Month: February 2023

My text in CyberWire: After the war in Ukraine: Cyber revanchism.

The original text in CyberWire: “After the war in Ukraine: Cyber revanchism.”

At some point in time, the war in Ukraine will end. How it will end is harder to forecast, but it will end.

Russia has taken a significant beating in the war; even if the Russian forces learned as the war progressed and partly mitigated the worst vulnerabilities, the war was not the intended success story it set out to be. The planned three days until the Ukrainian government collapsed and Ukraine could be absorbed into Russia never happened. Instead, it became a long war that made Russia look incapable, and less than a superpower.

The limited cyber exchanges during the conflict have surprised the cyber community as many expected far more cyber attacks and cyber campaigns to be executed at a time of war. So, will future peace be cyber peace as well? Probably not.

Here is the reason why. Russia historically has had a hard time dealing with defeat. There is a culturally entrenched will to strike back as any failure goes contrary to the spurious Russian perception of imperial grandeur and supremacy.

Therefore, it is likely that the time after the war in Ukraine will open the floodgates for Russian and Belarussian cybercrime as a state-sanctioned form of digital revanchism and proxy war. Why after the war and not now?

Revanchism, online.
The reason is simple. During the war, with sanctions and more questions asked in third- fourth-countries through which the harvest from the criminal activity is funneled, there is no business case. Cybercriminal networks need the ability to launder money in order to convert the stolen assets to such tangibles as gold, cash, apartments, cars, or whatever they want to buy. Under current sanctions, Russian cybercriminals face “hardship” in making these arrangements. Some of them have left the country to avoid being called up to the war in Ukraine, those still in the country cannot travel, and the outer world is more suspicious than before. Banks and financial institutions, even in developing countries, are concerned about breaking the sanctions and being punished, leading to an unwillingness to put profit before ethics. In the symbiotic relationship between the Russian cybercriminal networks and the security apparatus, some of the gangs might be pressed into service for the government as the war continues. Still, it is marginal compared to the cybercriminal activity driven by money.

Therefore, it is likely that after the war in Ukraine, we will see a general surge in ransomware, social engineering, and cyber attacks. Russia and its allies, who already harbor cybercriminal networks, would encourage these activities against Western countries as a form of digital revanchism.

These attacks don’t need to be at a grand national security level with strategic intent, because the cybercriminals want to squeeze out money, and the Russian regime wants the targeted societies to feel the pain. Consider the damage broad attacks can do, when they inflict individual pain: a ransomware attack that affected cars, for example, would leave drivers stuck with a car they can’t use unless they pay. David Brumley has envisioned ransomware locking up cars as one of his projections for 2023.

If you can’t beat them, at least hurt them.
Revanchism in the face of defeat is nothing new. At the end of WWII, Germans attacked London with V-2 rockets which had no strategic or operational impact, but the Germans wanted to strike deep against the Allies even as their war went from bad to worse.

For the Russian leadership, to give their cyber criminal networks free range to attack Western interests, sheltered by the government and by Russian sovereignty, gives a sense of striking back. The Ukrainian war was not only defeat and mayhem, the Russians were able to bring the fight to the Western countries through unrestricted cyber attacks. In a Soviet manner, the Russians will likely claim having no knowledge or responsibility of the crescendo of cyber aggression even if it is blatantly obvious.

So do not rule out a larger cyber engagement after the war in Ukraine, rather than under the war, as it could be the cyber fallout of the conflict. A revanchist-in-spirit counter strike through proxies would be a face-saving way of getting in the last word.

Jan Kallberg, Ph.D.

Cyber in Arctic Warfare

 

The change from a focus on counter-insurgency to near-peer and peer conflicts also introduce the likelihood, if there is a conflict, of a fight in colder and frigid conditions. The weather conditions in Korea and Eastern Europe are harsh in wintertime, with increasing challenges the further north the engagement is taking place. I have personal experience facing Arctic conditions as a former Swedish reserve officer and light infantry company commander.

In traditional war, theaters have the threat to your existence line up as enemy, logistics, and climate. In a polar climate, it is reversed – climate, logistics, and the enemy.

An enemy will engage you and seek to take you on different occasions meanwhile the climate will be ever-present. The battle for your physical survival in staying warm, eating, and seeking rest can create unit fatigue and lower the ability to fight within days, even for trained and able troops. The easiest way to envision how three feet of snow affects you is to think about your mobility walking in water up to your hip, so either you ski or use low-ground pressure and wide-tracked vehicles such as specialized Small Unit Support Vehicle (SUSV). The climate and the snow depth affect equipment. Lethality in your regular weapons is lowered. Gunfire accuracy decreases as charges burn slower in an arctic subzero-degree environment. Mortar rounds are less effective than under normal conditions when the snow captures shrapnel. Any heat from weapons, vehicles, or your body will melt the snow and then freeze to ice. If not cleaned, weapons will jam. In a near-peer or peer conflict, the time units are engaged longer, and the exposure to the climate can last months. I say this to set the stage. Arctic warfare occurs in an environment that often lacks roads, infrastructure, minimal logistics, and snow and ice blocking mobility.

The climate affects you and the enemy; once you are comfortable in this environment, you can work on the enemy’s discomfort.

The unique opportunity for cyber attacks in an Arctic conflict is, in my view, what either destroys a small piece of a machine or wastes electric energy. First, the ability to replace and repair equipment is limited in an Arctic environment; the logistic chain is weak and unreliable, and there are no facilities that effectively can support needed repairs, so the whole machine is a loss. If a cyber attack destroys a fuel pump in a vehicle, the targeted vehicle could be out of service for a week or more before being repaired. The vehicle might have to be abandoned as units continue to move over the landscape. Units that operate in the Arctic have a limited logistic trail and the ability to carry spare parts and reserve equipment. A systematic attack on a set of equipment can paralyze the enemy.
The second part, electric energy waste, is extremely stressful for any unit targeted. The Arctic area has no urban infrastructure and often no existing power line that can provide electric power to charge batteries and upkeep electronic equipment. If there are power lines, they are few and likely already targeted by long-range enemy patrols. The winter does not have enough sun to provide enough energy for solar panels if the sun even gets above the horizon. The sun if you get far enough north is for several months a theoretical concept. The batteries do not hold a charge when it gets colder. A battery that holds a 100-percent charge at 80 degrees Fahrenheit has its capacity halved to 50-percent at 0 degrees Fahrenheit. Generators demand fuel from a limited supply chain and not only generate a heat signature but also noise. The Arctic night is clear, with no noise pollution, so a working generator can be pick up by a long-range skiing patrol from 500 yards, risking an ambush. The loss or intermittent ability to use electronics and signal equipment due to power issues reduce and degrade situation awareness, command and control, ability to call for strikes, and blinds the targeted unit.
Arctic warfare is a fight with low margins for errors, the climate guarantees that small failures can turn nasty, and even limited success with Arctic cyber operations can tip the scales in our favor.

Jan Kallberg, Ph.D.