How to avoid being unwillingly drafted as a cyber combatant in the Russia-Ukraine war
Got a security roll-out plan for the next few years? Escalate it. Thinking about recruiting more security engineers? Start hiring. Looking for the right time to patch vulnerabilities and refresh passwords? Now’s the time. The Ukraine conflict may feel far away to some of you, but the risk of your network being caught in the crossfire is increasing.
Ukraine’s relationship with NATO
News reports say that a shooting war is beginning on the Russia/Ukraine border. To understand how this conflict may escalate outside the Baltic region, it’s important to understand Ukraine’s relationship with NATO.
Also: Ten steps you can take to improve your cybersecurity defenses now
NATO member states have a series of obligations they have agreed upon, most notably a mutual protection pact. Ukraine, while not a NATO member, is considered a NATO partner. The NATO document, “Relations with Ukraine,” provides important insights into how NATO will interpret hostilities towards Ukraine: “NATO has adopted a firm position in full support of Ukraine’s sovereignty and territorial integrity within its internationally recognised borders.”
Right now, that full support doesn’t include sending troops up against Russian forces. In fact, NATO’s position is more denunciation than outright hostility. The members state, “The Allies strongly condemn and will not recognise Russia’s illegal and illegitimate annexation of Crimea, and denounce its temporary occupation.”
Fundamentally, the NATO allies can’t ignore Russia’s actions. And while nobody wants World War III, NATO likely isn’t going to sit this thing out. Enter cyberwar.
Russia and cyberwar
Russia’s hacking activities have been making news for years:
While not all these activities can be traced directly back to government operatives, there’s almost always a government link somewhere in the chain.
Next, let’s look at how much the global IT industry has accepted Russian companies as full partners. At the top of the list is Kaspersky. Statista lists Kaspersky as the fourth largest (in terms of market share) anti-malware vendor for Windows machines. Kaspersky has long been fighting allegations of being cozy with the Russian government but there is a case for why the connection is under scrutiny. If Russia wanted to attack the west, it’s got a ready-made channel to do so: the anti-malware software designed to defend against just that risk.
Keep in mind that Russian developers have built a lot of the code we incorporate into our projects. Normally, that wouldn’t cause any more worry than working with any other developer. But if Russia suddenly takes an adversarial position with NATO allies, the Russian coders we’ve been working with may suddenly turn into enemy combatants.
In 2020, Russia’s IT outsourcing market hit $6.75 billion, according to a report from IDC in ComputerWeekly. Outsourcing is the process of assigning IT operations to other organizations, so the client company doesn’t have to do the work. Unfortunately, outsourcing also assigns control of IT operations to the vendor organization. If Russia turns into an adversarial actor, the control ceded by western companies to Russian outsourcing operations may well be the equivalent of giving all their passwords and authentication codes to the Russian government.
So let’s sum up the risk: In general, working with our fellow IT professionals in Russia can be a productive and positive experience. But if they suddenly turn to the dark side of the force due to this war, western IT security could be badly exposed.
Prepare your networks
Russia already has a history of attacking and breaching western companies and networks, and even tampering with elections. How bad will it get if there’s a shooting war between Russia and Ukraine and a rhetoric war between NATO and Russia?
Most likely, both sides — who don’t want to chance a nuclear conflagration — will lob soft attacks at each other. We can expect propaganda attacks through social media, designed to give western populations a false view of the issues of the day. According to the FBI, Russian misinformation has been an ongoing problem.
And then there’s cyberwar. Expect both sides to launch attacks against each other. Cyberattacks have some degree of plausible deniability, they’re sometimes hard to trace, it’s difficult to point to rubble and bodies on the news, but the damage they do is still considerable.
If the situation on the Russia/Ukraine border escalates, expect Russia to launch cyberattacks. They won’t necessarily be visible attacks, either. Distributed denial of service attacks are messy, but they’re like active sonar — you can tell when you’ve been pinged.
Advanced persistent threats, on the other hand, are stealthy. They dig into your networks and camp out. Sometimes they exfiltrate information. Sometimes they modify information. Sometimes, they break things. APTs have been known to enter a network and live there for months and even years.
These attacks aren’t just going to be limited to government networks. They’ll target networks all across NATO economies, possibly even yours. When that attack hits, you’re suddenly in the line of fire. If you’re one of the many IT pros who read ZDNet, mitigating that attack is your responsibility.
And that’s why, due to a war halfway around the globe, there’s a chance your network will be a target.
If you outsource to a Russian IT vendor or use Russian-based security software, it might be time to evaluate your potential risk level. We can’t automatically assume that Russian vendors will give up their market advantage to support a war, but you’ll need to watch those relationships with great care. If your vendors suddenly seem to change attitude or personality, pay attention. And make sure you have a failover plan in place with alternative vendors.
I know you have other priorities. We always do. But here’s the thing. Any network manager stands a good chance of being in the line of fire for a cyberwar with Russia. If this thing goes long or escalates, it will no longer be a matter of if, but when.
You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.