War in Ukraine risks scrambling the logic of cyber security

The author is a former FT Moscow bureau chief

Not lengthy after the Maidan Revolution that overthrew Ukraine’s president Viktor Yanukovych in 2014, I had a haunting dialog with a Russian commentator in Moscow. Echoing the customary Kremlin line, he stated it was a tragedy that Russia had “lost” Ukraine. However, he added privately, it may need been even worse had Russia “won”.

His argument was that if Moscow had succeeded in propping up a puppet regime in Kyiv then Russia may then have been dragged right into a civil conflict, battling an insurgency in western Ukraine and going through sanctions from overseas. Russia would have been drained of blood, treasure and worldwide respectability for years to come back. Simply as Moscow’s invasion of Afghanistan in 1979 had led to the unravelling of the Soviet Union, so an intervention in Ukraine could have jeopardised President Vladimir Putin’s regime. Given the invasion of Ukraine launched on Thursday morning, that situation has moved nearer to actuality.

However what fallout may Russia’s invasion have on the relaxation of the world?

Moscow’s assault has already triggered a spike in vitality costs. It could result in threats in opposition to Nato international locations bordering Russia and Belarus. However one of the most chilling fears is {that a} regional battle might escalate into an invisible world confrontation in cyber house. Arguably, cyber warfare began years in the past and has now develop into a everlasting situation of the trendy world as rival powers look to spy on one another, steal secrets and techniques, degrade infrastructure and unfold disinformation. The one open query is how intense it’d develop into.

In her e book This Is How They Inform Me The World Ends, Nicole Perlroth described how Ukraine turned floor zero in this new period of cyber warfare as Russian hackers persistently tried to undermine the nation. Since 2014, Ukraine’s authorities companies, central electoral fee, energy grids, banks and airports have all skilled sporadic assaults.

Final month, hackers defaced 70 Ukrainian web sites forsaking the message: “Be afraid and expect the worst.” Simply earlier than the invasion, a number of Ukrainian ministries and state banks had been focused. And lots of western organisations are not directly uncovered: based on Ukraine’s overseas ministry, more than 100 of the Fortune 500 companies use Ukrainian IT services.

For years, Russia has been the world’s most energetic nation state hacker and has developed formidable cyber capabilities. Microsoft’s Digital Protection Report, printed final October, attributed 58 per cent of all known nation state cyber attacks to Russia over the earlier 12 months. The highest three goal international locations had been the US, Ukraine and the UK. Some commentators have argued that it’s only a matter of time earlier than the west experiences a “cyber Pearl Harbor”.

Talking earlier than Thursday’s assault, western security consultants thought of it unlikely that Putin would launch an enormous cyber assault in opposition to a Nato nation: it might solely invite a dangerous response. “The catastrophisation of the problem is not particularly helpful,” stated Sir Alex Youthful, the former head of Britain’s Secret Intelligence Service, at an FT Forums event on Wednesday. “Cyber attacks can be devastating things but they don’t compare to surface-to-surface missiles landing on suburbs of Kyiv.” Specializing in excessive cyber situations additionally risked distracting from the continual injury attributable to the theft of mental property, the erosion of strategic benefit and legal threats that would finest be addressed by decided management and customary cyber security hygiene.

The best cyber spillover from the Ukraine disaster may come from unintentional contamination or the escalation of legal assaults originating from Russia, stated Ciaran Martin, the former chief government of Britain’s Nationwide Cyber Security Centre. He cited the expertise of the NotPetya malware assault, unleashed in opposition to Ukraine in 2017, that prompted an estimated $10bn of financial injury. A number of large firms, together with Maersk, FedEx and Merck, had been badly hit. However so was Rosneft, the big Russian oil firm, highlighting how such assaults are indiscriminate and troublesome to regulate.

The truth that Putin has invaded Ukraine emphasises the limitations of cyber weapons. Finally, the Russian chief has resorted to overwhelming army drive to attain his targets in Ukraine. It makes little sense for him to impress a broader battle with the west by launching cyber assaults. However then conflict has a method of scrambling logic. As Ukraine’s president Volodymyr Zelensky has stated: “in the 21st century there are no more foreign wars”.