Cyber Warfare Lessons from Ukraine

8 Aug 2024 Author: Mykhailo Klymchuk, PhD

Defense and offense in cyberspace

Introduction

Ukraine has faced multiple cyber threats in the context of its ongoing war with Russia. This unique experience has spurred the development of cybersecurity measures for defense and offense that offer valuable lessons for governments and businesses around the world. 

In this brief, we will describe the key features of Ukraine’s strategic approach to cybersecurity. We will describe how these features can be applied to improve digital defenses, especially in countries with political, social, military, and trade conflicts. 

We will draw parallels between national and corporate security. Just as some governments are adopting many approaches to information security from businesses, the commercial sector is learning from national security best practices. Finally, we will assess whether we should hope to offensive cyber operations during such conflicts.

Key lessons from today’s cyber conflicts

The importance of a strong regulatory framework

The creation of a comprehensive legal framework accompanies Ukraine’s journey in cybersecurity. This includes the Law of Ukraine “On the Basic Principles of Ensuring Cybersecurity of Ukraine,” the Strategy of Cybersecurity of Ukraine, and numerous bylaws. These laws and regulations define responsibilities and coordination mechanisms among various public and private entities. 

Information security regulations require continuous improvement. They should be sought and applied much more frequently than in other areas, especially in the face of ongoing cyber conflicts.

A well-defined regulatory framework is essential for effective cybersecurity governance, not only at the government level but also at the corporate level. Businesses need to make sure that not only cybersecurity laws are followed, but also industry regulations and standards. These regulations should be effectively translated down the hierarchy into relevant corporate policies, regulations and then into specific procedures.

International cooperation

Ukraine has harmonized its cybersecurity laws with international standards, especially those of the European Union. The adoption of the Budapest Convention and the EU Directive on Network and Information Security is first and foremost noteworthy.

Compliance with international standards harmonizes security expertise, approaches, methods and skills, and facilitates the sharing of information and resources. Ultimately, it enhances cooperation and improves the level of security for the government, as well as for individual industries and companies. To manage information security, companies need to follow internationally recognized standards such as ISO/IEC 27001, NIST, etc.

Ukraine has actively sought and is seeking international cooperation to strengthen its cybersecurity capabilities. This includes partnerships with USAID, NATO, Interpol, and other international organizations.

Collaboration plays a key role in cybersecurity. Partner with industry peers, government agencies, and international organizations to share information and best practices.

Proactive response and continuous adaptation

The Ukrainian government has established sector-specific cyber incident response teams (centers). These centers play an important role in reducing the impact of cyberattacks and ensuring a coordinated response.

Having tested and regularly maintained incident response plans is critical to security. Companies should establish specialized response teams and regularly test their plans through simulations and drills, or subscribe to managed threat detection and information security incident response services.

The cybersecurity landscape is constantly changing. Ukraine is constantly updating its strategies and policies to address new threats and vulnerabilities.

Cybersecurity requires continuous improvement. Regularly review and update your security measures to adapt to new challenges. Get fresh insights from the security managers who work in a cyber warfare environment every day.

Developing a culture of cyber resilience

One significant step Ukraine has taken is to promote digital literacy and a culture of cyber resilience among its citizens. This includes public awareness campaigns and educational programs.

Cybersecurity is not only a technical issue, but also a cultural one. Just as order in the country begins with the order in your entryway, your house and your street, security begins with the order in your computer and smartphone, your habits and your company. So you won’t go wrong if you invest in training and awareness programs to create a culture of security in your organization.

The strategic importance of cyber operations

Theory and practice of cyber attacks

Each side of a major interstate cyber conflict is simultaneously attacking and defending. This process is characterized by increased state funding of hackers and their lack of “brakes” in the form of fear of prosecution for cybercrime. Therefore, hackers’ strategies and tactics in cyber warfare are evolving to the maximum extent possible.

It is noteworthy that contemporary state and international assessments of the role of cyber operations range from complete disregard to recognition of their strategic importance. At the same time, an adequate understanding of the strategic importance of cyber operations is key to developing effective cyber security strategies and measures at various levels. In this regard, let us cite the observations of Vladimir Styran, a well-known cybersecurity expert, regarding the offensive part of modern cyber conflicts.

Proponents of the Cyber Persistence Theory argue that while individual cyber operations rarely have strategic consequences, long campaigns of multiple cyber operations can be strategically significant. This can be conceptualized as a gradual erosion of the socioeconomic foundations of the target state caused by the prolonged and persistent use of cyber operations.

Cyber persistence strategies can be useful for long-term cyber security. This is the approach taken by modern US and UK cyber strategies.

Approaching cyber operations as an extension of cyber subversion is interesting and innovative. As with physical subversion, the success of cyber attacks depends on their secrecy.

Once the victim gets to know about the operation, they can quickly shut it down and significantly increase their defenses. This happens much faster than physical attacks or sabotage, although the cost of cyber attacks can be much higher than physical attacks.

Examples of successful cyber operations

  1. Operation Outside the Box in 2007 blinded air defense systems for a short period of time, allowing the Israeli Air Force to bomb a Syrian nuclear reactor.
  1. Operation Glowing Symphony in 2016 destroyed ISIL’s ability to broadcast its view of events, making it impossible to recruit new extremists online and providing allies with a wealth of intelligence.
  1. KA-SAT attack. Russia took out the KA-SAT satellite link in the first hours of a full-scale invasion of Ukraine in 2022. This can be considered an example of a successful cyber operation despite the availability of alternative communication channels.

These examples show that the proper implementation of cyber operations in physical warfare can significantly enhance a physical position or reduce the risks of loss.

Businesses should draw the following conclusion for themselves. In a competitive and political environment, it is not enough to perform penetration testing. Quite often such testing is highly conditional and remote from reality. Full-fledged regular simulations of hacker attacks are necessary, i.e. full-scale Red Team exercises by experienced, qualified hackers. 

Following the principles laid down by Sun Tzu in the treatise “The Art of War” 25 centuries ago, it is useful to implement deceptive technologies – honeypots, honeynets, tarpits, etc. That said, we do not recommend practicing active hacking attacks against competing companies. In this case, unlike state-sponsored hackers, you risk criminal liability.

Conclusions

By learning from Ukraine’s cyber defense practices and approaches to cyber operations, businesses and governments around the world can improve their cybersecurity strategies and better defend themselves against the growing threats of cyberattacks. 

By recognizing the importance of a strong regulatory framework, international cooperation, a proactive adaptive approach and security culture, you can stay ahead of the cybersecurity curve. Accordingly, as experts who are constantly in the thick of cyber events, it’s our job to help you do just that. 

Contact us today for a free consultation on protecting your business

Other posts

30/11/2024
Artificial Intelligence Security
10/11/2024
How to protect and teach how to protect logins to systems