Since the start of the war in Ukraine, the threat of a cyber war looms. Daniel Ventre, research engineer at CNRS, and François-Bernard Huygues, research director at Iris, help us to see things more clearly.
JDN. Where are we today in the conflict Russian-Ukrainian at cybernetic level ?
Daniel Ventre (CNRS). Companies from many countries have withdrawn from the Russian net and, for its part, Russia is blocking access on its territory to applications from American companies, such as Facebook, Instagram, etc. Little information has been made public about “cyberattacks” which would affect the belligerents on both sides or which, in the world, would be directly linked to this conflict. behind this linkI maintain a timeline of cyber attacks, cyber events, political decisions and publications that take place in the context of the crisis and the wars between Ukraine and Russia.
What reading grid should be adopted to understand the cybernetic dimension of the Russian-Ukrainian conflict?
Francois-Bernard Huygues (Iris). Cyberattacks can take three forms: sabotage, espionage, and propaganda/disinformation/subversion. For the third aspect, and through their ability to address European and world opinion, the Ukrainians have totally won. Both on traditional media but also on social media. It’s hard to be subjected to Russian propaganda. You even have to look for pro-Putin information, including on social networks! TikTok, which was blocked on March 6, remained one of the last distribution channels. In terms of spying, there have been reports of Ukrainian groups allegedly gaining intelligence on Russian military movements by infiltrating dating sites. Finally, in terms of sabotage, in the sense of disrupting computer devices with malicious software, Russia’s cyber capacity has not yet fully manifested. The attack on a satellite that allegedly disrupted systems around the world, such as wind turbine control devices and some Orange subscribers, has yet to be attributed.
Why so many apprehensions about a Russian cyber-offensive?
“There is no monopoly or overwhelming Russian superiority”
FBH. NATO’s doctrine being that of hybrid warfare (military, non-state and cyber), much was expected of a Russia which had demonstrated, in recent years, the technical quality of its so-called advanced persistent attacks. (Advanced Persistent Threats, APT, editor’s note). We think in particular of the attack NotPetya which affected, in June 2017, large Ukrainian companies and banks, but also, worldwide, German companies such as Nivea or, even closer, such as SNCF and Saint Gobain on French soil. We also think of December 2016 when we observed the first cyber-sabotage operation against energy supply systems. Nearly 700,000 Ukrainian households were without electricity for several hours in kyiv. On the other side, Anonymous declared cyber war to interfere with Russian news sites. There is also talk of a computer army of Ukraine. There is talk of cyber offensives against Belarusian railways to prevent Russian soldiers from reaching Ukraine. So neither monopoly nor overwhelming Russian superiority.
Can the intervention of Anonymous cause problems?
DV. Anonymous is above all a banner, more than a structured group, which has intervened for several years in multiple areas of confrontation and dispute. His action, like all those carried out by hackers, can disrupt systems and organizations. But its operations are generally “claimed”, signed “Anonymous”, and are not likely to generate strong reactions from the belligerents.
The cyber threat therefore remains relatively low in terms of sabotage for the time being.
FBH. Yes. In the current conflict, just before the February 24 assault, there was a denial of service attack (Dos, editor’s note) on Ukrainian banks and institutions then, for a second, on February 27 by “eraser” software which penetrates the systems and destroys the data: it had attacked institutions. If these attacks were notable and spotted, on the one hand they killed no one and, on the other hand, their political impact or even their ability to create disorder and chaos were overshadowed by the dramatic nature of the offensive. classic. For the first time in Europe since the war in Yugoslavia, we have tanks against tanks and missiles against missiles. So yes, the computer attacks must have been disruptive, costing a little money, but all this seems almost ridiculous in the face of the human losses.
Why this low amplitude?
“A ‘cyber Pearl Harbor’ can hardly happen”
FBH. While they have missiles, planes and tanks, do the Russians have an interest in completely, or even permanently, parasitizing the infrastructures they want to recover? Another consideration, when we start killing people, the computer attack takes second place. This is not the cybernetic Armageddon that has been announced since the beginning of the 90s in the USA and which has not yet happened. Cybernetics seems for the moment limited to a preparatory or secondary role.
How should France organize itself?
DV. Anssi is a key element, even if of course it is not the only one, in the security of state systems and French companies. In our country, as in many others, cybersecurity has been raised to the rank of national security priorities and organized accordingly. The risk of being destabilized by a “surprise” cyberattack has been greatly reduced. Critical and sensitive infrastructures have been supervised and secured through policies and strategies that have been in place for more than ten years. Monitoring is therefore provided by Anssi, by companies, by CERTs and other private cybersecurity players. There is a whole ecosystem that avoids the surprise effect. Caution signals currently exist in France, as in many states.
So far, the conflict has not resulted in major cyberattacks. Moreover, in the world, many observers are surprised. None of the actors in the conflict seem to have launched a major destructive cyberattack. The situation is tense, we must be vigilant, have a watch perhaps more sustained than usual. Normally, what happened in Estonia in 2007 should not happen again. A “cyber Pearl Harbor” can hardly happen because everyone has been expecting it and preparing for it for years.
Should we be wary of software like Kaspersky antivirus?
DV. With regard to Kaspersky, in France, in Germany, the authorities call for caution. But this situation of dependence or exposure to risk also raises the question of technological sovereignty. These situations are a reminder of the importance of having alternative solutions and, as far as possible, “national” cybersecurity solutions.