As Europe plunges into a conventional war, the world is bracing for the First World War in Cyberspace. On 23 February 2022, as of 16:30 Kyiv time, the websites of the Ukrainian parliament, Ministry of Foreign Affairs, and Council of Ministers (including all individual ministerial sites), and the Security Service of Ukraine, were all unreachable. Within hours, ground troop movement started as Russia attacked Ukraine in a conventional war.
‘Cyberattacks preceding tanks, aircrafts, and boots on the ground’ has now become the model template for any global conflict. European Union and NATO countries are expecting a barrage of cyberattacks on their technology infrastructure, private and government organisations. The EU has announced that a cyber rapid-response team (CRRT) was being deployed across Europe, after a call for help from Ukraine.
DDoS Attacks By Russia
Attacks had already begun on 15 and 16 February 2022, when the Ukraine government and bank websites crashed under DDoS (Distributed Denial of Service) attacks. The DDoS attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers,” it means that hackers have attempted to make a website or computer unavailable by flooding or crashing the website with too much traffic. Almost immediately, fingers were pointing to Russian spies. Anne Neuberger, the US deputy national security advisor for cyber and emerging technology, said, “technical information links the Russian Main Intelligence Directorate (GRU) with the DDoS attack that had overloaded and brought down the Ukrainian websites.”
Independent threat researcher Snorre Fagerland, working in cooperation with Bellingcat and The Insider, has identified a web service, apparently serving as a command-and-control centre, which has played a role in past cyber-attacks linked to Russian state interests.
Might Not Be Restricted To Cyberspace
Intelligence from all major governments warns that cyberattacks could trigger a bigger war and could morph into a broader war that draws in NATO nations – including the United States. In a 2021 communique, NATO affirmed the alliance would weigh whether to trigger its Article 5 mutual defence pact over a cyberattack “on a case-by-case basis.” It said the response “need not be restricted to the cyber domain.” The collective defence clause of NATO’s founding treaty – Article 5 of the Washington Treaty – is a provision that means an attack against one member is considered an attack against all of them. This is a fundamental part of NATO and why it says it is a defensive alliance.
Military and cybersecurity analysts are fearful of a scenario in which Russia deploys cyber weapons inside Ukraine that take on a life of their own and spread to NATO member states. This has happened before – most notably in 2017 when Russia’s NotPetya malware was unleashed in Ukraine. It ended up causing billions of dollars in damage to companies worldwide.
Nation-states have been stockpiling malware tools precisely for responding to situations such as what the world is facing today. Experts argue that if you unleash not one, but five, or 10, or 50, or 1,000 of them in Ukraine – chances are, they won’t stay confined within Ukrainian geographic borders. These could spread from America to the UK throughout all of Europe! But the most likely spread could be to adjacent geographic territories such as Poland – just like the toxic spread of radioactive fallout in nuclear warfare. And it suddenly gets into a similar grey area regarding strategic ethics. What would the Polish people’s reaction be? What would NATO’s reaction be? What would America’s reaction be? Although the US troops are not getting physically shot at, a malicious cyberattack could well cause them immense harm.
Fears of cyberwarfare “spill-over” are entirely reasonable since many forms of malware are designed to multiply and overwhelm targets, and continue wreaking havoc. They rarely have “off” buttons by design – and they don’t recognize international boundaries. Pushed into a corner, the Russian president could well give carte blanche to his cyber warriors to press the nuclear button of the First World-Wide Cyber War!