With bad news flowing out of Ukraine like a waterfall, here’s the good news: Russia’s cyberwar failed.
The war in Ukraine looks very traditional because it is. Boots on the ground, heavy artillery, missiles etc. What happened to cyberwar and the assumed capacity of the Russian digital ‘cybermachine’? The truth is – they failed. Which is good news for all of us.
Remember the Russian attack on the Ukrainian power grid some years back? They managed to take down significant parts of it, but only for a few hours. Wired Magazine called it a ‘trial run’, I call it failure. Unsuccessful for two primary reasons: Old technology and high level of alert. Most of Ukraine’s power grid is controlled by pre-digital-age technology. Some remote control, always manual overrides on site, where ‘site’ is the main switching/transformer stations and power plants. The ‘high alert’ means people on call to fix problems 24/7 – all over the country. So within 6 hours of the attack, everything was normal – as far as the customers were concerned.
Luck? Not really – this is practical resiliency. And the takeway being that when we move our control systems into the digital age, don’t ignore the physical (including manpower) part of real resiliency.
Fast forward to today’s unfortunate situation in Ukraine: Why are there boots on the ground, bombs and explosions? Why didn’t Putin just launch a cyberattack and disable the entire country – or the critical parts? The truth is – he tried, and this is where it becomes interesting: There were lots of DDoS and other attacks the days before the invasion, with limited effect. And don’t doubt for a second that the Russians tried hard – why wouldn’t they? Russia had everything to gain by going all out digitally before launching the physical attack. Why hold back?
The answer seems obvious: They didn’t. It may seem – though no one will ever admit it – that they failed. For 3 interesting reasons, the first being the Ukrainian cyber defence is pretty good. Parts of the country is technologically advanced, this is where Europe and the rest of the world get a lot of software development and other digital work done. Also, they’re used to be under attack – even more so than the rest of us.
The second reason goes back to the power grid attack mentioned above. Ukraine is a large country with huge differences between (say) Kiev and the rural parts. The latter are ‘underdeveloped’ in a technological (digital) sense, which provides implicit resiliency against digital attacks.
The third reason is possibly the most interesting: The Russian cyber warfare arsenal may turn out to be smaller or narrower than we think. Anyone can launch a DDoS attack, many can create ransomware situations, while few can infiltrate, control and/or disable major infrastructure – whether it’s Ukraine, Germany, the US or Norway. The Russians can do all of them – to a certain degree. As can the Chinese, the Americans, the North Koreans and quite a few others. But what has been (encouragingly) demonstrated this week is that the Russian arsenal is limited.
Good news indeed, in particular for the conflict at hand: there will be attacks on other countries as well, but unless those countries have low defences, success will be as limited as in Ukraine. Still – don’t let it fool anyone onto lowering the guard. The next attacker may be someone else – with still unknown capabilities. Even more important – this battleground changes fast. Digital solutions are proliferating, creating new exposures by the hour. While old (digital) technology continue to be our biggest challenge – and threat. Millions of products all over the world, routers and firewalls (!) in particular, wide open to abuse – as discussed in Wired Magazine the other day (Russia’s Sandworm Hackers Have Built a Botnet of Firewalls).
In other words – no reason to celebrate, good reason to act: Old (digital) technology is a major threat. Do something about it.