The conflict in Ukraine has not, so far, triggered the anticipated level of global cyberattacks that were feared. Why hasn't a decisive cyber event happened so far, and what might we expect in future? Four cyber security experts gave their analysis on this topic at a BCS Policy Jam special edition.

When it comes to cyberattacks and the Ukraine Russian war, Ian Levy, the National Cyber Security Centre Director succinctly summed up the latest state of play in a recent blog. Yes, he wrote, there was an expected level of ongoing cyberattacks against the Ukrainian infrastructure, including those attributed to the Russian intelligence services. But crucially, he added: "We've not seen - and don't expect to see - the massive, global cyberattacks that some had predicted."

To view the latest Policy Jam see below. Some quotes have been paraphrased for the article itself.


BCS Policy Jam March 2022: The war in Ukraine: Hacktivism, Disinformation and Cyber Security Part II

Did Russia underestimate Ukraine’s cyber security?

Dr Alexi Drew, a senior defence and security analyst at Rand Europe, said that as far as Ukraine itself is concerned, Russia might have underestimated their cyber defences: "Russia has been surprised by the pushback they've faced on the ground in Ukraine, and the same is true, most likely, in cyberspace."

She added: "We've seen a continued escalation and proliferation of actors involved. But cyber doesn't do what most people think it does, in a military sense. Yes, it could potentially achieve the shock and awe of a physical war. But it's potentially not the best thing that it can do because it's not expedient. The potential for further escalation, and the ramifications of that, are too high."

Lisa Forte of Red Goat Cyber Security said the fear of a cyberattack getting out of control could explain why Russia is holding back: "Cyberattacks are not inherently acts of war. The vast majority are for economic or criminal gain.

"The one big failing of cyber warfare is that it is incredibly difficult to control, and perhaps that's why Russia hasn't used it widely. If a cyberattack got out of a Ukrainian network and went into a NATO member state network or a NATO network, that escalates the attack."

Tipping point

But could there be a point in the war where it makes sense for Russia to use cyberattacks? Jen Ellis, from the security service and solutions company Rapid7, and an adviser to the UK government, said Russia might have learned from the deadly lessons of Mariupol. Its citizens were left without water and electricity following the relentless pounding of their city by Russian tanks and missiles.

Jen said: "There is a chess game being played on a massive scale. There's a profound impact mentally on people when you roll tanks down their street when compared to remotely hacking into their power grid.

"But when do we get to the tipping point where the tank on the street isn't as impactful? I think the question is whether Russia decides that leveraging hacking against critical infrastructure inside Ukraine is a more effective way of making life totally unbearable for its citizens."

Prevention is better than cure

The NCSC has warned against organisations being complacent about cyberattacks because of previous incidents that affected UK interests, such as SolarWinds Orion software. It has reiterated its advice for all companies to follow good practices to protect themselves.

There was a lively debate about whether the advice to 'patch, patch, patch' was the best way to protect organisations from cyberattacks. According to Dan Card, a cyber security consultant at PwnDefend, if someone is determined enough, they can get through the layers of protection. Still, he did agree that boosting cyber security was vital: "I think it's crucial that organisations up their investment, training, and understanding."

Patrick Burgess, of the BCS Information Security Specialist Group and co-founder of managed IT services provider Nutbourne Ltd, added: "System vulnerabilities were already happening; it's just that now there are more people involved in the cyber warfare arena."

He warned: "Because many people are focusing on cyber at the moment, those cyberattack zero-days may be exploited quicker."

Social media and propaganda

Turning to the role of social media platforms, Alexi said it was essential to understand the difference between disinformation - the deliberate spreading of fake 'facts' - and unintentional misinformation.

For you

Be part of something bigger, join the Chartered Institute for IT.

During conflicts such as Ukraine, Alexi said social media and messaging platforms become a lifeline of communication: "It's very easy to focus on the harm these platforms potentially cause and say that we need to restrict and moderate.

"But it's a balance. If we narrow this back to Ukraine, yes, it has been used to spread disinformation and misinformation. But it's also been a critical means of communicating information from the ground that otherwise we might not have had."

"When a conflict breaks out, that digital record is vital, allowing these voices to reach the global audience; to organise domestically, and push back against oppression and violence, and find out where it is safe. I think nuance is important when it comes to these platforms, not just to moderate, ban and restrict."

A recent BCS survey backed this point of view. It found that 78% of industry professionals said they did not believe restricting encrypted messaging would protect users. Furthermore, 66% said that weakening the use of encrypted messages on platforms would negatively impact the protection of society at large.

Lisa said it was, however, essential to be aware that some platforms, like Telegram, are often overlooked in the debate around online harms. Set up by a Russian entrepreneur, Telegram has seen a 48% increase in Russian subscriptions over the past few months, she said.

Lisa believed Telegram has been reluctant, in general, to get involved in moderating content, and its design has fundamental issues: "The one problem that Telegram has is its architecture. There isn't one central public feed, and people who post on channels can disable commenting. It means public pushback is almost impossible for people to respond by saying, for instance, this is fake news.

"That type of content can then proliferate and spread a lot faster than it could on Twitter, for instance."

The Hollywood effect

There are also misconceptions about what cyber security experts actually do, said Dan. He called out what he described as the 'Hollywood effect,' where people think it's like the movies, with the good guys taking out the bad using a 'cyber bullet.

For Patrick, it's about keeping up the defences, not just now at a time of heightened risk, but all the time. His advice was to do the 'boring, simple things, little and often'. He said this was especially important for small and medium-sized organisations: "Do the basics, get them right. It's what we've been telling them for years, but now there really is a reason to get on and do it."

This BCS webinar was the second to be held in March to discuss cyberattacks and disinformation in the Ukraine / Russia conflict.

The BCS Policy Jam aims to keep our members and the wider IT community up to date with the latest developments in the sector. Join us for the regular monthly event