‘Cyber operations are part of the war in Ukraine’

What can we expect in terms of digital warfare after the military invasion of Ukraine? Cyber Security Professor Michel van Eeten foresees further disruption due to malware.

“You can assume that the cyber defence is heavily dependent on what happens physically.” (Photo: Mika Baumeister / Unsplash)

What can we expect in terms of a cyber war from Russia?
“There is a large-scale invasion going on. You can then assume that cyber operations are part of it. I then think of attempts to do targeted things such as deactivating the command centres of the Ukrainian army. And the spreading of malware (malicious and disruptive software, Eds.) widely at random to sabotage computers and cause turmoil in all sorts of organisations. A bit like the attacks that we saw a couple of years ago in Saudi Arabia against Aramco. In one day, 30,000 computers were rendered useless. I suspect that they have considered this sort of tactic here too. They will then widely disrupt and wreak havoc among government institutions, banks and companies. I even read a tweet by a researcher who said that malware was already circulating that was trying to do this.”

I read that there had previously been a cyber attack on the electricity grid. Can this be expected again?
“Initially yes. But I think that when you are already invading it is really easy to bring down the electricity grid. You do not need to undertake any complicated attacks. All you need is a couple of grenades.”

The National Cyber Security Centre pledged to support Ukraine in the event of a cyber war. What do they have available to them?
“They offered this a couple of days ago. Ukraine responded somewhat cautiously as it was not clear what it would entail. It now looks like there is one person from the cyber command that is available. One person alone cannot do much. But one area where help may be useful is coordination. Just imagine that if a country needs to defend itself digitally, it would be of enormous help if it had all sorts of groups abroad that help it do things like receive traffic or share information about any malware that they detect. You then need the operational cyber specialists’ networks. You will not be able to do this if you have to go through all sorts of hierarchical processes at the Ministry of Defence. The specialists or hackers have trusted networks among themselves that are based on personal relationships. So if you place them in that position, they bring a network of other cyber specialists with them that can do useful things if a country is attacked digitally. Looking at it like that, I can imagine that even one specialist can make a useful contribution if he or she would be there.”

‘It is when a country is under fire coordination is a lot harder’

But would he or she need to be there physically?
“You could work from The Hague, but when the country is under attack physically or digitally, the coordination suddenly becomes a lot harder. If you are there physically, and you can work shoulder to shoulder and talk with the people there, you can mobilise people much more effectively. The handover of information is more complicated remotely. In times of peace it is not a problem, but in times of war it is more complicated. Physical proximity is then advantageous, partly because you are embedded in the network there. Imagine that all sorts of connections become unusable. How will you then be in contact with people on the ground there? It reminds me of an incident 13 years ago in Estonia that suffered a major DDOS attack. In effect the country was closed off from the internet as the connections were full of waste traffic.”

Because of that DDOS attack?
“Oh yes. And then some Western cyber specialists, volunteers from the hacker and security community, took the initiative to fly there. They had contact with some Estonian specialists and went to help. They mobilised their international networks. Later studies showed that that coordination worked well.”

What did they do?
“As soon as you see that the data lines are getting full you check where the data is coming from. Often normal companies are at the other end of the data pipelines where the attack traffic originates. You can then contact the companies and ask them if they will capture and get rid of the attack traffic.”

Can the National Cyber Security Centre do anything that people in Ukraine cannot do?
“No, Ukraine is quite advanced digitally. But a stumbling block in a situation like that is that you need to process a huge amount of information in a very short space of time. If you are deluged by an attack and your network looks like it is folding up, you simply do not have the capacity to keep it going.”

Will this be of limited duration or will it take a long time?
“It will depend on how the military conflict progresses. How long can Ukraine defend itself? You can assume that the cyber defence is strongly dependent on what happens physically. And I believe that the physical element will determine what happens digitally.”

Science editor Jos Wassink

Do you have a question or comment about this article?

Comments are closed.