Berlin, Tel Aviv Tanks, helicopters, soldiers with assault packs: the propaganda battle of images has long since begun. Russia is scattering photos and videos of current maneuvers to demonstrate the effectiveness of its military.
But apart from the martial scenes, a completely different type of rearmament is taking place. An armament that remains invisible to the West – but poses a massive threat to Ukraine: attacks from cyberspace.
In the event of an invasion, experts expect that the Russians will support their military strikes with targeted actions in cyberspace. The preparations for this were in full swing.
“We have been warning, publicly and privately, for weeks and months that cyberattacks could be part of a Russian effort to destabilize Ukraine,” said Anne Neuberger, the US President’s Deputy Security Advisor on Cyber and Emerging Technologies.
Russia wants to use attacks in cyberspace to disable or damage Ukraine’s critical infrastructure in order to put pressure on the government, the military and the population, she said during a recent visit to Brussels.
Matthias Schulze, cyber security expert at the Stiftung Wissenschaft und Politik, also considers such a new type of warfare to be “highly probable”. He assumes that Russia could pursue three possible goals in cyberspace:
- to obtain information about the enemy’s military strategies by spying on systems,
- to support one’s own armed forces in the field through targeted disruptive actions on military logistics or the critical infrastructure,
- using malware to create chaos and confusion, send political signals and show strength.
The question of which measures are used depends on the military goals, explains Schulze. “How far you go on the escalation scale depends on what Putin wants,” he says.
>> Read here: How Vladimir Putin uses Western weakness to position himself as a great power
However, such actions could not be carried out overnight. And so it can be assumed that parallel to the Russian troop movements, less visible preparations have already taken place in cyberspace. Schulze believes that Russia, but also the USA, China and other countries already have access to sensitive data systems in other countries so that they can be used in an emergency.
Cold War in Cyberspace
There is a threat of a cold war in cyberspace, which would also be part of a hot war. “The situation is confusing due to the possible involvement of various state and non-state cyber actors, such as criminals and patriotic hackers,” warns cyber expert Schulze. A crisis situation like the current one could quickly escalate.
Mainly because cyber attacks cannot always be traced back beyond doubt. This increases the risk that states will hold each other responsible – and threaten retaliation.
In order to arm Kiev as comprehensively as possible in the event of a possible exchange of blows between the cyber powers, the USA and several other NATO countries had sent teams of experts to Ukraine in the past few weeks.
The former cyber chief of the Israeli army, Yaron Rosen, who today organizes defense against cyber attacks for large companies with his start-up Illuminant, told the Handelsblatt that Israel is also able to support Ukraine. The Israel National Cyber Directorate (INCD), for example, can analyze and improve strategies and operations at the national level.
Germany, too, promised Foreign Minister Annalena Baerbock during her last visit to Kiev, could help with cyber defense. Experts from the Federal Office for Information Security (BSI) are ready. According to information from the Handelsblatt, Ukraine has not yet registered any need for this.
Power grid vulnerability
However, it is questionable how much international aid can now do. The US experts are of the opinion that it is hardly possible to prepare effectively for a Russian cyber attack within a very short time.
A central problem: The Ukrainian power grid, which is seen as a possible target for attacks, has been connected to the Russian grid since Soviet times. Attempts to separate it were still in the early stages.
In 2015 and 2016, suspected Russian hackers succeeded in turning off the lights during attacks on this network in Ukraine – even hospitals had to be evacuated due to a lack of electricity. An attack that caused little international attention.
The Ukrainian power grid is considered to be particularly vulnerable.
(Photo: dpa)
“Neither the first nor the second attack on the Ukrainian energy supply was ever condemned by any government,” says Ukrainian cyber expert Marina Krotofil. “This is worrying because the red line has been pushed further back.”
She points out that vital civilian infrastructure was targeted. It raises “the issue of cyber warfare and ethics, especially since attacking power grids is an attack on civilians.”
The economic consequences of the attacks for international companies became apparent in 2017. At that time, hackers managed to inject malware into the MeDoc accounting program, which was used to record tax payments in Ukraine.
In the end, this action paralyzed the entire software of the Danish shipping giant Maersk. In the aftermath of the attack, more than 50,000 laptops, computers and smartphones were destroyed for security reasons. The production of the pharmaceutical company Merck was affected worldwide. The US government put the economic damage at $10 billion.
However, according to US National Security Advisor Anne Neuberger, what could threaten a military conflict seems to go beyond all previous damage “in terms of scope, manner and sophistication”.
“Expect the worst”
At dawn on January 13 this year, the public was last made aware of how serious the cyber threat to Ukraine could be. About 90 websites of Ukrainian authorities and state institutions were paralyzed. Suddenly, the affected home pages read in Ukrainian, Polish and Russian: “Be afraid and expect the worst.”
Not only the Ukrainian government, but also the US company Microsoft blames the Gamaredon group for this. It has been attacking military, governmental and non-governmental organizations in Ukraine since October. Recently, an attempt was made to smuggle malware into the Ukrainian computer systems using an alleged Covid 19 update from the World Health Organization (WHO).
According to the findings of the Ukrainian secret service SBU, Gamaredon operates from the Ukrainian peninsula of Crimea, which was annexed by Russia. Cybersecurity firm Palo Alto Networks considers Gamaredon to be the “most active, modern and persistent threat” to Ukrainian computer systems today. According to the SBU, Russia is waging a “hybrid war” against Ukraine.
That is why NATO should now also help. It is planned to let Ukraine become part of the Cyber Defense Alliance (CCDCOE). Members share information and know-how about security-related cyber activities there.
Most recently, however, Hungary was the only NATO member to use its veto to block Ukraine’s accession to the CCDCOE. According to the cyber alliance itself, there is currently no consensus on Ukraine’s membership. However, they are working on changing that in the “near future”.
More: “NATO’s weakest link” – Germany is under pressure from all sides