As the digital battlefield rapidly evolves, the Russia-Ukraine conflict has become a critical case study in the effectiveness and strategies of cyber operations during crises. A recent cybersecurity conference in London hosted by the National Cyber Security Centre (NCSC) painted a picture of a shifting cyberwar landscape. Experts highlighted a move away from the predicted cyber blitz towards a new era of digital espionage.

“Early predictions focused on widespread disruption,” said Dmitri Alperovitch, Chairman of Silverado Policy Accelerator. However, the reality has been scattered attacks and a struggle for Russia to leverage compromised systems for tactical gains.

Alperovitch noted the initial scattergun approach of Russian cyber operations, targeting non-strategic sites like toy stores, until a critical strategic shift occurred with the Viasat hack, which took out some of the comms that the Ukrainians were using.

However, Alperovitch highlighted a pivotal shift in strategy, observing, “It’s sort of back to the future… back to traditional espionage, moving away from these over destructive operations to actually collect intelligence.” This transition has enabled Russian cyber forces to seamlessly integrate with frontline units, harnessing intelligence swiftly for tactical advantages.

Alperovitch notes the critical role of cyber in modern intelligence gathering, stating: “Cyber is first and foremost an espionage tool. Unlike just passive collection, you not only know what is happening at the moment but you can also look at future plans.”

Alperovitch also added, “The biggest value of cyber is going to be on the collection front… if you can use it rapidly to achieve a tactical advantage, it’s incredibly powerful.”

Tim Neal-Hopes, Commander of the National Cyber Force, discussed the nature of cyberspace as a contested domain. “One thing Russia-Ukraine has taught us is cyberspace is a contested domain of operations like air, sea, land, and space… It’s the domain in which we are in contact most often.” He emphasised the need for constant vigilance and adaptability, noting that the Russians have continuously learned and adapted their strategies.

Tim Neal-Hopes, Commander of the National Cyber Force, noted cyberspace as a constantly contested domain, akin to air, sea, land, and space. He stated, “It’s the domain in which we are in contact most often.”

Neal-Hopes cautioned against complacency, particularly in light of the multiplying number of cyber actors beyond the Russia-Ukraine conflict. “The number of actors learning has gone up,” he pointed out. “That demands agility and constant focus on where we’re going.” This ever-evolving landscape necessitates a shift in posture, he explained, requiring those responsible for defence to be “postured to operate on a daily basis at the temper of operations that our adversary is going to bring to us.”

Neal-Hopes further observed a learning curve among adversaries, specifically the Russians. “Russians have learned and adapted as they’ve gone,” he remarked, “hence you see that shift perhaps towards intelligence rather than necessarily trying to deliver effect.”

The conflict has shown that preparation and building robust relationships in advance are crucial. Neal-Hopes noted, “Would we be able to execute a Russia-Ukraine support piece now for another crisis? Have we got those plans?” This question emphasises the need for continuous planning and readiness to face similar crises in the future.

Additionally, the conflict revealed the effectiveness of basic cybersecurity measures. Neal-Hopes’ analogy of “removing as many needles as you can from your own haystack and making the adversary move as much hay as possible to find the needles” highlights the importance of fundamental security practices.

David Luber, Director of Cybersecurity Directorate at the NSA, added another dimension to the discussion, stating, “Espionage doesn’t just happen in Ukraine, we also have to watch the neighbouring countries that are supporting Ukraine movement of material and other things into Ukraine so we have to keep a close eye on that.”

The Russia-Ukraine conflict has ushered in a new era of cyber warfare, marked by a shift from blatant attacks to stealthy espionage. This strategic pivot underscores the growing importance of information as a weapon in the digital age. Understanding such shifts in conflicts like the Russia-Ukraine is crucial for businesses to bolster their cybersecurity defences and mitigate the risks posed by evolving digital threats.