by Stéphane Duguin, CEO of the CyberPeace Institute

Like those of you reading this, the tragic loss of life as a result of Russia’s military invasion of Ukraine has dominated my thoughts and my work over the last weeks. 

The conflict is causing immense suffering to the civilian population. Traditional weapons are the main cause of harm for civilians in Ukraine but, as we have been documenting, cyberattacks began to escalate in the weeks before the conflict began and they are ongoing. The priority has to be to de-escalate this conflict to prevent further suffering, and to ensure respect of international humanitarian law. We have received many questions about the legal aspects that regulate the conduct of hostilities when cyber tools are used, so we published a summary, Ukraine conflict: Frequently Asked Questions. 

As we have seen from media reports, Ukrainian civilians are taking up arms to defend their country and foreigners are also traveling to Ukraine to join the fight. This is being echoed in cyberspace, since Ukraine’s Minister of Digital Transformation announced the creation of a government-led volunteer ‘cyber army’. The nature of the internet means that this ‘cyber army’ is drawing in people from around the world, civilians who may end up as combatants in a digital conflict. This raises complicated issues about their status, legal protection and potential risks that many of them will not have considered, which I outlined in an article on participation in hostilities.

As I said at the beginning, the goal must be to de-escalate this conflict but cyberattacks do not make that easy. We have seen plenty of examples of misuse of cyber tools.  We are witnessing an unprecedented level of concern by companies around the world on alert for cyberattacks carried out in support of Russia and the imposition of sanctions against it.  

Information from leaked internal chat logs of the prolific ransomware Conti Group in late February 2022, reinforce the concerns. The Conti leaks show the inner workings of this criminal group, its brutal attacks against healthcare facilities and the link to Russia’s geopolitical interests.  It is quite unprecedented that a cyber criminal group takes a public stance in relation to a situation of armed conflict. The leaks highlight information gathering on Alexei Navalny, and investigating the activity of @bellingcat. This clearly serves a geopolitical interest.

The information in these leaks, if verified, will have widespread implications and potential repercussions in the months ahead, as they provide insights into the inner workings of a ransomware group and its targets. 

Recent media reports have also highlighted the role of the group Anonymous and its claims that one of its hacks has stopped Russia’s President Putin from using his satellites, which Russia denies.  It is important to not focus on any one group as there are many actors who are engaging or purport to be engaging in relation to the armed conflict in Ukraine.  What is extremely worrying is that with cyber the potential of escalation of attacks is huge. It is important to document such attacks wherever they are occurring as they pose real threats to people, critical infrastructure and the functioning of society.  Attacks on infrastructure such as energy, water and sanitation facilities, healthcare, financial institutions, transport and communication services can have devastating consequences on the civilian population. Beyond the risks to critical infrastructure and civilian objects, cyberattacks sow distrust and limit access to accurate information or spread false information. 

With the use of cyber, the challenge is that because of the interconnected nature of infrastructure, the inherently dual nature of infrastructure, and the difficulty to assess the impact (and unintended consequences of attacks using cyber tools) it is extremely difficult to assess potential harm to civilians. 

At this critical moment in history, we at the CyberPeace Institute are calling for restraint from those involved in the armed conflict.

I would love to hear your thoughts on any of the points I raise, and/or what subjects you think should be keeping me awake. You can get in touch with me via [email protected]

Stéphane Duguin