According to Jeremy Fleming, British intelligence helped protect critical infrastructure during Russia’s war of aggression in Ukraine. But the impact of Russian disinformation should not be underestimated, writes the head of British intelligence in a guest post.
It is a mistake to think that cyber attacks played no part in the war in Ukraine. Both sides use cyber capabilities in pursuit of their goals. Both sides are aware of the potential of their use of cyber and informational confrontations in the military sphere. Both sides know that they are waging a battle for influence and opinion-forming far beyond the battlefield. It is a very modern digital cyber war, as well as a brutal and destructive physical war.
Six months after Russia’s invasion, it becomes clear how the different practical and virtual approaches have shaped the conflict. Russia’s initial online strategies, like the land invasion, appear to have failed. Russia’s use of offensive cyber tools was irresponsible and thoughtless.
Now save articles for later in “Pocket”.
Their information operations have proved unwise and have been called into question by the release of intelligence information. Attempts by the Russian military to destroy Ukraine’s digital infrastructure and use cyber activities to foment conflicts met with Ukraine’s resolute, professional and effective cyber defenses.
As the British intelligence, cyber and security service, the government communications center GCHQ has long been monitoring the threat posed by Russia. Together with our allies, we have a constantly evolving picture of Russia’s intelligence and military objectives in cyberspace. We have repeatedly denounced their activities, which go far beyond responsible behavior in cyberspace.
We have also criticized the Russian state’s policy of turning a blind eye to powerful criminal internet groups operating in the country with impunity. And we’ve worked with industry and our allies to help Ukraine fight disinformation and protect critical IT infrastructure.
While we knew that Russia was capable of playing by its own rules, its actions in Ukraine have now shown this to the world as well. As a result, we are now witnessing the reshaping of the cyber landscape. Along with this comes the big IT companies working more closely with governments on security, polarizing opinions about cyber use in war, and renewed efforts to set cyber norms.
Looking back, we now know that the first shots of Vladimir Putin’s war of aggression in Ukraine were fired in cyberspace before the bullets actually fell on February 24th. A month earlier, Russian military intelligence had used Whisper Gate malware to damage and destroy government systems in Ukraine.
And less than an hour before invading Ukraine, Russia attacked the satellite network provider ViaSat, which is used by the Ukrainian military, government and civilians. The destruction also affected neighboring countries, causing collateral damage to a range of utilities, from wind turbines to Internet access.
These attacks were uncovered on the basis of intelligence information. Private companies also recognized the attacks and quickly publicized and fixed the problem. This government-private partnership, in which the National Center for Cyber Defense (part of GCHQ) plays a leading role, has become increasingly important as Russian efforts to sabotage Ukraine’s governmental and military systems have increased.
Internet disinformation quickly became a key part of Russia’s campaign to sow confusion and chaos in Ukraine and beyond. Russia has used this strategy before, including in Syria and the Balkans. Russia’s aim is to sow distrust in the sources of information, to misrepresent what is happening in Ukraine and to spread untrue claims about the reasons for Russian actions.
We have taken steps to counteract the distortion of facts. From warning about the outbreak of war, to expeditiously releasing intelligence information, to working with Western technology platforms to eliminate misinformation, we have made the conduct of the Russian state public.
Much of this has been successful. So far, President Putin has largely lost the information war in Ukraine and the West. While this is cause for celebration, the impact of Russian disinformation in other parts of the world should not be underestimated. Many of the most populous countries have not agreed to the UN motion condemning Russia for its invasion. Public opinion in these countries matters and it is already being shaped by information from Russia.
Wagner – Putin’s Secret Army: An Insider’s Account
This is a new front in the Ukrainian war, the repercussions of which will last at least as long as the conflict itself. Action must be taken to counter organized state disinformation campaigns and ensure they fail to stoke international outrage at the crackdown to contain Russia.
In all of these areas, it has become apparent how the Russian state has attempted to reconcile and coordinate cyber activities with more traditional aspects of military power. So far, that combination hasn’t worked, and the impact has been less than we (and they) expected.
This is partly because Ukraine has proven to be extremely effective in cyber defences. Since the annexation of Crimea in 2014, it has painstakingly built a digital fortress. While witnessing a heroic defensive struggle by the Ukrainian military, we have seen online what are arguably the most effective cyber defenses in history. Working under sustained pressure against a very capable adversary, this team of industry, intelligence, security agencies, and in some cases citizens, have stood side by side to warn, respond, and remedy.
Cyber defenses turned out to be stronger than Russia had expected. Ironically, Russia’s military actions have exacerbated the problems. The Russian attacks paralyzed the very networks they wanted to infiltrate. They forced Ukrainians to switch to other networks and use alternative forms of communication that were more secure. Ultimately, this strengthened Ukraine’s resilience.
Fortunately, all of this cyber activity outside of Ukraine has not resulted in collateral damage on the scale of the 2017 NotPetya attacks, which crippled Ukrainian banks and airports, among others. That could be because Russian cyber actors are acting carefully to avoid escalation.
Finally, NATO has made it clear that a serious attack on a member country could trigger Article 5, the Alliance’s Mutual Defense Clause. The danger that the conflict could spread to one of the NATO countries is very real – we have seen incompetence and carelessness on the part of Russia before.
A key component of our response to this situation could be the National Cyber Force (NCF) – a partnership between GCHQ and the Department of Defense. This builds on our world-class cyber defenses and resilience to deliver offensive cyber operations. I will not go into detail about the activities of the NCF as secrecy and ambiguity are key characteristics of cyber operations.
This secret and important work is carried out in accordance with international law and national laws. It is approved by ministers and scrutinized by justice commissioners. This ethical, reasonable, and legal course of action distinguishes us from our adversaries and from Russia’s use of cyber attacks in this war.
Drawing on the lessons of the early days of President Putin’s war, one cannot overstate the importance of Ukraine’s cyber defenses to the fight. The country’s experience has shown that online defenders can decide for themselves how vulnerable they are. As allies, we must make it clear that we are serious about the responsible use of cyber power. These are the lessons we need to heed like-minded partners around the world.
Sir Jeremy Fleming is the head of GCHQ, the UK’s intelligence, cyber and security agency.
The article first appeared in The Economist under the title “The head of GCHQ says Vladimir Putin is losing the information war in Ukraine” and was translated by Andrea Schleipen.
British Spy Chief Explains Putin’s Cyber Army Rookie Mistake from The Economist.