Russia is at it again – fighting with its neighbors and encouraging others to join the fray. In addition to the fighting on the ground, the conflict has spread into cyberspace. Is this cyber conflict, cyber-attacks, or a prelude to cyber war? The international community and security experts have made progress towards defining cyber war, but are not quite there yet. Despite the gravity of the attacks between the nation states of Russia and Ukraine, experts have yet to agree on what to call the cyber activity that occurs whenever Russia is involved in a conflict with one of the former members of the Soviet Union.
In 2007, Estonia’s critical infrastructure was attacked by botnets during the riots that ensued over the removal of a statue of a Russian soldier. Distributed denial-of-service (DDOS) attacks were launched against Estonian ISPs, domain name servers, banks, and government websites, and were initially successful due to the unexpectedness of the attack; Estonia recovered. In 2008, cyber-attacks on Georgia began before Russian boots were on the ground during the conflict in South Ossetia. Georgian IT and telecommunications infrastructure was not very robust, and the DDOS attacks quickly disabled communications, government websites, banking and other critical transactions. During both attacks, critical infrastructure was targeted to disable essential services and prevent internal and external communications, hampering efforts to disseminate information to the populace and solicit assistance from external security experts. The Russian-Ukrainian clash has raised the level of cyber conflict. This is the third time that Russian hacktivists have picked up cyber arms and engaged in hostile cyber activity to support the Russian cause, and the second time cyber-attacks have coincided with Russian kinetic activity on the ground. But Ukrainians are not novices to maneuvering in cyberspace, as demonstrated by the attacks and counter-attack occurring between pro-Russian and pro-Ukrainian hacktivists. Security experts note the size of the DDOS attacks are being executed with botnets large enough to launch attacks over 100 gigabytes per second in intensity, and are sustained long enough to overwhelm and disable any targeted website. On both sides of the conflict, government websites and critical infrastructure have been targeted and successfully disabled.
Practice Makes Perfect
Pro-Russian factions are getting a lot of practice in cyber conflict: Estonia, Georgia, and now the Ukraine. The Russian Federation has plausible deniability for the cyber-attacks since the source of the attacks are groups of patriotic hackers who stand ready to attack in support of the Russian cause. It seems inevitable that these attacks will lead to a major cyber-attack, if not in this conflict, then very possibly in the next one. And while the United States is considered by many experts to be unprepared for a cyber-attack, one can be sure the US, along with the rest of the international community, is closely studying the tactics of the Russian cyber militants and the Ukrainian responses. As cyber activity continues against every major nation state, this question arises: When will a cyber-attack result in enough damage that it requires a national response? And what is the definition of “enough damage?”