What happened to the cyberwar?

Professor Olav Lysne, Director of SimulaMet and Haakon Bryhni, head of CRNA at SimulaMet recently published an op-ed in Aftenposten discussing cyber warfare in Ukraine.


This article was originally published in Norwegian (aftenposten.no).

It is hardly in Russia’s interest to start a full-scale cyberwar with Ukraine.

Terrible scenes are unfolding in Ukraine. Previous speculations that a hostile invasion of a modern country would take place in the cyber domain without major human suffering have taken a heavy toll.

In Ukraine, we see cyberattacks on institutions and organisations aimed at spreading uncertainty and confusion. But the cyberattacks on critical infrastructure and command systems are close to none. 

Does this mean that we have overestimated Russia's ability to carry out cyberattacks? 

Or does that mean we have underestimated Ukraine's defense capabilities in the cyber domain? 

There are good indications that the answer is "no" to both of them.

Possible reasons for Russia’s caution

In 2015, Russia managed to cut the power for 230,000 customers in western Ukraine. Two years later, they managed to disrupt banks, airports, and railways using a malicious code that was later named “NotPeya”. In 2021, Russian hackers managed to shut down the largest oil pipeline in the United States, this further confirms that the capacity in the cyber domain is generally higher than the defense capacity.

Did Russia believe that this would be a quick takeover and that it would not be necessary to destroy infrastructure that they themselves could benefit from afterward?

Or did Russia need the Ukrainian infrastructure to conduct its military operations?

If this is correct, the reasons for Russia’s caution are related to strategic assessments that have been common long before the digital age. An invasion force will not blow up a bridge that they intend to cross. And they will not be destroying a factory that they intend to take over.

Might give Russia profound insight

The special nature of digital services might also be one of the reasons why they are reluctant. It has been assumed that Russian Intelligence is very capable of monitoring the Ukrainian network. For example through fake base stations, fiber tapping, or by having digital access to the Ukrainian telecom infrastructure.

If the assumption is correct, a well-functioning digital infrastructure in Ukraine could give Russia deep insight into what is happening in the Ukrainian society.

At the same time, the Russian military would be able to intercept and locate Ukrainian forces using their own infrastructure. It may then appear disadvantageous to dismantle such infrastructure.

Difficulties in limiting the area of the attack

It is difficult to limit the effect of a cyberattack to a specific area. When Russia used the “NotPetya” code to disrupt banks, airports, and railways in Ukraine back in 2015, this code spread rapidly. Although Ukraine was most affected, the code also did damage to large parts of the world.

Malware that accidentally hits critical infrastructure in a NATO country can potentially have major consequences, even if it was not deliberate.

Computer and Internet connection

Another element that makes the cyberwar differ from a war in the physical world is the fact that a successful attack will not be able to weaken the nation’s ability to retaliate. An attack on an airport or the sinking of a ship will weaken the opponent's ability to counterstrike.

To carry out a retaliatory cyberattack that is already developed, all you need is a person with a computer that is connected to the Internet.

With the arms support and military equipment that Ukraine receives from the West, there is good reason for Russia to fear that they will also gain access to cyber weapons from the US.

It is therefore hardly in Russia’s interest to start a full-scale cyber war with Ukraine.

Not a lack of capacity

It is too early to conclude what role cyber attacks play in the war in Ukraine. A lot can still happen and information that changes the perception of what has already happened may appear.

However, there is little information indicating that there is a lack of capacity to conduct cyberattacks on the infrastructure in Ukraine. Other reasons appear as far more probable.