Cyber Scene #66 - The Beat(ing) Goes On
Cyber Scene #66 -
The Beat(ing) Goes On
The anticipated lowering of the Russian cyber boom on Ukraine does not appear to have occurred as of now, and the loss of thousands of lives on both sides has replaced the expected cyber war correspondence filings on the front page. However, cyber shadows continue to play, if not the leading role at least a supporting one in this tale of sovereignty attacked as, if not first the act, at a minimum, a threat of yet another world war.
This Cyber Scene will first explore the present role of cyber in the Russian invasion of Ukraine, and the sotto voce role of cyber in underpinning various measures and countermeasures taken by the attackers and victims as well as the 140+ UN nations supporting Ukrainian sovereignty, the 5 nations supporting Russia on the other side, and several dozen fence sitters. For background purposes, keep in mind that the UN may be providing policy directions, but NATO, the EU, other combinations of willing countries and organizations, and perhaps even the G20 (which may now exclude Russia) play strategic, operational, and tactical roles in this ongoing war.
While this edition of Cyber Scene is not framed in a more customary inside-the-Beltway mode, this readership is aware of the not only a "whole-of-government" but a "whole-of-most-of-the-world" response to the invasion of a sovereign nation. All NATO, EU, and scores of other countries' leadership, parliament, and judiciary are in play. Their participation and commitment have surged since the last Cyber Scene publication. Note that White House policies are similar to those of like-minded European countries; that Congress, which holds the purse, funds military spending in the billions and support for the promised 100,000 Ukrainians to be welcomed to the US endorsed by mirror images in France, Germany, the UK and Poland, inter alia; and the move to impose drastic sanctions against Russia has cleared the judicial bars in the US as well as like institutions abroad.
Given the Moscow-directed misinformation campaign attacking Ukraine and the shutdown of several cyber means of communication within Russia, Putin is reminiscent of KGB days.
Ukrainian tech folk are not surprised. They have been preparing since at least 2014-15. While the Russian populace is struggling with fewer resources to sort cyber wheat from the domestic misinformation chaff as cyber sources are constrained, Ukrainians appear to be communicating amongst themselves and with cyber support external to Ukraine. If Ukrainian President Zelensky's daily phone calls to world leaders, presentations to NATO, the EU and the US Capitol, and communication with his stalwart and brave "soldiers" are in any way exemplary of what cyber is affording them quietly, they are doing rather well. On 25 March, for example, former US Ambassador to Ukraine John Herbst interviewed Zelensky's Head of the Office of the President Andriy Yermak and took on Putin's misinformation campaign: "evacuation of Ukrainians" is "hostage-taking;" attacking a theater with children is not a defensive measure but a war crime; threats of chemical and nuclear attacks are "blackmail." Yermak pointed out that the invasion was not provoked nor is it certainly not a "walkover."
Stepping back to analyze the "Secret Cyberwar Being Waged in Ukraine," NYT's Thomas Rid, a professor at Johns Hopkins' Nitze School of Advanced International Studies, affirms that President Zelensky is understandably not speaking out about cyber activity in Ukraine that makes it successful; no news is better news. Rid notes that many pundits expected a "…cyberapocalypse and waves of pommeling digital strikes" but goes on to say that "Cyberattacks are conspicuous by their absence." Cyber is "…playing out in the shadows, as inconspicuous as it is insidious." He goes on to state that the most destructive cyberoperations are designed to be covert and deniable. No one seems to know who published the names, numbers, and unit affiliations of 120,000 Russian soldiers in Ukraine. That, along with the death of several high-ranking Russian high-ranking general offices—6 at this writing--would generate quite a psychological wallop. And the counterpart is the bravery of the Ukrainians, civilian or military, man or woman. This is all reminiscent of WWII successes and military psychological operations (psyops), now executed digitally.
Per The Hill's (24 March) synopsis, President Biden launched additional sanctions, during his visit with NATO allies and the G-7 leaders in Brussels before departing for Poland against "…over 400 Russian elites, lawmakers, and defense companies in response to Putin's war of choice in Ukraine. They personally gain from the Kremlin's policies, and they should share the pain." Cyber contributes to sanctions implementation, and President Biden underscored, in a speech at NATO on 26 March, the fact that sanctions implementation, not "sanctions" is what is effective.
Reverberations of sanctions may reach US soil in an upturn in cyberattacks, per "emerging intelligence" alluded to by President Biden and addressed directly in a White House press briefing. Washington Post's Joseph Marks and Aaron Schaffer (22 March) in their publication "Cybersecurity 202" cite that Deputy National Security Adviser for Cyber and Emerging Technologies, Anne Neuberger, conveyed to the public the alert as a "call to action for companies to raise their cyber defenses." Marks and Schaffer explain that she tied it to a series of US intelligence releases in recent months aimed at "shining light on Russian planning." Neuberger also mentions "…classified briefings for government officials conducted last week for more than 100 companies in sectors at the highest risk of Russian hacks." She said that this was the result of recent "preparatory activity" by Russian hackers, and that lax defensive security measures on the part of some companies makes them larger targets than they should be.
Sanction implementation and tracking are grounded in cyber. Long lines of Russian citizens trying to withdraw devalued rubles from ATMs, and the departure of western restaurants, hotels and pleasant amenities largely new since the dissolution of the Soviet Union are painful for Russians who have come to expect access. On the Ukrainian side, of course critical shortages continue. But Wired's Steven Levy offers another perspective in "Crypto goes to war in Ukraine" regarding the fungibility of cryptocurrency. He tells a story of Everstake, a Ukraine-based blockchain company whose CEO tried to convince his employees to leave Ukraine, as he did. However, per Levy, "…the chaos of war often gives rise to alternative economies…one that rests on the unique virtues of crypto." President Zelensky signed legislation in March 2022 that supported crypto sector activities, like currency exchanges and bank integration for crypto firms.
Russia and Ukraine are engaged in a more subtle war—a digital battle per WSJ's Christopher Mims in "The Russia-Ukraine Cyberwar Could Outlast the Shooting War." Ukraine has publicly called up "an international army of vigilante hackers. The country also has hundreds of thousands of tech workers inside and outside the country who are participating in hacks and cyberattacks on targets in Russia, according to Viktor Zhora, deputy chief of Ukraine's government agency responsible for cybersecurity."
Meanwhile, as reported by WSJ's Dustin Volz and Aruna Viswanatha, the US has charged a group of Russian government hackers who have been targeting "…hundreds of companies in 135 countries." Lisa Monaco, Deputy Attorney General, said that although they are being charged for past crimes, the charges "…make crystal clear the urgent ongoing need for American businesses to harden their defenses and remain vigilant." The article goes on to discuss the cyberattack plans, naming names of the charged hackers (some FSB) and the various targets in their planned attacks.
Given how the world—well, except perhaps President Zelensky-- may not have anticipated what has transpired over the last four weeks regarding cyber, it is difficult to determine whether next month's Cyber Scene will return to more domestic issues. Stay tuned.