discern early trends and predict the future of cyber attacks. In the upcoming weeks (and months) it may become clear whether the ‘cyber moment’ will arrive sooner than anticipated. 

However, irrespective of how cyber attacks evolve in the future, it is evident that present-day cyber attacks are highly capable of spreading chaos and undermining people’s trust in their own governments (as Russian interference in the 2016 US elections demonstrated). The difficulty of quick and reliable attribution of cyber attacks is only going to add to the complexity (as witnessed in the recent Ukrainian attacks and several other attacks in the last decade). In highly networked societies, waning away of people’s faith in the system coupled with absence of an attributable ‘enemy’ might be as damaging (or even far more damaging in the long-term) than destructive cyber attacks that work (or do not work) in tandem with kinetic attacks. Seen in this light, the repeated cyber attacks appear to be fulfilling what various commentators have called Russia’s ‘hybrid warfare’ strategy, which combines propaganda, cyber attacks, economic assault and non-conventional methods with conventional military operations.