As a hybrid offline and online war wages on in Ukraine, Viktor Zhora, who leads the country’s cybersecurity agency, has had a front-row seat of it all.
Zhora is the deputy chairman and chief digital transformation officer at Ukraine’s state service of special communication and information protection.
Cyber aggression from neighboring Russia is nothing new, he said during a video keynote at Mandiant’s mWISE event this week. It’s been ongoing since at least Moscow annexing Crimea in 2014, leading up to the NotPetya ransomware outbreak in 2017, and all of this helped prepare Ukraine and its networks for the series of data wiping malware and denial of service attacks that started in January of this year. Russia illegally invaded Ukraine the following month.
“We took a lot of lessons from cyber aggression for the last eight years,” Zhora said. “And I think that is one of the reasons why the adversary hasn’t reached its strategic goals in the cyber war against Ukraine.”
But while Ukraine hasn’t experienced the level of destructive cyberattacks against critical infrastructure targets that international cybersecurity agencies have been warning about since the war began, Russia has won the disinformation battle — at least within its own borders, according to Zhora. One only has to watch some mainstream Russian TV to see Putin’s pro-war, anti-West, anti-Ukraine propaganda in overdrive, which runs alongside the Kremlin’s online disinformation tactics.
“This is a very dangerous activity, fighting for the minds of people, and this is the game in which Russia won on their territory,” Zhora said, about the Russian information operations that have accompanied the invading army.
These Kremlin-pushed false narratives ran the gamut from accusing Ukrainian “Nazis” of being the aggressors and committing war crimes in this conflict to downplaying the effect of Western nations’ sanctions against Russia. State-controlled news outlets, social media networks, and GRU-run Telegram channels amplify pro-Kremlin brainwashing.
The real info wars
They aimed to demoralize Ukrainian troops — eg, the President Zelenskyy dies by suicide fake news — as well as alienate the invaded nation’s allies and bolster Russian citizens’ support for the occupation. Programming Russian citizens at least worked, though Putin’s mobilization of citizens may dent that.
Of course, Russia isn’t the only country adept at information operations. China, Iran and even the US and UK are quite good at it, too. And Russian citizens aren’t the only ones who swallow fake news. Case in point: the Big Lie that Donald Trump won the 2020 US presidential election, which is now being spread by hundreds of candidates running for elected offices in the upcoming US midterm elections.
A recent Pew Research survey of 24,525 people from 19 countries ranked the spread of false information online as their second-biggest worry with 70 percent of those surveyed saying it represents a “major threat” to their country.
“This same way of attacking humans’ brains is used in other countries,” Zhora said. And as such, it requires a coordinated, cross-border effort to thwart, much like the more typically destructive forms of cyberattacks, he added.
“Completely new approaches should be developed to prevent the influence of this propaganda, to prevent subversion in our partner countries and our allies,” Zhora said. “Cybersecurity is a joint effort, and countering propaganda and disinformation also [requires] joint policy and global policy.”
How to defend against attacks on confidence?
With other types of cyberthreats, such as ransomware, data-wiping malware, and DDoS floods, the cost to business is typically top of mind. But even these these types of threats have another cost, similar to influence operations, in that they can shake citizens’ trust in infrastructure and institutions.
US National Cyber Director Chris Inglis touched on this during his mWISE keynote address, and said he’s seen “attacks on confidence” escalate over the past five to 10 years.
“Think about the Colonial Pipeline attack, where, of course, it was an attack on an undefended virtual private network,” Inglis said.
In this May 2021 intrusion, Russia’s DarkSide group broke into Colonial’s IT system, prompting the company to shut down all of its pipeline operations before the criminals accessed that part of the business. And this fed into an East Coast fuel shortage when the pipeline remained out of service for five days, prompting fights at US gas stations.
“At the end of the day, it was really an attack on confidence,” Inglis said. “Millions of people up and down the Eastern seaboard went to the darkest possible corner thinking that just like a hurricane sweeping the white bread off the store shelves, that they needed to flood the gas stations and essentially extract petroleum from that pipeline.”
“If you’re the attacker, you might have been after data and systems, you might have been after the money that you could get by holding a critical function at risk,” he continued. “But you couldn’t have missed that you succeeded in an attack on confidence.”
While the government and private infosec professionals need to defend data, IT systems, and critical infrastructure that relies on digital systems against cyberthreats, they also need to defend against attacks on confidence, Inglis said. “And perhaps that last one is the hardest one of all.”
Confidence is complicated because not many people have intricate knowledge of how, say, an energy grid works — or even how an electronic ballot machine works. It also requires the populace to trust those in government and industry defending these systems as well as having a plan in place to respond to emergencies.
Herein lies another lesson-learned from Ukraine, Inglis said. “Do we have the confidence to say that we can actually hold our own, the way the Ukrainians have confidence in holding their own on an architecture that, by any stretch of the imagination, is not a perfect technical architecture. But they’ve done a masterful job of operating on top of it.” ®