The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “The Cyber Defense Assistance Imperative Lessons from Ukraine.”
Its conclusion:
Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others. But this is not the end of the road—the ability to provide cyber defense assistance will be important in the future. As a result, it is timely to assess how to provide organized, effective cyber defense assistance to safeguard the post-war order from potential aggressors.
The conflict in Ukraine is resetting the table across the globe for geopolitics and international security. The US and its allies have an imperative to strengthen the capabilities necessary to deter and respond to aggression that is ever more present in cyberspace. Lessons learned from the ad hoc conduct of cyber defense assistance in Ukraine can be institutionalized and scaled to provide new approaches and tools for preventing and managing cyber conflicts going forward.
I am often asked why where weren’t more successful cyberattacks by Russia against Ukraine. I generally give four reasons: (1) Cyberattacks are more effective in the “grey zone” between peace and war, and there are better alternatives once the shooting and bombing starts. (2) Setting these attacks up takes time, and Putin was secretive about his plans. (3) Putin was concerned about attacks spilling outside the war zone, and affecting other countries. (4) Ukrainian defenses were good, aided by other countries and companies. This paper gives a fifth reasons: they were technically successful, but keeping them out of the news made them operationally unsuccessful.
More Stories
NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk
The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit Read More
Critical RCE Vulnerabilities Found in Common Unix Printing System
The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network Read More
US State CISOs Struggling with Insufficient Cybersecurity Funding
A Deloitte and NASCIO survey found that a third of state CISOs do not have a dedicated cybersecurity budget Read...
British man used genealogy websites to fuel alleged hacking and insider trading scheme
A London-based man is facing extradition to the United States after allegedly masterminding a scheme to hack public companies prior...
AI and the 2024 US Elections
For years now, AI has undermined the public’s ability to trust what it sees, hears, and reads. The Republican National...
Cyber-Attacks Hit Over a Third of English Schools
A survey by Ofqual found that 20% of English schools and colleges were unable to immediately recover after being hit...