How to Beat a Russian Cyber Assault on Ukraine

Ukraine and its friends in the United States, NATO, and European Union need to prepare now for a probably inevitable (but just possibly preventable) cyber conflict with Russian-backed proxies.

Russian government behavior is clear when its perceived interests in its “near abroad” are at risk.  The trend started most obviously in 1999 when the Kremlin turned a blind eye to groups like the Russian Hacker Brigade that attacked networks of NATO and member nations in response to Operation Allied Force bombing attacks against Serbia (a fellow Slavic country friendly to Russia).  These attacks disrupted NATO web servers and other services but had little overall effect on the alliance or its operations. Similarly, later attacks by Russian nationalists, such as those against Latvia or Lithuania, were largely inconsequential, at least at the strategic level.

Related Content

The disruptive attacks against Estonia and Georgia (in 2007 and 2008 respectively) were more strategically significant. President Vladimir Putin’s government, angered at perceived Estonian ingratitude for Soviet “liberation” from Nazi occupation, ignored and encouraged nationalist attacks.  These attacks – which caught the Estonians and NATO off guard – resulted in a tactical and strategic defeat for the Kremlin, as Estonia was not coerced, and now is renowned for its cyber defense expertise.

The Russian government appears to have taken a far more active role in the disruptive attacks against Georgia the following year. All evidence suggests that the Kremlin did not simply encourage, but actively coordinating them, perhaps to coincide with military operations of their armored assault.

The Putin regime cares far more about the future of Ukraine than it does about Serbia, Estonia or even Georgia. Six years after those latter campaigns, the technical means and proxies used this time are likely to be similar, though more dangerous.

The new Ukrainian government, and its friends in the West and elsewhere should take three key actions now, starting with watching for key indicators that attacks are likely.  

Despite common myths, cyber attacks like these can be quite easy to spot before they are launched. Rather than scanning for malevolent ones and zeroes coming down the wire, defenders can track early warning signs.  Estonian cybersecurity teams saw Russians gathering and plotting on nationalist message boards weeks beforehand and an accurate predictor of future Russian (or Chinese) attacks is the statements from national leaders, youth groups and jingoistic newspapers.

Next, Western leaders ought to specifically include cyber disruption in their warnings to the Kremlin. Simple disruptions to webpages or mild denial of service attacks can be overlooked as blowing off nationalist steam, but major disruptions to government services or critical infrastructure must be considered as crossing a line.

Allies of Ukraine must start preparing ways to help, so that when disruptive attacks do begin, they are not left with a false choice between escalation or ignoring a clear provocation.

Some steps to help a nation facing a strategic assault require strong government action. The U.S. president, NATO secretary general and European leaders could call Putin to warn that they are not fooled by his use of nationalist proxies and will hold him to account. Since warnings won’t sway Putin, they should be backed with harder options. The US Department of Defense could order its muscular Cyber Command to prepare to disrupt the attacks if asked to do so by Ukraine’s government.

Still, nearly all cyber conflicts have been decisively resolved by the private sector, not governments. Nations with deep pockets could help a country under electronic assault by paying major network providers to allocate more bandwidth.  Technology companies could be paid to rush in more defensive gear and trusted defenders. Security professionals could be sent to Ukraine from other post-Soviet states like Estonia, or from neutrals like Sweden, to appear less provocative to Russia than would be US personnel.

Cyber attacks in these situations are not mysterious voodoo.  As weapons, they can leave a footprint in planning stages, and can be mitigated or prevented long before serious disruption occurs.

Nations must start planning now on how to use such methods and make this planning effort public, to potentially deter the worst of the attacks and help create positive norms.  There is no excuse for surprise: the Kremlin’s habit of routinely resorting to them in the past — and in situations with far less existential danger for Putin’s plans – are well known.  

It is doubtful the future of a free Ukraine rests on winning the unfolding cyber conflict.  The country’s fate will be won, as it was during the past months’ protests, on the streets of Kyiv and other cities – and in the hearts of its people.  But winning the cyber conflict can help blunt Putin’s schemes and quicken the birth of a new Ukraine.

Jason Healey is the director of the Cyber Statecraft Initiative at the Atlantic Council of the United States and the editor of the first military history of cyberspace, A Fierce Domain: Cyber Conflict, 1986 to 2012. You can follow his comments on cyber cooperation, conflict and competition on Twitter, @Jason_Healey. 


Related Experts: Jason Healey

Image: Protesters at Maidan Nezalezhnosti (Independence Square) in Kyiv, Ukraine. February 24, 2014. (Photo: Flickr/spoilt.exile/CC License)