This post is written by Dr. David Bibighaus, Assistant Professor of Cybersecurity and Computer Science at Messiah University.
In many respects, cyber in 2022 has been the year of the dog not barking. The war in Ukraine has been the most significant story of 2022. Given Russia previously demonstrated capabilities in cyber and its willingness to use those capabilities, the lack of major cyber events tied to the Ukraine war has been puzzling. To help think through this issue, we will briefly discuss three questions whose answers could have major implications for the future of Cyber defense.
- Why has Putin not launched significant cyber-attacks on Ukraine?
There are several possible answers. The first is that the cyber forces were not included in the operational planning. Under this hypothesis, cyber-attacks are most effective in the run-up and initial stages of the war. If the cyber forces were not included in the initial operational planning, there may not have been a good time to insert cyber-attacks when they would be most impactful. There is some evidence to this hypothesis. It seems that planning for this “Special Military Operation” was kept to an absolute minimum. Even most of the front-line Russian soldiers had no idea that they would be fighting until they crossed into Ukraine.
A second possible answer is that the Russians may have inadvertently undermined the effectiveness of their cyber-weapons in Ukraine. Andy Greenberg, in his book Sandworm, has done an excellent job documenting the Russian development of cyber weapons against critical infrastructure. Russia has spent the last six years using Ukraine as a trial run for these capabilities. However, as Russia has tested these weapons on Ukraine, the Ukrainians have had to learn how to operate their critical systems in the face of a cyber-attack. It is possible that when Russia unleased its Industroyer malware on the Ukrainian power grid in 2016, it unintentionally hardened that system so that future versions of that malware would be less effective.
A final possibility is that Russia’s cyber-forces were needed elsewhere. Russian military doctrine makes no distinction between influence operations and cyber operations. One of the stunning outcomes of the invasion was the spontaneous response by hundreds of multi-national corporations. Suddenly McDonalds and Visa had a foreign policy that impacted the lives of virtually every Russian citizen. Under this hypothesis, Russian forces that may have been used to conduct cyber-attacks could have been redirected to perform influence operations at home and abroad.
2. Will Russia give up on cyber?
Many of the best and brightest young people in Russia with technical skills served in Russia cyber forces. For the men, it is a valid way to fulfill their military obligation without the unpleasantries that can accompany military life (women are not required to serve in the Russian Armed Forces). This loophole has impacted the cyber landscape by training more Russian hackers than would normally be expected for a country of its size. But can this continue? The war has revealed a desperate Russian need for military manpower; and especially intelligent and capable young people who can serve as junior officers.
Unless the tide of the war shifts dramatically in Putin’s favor, Russia may decide to dramatically reduce the number of those serving in the cyber forces. If so, it will have major implications for the future of cyber defense, as a significant pool of talented, well-trained nefarious actors could suddenly dry up.
3. Will Putin Use Cyber-Weapons on the West?
As of this writing, the War in Ukraine continues to go against Russia, to the point where the use of tactical nuclear weapons is being actively discussed. Might Russia elect to use a cyber weapon against the West before it elects to use such a weapon? Russia could use the sabotage of the Nord Stream pipeline as a justification to unleash a cyber-attack on the West’s critical infrastructure. But this course of action would present significant risks. A cyber-attack could cause short-term economic damage to the West. However, it is unlikely to have long-term impact on the Ukrainian battlefield other than hardening western resolve and possibly resulting in the West providing more material aid against Russia.
No matter what happens, this war will be studied by nation-states for decades to come as a case study for when and when not to use cyber-weapons. How Russia chooses to answer the three questions posed here will impact the cyber landscape for a least a generation.
Image by Philipp Katzenberger, via unsplash.com
Dr. David Bibighaus grew up in upstate New York and completed his bachelor’s degree in electrical engineering from the United States Air Force Academy. He served in the Air Force for twenty-one years as a computer systems developmental engineer. Some of his notable assignments in the Air Force include serving as a Systems Engineer with the Military Satellite Communications division in Los Angeles, as a Crew Commander with the 33rd Information Operations Squadron in San Antonio Texas, as the head of the Cyber Defense Branch of the Air Force Research Laboratory in Rome New York, as an Electronic Warfare Officer with Task Force Paladin in Afghanistan, and as the Deputy Head of the Computer Science Department of the United States Air Force Academy. Dr. Bibighaus worked for Booz Allen Hamilton as a Senior Lead Engineer advising the Air and Space Forces on ways to improve the cyber security of their operational systems. Dr. Bibighaus joined the faculty of Messiah in 2022. He is interested mentoring young people and creating sustainable engineering solutions for the developing world. He enjoys spending time with his wife and three daughters, wood working, role playing games, and traveling.