Ukraine’s success in cyberwarfare could create ‘concerning precedents’ – study
A report by the European Cyber Conflict Research Initiative said that Ukraine is facing an ‘unprecedented’ volume of Russian-linked cyber attacks.
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Ukraine is facing an “unprecedented” volume of Russian-linked cyber attacks more than a year since the country was invaded, experts have said.
But a new independent report by the European Cyber Conflict Research Initiative (ECCRI) also warns that while Kyiv has shown remarkable resilience in the face of Russian cyber threats, the response could create some “concerning precedents”.
The nearly 40-page study, commissioned by the National Cyber Security Centre (NCSC) and published to coincide with the CyberUK conference in Belfast, comes amid concerns that the threat posed by Russian-aligned cyber groups extends beyond Ukraine, with the UK and allies also targets.
The study praises the “incredible resilience and determination” shown by Ukraine in its cyberspace defences, pointing in particular to the success of the country’s so-called IT Army – a volunteer network of hackers that has been engaged in cyberwarfare with Russia since the conflict began.
But it raises concerns about a blurring of the line between combatants and civilians, asking what will happen to members of the IT Army once the war ends and warning that it has “skirted the boundaries of several important cyber norms”.
“The IT Army has met with a lot of success in large part because they have figured out a way to gamify the response to the conflict.
“In its recruiting efforts, the IT Army has romanticised the role of volunteers. The IT Army leadership has also provided clear, step-by-step outlines of how to target and achieve effects,” the report says.
It notes that “in the past, countries have had to deal with civilians leaving and joining terrorist organisations, becoming radicalised, and then returning to their native countries”.
The authors say: “Many governments have developed systems to deal with this potential threat. With cyber operations, however, an actor can conduct attacks at a distance.
“Drawing an individual into the IT Army of Ukraine is much simpler than the radicalisation processes we’ve seen in the past, and there is no good existing legal framework for dealing with this issue.”
Elsewhere in the report, which is based on a workshop earlier this year, the authors found that it was becoming increasing difficult in the context of war to distinguish between cyber criminal groups and political activists.
“Some groups claim to pursue “hacktivism” but seem to be more interested in financial gain than in making political statements. Other criminal groups have even fractured over political differences,” the report found.
“Participants also noted that the goals of several criminal groups seem to have shifted from denying access to information for financial gain, to stealing that information for state intelligence purposes. These groups have pivoted toward infiltration and information gathering as their primary goal.”
Pointing to the growing danger posed by ransomware, the authors say that governments facing sanctions – like Vladimir Putin’s Moscow regime – will often have an incentive to “give criminal actors expanded room to manoeuvre”.
Participants at the Belfast-based conference are set to discuss on Thursday the issues of cyber security and the Ukrainian conflict.
Paul Chichester, director of operations at the National Cyber Security Centre, said: “We are very grateful to ECCRI for this important and valuable analysis of the cyber dimensions of the Russia-Ukraine conflict to date.
“The report offers a range of helpful insights, not least around what Ukraine has taught us about the power of resilient systems in the face of sustained cyber attacks.
“As we look to the future during our CyberUK conference, this is a timely contribution to the debate on what we can learn from the conflict, as well as the limits to our current understanding.”
Security Minister Tom Tugendhat said that the Government would assess the findings from the report and “learn the lessons” it offers.
“Putin’s illegal war isn’t just being fought on the ground. Ukraine’s protectors are also defending their country against unprecedented cyber attacks on a digital battlefield.
“This report has shone an important spotlight on a different kind of hostility which the Ukrainians have responded to with exceptional resilience and determination.”