The Russia-Ukraine conflict is quickly becoming a textbook example of low-grade cyber tactics that will likely occur in almost all future conflicts. It has yet to, thankfully, graduate to a full-scale cyber assault, but we are seeing a number of back-and-forth moves that paint the picture of two contestants feeling each other out, but not quite fully engaging. Reports today include the following:
- Foreign Policy is reporting that Russian forces in Crimea are jamming cell phones and cutting internet connections to the mainland. Meanwhile, Ukrainian national telecoms offices in Crimea have been seized. All of this looks like an effort by Russia to control information flow out of Crimea on social networks -- a possible preparation for kinetic escalation as a means of maintaining a "fog of war."
- If Russia makes the attempt, this report by Rensys suggests that the effort may be difficult. Given the robust network in the Ukraine, we can expect that some leakage of information may still result.
- Meanwhile, according to Fox News, the Russian internet monitoring agency has blocked 13 web pages linked to the Ukrainian protest movement. This is the converse of the information flow control in Crimea -- an effort to block ordinary Russians from access to information that contradicts the state-controlled media feed.
- Finally, there is this report from SenseCy, a well-regarded Israeli cybersecurity firm. They report multiple web-site hacking efforts and two opposing "operations" -- #OpRussia and #OpUkraine -- to marshal cyberforces. One Ukrainian site, Bimba, is recruiting volunteers for the "fight." Another is organizing "Putin Smackdown Saturday." Perhaps most notably (given the universality of the web) and unsurprisingly, SenseCy reports: "Aside from Russians and Ukrainians, this conflict has attracted hackers from other countries, and we have already seen Turkish, Tunisian, Albanian and Palestinian hacker groups attacking Russian sites in support of the Ukrainian revolution."
As I said, this is what conflict looks like in cyberspace --- even without direct state-to-state conflict we see self-organizing ad-hoc groups mobilizing to back their own "side." We may expect that their skill levels are modest, generally, so we should not think they would be responsible for critical infrastructure disablement -- but that expectation is just an Occam's Razor guess. All it takes is one "black swan" capable group to change this dynamic radically.