As a hybrid offline and online war is waged in Ukraine, Viktor Zhora, who heads the country’s cybersecurity agency, had a front row seat.
Zhora is Deputy Chairman and Chief Digital Transformation Officer at Ukraine’s State Service for Special Communications and Information Protection.
Cyber aggression from neighboring Russia is nothing new, he said during a video keynote at Mandiant’s mWISE event this week. It has lasted since at least Moscow’s annexation of Crimea in 2014 and led to the NotPetya ransomware outbreak in 2017, all of which have contributed to the spree of data-wiping malware and denial-of-service in Ukraine and its networks -Prepare attacks that began in January year. Russia illegally invaded Ukraine the following month.
“We have learned many lessons from cyber aggression over the past eight years,” Zhora said. “And I think that’s one of the reasons why the adversary didn’t achieve their strategic goals in the cyber war against Ukraine.”
But while Ukraine hasn’t experienced the scale of destructive cyberattacks on critical infrastructure targets that international cybersecurity agencies have been warning about since the war began, Russia has won the disinformation battle — at least within its own borders, according to Zhora. One only has to watch any Russian mainstream television to see Putin’s pro-war, anti-West propaganda in full swing running parallel to the Kremlin’s online disinformation tactics.
“This is a very dangerous activity, the fight for people’s heads, and this is the game in which Russia won on their territory,” Zhora said of the Russian intelligence operations that accompanied the invading army.
These false narratives, promoted by the Kremlin, ranged from accusing Ukrainian “Nazis” of being the aggressors and committing war crimes in the conflict, to downplaying the impact of Western nations’ sanctions on Russia. State-controlled news outlets, social networks and GRU-run Telegram channels reinforce pro-Kremlin brainwashing.
The real info wars
They aimed to demoralize Ukrainian troops – eg President Zelenskyy dies by suicide, fake news –, alienate the occupied nation’s allies and bolster Russian citizens’ support for the occupation. The programming of Russian citizens has at least worked, although Putin’s mobilization of citizens could affect this.
Of course, Russia is not the only country that knows about information operations. China, Iran, and even the US and UK are pretty good at it too. And Russian citizens aren’t the only ones who swallow fake news. Case in point: the big lie that Donald Trump won the 2020 US presidential election, now being peddled by hundreds of candidates running for elected office in the upcoming US midterm elections.
A recent Pew Research poll of 24,525 people from 19 countries ranked the spread of false information online as their second top concern, with 70 percent of respondents saying it posed a “major threat” to their country.
“The same way of attacking people’s brains is used in other countries,” Zhora said. And as such, it takes a coordinated, cross-border effort to thwart them, much like the more typical destructive forms of cyberattacks, he added.
“Completely new approaches should be developed to prevent the influence of this propaganda in order to prevent subversion in our partner countries and our allies,” Zhora said. “Cybersecurity is a collaborative effort, as is countering propaganda and disinformation [requires] common politics and global politics.”
How to defend against attacks on trust?
With other types of cyber threats, such as ransomware, data-wiping malware, and DDoS floods, the cost to businesses is typically a priority. But even these types of threats have other costs, similar to interference, as they can shake citizens’ trust in infrastructure and institutions.
Addressing this during his mWISE keynote, US National Cyber Director Chris Inglis said he has seen “attacks on trust” escalate over the past five to 10 years.
“Think of the attack on the Colonial Pipeline, which of course was an attack on an undefended virtual private network,” Inglis said.
In that May 2021 break-in, the Russian DarkSide group broke into Colonial’s IT system, prompting the company to shut down all of its pipeline operations before the criminals could access that part of the business. And this created a fuel shortage on the east coast when the pipeline was out of service for five days, sparking fights at US gas stations.
“At the end of the day it was really an attack on confidence,” said Inglis. “Millions of people along the East Coast went into the darkest possible corner thinking that like a hurricane that blows the white bread off the shelves, they should flood the gas stations and essentially take petroleum out of this pipeline.”
“If you’re the attacker, you might have been after data and systems, you might have been after the money you could get if you compromise a critical function,” he continued. “But you couldn’t help noticing that you’ve succeeded in attacking self-confidence.”
While the government and private infosec professionals need to protect data, IT systems and critical infrastructure that rely on digital systems from cyber threats, they also need to defend against attacks on trust, Inglis said. “And maybe the last one is the hardest of all.”
Trust is complicated because not many people have detailed knowledge of how, for example, an energy grid works – or even how an electronic voting machine works. It also requires that the populace trust those in government and industry who defend these systems and have a plan to respond to emergencies.
This is another lesson learned from Ukraine, Inglis said. “Do we have the confidence to say that we can actually hold our own, just as Ukrainians have the confidence to stand up to an architecture that, for all imagination, is not a perfect technical architecture. But they did a masterful job of operating beyond that.” ®
https://www.theregister.com/2022/10/22/ukraine_cybersecurity_chief_mwise/ Ukraine’s cyber chief calls for global fight against fake news • The Register