Invasion of Ukraine: Should we fear cyberattacks?

Cyberwar is a fictional concept that doesn’t really describe any strategic reality. Attacks in cyberspace can’t be separated out from conventional warfare; they are part and parcel of a military strategy. At the moment, in the context of Russia’s invasion of Ukraine, digital methods and technologies are being used to complement the missiles, tanks and special forces. 

So it makes more sense to talk about cyberattacks. It’s also less redundant, since digital technology is now inseparable from war in general. In any conventional war, there may be cyberattacks. Cyberattacks may also be carried out between countries that are not at war, strictly speaking, but are engaged in low-intensity conflicts.

They have several objectives, sometimes in combination, sometimes in isolation. One of the main goals is to gather intelligence by breaking into the adversary’s computer systems to get a better idea of their thinking, plans and resources. The goal can also be to disrupt the adversary by depriving it of critical infrastructure, for example by disconnecting power plants. In today’s world, not having electricity complicates life enormously: telephones and computers can’t be recharged, computer systems and financial systems stop operating, and so forth.

Cyberattacks can also be used to spread disinformation and propaganda, either by preventing the adversary’s population from accessing information or by putting out false or erroneous information.

Yes, Russia is a very major player. Its attacks and capabilities are among the most sophisticated and advanced in the world. We don’t yet know why they aren’t conducting more cyberattacks, or if they are, why their attacks aren’t having more effect. Maybe they thought the invasion would be lightning-fast and easily completed, so it wasn’t worth bothering with cyberattacks.

Maybe they didn’t want to destroy the infrastructure they would need once they took over Ukraine. Or maybe after years of confrontation and attacks—this isn’t Russia’s first offensive against Ukraine—the Ukrainians have the experience to be able to foil cyberattacks.

I don’t think the Russians will carry out large-scale cyberattacks in Ukraine, since they’re already in the country and already doing enough damage with missiles. However, what Russia could do is try to answer the raft of economic sanctions imposed by the West with digital retaliation.

For example, it could attack industries in which it is dominant to create tension on world markets, drive up the price of certain raw materials or prevent factories from operating.

Yes, absolutely, since Canada has joined the other NATO countries in imposing sanctions. So there is no reason why Canada would be spared if Russia decides to retaliate. I don’t think they would target the Canadian government but rather strategic Canadian companies, such as the electrical and financial sectors.

It depends on who we’re talking about. Large financial institutions and companies like Hydro-Québec are. But as we saw with the Alouette aluminum smelter, even they can be caught off guard and be severely affected. Companies don’t always have adequate resources, and spending on cybersecurity isn’t always a top priority.

The Canadian Centre for Cyber Security is doing a lot of work to raise awareness and share tools and best practices.

I am much more concerned about the millions of refugees, the massacres, the war crimes, the human tragedies, the human rights abuses, than about cyberattacks, which we have the tools to deal with.

This conflict has been a reminder that wars are still very dirty, very murderous, and the cyberworld is far from being able to reach such levels of barbarity. Warfare is still conventional, waged through lethal armed attacks.