Pages

30 January 2023

Soldiers hurt Ukraine far more than hackers, says WEF

Damien Black

If you are thinking that 21st-century Armageddon will come in the form of a massive cyberattack, you should think again because, in the past year, tanks and guns have proved to be by far the worst threat to Ukraine, says the World Economic Forum (WEF).

Citing the lack of digital damage done to the beleaguered country since Russia invaded in February, the WEF has highlighted a key element of cyberattacks it says is often overlooked – their inherent reversibility.

“The conflict in Ukraine has, in many ways, defied expectations, especially for the cybersecurity community,” said the WEF. “The cyber war that many expected failed to materialize, as these operations failed to levy any strategic impact, and the cyber domain of Russia’s offensive has largely been relegated to the background.”

Whereas damage done by kinetic or conventional warfare is not easily reversed – a glance at the televised coverage of bombed-out buildings in Kyiv and other Ukrainian cities will confirm this, not to mention the horror of human casualties – most cyberattacks can be reversed relatively quickly.

A dead person is irreplaceable and a shelled building might take months or even years to repair – this stands in stark contrast to, say, the Colonial Pipeline in the US, which was up and running less than a week later despite sustaining one of the worst cyberattacks in the history of digital warfare.

“Cyber [damage] has proven to be relatively reversible,” said the WEF. “Colonial Pipeline, the largest US oil pipeline, subject to a ransomware attack, was down for only five days, compared to several wind farms in Ukraine that experienced physical damage – affected for months so far, and maybe longer yet as the conflict continues.”

Even small-arms fire – again, leaving the tragic toll on human life aside – can wreak damage to buildings that are not soon repaired, the WEF added.

“The argument could be made that cyber operations are an economic security threat rather than a military one, resulting in the opportunity for indirect warfare,” it said. “However, data from the conflict in Ukraine casts doubt on this position.”

This data, cited by the WEF, does appear to shore up its skeptical position. Tech company IB Centre CEO Vitaliy Daviy estimates that to date, the Russian invasion has caused 60% of Ukraine’s industry to be shut down, while estimates by another company, Verisk, suggest that cyberattacks have contributed to fewer than one industrial shutdown in a hundred.

And whereas conventional or kinetic Russian attacks have left up to 40% of Ukraine’s renewable energy sources compromised and cost the nation an estimated $127 billion so far, no such comparable figures exist for the cyber theater of operations, the WEF says.

“The reversibility of cyberattacks needs to become a fundamental consideration in cybersecurity,” it added. “That applies whether we are talking about a cyber warfare campaign or an individual and independent attack against a commercial target.”

While stressing that cyberattacks should by no means be disregarded, the WEF believes that any strategy for dealing with such should focus as much on recovery as on deterrence, given that the former is an attainable goal.

“Reliance on deterrence as a strategy is dated,” it said. “While there is undoubtedly a need for preventive measures in cybersecurity, reversibility makes clear that investment in recovery is also crucial. Being able to accelerate recovery from a reversible attack contributes to a timely and cost-conscious return to normal.”

No comments:

Post a Comment