The situation between Russia and Ukraine has developed into a powder keg. As the rest of the world watches from a distance, the reality is the effects of a war would be felt globally and could reach the doorsteps of American families and businesses.
If Russia decides to attack Ukraine, some of their first actions could very well be in the digital space. While these assaults would likely begin in a strategic and targeted manner, they could quickly expand to more uncontrollable attacks, such as destructive malware distribution, which has the potential for impacts on a global scale, with significant monetary damages, as seen with the global NotPetya cyberattack. This is because cybersecurity is woven into every element of our lives, and anything with an internet connection presents an opportunity to be affected.
Our interconnectedness means the location of an initial target of a cyberattack can be irrelevant, as certain attacks have the ability to spread globally, and at pace, infecting millions. In other words, a cyberattack intended to hit only those in Ukraine could easily cross borders and harm innocent bystanders in other places of the world.
I previously wrote that “cyberattacks take place in a lawless battlefield. With cyber warfare, the rules of the road are less defined. Further, there is a lack of appreciation for the power of offensive cyber tools and their ability to have cataclysmic ramifications.”
This was in reference to expanding cyber capabilities of nation-states and the lack of oversight, but the point is relevant to today’s situation. For example, attacking systems that control Ukraine’s electricity grid — which Russia has done before — would create two outcomes: a strategic advantage to advance military tactics, and a plausible deniability regarding attribution. Yet in the end, millions of citizens would be left literally and metaphorically in the dark, with no information, freezing cold, and scared for their safety. This is what can be expected in today’s wars and those of the future, a blend of physical and cyberattacks.
Physical proximity to Russia or Ukraine is immaterial, as it can be expected that the cyber effects of a potential war will be widespread. The new reality we live in involves cyberspace as the fifth domain of war, adding a combat consideration to the existing battlefield of land, air, sea, and space. Failing to account for cyberattacks used in tandem with a physical assault provides the opponent with a tactical advantage, while simultaneously leaving the general population vulnerable.
Gen. Larry D. Welch USAF (Ret.) explains the concept of the fifth domain well, stating “extensive operations in cyberspace have been a reality for decades. Hence, while cyber operations are not new, our understanding of cyberspace as a domain requires further maturing.”
This “further maturing” should involve considerations regarding the global and cascading effects of a nation-state led cyberattack.
The aforementioned NotPetya and Ukrainian power grid incidents led to losses of revenue and extensive business interruption, significant remediation costs, and lack of confidence in utilities and critical infrastructure worldwide.
The same issues can be expected if today’s crisis continues to escalate.
Physical borders do not exist in cyberspace. A nation-state initiated cyberattack can instantaneously spread across the globe, bringing operations to a screeching halt, restricting access to files, and even denying basic freedoms, such as access to running water. Individuals and organizations alike need to be prepared for this potential residual effect and have response plans readily available.
If war does occur between Russia and Ukraine, it is likely that Russia will explore all angles that give them the upper hand to achieve their desired outcome. This exploration will include cyberattacks — and correspondingly, the rest of the world should be on notice and at the ready.
This war — if it happens — may reach your doorstep before you know it. Please plan ahead.
Anthony J. Ferrante is the Global Head of Cybersecurity at FTI Consulting. He previously served as Director for Cyber Incident Response at the U.S. National Security Council at the White House. The views expressed here are his own and not necessarily those of FTI Consulting, it’s management, subsidiaries, affiliates or any of its other professionals.