The incredible Ukrainian cyber-resistance to the Russian offensive

“The lesson of this conflict, begins Major General Aymeric Bonnemaison, French commander of cyber defense, during a press briefing at the Ministry of the Armed Forces, is that defense can take over the offensive. In general, attackers look for weaknesses in computer systems and they always end up finding them. But the Ukrainian war revealed that cyberattacks, no matter how complex, can still fail.

“The war in Ukraine did not start on February 23, 2022, but in 2014, insists General Aymeric Bonnemaison, French cyber-defense commander, it was then that the Russians carried out their first attacks.” In fact, cyber warfare requires years of preparation, infiltration, targeting of infrastructures so that on D-Day, the enemy’s main computer resources are neutralized. On February 24, Russia began the invasion of Ukraine with a cyber attack targeting the Viasat satellite network. The cyber “Pearl Harbour” hoped for by the Russian army will not however take place. Discreetly, Ukraine had developed a capacity for resistance which enabled it to remain standing. Without it, Ukraine would have been defeated, as shown by the Georgian precedent in 2008 and more recently the collapse of Costa Rica which found itself in a state of emergency just before the summer following a massive cyber attack orchestrated by Russian hackers.

years of preparation

“The fulgurance of cyber attacks, freed from the tyranny of distance, observes the general who also spoke during a hearing by the National Defense and Armed Forces Commission at the National Assembly, should not hide their incompressible design and planning deadlines. It takes months, even years to build a cyber attack… Any attack is tailor-made… and requires preparatory work to know the target, characterize it and find the way to disrupt it, spy on it, sabotage it or hinder it.” From this point of view, military cyberattacks are very different from criminal attacks: the hacker who seeks to enrich himself targets poorly protected companies or organizations, those who are the easiest to trap. The objective of a state attacking another is to strike strategic installations. The United States and Israel, for example, developed Stuxnet in 2007 to destroy Iranian uranium enrichment centrifuges. The virus was only discovered in 2010. Since then the Russians have developed an impressive arsenal.

To back up his point, General Bonnemaison dates back to 2014: “From 2014 to 2022, attacks of a very high technical level targeted critical infrastructure in Ukraine, starting with power stations in 2015. In 2016, a well-established offensive more complex targeted an electricity grid. The first attack deprived 225,000 people of electricity for several hours. The second reduced consumption in the Ukrainian capital by a fifth.” These attacks were not gratuitous; they were aimed at influencing the presidential election. By making government sites inaccessible and depriving Ukrainians of electricity, Moscow wanted to demonstrate its ability to make a coup and induce Ukrainians to choose a pro-Russian president to avoid reprisals.

Influencing Elections

Missed. Instead of resigning itself, the Ukrainian state became aware of the problem and began to develop a cyber defense strategy with a budget allocated by Parliament. He did not hesitate to work with Western cyber-powers, first and foremost the United States. “This support has proven to be decisive, notes General Bonnemaison, for Ukraine’s resilience in the telecommunications and digital fields. Ukraine has opened a cyber data exchange platform that meets the standards of the NATO and the European Union (EU) and which makes it possible to quickly share the signs of attack and the first technical tools to protect against them.

40 people from the American services

The arrival of the Americans in charge of detecting possible prepositioned software was crucial during the weeks preceding the conflict. Within two weeks, their mission became one of the largest US Cyber ​​Command deployments, mobilizing more than forty US Armed Services personnel. They had a front row seat when Russia stepped up its operations in cyberspace in January, testing Ukrainian systems in unprecedented ways. These teams are engaged in a hunting forward mission, which consists of surveying the computer networks of the partners in search of signs of prepositioning.

The cyber attack at the start of the conflict

In the week preceding the Russian invasion, Ukraine counted more than 200 cyberattacks on its territory, targeting government sites, hospitals and means of production. Through this blackout, Russia hoped to facilitate its intervention. Through classic warfare actions, the Russians neutralized cables and 3G and 4G access points, but with a certain reserve and in certain places only, because they planned a short war and thought to reuse the infrastructures for their benefit. From the first hours of the conflict, cyber attacks targeted Ukrainian ministries, according to a model applied in Georgia. It was a matter of preventing government bodies from talking to each other, or even preventing the Ukrainian president from talking to the outside world. The effects of this action were quickly mitigated by the distribution, at the beginning of March, of routers from the company Starlink, which enabled the populations, journalists and local authorities to maintain a minimal communication link. The deployment, in a very short time, of this satellite communication system was absolutely crucial.

Read alsohow the army prepare for cyber war

The second wave

The second wave of very extensive attacks targeted the KA-SAT satellite communication routers, and therefore the Viasat channel, which is widely used by Ukrainian troops. Starlink has partly remedied this situation. The third wave of attacks targeted private businesses more broadly to disrupt the functioning of Ukrainian society. According to General Bonnemaison, “during the first two months of the conflict, 350 cyber attacks were recorded, 40% of which targeted critical infrastructure likely to be used by the government, the army, the economy and the population, and 30% of incidents affected Ukrainian governmental organizations first at the national level, then at the regional and municipal levels.The forces involved, experienced in information warfare techniques, seized the opportunities offered by cyberspace from the beginnings of the conflict. The use of social networks, in particular, made it possible to make the war in Ukraine omnipresent in public opinion. From the first days of the war, more than 315 million actors were engaged in this informational struggle , playing the role of relaying information. Russian domination in the field of information warfare was known, but it was contested by the Ukrainians. The two governments adopted official communication strategies diametrically opposed in their form.”

4500 cyber attacks

Cyber ​​warfare waned in intensity soon after the conflict began. “When the powder speaks, summarizes General Bonnemaison, the offensive fight finds its limits.” Why insist on disconnecting a power plant by computer that can be razed with a bomb? The Ukrainian security services have a different discourse. They claim to have neutralized more than 4,500 Russian cyberattacks against their country since the beginning of the year. In an interview with the “My-Ukraine” television channel broadcast on January 10, Ilya Vitiuk, head of the cyber-security department at the Security Service of Ukraine (SSU), “the aggressor country launches an average of more than ten cyber-attacks per day. Luckily Ukrainian society is not even aware of most of them.” “We entered 2022 with eight years of hybrid warfare experience behind us,” he added. “At the time of the invasion, we were already prepared for the worst-case scenarios.” According to him, nearly 800 cyber attacks were recorded in 2020, more than 1,400 in 2021 and in 2022 this number tripled. Massive cyber attacks were repelled in January and February and provided us with additional training before the Russian invasion at the end of February, continued Ilya Vitiuk.

Along with cyber attacks, information warfare, formerly called propaganda or AgitProp, goes through social networks. The dissemination of more or less true news and propaganda are not intended to convince Western public opinion but rather to insinuate doubt among part of the population and especially outside the Western sphere of influence.

Intrusive help

For General Bonnemaison, American aid is not free: “it is relatively aggressive, because it opens up to Americans the networks of countries that call on them. By practicing a form of entryism on the networks concerned, it protects them, but with a marked presence in the service of diplomacy, which General Nakasone does not hide. Its support is a form of reassurance given to several Eastern European countries. As for the Gafam, they have taken on considerable importance in this affair. Certainly, they have largely contributed to the protection of Ukraine, but taking on a weight that raises questions of a political nature.” General Bonnemaison raises another very important point, the role played by private companies, in particular the responsiveness of certain private actors, such as Elon Musk, in the context of NewSpace and the ultra-rapid deployment of a satellite communication system and above all the help of Microsoft to thwart cyber attacks Is European sovereignty sufficient?