New Times,
New Thinking.

Why Ukraine has stayed online

The conflict has shown that conventional forces are still the primary factor in war.

By Jonny Ball

In November last year, as Russian troops gathered on Ukraine’s border, Prime Minister Boris Johnson told MPs on the defence select committee that “the old concepts of fighting big tank battles on the European land mass are over”.

“There are other, better things we should be investing in” besides tanks, said Johnson. “The future combat air system, cyber, this is how warfare in the future is going to be.”

The Prime Minister faced a heated grilling from skeptical members of his own party, including the committee chair Tobias Ellwood. He asked Johnson to “reconsider” cuts to conventional forces on land, sea and air. “What’s amassing right now on the Ukrainian border?”, asked the former soldier, before immediately answering his rhetorical question – “it’s tanks”.

The Integrated Review published by the Ministry of Defence in March last year promised a “modernisation programme that embraces the newer domains of cyber and space”. The number of British Army troops was to be cut to 10,000 below its current “established strength”, alongside reductions in previously planned fighter jets and Royal Navy ships. A National Cyber Force was announced, with headquarters in the North of England. Cyber was, said the PM, “revolutionising the way we live our lives and fight our wars, just as air power did one hundred years ago”.

Not even a year later, Russia is conducting a decidedly old-fashioned invasion of Ukraine on a scale not seen in Europe since the end of the Second World War, involving tens of thousands of ground troops and heavy artillery.

At the outset of the invasion, some predicted an unprecedented conflict in cyberspace. Russia’s capacities for cyber warfare were known to be extremely sophisticated. The Kremlin had already proven itself an aggressive actor, particularly against its neighbour in Kyiv after the 2014 Maidan protests toppled the pro-Russian government of Victor Yanukovych. In 2015 in Western Ukraine, unidentified hackers became the first to successfully conduct a confirmed shutdown of a power grid by hacking. Ukraine’s government immediately pointed the finger at Moscow.

Just a year later, a malware attack took down power in the Ukrainian capital — again, blame was quickly apportioned to shady groups affiliated with the Russian security services. The Kremlin issued strenuous denials. In 2017, the NotPetya ransomware attack targeted the National Bank of Ukraine and several other companies internationally (although 80 per cent of those affected were in Ukraine). Immediately prior to Russia’s invasion, Ukrainian government websites were defaced with crossed-out yellow and blue standards warning visitors to “be afraid and expect worse”.

Give a gift subscription to the New Statesman this Christmas from just £49

But despite the long history of cyber operations conducted against Kyiv since it tried to exit Moscow’s post-Soviet sphere of influence, throughout the current conflict the country has remained online. Energy grids are functioning well. Communications have not broken down (at least on the Ukrainian side). And critical national infrastructure such as public transport has remained relatively unscathed.

“This is a bit of a dose of realism about the reality of cyber operations”, says Jamie MacColl, a research fellow on cyber threats and cyber security at the Royal United Services Institute, a defence think tank. “They do have effects, they do have a place. But they’re not a decisive capability. They are hard to use, they take a lot of planning, and they require a lot of resources.”

All has not been completely quiet on the cyber front, however. Several attacks against companies and organisations in Ukraine have been reported since the conflict began, including one malware attack coinciding with the start of the invasion against Ukrainian customers of Viastat, a US provider of satellite broadband services. Other attacks have reportedly been thwarted with the help of the US and its allies – the United States Agency for International Development has pledged investment worth $38m for building Ukraine’s cyber operations since 2020.

The embattled nation also boasts its own sizeable tech sector which has pitched in with the war effort. According to Radio Free Europe, various hacktivist groups act as the Ukrainian opposites of infamous Russian-linked hackers such as Fancy Bear, Tsar Team and Grizzly Steppe. Ukrainian groups RUH8, Falcons Flame and CyberHunta (together known as the Ukrainian Cyber Alliance) use data leaks and website defacement campaigns to undermine the Kremlin and its military campaigns.

“I think in some quarters it was severely overestimated what kind of things you can do with offensive cyber operations”, MacColl tells Spotlight. “It is extremely difficult to shut off a national power grid. The cyberattacks that Russia conducted against a very small part of Ukraine’s electricity system in 2015 and 2016 required something like thirty months of planning, and they were only able to turn the power off for a few hours. So the assumptions about those kinds of capabilities have always been slightly overestimated.”

The website defacements that Russia conducted just before the war “aren’t very effective”, he says. “They’re sort of an irritant, but they don’t have much value beyond that.”

Another area in which Russia has struggled to make an impact is in the information war. Prior to the invasion, as well as using cyber attacks and leaks against those opposed to their agenda, Russian bot and troll farms were engaged in promoting pro-Kremlin content online. The extent of the influence of such operations is hotly debated, but Russia’s sway over public opinion in the West on the Ukraine invasion is virtually nil.

“I’d say that’s because of the nature of the war”, says Dr Joanna Szostek, a lecturer in political communication at the University of Glasgow and an expert in Russian disinformation in digital and social media. “I was surprised [when they invaded Ukraine] because in the past it looked like Russia valued plausible deniability. Even if many of us considered it implausible deniability, there was at least some space for them to plausibly deny what they were up to, whereas [in this current war], there’s just no space for deniability at all.”

This is a far cry from when the ‘little green men’ who appeared on the Crimean peninsula in 2014 could be waved away and claimed as local separatists. Or when post-facto referenda could be organised to ratify the secession of breakaway republics.

“All wars have their own unique dynamics”, MacColl says. “The dynamic of this war has very much been set by the complete absence of planning and preparation on the Russian side.” With better planning and preparation, he adds, things could be different. Online disinformation and cyber operations could constitute a major element of the conflict, inflicting serious damage on populations and on countries’ ability to defend themselves.

But this war has served as an ugly reminder to many that conventional military threats have not disappeared. Boosting cyber capabilities to the detriment of conventional forces is, Tobias Ellwood told MPs last year, “a bit like saying, fine, I’ve managed to get my computer with all the software on it, I’m completely protected. But I forgot to lock the front door.”

[See also: The Online Safety Bill has created a free speech culture war]

Content from our partners
How the UK can lead the transition to net zero
We can eliminate cervical cancer
Leveraging Search AI to build a resilient future is mission-critical for the public sector