Western nations, including Canada, should brace themselves for the possibility of increased cyber and ransomware attacks if the current tensions between Ukraine and Russia become worse — or even explodes into open warfare early in the new year.
While Moscow would likely not sanction direct, attributable attacks on NATO members, experts say, it would almost certainly use its vast cyber and disinformation capabilities to sow confusion and disaccord among Ukraine’s closest supporters and allies during a crisis.
“I think they could expect high-level cyber attacks just short of Article 5, just short of war, whether or not Putin goes into Ukraine,” said Matthew Schmidt, an associate professor and national security expert at the University of New Haven, Connecticut.
“That has become a constant background fixture of modern warfare. It’s going on now.”
Schmidt said he believes the Baltic countries, which are NATO members, will be singled out because of their Russian-speaking populations. Canada leads the western military alliance’s forward presence battle groups in Latvia and has been on the receiving end of Russian cyber and disinformation campaigns in the past.
The United States and its allies are clearly concerned about how Moscow could launch cyberattacks on Ukraine. The New York Times reported last week that the U.S. and Britain had dispatched cyberwarfare teams to the eastern European country to help bolster its defences and prevent attacks like the one that took down a major portion of Ukraine’s power grid in 2015.
Former U.S. military leaders have warned for more than a month, ever since Russia began placing as many as 100,000 troops on the Ukrainian border, that the opening salvo of any conflict would be destabilizing cyberattacks.
Targeting Ukraine is one thing. Taking aim at NATO countries is another, much more risky gambit, one some defence observers have said brings with it the potential to spark a much wider European conflict.
“Of course Russia has the ability to threaten a NATO country, but in the context of this broader crisis, that becomes very dangerous,” said Stefanie von Hlatky, an associate professor and defence policy expert at Queen’s University in Kingston, Ont.
While ruling out western troops fighting to defend Ukraine, the Biden administration has said it’s prepared to send weapons and perhaps increase training efforts. There are 200 Canadian troops helping train Ukrainian forces in the finer points of combat and Canada’s top military commander has said whether they withdraw or not will be dependent on ground conditions at the time. Disrupting that kind of support and distracting western leaders during such a crisis would be a key strategic aim of the Kremlin, military leaders have said.
It’s not like Russia, or its proxies, have shied away from attacking western targets before. Last spring, a major U.S. pipeline company, Colonial Pipeline, paid hackers, who were an affiliate of a Russia-linked cybercrime group known as DarkSide, a $4.4 million ransom to regain control of its system. In September, the European Union formally blamed Russia for its involvement in the so-called “Ghostwriter” cybercampaign, which targeted the elections and political systems of several member states. The campaign saw the social media accounts of government officials and news websites hacked with the goal of creating distrust in U.S. and NATO forces.
Just short of war
Those attacks have always landed below the threshold of provoking a NATO response, although at their summit last spring U.S. President Joe Biden warned that the consequences would be “devastating” should a cyberattack on the United States be traced back to Russia.
“I pointed out to him that we have significant cyber capability. And he knows it,” Biden said following the meeting in June.
NATO has established a new Cyberspace Operations Centre in Mons, Belgium, in part to increase the cyber situational awareness of military commanders.
“A serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all,” Jens Stoltenberg, NATO Secretary General, said in 2019 when the centre was established.
The alliance has been deliberately vague about what sort of cyberattack would trigger a collective response, with Stoltenberg saying repeatedly over the years that it would be a political decision, made on a case-by-case basis but retaliation “will always be measured, defensive and proportionate.”
A significant number of cyberattacks are not carried out by state, but rather by an informal army of proxies and cyber-criminal organizations.
In the context of the current crisis, avoiding “political attribution and legal attribution” will be among Russia’s foremost concerns, as events unfold, because NATO nations are bound together under a self-protection clause, said von Hlatky.
An attack on one is seen as an attack on all and the western military alliance recently introduced a policy framework that governs when a cyberattack is critical enough to trigger a real-world response.
“I think Russia always has an advantage to keeping it below that threshold in a way where attribution takes time and where it’s more diffuse.”