SAN DIEGO (KGTV) – As the war in Ukraine stretches into its second week, Russia’s military continues to wage a mostly conventional war.
That’s been a surprise to security experts who expected a barrage of powerful cyberattacks after several notable Russian hacks in Ukraine in years past.
In 2015, after the Russian invasion of Crimea, Russian hackers infiltrated electricity substations in western Ukraine, seized control of the computers remotely, and turned off the electricity for about 230,000 customers.
It was the world’s first successful cyberattack on a power grid.
The following year there was an attack on an electricity substation in Kyiv.
Two main theories have emerged about why Russia hasn’t yet levied similar cyber attacks in this invasion, said Peter Cowhey, dean emeritus of UC San Diego’s School of Global Policy and Strategy and a former adviser to the Clinton and Obama administrations on cyber issues.
The first theory is that the Russian military was overconfident in their ability to take Ukraine by conventional means. “They thought that Ukraine would go down easily. Why disrupt an infrastructure through cyber attacks that you assume you’re going to be ruling and administering?” he said.
In this line of thinking, Russia is intentionally holding back its cyber capabilities. Perhaps the Kremlin is using hacking tools to spy, not destroy.
The other principal theory, Cowhey said, is one of incompetence. Maybe Russian hackers tried dramatic cyber attacks but failed?
“The US and NATO had sent a number of experts to Ukraine over prior months to help them detect weaknesses in the cyber security arrangements in the country,” he said. Those efforts might have hardened Ukrainian cyber defenses, but not to an insurmountable degree, he said.
There are signs US Cyber Command may be taking an active role in Ukraine’s defense. This week, China claimed the US hacked into its computers to launch disguised cyber attacks on Russia.
“It’s hard to tell whether that’s propaganda or real, but there has been speculation that US Cyber Command has at least put the Russians on notice that they can’t do this easily,” Cowhey said.
Russian hackers have launched some successful cyber offensives. They used distributed denial of service attacks in early February to overload some Ukrainian government websites and take them offline.
As the invasion began, security companies noticed a new type of malware on hundreds of Ukrainian computers. The malware, nicknamed HermeticWiper, can wipe data and even destroy computers.
However, Cowhey said those two efforts had a little military impact. “They were a shot across the bow,” he said.
On Thursday, a Ukrainian internet provider was hacked, knocking out service in parts of the country. The company said it has been able to restore most of the service.