Why cyberattacks haven’t crippled Ukraine’s communication systems

Join today’s leading executives online at the Data Summit on March 9th. Register here.

We don’t know the full extent of the damage done by cyberattacks against Ukraine during the past week, amid the unprovoked invasion and barbaric military assaults by Russia. But judging by the statements of people who actually would know, the cyber strikes against Ukraine so far have, unfortunately, been worse than the public realizes.

Alex Bornyakov, deputy minister of digital transformation for Ukraine, told TechCrunch this week that “you have no idea” the level of cyberattacks Ukraine has been facing since the invasion. And Microsoft president Brad Smith said in a blog Monday that recent cyberattacks against civilian targets in Ukraine “raise serious concerns under the Geneva Convention.” But with one possible exception, cyberattacks verging on “war crimes” have not yet been disclosed publicly.

However, there’s one thing that’s plain to see: Cyberattacks have not disabled Ukraine’s communications infrastructure since the start of the Russian attacks, as many had previously feared.

This doesn’t mean it won’t still happen at some point. And with Russia looking more desperate and brutal every day, experts say the odds of this happening soon are, tragically, pretty strong.

But the question still remains: Why haven’t cyberattacks already crippled Ukraine’s communications infrastructure? Why would phone and internet service, as critical as they are for Ukraine’s defense and morale, be allowed to continue functioning?

During his interview with TechCrunch, Bornyakov chalked it up to being a part of the overall miscalculation made by Vladimir Putin and his commanders, which has been reported on by the BBC and other outlets.

In a nutshell, the idea is that Russia just didn’t think it was going to be necessary to disable Ukraine’s communications systems.

“They didn’t do this in the first place because I think they thought that this would be faster and easier, they would just run through the city, stop in the main square and just celebrate,” Bornyakov told TechCrunch.

In email comments to VentureBeat today, operational technology (OT) security experts weighed in on why things have gone this way so far — and where they could go next.

Why things happened this way

From the start of this current crisis, it has been anyone’s guess as to what’s going on in the minds of Putin and the Russian commanders, said Eric Byres, CTO of aDolus Technology, an OT software supply chain security firm.

“Probably the best guess is Bornyakov’s suggestion: That Russia thought the victory would be swift, so they wouldn’t need to attack Ukraine’s communications infrastructure,” Byres said. “The fact that both physical and cyberattacks on infrastructure have been limited, so far, suggests that it isn’t a question of ability.”

Thus, “I have to assume it has been a deliberate decision by Russian commanders and not a capability limitation,” he said.

Danielle Jablanski, OT cybersecurity strategist at Nozomi Networks, agreed, saying that Russia clearly “assumed their boots on the ground effort would be more immediately effective for their objectives.”

Notably, some have suggested that Russian troops actually needed to utilize Ukraine’s communications infrastructure, and therefore wanted it to remain intact, Byres noted.

However, “to me this seems unlikely,” he said. “I can’t imagine a modern army depending on civilian communications infrastructure, even their own — never mind the enemy’s.”

More likely is that Russia wanted this to be a quick, decisive victory with little infrastructure damage, Byres said.

There are other possible factors as well. For instance, delivering a single, devastating cyber strike to disable the entirety of a communications system is “not as realistic as some might think,” Jablanski told VentureBeat.

“It requires access to and sabotage of many different nodes, systems, devices and networks,” she said.

Regardless, it appears that Russia did put too much weight on the expectation of achieving rapid success, and “didn’t invest heavily in cyber offensive strategy due to this hubris,” said ContraForce CEO Stan Golubchik.

What could happen next

Precedents for a major infrastructure hack in Ukraine have included the six-hour power grid outage, caused by a cyberattack attributed to Russia, in 2015.

In the interview with TechCrunch, Bornyakov noted that he sees a likelihood for a greater impact on communications systems going forward. “I think they will try to disrupt connections,” he said.

Ukraine has contingency plans for this, Bornyakov said, as part of a discussion on the shipment of Starlink satellite dishes to the country this week by SpaceX CEO Elon Musk. “There are multiple levels of backups,” he said.

And they will probably be needed, experts told VentureBeat.

“The potential for both cyber and kinetic attacks to escalate remains, though the cyber operations will likely continue to be many varied incidents rather than a massive blow to one sector,” Jablanski said.

Russia’s strategy so far has been disastrous, and they are now resorting to heavy armament and explosives to cause destruction in civilian-concentrated areas, Golubchik noted.

Likewise, a ramp up in cyber strikes to counter the stronger-than-anticipated resistance from Ukrainians is probable, he said.

Russia has a history of being “very destructive when wars aren’t going its way,” Byres said. The “massive destruction” unleashed on Grozny in 1994-1995, and then again in 1999-2000, are examples, he said.

“I hope and pray that this isn’t the direction this war takes next,” Byres said.

Originally appeared on: TheSpuzz