War in Ukraine indicates cybersecurity is no longer a choice

This article was contributed by Richard Searle, Vice President of Confidential Computing at Fortanix

Sadly, the recent round of shuttle diplomacy between Western capitals and Moscow has failed to bring about a peaceful resolution to the Ukrainian crisis. Yesterday, Russian, and Ukrainian armed forces engaged in fighting that will cost many lives and livelihoods before its conclusion.

The future for Ukraine and the wider world is uncertain and perilous. Following the initiation of hostilities on Thursday, the European Union, UK, and USA have each announced significant economic sanctions against Russia. Within the objectives and scope of the European Union sanctions announced by President von der Leyen is the restriction of Russian access to advanced technology and software, to degrade Russia’s future military-industrial capability and economic opportunity. Other international sanctions will freeze Russian assets and restrict Russian financial institutions and individuals’ use of global banking networks and Western markets.

The imposition of sanctions and the breakdown in diplomatic relations between Russia and the West must also be considered in terms of the probable response from Russia. In recent weeks, a series of warnings have been issued by Western agencies responsible for cybersecurity. The European Union Agency for Cyber Security (ENISA) and CERT-EU, the UK National Cyber Security Centre (NCSC), and the Cybersecurity and Infrastructure Security Agency (CISA) in the US have all issued advisories that recommend organizations act to reinforce their security posture, in readiness for the heightened cyber threat environment generated by the situation in Ukraine. CISA Alert AA22-011A paints a grim picture of the scale of hostile cyber activity attributed to Russian Advanced Persistent Threats (APTs) that has been perpetrated against Western targets over an extended period of time.

There is evidence that the cybersecurity offensive in Ukraine is already well underway with patriotic Russian hackers implementing DDoS attacks on Ukrainian government and defense agencies, alongside the coordinated efforts of the Russian military.

Direct cyberattack is not, however, the only risk to which Western organizations might be exposed. In 2017, the NotPetya data encryption attack, attributed by CISA to the Russian military under Alert TA17-181A, was launched against users of Ukrainian tax accounting software. The lateral maneuvre of the malware extended its reach well beyond the original target. Exploiting user credentials persisted in memory, the malware rapidly spread throughout the interconnected networks that define the modern economy. One example of the potential impact of attacks such as NotPetya, was the compromise suffered by the shipping and logistics giant, Maersk. Although not the initial target of the malware deployment, Maersk networks were penetrated by the cyberattack with a reported 50,000 infected endpoints, spanning 300 sites in 160 countries, requiring remediation. The cost to Maersk was estimated to be around $300 million, but with the company managing 17% of global container shipping the potential disruption to economic activity of a directed and sustained cyberattack is clear.

Organizations in the West should also be mindful of the use of cyberattacks to gain illicit access to financial assets and to conduct espionage operations to obtain technological capabilities that are subject to sanctions. While the guidance provided by national cybersecurity agencies emphasizes reinforcement of network perimeter control and monitoring, the lesson of the SolarWinds Orion software supply chain attack in 2020 is that network security should be regarded as vulnerable. CISA Alert AA20-352A documents the cyberattack suffered by SolarWinds Orion customers and illustrates the scale of its effect, encompassing US government agencies, critical infrastructure entities, and private sector organizations. Where anticipated future cyberattacks are directed by Russia, and other nation state adversaries, at the acquisition of sensitive technical data, cryptocurrency theft to offset foreign exchange restrictions, or focused disruption of the critical infrastructure supporting Western economies, increased depth of defense, inside the network perimeter, will be vital to the protection of data and applications.

The publication in the Military-Industrial Kurier (VPK) on February 26, 2013, of an article by the Russian Chief of the General Staff, General Valery Gerasimov, entitled “The Value of Science in Foresight” [in Russian], has been seen by some analysts as a turning point in Russian military doctrine and the beginning of an explicit strategy of hybrid warfare. Indeed, information and cyber operations were an integral feature of Russia’s annexation of the Crimean Peninsula in 2014. Yet, the principal thesis of Gerasimov’s article is that alternative methods of conflict can be found to offset asymmetric disadvantages created by a superior enemy force. Such methods demand the application of the entire military-industrial complex to yield innovations in technology and tactics – the results of which can be seen in the proliferation of APT actors and computational propaganda operations observed by Western countries and their allies.

While we can only hope for a rapid cessation of the fighting in Ukraine, the consequences of Russian military intervention will extend far beyond the battlefield in years to come. Renewed focus and accelerated innovation and adoption of new technologies to protect the data and applications that Western societies depend on is now an imperative, not a choice – this is Gerasimov’s lesson.

The distinctions between war and peace, combatant and civilian, state actor and criminal proxy, are blurred in what has been termed the “fifth domain” of military operations. Collective cybersecurity in response to the increased prospect of cyberattack will demand not only political leadership, international cooperation, and industrial collaboration, but also the active participation of companies and individuals in the manner of civil defense, reminiscent of the Cold War. With the change in the world order brought about by Russia’s military action in Ukraine, we are all now standing on the frontline of cybersecurity.

Richard Searle is vice president of confidential computing at Fortanix

Comments are closed.