How the cyber world can support Ukraine

Since the start of the Russian-Ukrainian conflict in 2014, most media reporting has centred on conflict within the physical world. Less attention has been paid to the very real cyber-component of the struggle.

Globally, cyberattacks are on the rise: governments worldwide saw a 1,885% increase in ransomware attacks and the healthcare industry saw a 755% increase. Malware increased by 358% in 2020, and ransomware by 435%. Ransomware inflicted $6 trillion worth of damages in 2021. ‘Ransomware as a service’, driven by profit-seeking groups, known as 'cyber mercenaries', are offering cyberattack services to anyone willing to pay. These 'hackers for hire' have launched various attacks in Ukraine since the conflict started.

The global cybersecurity community has been on its toes concerning threats in Eastern Europe and beyond. Cyber weapons have been deployed in several forms in the context of the Russia-Ukraine conflict. In 2015, the Ukrainian power grid was hacked with a Trojan virus, while Petya malware was deployed in 2016, incapacitating various Ukrainian government websites. These attacks, reportedly, were orchestrated by a hacking group known as ‘Sandworm’. Worryingly, before the Russian land invasion in February 2022, intelligence agencies warned that Sandworm had added a powerful new weapon to their arsenal: Cyclops Blink. This malware has been deployed through firewall devices.

The cyber community have anticipated a hybrid-warfare approach: ground forces supported by cyber ones. And, sure enough, as tanks crossed Ukraine’s borders, so did cyberattacks: malware, with the intention of leaving networks inoperable, began targeting Ukrainian institutions. So too, Russian boots on the ground are receiving support from bots in cyberspace: At least 115,000 Twitter and Facebook accounts have already been identified for spreading fake news about the invasion.

We can cautiously note, though, that, while expectations were rife that the land invasion would be coupled with full-scale cyber warfare, swift action and collaboration between the private sector and the government has, so far, kept networks safe. Ukraine’s information and communications technology (ICT) infrastructure has been left mostly intact. Ukraine's IT Army, supported by a dynamic and energetic Ministry for Digital Transformation, are fending off the cyber invasion.

The labours have been fruitful till now: few outages have been reported. Some, meanwhile, argue that the Russian advance is heavily reliant on communications channels. This infrastructure, therefore, must remain in place for their own sake. Another morbid argument is that, with an estimated $100 billion in infrastructure damages already done through the ground assault, cyberattacks are less effective.

Ukraine’s government had, as an objective, sought to build the most digitally advanced state in Eastern Europe. This objective has always been coupled with enhancing their cybersecurity capabilities and controls.

Alongside their own efforts, public- and private sector partners have been involved in strengthening their cyber systems. USAID has provided cybersecurity support through a programme that has been in place since 2020. This initiative has helped Ukraine bolster its cyber defences and address weak points.

It’s important to scrutinize situations like the unfolding one in Ukraine and ask what we, as part of the global technical community, can do to ensure that good progress in cyber security development doesn’t come undone.

Over the last few weeks, we’ve seen genuine public-private collaboration and concern for the unfolding crisis. The USA has increased its humanitarian assistance to Ukraine, which includes funds specifically for cybersecurity. The EU, meanwhile, has mobilized a team of cybersecurity experts, who are helping Ukraine’s government prepare for cyberattacks.

Some companies, like Microsoft, caught those early cyberattacks, and have been outspoken on their role in defending digital infrastructure.

Over 300,000 volunteers, from around the world, have joined Ukraine’s IT Army. This initiative from Ukraine’s Minister for Digital Transformation aims to protect its digital infrastructure, fight cyberattacks, and disinformation. Ukraine has also boosted its internet connectivity through satellite connections to SpaceX’s Starlink system. Meanwhile, Ukraine has created a legal framework for cryptocurrencies and $63 million in crypto-asset donations have been sent to the country from supporters.

A cause for concern, however, is the IT Army's intention to also target Russian digital assets. It is worth asking whether IT army volunteers and these rapid developments can and intend to stay within international humanitarian law and digital regulations? We can only hope so and advocate against counter-cyber insurgencies.

There has always been concern that the digital frontier is a regulatory wild-wild west. Amidst the rise in cyberattacks, governments are stepping up the fight: President Joe Biden issued an executive order which states that digital assets must be developed responsibly. This order focusses on combating and preventing cybercrime, making it mandatory for organizations to disclose if their networks have been compromised. This should foster greater transparency and collaboration.

The fear is that if cyberattacks continue and intensify, we may reach a point where data centres can’t handle the pressure and either slow down or collapse completely. We should have measures in place for worst-case scenarios like these. Ukraine’s government has announced that they have an emergency plan to move data centres to other countries.

Technological advances and global interconnectivity are exponentially accelerating systemic security risks. As new cyber risks emerge, so does the need for a unified, global response. With governments, societies and businesses increasingly relying on technology to manage services, products and processes, the World Economic Forum sees emerging technologies as tools to responsibly lead us into the digital future.

It is important for the cyber community to unite around shared values. We should encourage responsible information exchange, enhanced vigilance, and collaboration. By upholding these values, we can offer a strong front against cyber aggression.