Russian cyber threat: US can learn from Ukraine

In recent months, cyber warfare has repeatedly made headlines in the United States. In December 2020, America faced a massive cyberattack orchestrated by hackers reportedly linked to the Russian government. Through the use of a routine software update used on numerous computer systems, the hackers infiltrated over 100 private companies and federal agencies.

The SolarWinds cyberattack targeted the US departments of State, Treasury, and Energy, as well as Microsoft and several other major American companies and federal agencies. These groups are still working to determine how badly the attacks compromised their data. When asked about the SolarWinds cyberattacks in an interview with 60 Minutes, Microsoft President Brad Smith stated that it was likely the “largest and most sophisticated attack the world has ever seen.”

As American institutions and organizations continue to conduct internal investigations into the SolarWinds attack, one thing is already clear. The United States should have been prepared for the attack but clearly wasn’t.

The SolarWinds attack “exposed fundamental cyber security vulnerabilities within US government agencies and the private sector,” stated Robert Knake, the Whitney Shepardson Senior Fellow at the Council on Foreign Relations. “The SolarWinds hack demonstrated the need to ensure that all components of the digital supply chain are trusted.”

Following the SolarWinds attack, the Cybersecurity and Infrastructure Security Agency (CISA), a part of the US Department of Homeland Security, urged American federal agencies and businesses to prepare themselves for future attacks. These warnings, however, appear to have fallen on deaf ears.

When a new cyberattack hit the United States in the spring of 2021, it hindered America’s energy infrastructure. According to ABC News, the incident on the Colonial Pipeline was the “worst cyberattack to date on critical US infrastructure.” Had American federal agencies and businesses heeded CISA’s earlier warnings, the damage caused by the Colonial Pipeline cyberattack could have been avoided. Once again, the attack was traced back to Russia.

“Unfortunately, these sorts of attacks are becoming more frequent,” said US Secretary of Commerce Gina Raimondo in an interview with Face the Nation. “We will have to work in partnership with businesses to secure networks to defend ourselves against these types of attacks.”

According to Reuters, the cyberattack on the Colonial Pipeline “was the most disruptive cyberattack on record.” The United States is now scrambling to determine how it can avoid future attacks on its fuel supply. Should the US remain unprepared, a more sophisticated attack could have grave consequences for America’s critical infrastructure.

While the SolarWinds and Colonial Pipeline attacks have sparked alarm, neither incident was entirely unprecedented. As Microsoft President Brad Smith noted, “the Russian government really developed these tactics in Ukraine.”

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

For over a decade, Russia has been accused of using the post-Soviet neighborhood as a testing ground for its cyber operations. Cyberattacks have ranged from flooding Estonia’s digital services so that they became unresponsive, to shutting down Georgian media outlets and disabling Ukraine’s power grids.

The first landmark event occurred in 2007, when Estonia faced massive cyberattacks on the country’s governmental and financial institutions. The attack came following a spat with Moscow over plans to move a WWII monument. As one of the world’s most digitized societies, Estonia was an attractive target for cyber warfare. The Estonian government had recently launched an e-governance program to promote transparency. During the cyberattack, thousands of Estonian websites were overrun.

The scale of this cyberattack was widely recognized as revolutionary. “Estonia became the first country in the world to be targeted by a coordinated international cyberattack,” said Dr. Jarno Limnéll, a professor of cybersecurity at Aalto University in Finland.

These events forced the West to reconsider its cyber strategies and acknowledge that cyber threats could be a matter of national security. The cyberattacks on Estonia prompted NATO to create the Cooperative Cyber Defense Center of Excellence, an institution focused on cyber defense. NATO also established an official cyber security and defense policy.

The 2007 cyberattack on Estonia was deemed a success as Moscow avoided any negative consequences due to a limited understanding at the time of how international law might apply to cyber activities of this nature. The incident also demonstrated that computer systems and networks could be weaponized.

The Kremlin is accused of then taking its cyber warfare strategies one step further. What would happen if you combined a land invasion with a cyberattack? This question was put to the test during the Russo-Georgian War in 2008, with cyberattacks disabling Georgian media outlets as the Russian military advanced.

While the cyberattacks on Georgia “were largely symbolic,” wrote Dr. James Lewis, a senior vice president at the Center for Strategic and International Studies, “the interesting part was the close operational coordination between the hackers and the Russian military.”

Since 2014, Russia has developed its cyber skills further in Ukraine as part of the Kremlin’s ongoing hybrid war against the country. Ukrainian officials claim that in recent years, cyberattacks have become an almost daily occurrence for the country. In December 2015, one particularly effective cyberattack left thousands of Ukrainians without power for a few hours amid freezing temperatures.

Russia launched one particularly sophisticated and damaging attack against Ukraine in 2017, with hackers breaking into thousands of Ukrainian networks by sabotaging a widely-used piece of software. The attack “disabled 10 percent of computers in Ukraine and inflicted financial costs amounting to 0.5 percent of Ukraine’s GDP,” stated Piret Pernik, a research fellow at the International Center for Defense and Security. These cyberattacks against Ukraine resulted in “extensive economic losses for the country, and damage to its digital and critical infrastructure,” Pernik added.

The Estonian, Georgian, and Ukrainian cases illustrate how Russia has been able to steadily expand and improve its cyber capabilities via a series of campaigns against its neighbors. Many of the tactics first seen in the post-Soviet space were subsequently evident in more recent cyberattacks against the US that have also been linked back to Russia.

The cyberattacks of 2020 and 2021 demonstrate that the United States is not yet prepared to meet such threats. Further attacks will surely follow. As US policymakers look to enhance the country’s cyber security, it would make sense to strengthen existing cyber security cooperation with Ukraine and other former Soviet republics that have served as cyber warfare testing grounds for more than a decade.

Mark Temnycky is a freelance journalist covering Eastern Europe and its impact on US and European foreign policy and national security.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

Image: The US has recently been hit by a number of cyberattacks linked to Russia. These incidents echoed similar attacks carried out against Ukraine since the outbreak of hostilities with Russia in 2014. (REUTERS/Kacper Pempel)