Menu Close

Russia has been at war with Ukraine for years – in cyberspace

a man in a dark business suit walks through a hall with a marble floor, floor tiles in the foreground form a silhouette of a bat, an ornate crest overlays a map of the world on the back wall
Russian President Vladimir Putin walks through a hall in the building housing Russia’s GRU military intelligence service. Dmitry Astakhov, Sputnik, Government Pool Photo via AP

The build up of Russian forces along Belarus’ 665-mile border with Ukraine is a physical manifestation of Russia’s intense interest in the region. Russia annexed Crimea in 2014, and now Russian President Valdimir Putin appears intent on pulling Ukraine under Russia’s influence and denying it a close relationship with the West.

But even as Russia engages in brinksmanship from snow-covered fields in Belarus to meeting rooms in Geneva, Moscow is already at war with Kyiv – cyberwar. Russia has been waging this fight since at least 2014.

In cyberspace, Russia has interfered in Ukrainian elections, targeted its power grid, defaced its government websites and spread disinformation. Strategically, Russian cyber operations are designed to undermine the Ukrainian government and private sector organizations. Tactically, the operations aim to influence, scare and subdue the population. They are also harbingers of invasion.

As a cybersecurity and public policy researcher, I believe that Russian cyber operations are likely to continue. These operations are likely to further destabilize Ukraine’s political environment – namely, its government, its institutions and the people and organizations that depend on them.

National power in cyberspace

To date, Russia has been aggressive in its attempts to undermine Ukrainian sovereignty. Russian propaganda has painted a war with Ukraine as one of liberation. Many false narratives paint the Ukrainians as submissive and eager for reunification. Russia’s intent is to sow confusion, shape the public perception of the conflict and influence the ethnic Russian population within Ukraine.

A smart phone screen showing text in Ukrainian, Russian and Polish
On Jan. 14, 2022, hackers that the Ukrainian government identified as Russian took over Ukrainian government websites and posted threatening messages. Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images

Russia has artfully employed cyber operations to project national power, particularly through its GRU military intelligence service. The phrase “instruments of national power” defines power as diplomatic, information, military and economic – all are mechanisms for influencing other countries or international organizations. Cyberspace is unique as a domain of warfare because cyber operations can be used in the service of all four instruments of national power.

Diplomatically, Russia has tried to shape international norms in cyberspace by influencing discussions on cyberspace norms and behaviors. In 2018, Russia introduced a resolution to the United Nations creating a working group with like-minded states to revisit and reinterpret the U.N.‘s rule for cyberspace, emphasizing that a state’s sovereignty should extend into cyberspace. Some analysts argue that Russia’s true goal is to legitimize its surveillance-state internet tactics in the guise of state sovereignty.

Economically, the Russian “NotPetya” attack crippled international ports, paralyzed corporations, disrupted supply chains and effectively stalled the global economy – all with a single piece of code.

In the information environment, Russia is especially adept at influencing and manipulating information to suit its strategic interests. For example, Russian efforts against the U.K. have targeted its relationship with NATO by using bots to spread false stories about British troops in Estonia during a NATO military exercise in 2017.

Notably, Russia has a pattern of pairing information with military operations as tools of national power. During previous military conflicts in eastern Ukraine, the Russian military employed cyber capabilities to jam Ukrainian satellite, cellular and radio communications.

Overall, Russia sees warfare as a continuum that is ongoing with varying intensity across multiple fronts. Simply put, for Russia, war never stops and cyberspace is a key domain of its persistent conflict with Ukraine and the West.

Probing the US, hammering Ukraine

Russia has aimed its cyber operations at other nations, including the U.S. and Western European countries. Russia has targeted U.S. critical infrastructure and supply chains, and conducted disinformation campaigns. U.S. officials are still investigating the extent of the recent SolarWinds cyberattack, for example, but they have determined that the attack compromised federal agencies, courts, numerous private companies and state and local governments. The Russian activities are aimed at undermining U.S. domestic and national security, democratic institutions and even public health efforts.

But Russia is more destructive in its own backyard. Attacks on Estonia and Georgia illustrate how Russia can disrupt government functions and sow confusion as it prepares for military operations.

Most recently, Microsoft detected data wiping malware in Ukrainian government computer systems. Ukraine publicly named Moscow as the perpetrator and attributed the software designed to destroy data to Russian hackers. The presence of the malware marks an escalation of Russia’s current behavior toward Ukraine in cyberspace. The malware, if triggered, would have destroyed Ukrainian government records, disrupted online services and prevented the government from communicating with its citizens.

The ongoing aggression against Ukraine follows Russia’s pattern of waging cyberwar while publicly threatening and preparing for a military invasion. In many ways, for Ukrainians, the prospect of war and anticipating invasion have become normalized.

Deadly consequences

Website defacement and data loss are not the only concerns for Ukraine as Russia continues to mass troops and equipment along its borders. In the winter of 2015-2016, Russia demonstrated its ability to hack Ukraine’s power grid in a first-of-its-kind attack that cut off power to thousands of Ukrainians. Temperatures in Kyiv in the winter hover around freezing during the day and become dangerously cold at night. Any loss of power could be deadly.

a view of earth from space at night with scattered clouds and city lights below them
Kyiv, Ukraine’s capital, is the bright spot at the top center of this photo taken from the International Space Station. Russia demonstrated its ability to knock out parts of Ukraine’s power grid in 2015. NASA, CC BY-NC

Similarly, cyberattacks could disrupt Ukraine’s economy and communications infrastructure. An attack on the financial sector could prevent Ukrainians from withdrawing money or accessing their bank accounts. An attack on the communications infrastructure could cripple the Ukrainian military and limit the country’s ability to defend itself. Civilians would also lose their means of communications and with it the ability to organize evacuations and coordinate resistance.

[Over 140,000 readers rely on The Conversation’s newsletters to understand the world. Sign up today.]

Ultimately, Russia is likely to continue to use cyber-enabled sabotage against Ukraine. Russian cyber operations over the past eight years hold three lessons to support this. First, cyberattacks that have costly physical effects, like knocking out the power grid, are destabilizing and can be used to erode the will of the Ukrainian people and counter their lean toward economic, military and political alliances with Europe and NATO. Second, cyberattacks that have a physical effect put Russian cyber capabilities on display and demonstrate their superiority over Ukrainian defenses. And third, Russia has done it before.

Want to write?

Write an article and join a growing community of more than 148,200 academics and researchers from 4,405 institutions.

Register now