As the war in Ukraine passes its first anniversary, full-stack software engineer Timothy Clark MBCS reflects on what the conflict teaches us about modern information security and how these lessons could be applied.
The war in Ukraine has caused the suffering of millions and the loss of tens of thousands of lives, and is undoubtedly one of the greatest human tragedies of the 21st century. In these times of peril, people reveal their true colours, and blue and yellow have shown to represent tremendous bravery and determination despite all the odds being stacked against them. Whilst many have been devastated by the conflict, the awe inspiring collective rise of Ukrainians everywhere has demonstrated what a truly special people they are.
This bravery has also led others to step up their support, whether it be other nations, billionaires such as Elon Musk, or simply ordinary people donating to initiatives such as President Zelensky’s United 24 fund. As we have seen during the COVID-19 pandemic, great tragedies have the power to unite us and to inspire us to use our innovation and creativity to find solutions. Throughout history, war has been no different - whether it be the First World war leading to the development of novel plastic surgery techniques, or the Cold War resulting in the space race and putting the first man on the moon.
The Ukraine war is a modern-day war, and as a result we have seen modern-day technological innovation. I hope to unpack some of this and reveal how the lessons we have learned in wartime might be used by business es in peacetime, once the dust finally settles on this dreadful human tragedy.
Clear communication is vital during a war, and it has been a key factor in differentiating between Russia and Ukraine in this conflict. Effective military-grade encrypted communication is difficult to implement, and the technology that Ukraine has been using has allowed them to communicate essential information between their troops.
Perhaps as a side effect of not readying for a prolonged assault, some Russians were forced to communicate using regular mobile phones, allowing Ukraine to block their numbers. When they resorted to stealing Ukrainian phones, lists of stolen numbers were compiled, allowing calls to be intercepted. It is rumoured that due to the expectation of a swift victory, Russia didn’t wish to sabotage Ukrainian communications and other infrastructure as they were planning on using it once they had seized the territory.
Communication, notably phishing and social engineering, is a hot topic in cyber security. Businesses should always ensure that sensitive communication, particularly when containing personally identifiable information (PII) and customer data, is kept encrypted. Internal communication should use tools such as Slack or Microsoft Teams as they offer a higher level of trust than email. This is largely due to their ability to segregate internal communications into their platform, which allows external email communications to be scrutinised more effectively.
Social media spies
One of the most notable things about the start of the invasion in Donbas is that satellite imagery showed the presence of Russian tanks on the border with Ukraine. There have been several subsequent news stories showing how pictures uploaded to public social media accounts by Russian soldiers have revealed key tactical insights such as their numbers and location.
Open source intelligence is becoming more common, with information becoming more freely accessible. Both the military and businesses alike should note that their presence on social media and elsewhere on the internet is key to their security. Monitoring what information about your organisation is available in the public domain is vital to understanding an attacker's mindset, and this is often a starting point from which penetration test audits will begin.
Empowering people with distributed systems
Drones are not a fresh concept in modern conflict, and in the past have been used as weapons that can launch strikes against remote targets without endangering allied soldiers. Facing limited supplies of armed military-grade drones, Ukraine has creatively used commercial drones, such as the DJI Mavic 3, for reconnaissance in order to locate targets for artillery units.
Somewhat contrary to traditional military strategy of involving a chain of command, they have empowered frontline soldiers to call in missile strikes in a just-in-time manner, which allows them to respond quickly to rapid change. Often these troops have a clearer picture of the present situation, and allowing them to make these calls has been a key strategic advantage.
Be part of something bigger, join BCS, The Chartered Institute for IT.
Your business can learn from this and ensure you follow an agile philosophy across your organisation’s culture when responding to changes in business climate, security threats and most importantly, fresh ideas from your hands-on employees. For example, students fresh out of school or university might know your business better from a customer perspective and could add tremendous value and passion to your organisation by implementing features they themselves would value.
Bringing the internet back
Elon Musk’s Starlink project has been rapidly rolled out in Ukraine, allowing it to be tested in a real-world setting. So far, results have been strong and it has provided a key tactical advantage for the Ukrainian military, while allowing its citizens to stay connected online. American provider Viasat was already active in the region, but suffered a cyber attack on the day Russia invaded.
Bringing the internet to remote areas is key to digital inclusion and sustainable transition to an online future. Similar ideas have been tried using large stratospheric balloons as in X’s (a Alphabet subsidiary) Project Loon or the Facebook Aquila solar-powered drone. More recently, X has been working on a Project Taara designed to deliver internet in more locations using wireless optical communication.
Some have argued that the internet should be considered a human right, and increasingly legislation is being introduced to secure access. In the UK, you have the right to certain minimum connection speeds. Broadband will be vitally important in developing nations to accelerate their economies with more highly-paid jobs, plentiful open access educational material and a wider range of news sources.
At the time of writing, the first anniversary of the Donbas invasion has just passed - a sombre occasion allowing us to reflect on the events of this past year. Ukraine has fought back defiantly, but Russia is not letting up yet. Often the night is darkest before the dawn, and we hope that the sun is now peeking out over the horizon.
As shown with our incredible vaccine roll out during the COVID-19 pandemic, we can achieve amazing things when we collectively strive to tackle the extreme challenges we are up against. Climate change, growing global tensions and possibly another pandemic are just a few of the obstacles that confront us; but in spite of this, we must hold on to the hope that we can learn lessons and come together to face the challenges ahead.
With great ingenuity and great cooperation, we can do anything.