Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Science

‘Cyber operations are part of the war in Ukraine’

What can we expect in terms of digital warfare after the military invasion of Ukraine? Cyber Security Professor Michel van Eeten foresees further disruption due to malware.

“You can assume that the cyber defence is heavily dependent on what happens physically.” (Photo: Mika Baumeister / Unsplash)

What can we expect in terms of a cyber war from Russia?
“There is a large-scale invasion going on. You can then assume that cyber operations are part of it. I then think of attempts to do targeted things such as deactivating the command centres of the Ukrainian army. And the spreading of malware (malicious and disruptive software, Eds.) widely at random to sabotage computers and cause turmoil in all sorts of organisations. A bit like the attacks that we saw a couple of years ago in Saudi Arabia against Aramco. In one day, 30,000 computers were rendered useless. I suspect that they have considered this sort of tactic here too. They will then widely disrupt and wreak havoc among government institutions, banks and companies. I even read a tweet by a researcher who said that malware was already circulating that was trying to do this.”

I read that there had previously been a cyber attack on the electricity grid. Can this be expected again?
“Initially yes. But I think that when you are already invading it is really easy to bring down the electricity grid. You do not need to undertake any complicated attacks. All you need is a couple of grenades.”

The National Cyber Security Centre pledged to support Ukraine in the event of a cyber war. What do they have available to them?
“They offered this a couple of days ago. Ukraine responded somewhat cautiously as it was not clear what it would entail. It now looks like there is one person from the cyber command that is available. One person alone cannot do much. But one area where help may be useful is coordination. Just imagine that if a country needs to defend itself digitally, it would be of enormous help if it had all sorts of groups abroad that help it do things like receive traffic or share information about any malware that they detect. You then need the operational cyber specialists’ networks. You will not be able to do this if you have to go through all sorts of hierarchical processes at the Ministry of Defence. The specialists or hackers have trusted networks among themselves that are based on personal relationships. So if you place them in that position, they bring a network of other cyber specialists with them that can do useful things if a country is attacked digitally. Looking at it like that, I can imagine that even one specialist can make a useful contribution if he or she would be there.”

‘It is when a country is under fire coordination is a lot harder’

But would he or she need to be there physically?
“You could work from The Hague, but when the country is under attack physically or digitally, the coordination suddenly becomes a lot harder. If you are there physically, and you can work shoulder to shoulder and talk with the people there, you can mobilise people much more effectively. The handover of information is more complicated remotely. In times of peace it is not a problem, but in times of war it is more complicated. Physical proximity is then advantageous, partly because you are embedded in the network there. Imagine that all sorts of connections become unusable. How will you then be in contact with people on the ground there? It reminds me of an incident 13 years ago in Estonia that suffered a major DDOS attack. In effect the country was closed off from the internet as the connections were full of waste traffic.”

Because of that DDOS attack?
“Oh yes. And then some Western cyber specialists, volunteers from the hacker and security community, took the initiative to fly there. They had contact with some Estonian specialists and went to help. They mobilised their international networks. Later studies showed that that coordination worked well.”

What did they do?
“As soon as you see that the data lines are getting full you check where the data is coming from. Often normal companies are at the other end of the data pipelines where the attack traffic originates. You can then contact the companies and ask them if they will capture and get rid of the attack traffic.”

Can the National Cyber Security Centre do anything that people in Ukraine cannot do?
“No, Ukraine is quite advanced digitally. But a stumbling block in a situation like that is that you need to process a huge amount of information in a very short space of time. If you are deluged by an attack and your network looks like it is folding up, you simply do not have the capacity to keep it going.”

Will this be of limited duration or will it take a long time?
“It will depend on how the military conflict progresses. How long can Ukraine defend itself? You can assume that the cyber defence is strongly dependent on what happens physically. And I believe that the physical element will determine what happens digitally.”

Science editor Jos Wassink

Do you have a question or comment about this article?

j.w.wassink@tudelft.nl

Comments are closed.