Coordinated strategy needed to increase cyber defense
The world needs a coordinated and comprehensive strategy to strengthen defenses against the full range of cyber destructive, espionage, and influence operations. As the war in Ukraine illustrates, the Russian Government does not pursue them as separate efforts and we should not put them in separate analytical silos. In addition, defensive strategies must consider the coordination of these cyber operations with kinetic military operations, as witnessed in Ukraine.
Brad Smith, Microsoft President and Vice Chair, in a blog post summarizes the cyber war four months after Russia invaded Ukraine.
He says new advances to thwart these cyber threats are needed, and they will depend on four common tenets and — at least at a high level — a common strategy:
- The first defensive tenet should recognize that Russian cyber threats are being advanced by a common set of actors inside and outside the Russian Government and rely on similar digital tactics. As a result, advances in digital technology, AI, and data will be needed to counter them.
- Reflecting this, a second tenet should recognize that unlike the traditional threats of the past, cyber responses must rely on greater public and private collaboration.
- Third tenet should embrace the need for close and common multilateral collaboration among governments to protect open and democratic societies.
- And a fourth defensive tenet should uphold free expression and avoid censorship in democratic societies, even as new steps are needed to address the full range of cyber threats that include cyber influence operations.
“This approach is already reflected in many collective efforts to address destructive cyberattacks and cyber-based espionage. They also apply to the critical and ongoing work needed to address ransomware attacks. We now need a similar and comprehensive approach with new capabilities and defenses to combat Russian cyber influence operations” Smith writes.
He says that the Russian invasion of Ukraine relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operations targeting people around the world.
His five conclusions that come from the war’s first four months:
- Defense against a military invasion now requires for most countries the ability to disburse and distribute digital operations and data assets across borders and into other countries. Russia targeted Ukraine’s governmental data centre in an early cruise missile attack, and other “on premise” servers similarly were vulnerable to attacks by conventional weapons. Russia also targeted its destructive “wiper” attacks at on-premises computer networks. But Ukraine’s government has successfully sustained its civil and military operations by acting quickly to disburse its digital infrastructure into the public cloud, where it has been hosted in data centers across Europe.
- Recent advances in cyber threat intelligence and end-point protection have helped Ukraine withstand a high percentage of destructive Russian cyberattacks. Microsoft has seen the Russian military launch multiple waves of destructive cyberattacks against 48 distinct Ukrainian agencies and enterprises. These have sought to penetrate network domains by initially comprising hundreds of computers and then spreading malware designed to destroy the software and data on thousands of others. Threat intelligence advances, including the use of artificial intelligence, have helped make it possible to detect these attacks more effectively. Internet-connected end-point protection has made it possible to distribute protective software code quickly both to cloud services and other connected computing devices to identify and disable this malware.
- A coalition of countries has come together to defend Ukraine, Russian intelligence agencies have stepped up network penetration and espionage activities targeting allied governments outside Ukraine. Microsoft has detected Russian network intrusion efforts on 128 organizations in 42 countries outside Ukraine. While the United States has been Russia’s number one target, this activity has also prioritized Poland, where much of the logistical delivery of military and humanitarian assistance is being coordinated. Russian activities have also targeted Baltic countries, and during the past two months there has been an increase in similar activity targeting computer networks in Denmark, Norway, Finland, Sweden, and Turkey. Microsoft has also seen an increase in similar activity targeting the foreign ministries of other NATO countries. Russian targeting has prioritized governments, especially among NATO members. We remain the most concerned about government computers that are running “on premise” rather than in the cloud.
- In coordination with these other cyber activities, Russian agencies are conducting global cyber-influence operations to support their war efforts. These combine tactics developed by the KGB over several decades with new digital technologies and the internet to give foreign influence operations a broader geographic reach, higher volume, more precise targeting, and greater speed and agility. As the war in Ukraine has progressed, Russian agencies are focusing their cyber-influence operations on four distinct audiences. They are targeting the Russian population with the goal of sustaining support for the war effort. They are targeting the Ukrainian population with the goal of undermining confidence in the country’s willingness and ability to withstand Russian attacks. They are targeting American and European populations with the goal of undermining Western unity and deflecting criticism of Russian military war crimes. And they are starting to target populations in nonaligned countries, potentially in part to sustain their support at the United Nations and in other venues.
Moonshot News is an independent European news website for all IT, Media and Advertising professionals, powered by women and with a focus on driving the narrative for diversity, inclusion and gender equality in the industry.
Our mission is to provide top and unbiased information for all professionals and to make sure that women get their fair share of voice in the news and in the spotlight!
We produce original content, news articles, a curated calendar of industry events and a database of women IT, Media and Advertising associations.