Outstanding Ukrainian cyber resistance to Russian attacks

“The lesson of this conflict, initiated by Major General Aymeric Bonnemaison, commander of French cyber defense, during a press conference at the Ministry of Armed Forces, is that defense can take over the offensive. In general, attackers look for weaknesses in computer systems and they always find them. But the Ukraine war revealed that cyber attacks, however complex, can still fail.

“The war in Ukraine did not start on February 23, 2022, but in 2014, confirmed General Aymeric Bonnemaison, commander of French cyber defense, that was when the Russians made their first strike.” In fact, cyber warfare requires years of preparation, infiltration, targeting of infrastructure so that by D-Day, the main computer resources of the enemy are neutralized. On February 24, Russia began its invasion of Ukraine with a cyber attack targeting the Viasat satellite network. The cyber “Pearl Harbor” expected by the Russian army will not happen. Quietly, Ukraine has developed a resistance capacity that allows it to stay on its feet. Without it, Ukraine will be defeated, as shown by the Georgian precedents in 2008 and the recent collapse of Costa Rica which found itself in a state of emergency just before the summer following massive cyber attacks orchestrated by Russian hackers.

preparation year

“Cyber ​​strike forces, freed from the tyranny of distance, according to the observation of the general who also spoke during hearings by the National Defense and Armed Forces Commissions in the National Assembly, should not hide their incompressible design and planning deadlines. It takes months, even years to build a cyber attack… Any attack is tailor-made… and requires preparatory work to know the target, characterize it, and find ways to disrupt it, spy on it, sabotage it, or hinder it .” From this point of view, military cyberattacks are very different from criminal attacks: the hacker seeking to enrich himself targets the less well-protected companies or organizations, that is, those that are the easiest to frame. The goal of a country attacking another country is attacking strategic installations. America The United States and Israel, for example, developed Stuxnet in 2007 to destroy Iran’s uranium enrichment centrifuges.The virus was discovered only in 2010. Since then Russia has developed an impressive arsenal.

To support his point, General Bonnemaison goes back to 2014: “From 2014 to 2022, very high technical level attacks targeted critical infrastructure in Ukraine, starting with power plants in 2015. In 2016, more complex attacks targeted the power grid The first attack cut the power of 225,000 people for several hours. The second attack reduced Ukraine’s capital consumption by a fifth.” These attacks were not random, they were aimed at influencing the presidential election. By rendering government websites inaccessible and depriving Ukraine of electricity, Moscow wanted to demonstrate its ability to stage a coup and persuade Ukraine to elect a pro-Russian president to avoid retaliation.

Influencing Elections

Missed. Instead of resigning, the Ukrainian state realized the problem and started developing a cyber defense strategy with a budget allocated by Parliament. He has no qualms about working with Western cyber powers, first and foremost the United States. “This support has proved decisive, noted General Bonnemaison, for Ukraine’s resilience in the telecommunications and digital spheres. Ukraine has opened a cyber data exchange platform that complies with NATO and European Union (EU) standards and which makes it possible to quickly share signs of attack and the first technical tool to protect it.

40 people from the American service

The arrival of Americans tasked with detecting possible prepositional software was essential during the weeks before the conflict. Within two weeks, their mission became one of US Cyber ​​Command’s largest deployments, mobilizing more than forty US Armed Forces personnel. They had a front row seat as Russia stepped up its cyber operations in January, testing Ukrainian systems in an unprecedented way. These teams engage in forward-hunting missions, which consist of surveying the partners’ computer networks for signs of prepositions.

Cyber ​​attack at the start of the conflict

A week before Russia’s invasion, Ukraine counted more than 200 cyber attacks on its territory, targeting government sites, hospitals and production equipment. Through this blackout, Russia hopes to facilitate its intervention. Through classic acts of war, Russia neutralizes 3G and 4G cables and access points, but with certain reserves and only in certain places, as they plan a short war and think about reusing the infrastructure to their advantage. From the first hours of the conflict, cyber attacks targeted Ukrainian ministries, according to the Georgian model. It was a matter of preventing government bodies from talking to each other, or even preventing the Ukrainian president from talking to the outside world. The effects of these measures were quickly mitigated by the distribution, in early March, of routers from the Starlink company, which allowed residents, journalists and local authorities to maintain minimal communication links. Deployment, in a very short time, this satellite communication system is very important.

Also readhow army prepare for cyber war

Second wave

The second, very extensive wave of attacks targeted the KA-SAT satellite communications routers, and Viasat channels, which are heavily used by Ukrainian forces. Starlink has partially corrected this situation. The third wave of attacks targeted private businesses more broadly to disrupt the functioning of Ukrainian society. According to General Bonnemaison, “during the first two months of the conflict, 350 cyber attacks were recorded, 40% of which targeted critical infrastructure that might be used by the government, army, economy, and population, and 30% of incidents affected the first Ukrainian government organization at the national level, then at the regional and municipal levels.The powers involved, well-versed in information warfare techniques, seized the opportunities offered by cyberspace from the outset of the conflict.The use of social networks, in particular, made it possible to make the war in Ukraine a ubiquitous presence in public opinion.Since In the first days of the war, more than 315 million actors were involved in this information struggle, playing the role of conveying information. Russia’s dominance in the field of information warfare is known, but opposed by Ukraine. The two governments adopted a diametrically opposed official communication strategy in form.”

4500 cyber attacks

Cyberwars reduce in intensity as soon as the conflict starts. “As the powder speaks, summarizes General Bonnemaison, the offensive fight finds its limits.” Why insist on cutting power plants with computers that can be destroyed with bombs? The Ukrainian security services have a different discourse. They claim to have neutralized more than 4,500 Russian cyberattacks against their country since the start of the year. In an interview with the television channel “My-Ukraine” broadcast on January 10, Ilya Vitiuk, head of the cybersecurity department at the Ukrainian Security Service (SSU), “the aggressor state launches an average of more than ten cyber-attacks per day. Fortunately the public Ukraine is not even aware of most of them.” “We enter 2022 with eight years of hybrid warfare experience behind us,” he added. “At the time of the invasion, we were prepared for the worst-case scenario.” According to him, nearly 800 cyberattacks were recorded in 2020, more than 1,400 in 2021 and by 2022 this number will triple. Massive cyberattacks were repulsed in January and February and provided us with additional training ahead of the Russian invasion in late February, continued Ilya Vitiuk.

Along with cyber attacks, information warfare, formerly called propaganda or AgitProp, is passing through social networks. The dissemination of news and more or less correct propaganda was not intended to persuade Western public opinion, but rather to satirize doubts among sections of the population and especially outside the sphere of Western influence.

Annoying help

For General Bonnemaison, American aid was not free: “It is relatively aggressive, because it opens up a network of countries that are call them. By practicing a form of entryism on concerned network, protect them, but with a real presence in the diplomatic service, which General Nakasone did not hide. Its support is a form of guarantee given to several Eastern European countries. As for Gafam, they were extremely important in this matter. Of course, they have largely contributed to the protection of Ukraine, but are bearing an increasing burden question of a political nature.” General Bonnemaison raised another very important point, the role played by private companies, particularly the responsiveness of certain private actors, such as Elon Musk, in the context of NewSpace and the very rapid deployment of satellite communications systems and especially Microsoft’s assistance to thwart cyber attacks Is European sovereignty enough?