Taylor Grossman, Monica Kaminska, James Shires and Max Smeets co-authored this ECCRI report on wartime cyber dimensions in Ukraine.
On the 28th of February 2023, the European Cyber Conflict Research Initiative (ECCRI) held a workshop to reflect on wartime cyber operations in Ukraine. The event included cyber threat intelligence practitioners, academics, and officials from key governments and international institutions. The workshop was invite-only and held under the Chatham House Rule to allow participants to share their frank thoughts and reflections. In consultation with the attendees, ECCRI has written this report to highlight key lines of discussion.
This workshop report builds upon a previous report by ECCRI on wartime cyber operations in Ukraine, based on a closed-door workshop held in Tallinn in May 2022, just three months after the full-scale invasion of Ukraine.
Key takeaways from the report:
- In line with its doctrine of information confrontation, Russia employed a variety of cyber operations during the war at an unprecedented scale.
- The primary goals of wartime operations – sabotage, influence, and espionage – have remained constant. Cyber operations provide new opportunities to achieve age-old objectives.
- Cyber activity in Ukraine is associated with kinetic activity bursts and lulls.
- The GRU has adopted a flexible approach with “pure wipers” that are easy to manipulate and launch without draining significant resources.
- Western observers may overestimate coordination between Russian-aligned criminals and the government.
- Distinguishing between cyber criminal and political activist groups is becoming increasingly difficult.
- Initiatives such as the IT Army risk blurring important principles of distinction between combatants and noncombatants.
- There is a shift in responsibilities that needs to be recognized by both the public and private sectors, with industry delivering capacity at scale.
- While Ukraine has benefited from unity of purpose across many different Western actors, this conflict may not provide a good roadmap for the future.