CYBERWARSA War Within a War: Cyberattacks Signal a New Approach to Combat

Over the past few days, the Russian invasion of Ukraine has captivated the attention of the world. But in addition to fighting with troops on the ground, the nation is also defending itself on another front, from cyberattack.

This ‘war within a war’ is another strategy used by Russia to disrupt and disable life in Ukraine and increase that nation’s vulnerability. But the attacks aren’t confined just to two nations. The ripple effects can be seen around the world. In fact, Ukrainian leaders have asked international cyber experts to help them create an “IT Army’’ to protect it from harm.

Professor Stephen Fitzgerald of the Operations and Information Management Department at the University of Connecticut School of Business has closely monitored the cyber threats in Ukraine. In a conversation with UConn Today’s Claire Hall, he says the attacks and counterattacks are something the U.S., too, should follow closely.

Claire Hall: How will this online war impact the United States?
Stephen Fitzgerald: This is a tough question to answer because there is currently so much uncertainty. While the U.S. is physically distant from the fighting, cyberwarfare is not constrained by distance. Some say President Biden has been pressured to take action on Russia, many of which include cyber attacks of our own to disrupt Russian internet connectivity, electrical power, and transportation.

Of course, this invites a retaliatory effort from our historic adversary which should give officials appropriate pause. It is completely reasonable to expect that whatever we can do to Russia, they can do to us. The U.S. does not want open cyber conflict with Russia and an actual cyber attack from the U.S. is almost completely off the table from what is being discussed, according to the White House.

This back and forth highlights just how tricky the situation is and how hard it is to pin down reliable information. One concern that we can cite for certain is the idea that the software programs used in these attacks could spill over or cause collateral damage based on their design.

Hall: How vulnerable is the U.S. to similar attacks?
Fitzgerald: It is unlikely that individual Americans will be targeted by attacks, but if we were to see conflict we would likely see attacks that target valuable infrastructure or specific corporations.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has made a point to warn Americans about some of the malware we have seen coming out of the conflict, and have taken on the mantra “Shields Up” to describe our nation’s cyber defense posture.

“While there are no specific or credible cyber threats to the U.S. homeland at this time, Russia’s unprovoked attack on Ukraine, which has involved cyber-attacks on Ukrainian government and critical infrastructure organizations, may impact organizations both within and beyond the region, particularly in the wake of sanctions imposed by the United States and our Allies. Every organization—large and small—must be prepared to respond to disruptive cyber activity,” CISA said in a statement.

In the meantime CISA has published a page describing some of the steps and resources individuals and companies can use to protect themselves from any sort of online shrapnel. As with all cybersecurity risks, the best thing we can do is to proactively prepare and have a plan if we are to be attacked.

Hall: How might the international community address these aggressions?
Fitzgerald: Microsoft, which has for some time called for the creation of a new Geneva Convention pact governing cyberspace, is now suggesting that some cyberattacks on Ukraine could be considered war crimes under existing international laws. This is certainly something the international community will need to address at some point in the near future. Although international cyberlaw is in its infancy, it will need to quickly mature as the international community deals with the ongoing wartime cyberattacks.