Christopher Sparre-Enger Clausen
Nikolai Rekman
As videos and images of the ongoing war in Ukraine shake the world, less apparent are Russia's cyberattack efforts on Ukrainian infrastructure.
Western governmental agencies and watchdogs, such as the United Kingdom's National Cyber Security Centre, a division of the GCHQ, and the United States Department of Homeland Security, are concerned about potential cyberattacks hitting western-based private and public institutions.
“If Russia pursues cyberattacks against our companies, our critical infrastructure, we are prepared to respond,” U.S. President Joe Biden said during an interview at the White House. “For months, we've been working closely with the private sector to harden their cyber defenses [and to] sharpen our ability to respond [to] the Russian cyberattacks as well.”
Attacks on Ukraine with international consequences
Whilst Russian attributed cyberattacks against Ukrainian political and military targets have been confirmed, the attacks remain largely within a highly polarised sphere of operations. Private and public watchdogs stress that the current main risk for western institutions is collateral damage as a result of cyberattacks in Ukraine rather than attacks aimed directly at western institutions. As seen in the 2016 "NotPetya attack", an attack aimed primarily at Ukraine, certain cyberattacks have an inherent ability to spread through supply chains far beyond the primary goal. It is notably this risk that is the cause for heightened cybersecurity alertness in the EU, U.S. and the U.K. Additionally, albeit a practical consequence as a result the ongoing conflict, attacks on Ukrainian companies, both cyber-related and otherwise, may have direct consequences on various supply-chains, such as the chip industry which is notably reliant on Ukrainian-sourced neon.
Direct Attacks on western institutions and organisations
In light of the economic sanctions imposed on Russia and Russian individuals, western institutions and organisations may be subject to retaliatory cyberattacks as Russia may regard such sanctions as economic warfare.
With the expected heightened cybersecurity focus in the west, financial ransomware groups are likely to display a change of tactics. Instead of asserting a form of operational patience to maximise cyber-criminals' return (generally several weeks or months), cyberattacks may be shortened to a "cut and run" process (days), due to the EU, US and UK's heightened cyber-alertness, which could result in a spike of attacks inadvertently attributed to the conflict in Ukraine.
What to do?
Effective cyber defence is a long game requiring sustained strategic investments. The conflict in Ukraine is perhaps the most acute cyber risk for Norwegian companies, but cyber threat levels have been rapidly increasing over the past decade. Therefore, both in relation to what's happening in Ukraine and what will follow as a result of the invasion, it is imperative that organisations and institutions evaluates their cyber exposure and duly implement appropriate technical and organisational measures. In particular, the following considerations should be made:
- Ensure incident response plans are up-to-date and tested;
- Ensure data back-up processes are in place and tested;
- Ensure policing of third-party or outsourced contracting obligations; and
- Ensure internal cyber awareness programmes or notifications are updated.
Thommessen's data protection and cyber security team are ready to assist in case of cybersecurity incidents. We also provide assistance in relation to governance measures against cyberattacks (proactive actions).
