Recent global conflict has demonstrated that in the present day, cyber-attacks precede overt military action. Nations are being subjected to cyber assaults for weeks, or even months before any direct armed conflict.
Threat actors are targeting a wide variety of web sites and online communications of their target nations, blocking access to government services and deploying wiper malware to delete data. Satellite-broadband capabilities are specifically targeted, disrupting national military communications.
Attackers don’t limit malicious activity to their target nation either, they also target political allies. In the early days of recent conflict, the CyberRes's Galaxy Intelligence Briefing stated:
On January 15, 2022, the honorable Mélanie Joly, Minister of Foreign Affairs in Canada, announced her upcoming visit to Europe and her plans to meet several of her counterparts from Europe and reassert Canada's support for Ukraine's sovereignty, independence, and territorial integrity. Amidst all this, Global Affairs Canada (GAC) has suffered a major multi-day cyber incident, first spotted on January 19, 2022 followed by cyberattack on Canada's Foreign Affairs Department.
Initially, intelligence organizations had warned that the conflict would likely spill over into the global internet. CISA worked with other agencies to launch the Shields Up site, a portal for information on cyberattacks and tactics linked to the conflict.
Spikes in Cyber-Attacks
Amid fears of future global conflict, cyberspace has observed a rapid spike in malicious activities originating from aggressive nations, targeted at geo-political rivals. As a result, critical infrastructures, including the energy sectors, airports, government bodies, private companies, and organizations of national importance, should expect to defend against increased cyberattacks.
Intensity vs Anonymity
Cyber operations are more suited to subversion than the projection of power, Lennart Maschmeyer, a senior researcher at the Center for Security Studies at ETH Zurich, wrote in an analysis in January.
Subverting an adversary's system seems to be a low-risk, low-cost way of attacks, but in reality, the act requires speed, intensity, and control. Operationally, all three of these of these metrics are difficult to attain, which Maschmeyer calls the "subversion trilemma.”
"This subversive trilemma defangs cyber operations in most circumstances," he wrote. "Contrary to expectations, cyber operations cannot be fast, intense, and anonymous—or at least not all at once. In practice, cyber operations are usually too slow, too weak, or too volatile to contribute to strategic goals."
Yet, cyber operations are ever-changing. The next attacks could be significantly more damaging than previous ones. Organizations that implement a resilient cyber defense with these types of threats in mind certainly won’t begrudge the effort.
- Check out the threat briefing on CyberRes Galaxy: 2022 Ukraine Crisis Digital Threat Condition
- See a history of recent attacks against Ukraine on the CyberPeace Institute.
- Learn recommendations from CISA at Shields Up.