With tens of thousands of troops massing on the Ukraine border raising fears of a physical invasion, observers have indicated that perhaps the greater imminent threat is of cyber-attack.
Tens of thousands of Russian troops continue to mass along the Ukrainian border, with diplomatic talks not getting very far.
Indeed, in the latest development, the US has claimed Russia is planning to stage a fake Ukrainian attack that it would use to justify an invasion. It alleged Moscow was likely to release a graphic video showing the attack on Russian territory or against Russian-speaking people in eastern Ukraine.
Russia denied it was planning to fabricate an attack, and the US did not provide evidence to support the claim.
According to Thomas Johansmeyer, head of Property Claims Services (PCS), the cyber alternative to physical action is one we should be concentrating on:
“The threat environment right now is tricky, and I am getting question after question about Russia-Ukraine. The big problem is that the tanks are lined up on the border, but COVID is still tearing though Russia, and soldiers don’t fight as well when they are sick.”
“Cyber could offer an alternative to traditional military action,” he added. “I think that some amount of offensive cyber is going to be really interesting but the model for classifying these things is going to have to be re-thought. There are three main categories of activity, state-active, state-sponsored and state-accommodated, with the other category the lone nut in his basement.”
“State-accommodated is what you are seeing with Russian ransomware, which is that ransomware gangs can go out and attack foreign targets. They can gain ransomware income while also contributing to the destabilizing effects that achieve a pollical objective.”
Johansmeyer’s warning comes as the FBI is asking US businesses to report any uptick in Russian hacking threats in its own effort to prepare for potential Russian cyber-attacks on US organisations.
“Have you identified any efforts by known or suspected Russian [hacking groups] to test exploitation capabilities, develop new malware or otherwise prepare for cyber operations?” the FBI asked in a recent request for information to US businesses.
The FBI told US firms to email the bureau if they had found “any increased [cyber] activity against Ukraine or US critical infrastructure,” including against financial, health care and energy companies.
White House cyber official Anne Neuberger is also in Europe this week to talk with US allies about ways to support Ukraine in the event of Russian cyber-attacks.
Russia knows that “disabling or destroying critical infrastructure” through cyber-attacks can pressure another country into “ceding to Russian objectives,” Neuberger told reporters this week.
“We’ve been working closely with Ukrainians to harden their defences and will continue to do so in the days ahead.”
The FBI warning follows an earlier one from the UK’s National Cyber Security Centre (NCSC), a part of the GCHQ intelligence agency, which warned large organisations to bolster their cyber security resilience amid the deepening tensions over Ukraine.
“UK organisations are being urged to bolster their cyber security resilience in response to the malicious cyber incidents in and around Ukraine,” the NCSC said.