Russia’s cyberwar against Ukraine offers vital lessons for the West

Vladimir Putin’s full-scale invasion of Ukraine is fast approaching the one-year mark, but the attack actually started more than a month before columns of Russian tanks began pouring across the border on February 24, 2022. In the middle of January, Russia launched a massive cyberattack that targeted more than 20 Ukrainian government institutions in a bid to cripple the country’s ability to withstand Moscow’s looming military assault.

The January 14 attack failed to deal a critical blow to Ukraine’s digital infrastructure, but it was an indication that the cyber front would play an important role in the coming war. One year on, it is no longer possible to separate cyberattacks from other aspects of Russian aggression. Indeed, Ukrainian officials are currently seeking to convince the International Criminal Court (ICC) in The Hague to investigate whether Russian cyberattacks could constitute war crimes.

Analysis of the Russian cyberwarfare tactics used in Ukraine over the past year has identified clear links between conventional and cyber operations. Ukraine’s experience in countering these cyber threats can provide valuable lessons for the international community while offering a glimpse into a future where wars will be waged both by conventional means and increasingly in the borderless realm of cyberspace.

Stay updated

As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.

The Russian cyberattack of January 2022 was not unprecedented. On the contrary, Ukraine has been persistently targeted since the onset of Russian aggression with the seizure of Crimea in spring 2014. One year later, Ukraine was the scene of the world’s first major cyberattack on a national energy system. In summer 2017, Ukraine was hit by what many commentators regard as the largest cyberattack in history. These high profile incidents were accompanied by a steady flow of smaller but nonetheless significant attacks.

Following the launch of Russia’s full-scale invasion one year ago, cyberattacks have frequently preceded or accompanied more conventional military operations. For example, prior to the Russian airstrike campaign against Ukraine’s civilian infrastructure, Ukrainian energy companies experienced months of mounting cyberattacks.

These tactics are an attractive option for Russia in its undeclared war against the West. While more conventional acts of aggression would likely provoke an overwhelming reaction, cyberattacks exist in a military grey zone that makes them a convenient choice for the Kremlin as it seeks to cause maximum mayhem in Europe and North America without risking a direct military response. Russia may not be ready to use tanks and missiles against the West, but Moscow will have fewer reservations about deploying the cyberwarfare tactics honed in Ukraine.

In addition to disrupting and disabling government bodies and vital infrastructure, Russian cyberattacks in Ukraine have also sought to manipulate public opinion and spread malware via compromised email accounts. The Ukrainian authorities have found that it is crucial to coordinate efforts with the public and share information with a wide range of stakeholders in order to counter attacks in a timely manner.

The effects of cyberattacks targeting Ukraine have already been felt far beyond the country’s borders. One attack on the satellite communication system used by the Ukrainian Armed Forces during the initial stages of the Russian invasion caused significant disruption for thousands of users across the European Union including private individuals and companies. Given the borderless nature of the digital landscape, similar scenarios are inevitable as cyberwarfare capabilities continue to expand.

From a Russian perspective, cyberwarfare is particularly appealing as it requires fewer human resources than traditional military operations. While Moscow is struggling to find enough men and military equipment to compensate for the devastating losses suffered in Ukraine during the first year of the invasion, the Kremlin should have no trouble finding enough people with the tech skills to launch cyber offensives against a wide range of countries in addition to Ukraine.

Russia can draw from a large pool of potential recruits including volunteers motivated by Kremlin propaganda positioning the invasion of Ukraine as part of a civilizational struggle against the West. Numerous individual attacks against Western targets have already been carried out by such networks.

At the same time, Ukraine’s experience over the past year has underlined that cyberattacks require both time and knowledge to prepare. This helps explain why there have been fewer high-complexity cyber offensives following the initial failure of Russia’s invasion strategy in spring 2022. Russia simply did not expect Ukraine to withstand the first big wave of cyberattacks and did not have sufficient plans in place for such an eventuality.

Ukraine has already carried out extensive studies of Russian cyberwarfare. Thanks to this powerful experience, we have increasing confidence in our ability to withstand further attacks. However, in order to maximize defensive capabilities, the entire Western world must work together. This must be done with a sense of urgency. The Putin regime is desperately seeking ways to regain the initiative in Ukraine and may attempt bold new offensives on the cyber front. Even if Russia is defeated, it is only a matter of time before other authoritarian regimes attempt to wage cyberwars against the West.

The democratic world must adapt its military doctrines without delay to address cyberspace-based threats. Cyberattacks must be treated in the same manner as conventional military aggression and should be subject to the same uncompromising responses. Efforts must also be made to prevent authoritarian regimes from accessing technologies that could subsequently be weaponized against the West.

The Russian invasion of Ukraine is in many ways the world’s first cyberwar but it will not be the last. In the interests of global security, Russia must be defeated on the cyber front as well as on the battlefields of Ukraine.

Yurii Shchyhol is head of Ukraine’s State Service of Special Communications and Information Protection.

Further reading

The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.

The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia and Central Asia in the East.

Follow us on social media
and support our work

Image: (Photo illustration by Jakub Porzycki/NurPhoto)