Kremlin-backed hackers have long been using Ukraine as a Petri dish for cyberwar experiments. Now, as tensions on the borders are escalating, we must prepare not just for a military incursion, but for a whole new form of hybrid warfare.
We need only look at the 2017 Russian state-sponsored ‘NotPetya‘ virus that caused more than $10 billion worth of damages in total to appreciate how devastating such attacks can be. At the epicentre of this ‘digital hydrogen-bomb’ in Ukraine, national transport infrastructure ground to a halt, people were unable to withdraw money from ATMs and even the radiation monitoring system at the Chernobyl Nuclear Power Plant went offline.
As recently as the 14th of January 2022, a cyber-attack shut down over a dozen of Ukraine’s government websites. Computer hacks might not be lethal in themselves but coupled with conventional military power they generate a dangerous new front – with disruption and power outages opening the door for shock and awe tactics to be used to great effect.
And globalisation has only widened the reach of these kinds of tactics – as rogue nations increasingly target international businesses. Maersk’s global shipping operation was crippled by NotPetya and, especially worrying during a global pandemic, the pharmaceutical giant Merck was sabotaged and left unable to manufacture essential vaccines.
As a result the most recent attack, the National Cyber Security Centre (NCSC), the technical authority on cyber-threats in the UK, updated their guidance and encouraged British businesses to strengthen their resilience to being hacked.
In addition the UK Government has put aside a total of £2.6 billion for cyber and IT, a significant increase over funding for the previous five years. However, with the UK Government pledging the creation of regional cyber clusters around the UK as part of the Levelling Up agenda, we need to be conscious that if we attempt to standardise security protocols across multiple corporations, we must guarantee that the overall effectiveness of the security in each company is improved – not weakened – as a result.
More funding should be put into a defensive technique known as ‘honey potting’, whereby a computer is set up to be purposefully vulnerable but isolated from the rest of a system. The ‘honeypot’ computer acts as bait, drawing in hackers and enabling us to observe their methodologies and learn how to protect ourselves. We can effectively lock in a piece of malware and observe how it acts to learn how to better respond to similar attacks in the future.
I firmly believe that cool heads can, and still will, prevail over Ukraine. The Prime Minister is right when he says dialogue is our best way to defuse the current situation. However, we should not ignore the stark lessons from history of authoritarian regimes annexing sovereign states. Russia and other countries such as China and Iran pursue an aggressive realist foreign policy agenda, maximising their power and influence, with little regard for the tolerant and democratic values that we in the West hold dear.
So appeasement cannot be an option. That is why I have been buoyed by the recent support that NATO and the UK Government have given to Ukraine. I am proud that our Armed Forces have trained over 20,000 Ukrainian troops and supplied their military with state of the art anti-tank weaponry. But if the worst were to happen and conflict broke out, we must be prepared for how the ever-changing nature of warfare has rapidly evolved into the cyber domain.