Why has the “Cyber Pearl Harbor” not (yet) taken place since the start of the war in Ukraine? If the expression originally referred to a potential cyberattack against the United States, it more generally refers to a wave of cyberattacks against American allies, and it has been particularly feared by many experts since the beginning of tensions between Russia and Ukraine. They feared in particular that Russia would seek to paralyze Ukrainian defenses in this way, from the first days of the conflict.
However, if there have been “Russian cyberattacks since the beginning of the invasion, we have for the moment no proof that there has been anything that comes close to a Pearl Harbor” affirms to 20 minutes Alexis Rapin, researcher at the Observatory on Multidimensional Conflicts at the University of Quebec in Montreal.
Mounting an effective cyberattack “takes a lot of time”
“Historically, there have been very few cyberattacks that have been deployed in the context of war, with the aim of producing a tactical or strategic impact, analyzes Alexis Rapin. And the few times it happened [en 2008 en Géorgie par exemple], the military effects were extremely limited, if not negligible. “Cyber destabilization has not been used as much as we imagined, confirms Christine Samandel, chief of staff within the Bordeaux cybersecurity company Tehtris. From the moment Russia entered the framework of the armed conflict on the ground, the cyberattack was no longer the main tool. »
The cyber is indeed a very valuable tool “for carrying out hostile acts in a relatively stealthy manner, to defend one’s interests while remaining below the threshold of conflict”, continues Alexis Rapin. “But once a real war breaks out and the masks have fallen, we can simply resort to drastic measures. If we want to deprive the Ukrainians of electricity, for example, we might as well directly bomb the power stations. Especially since mounting an effective cyberattack “takes a long time, and the effects are usually short-lived. »
“Different Russian cyberattacks using wipers”
However, there are other possible explanations. “One of them is that there have been significant attempts at Russian cyberattacks, but the impacts have not yet been well documented, or that the Ukrainians have cleverly managed to thwart them, because they were well prepared and resilient, says Alexis Rapin. They received assistance shortly before the outbreak of the conflict, notably from the United States, since personnel from the US Cyber Command were dispatched to Eastern Europe to support them. »
Nor does it mean that nothing has happened on the cyber front since the beginning of the conflict. Far from there. “We have seen various cyberattacks unfold against Ukraine, continues Alexis Rapin. One of the major hacks that accompanied the invasion was the cyberattack against the satellite Internet provider, ViaSat, which caused major computer malfunctions across Europe. There have also been various Russian cyberattacks using wipers [des logiciels malveillants programmés pour effacer les données d’un ordinateur], which notably targeted various Ukrainian government agencies, although we do not have much information on the extent of the damage they may have caused. »
Third important component, “these are the cyberattacks against various Ukrainian Internet providers, in particular Triolan and UkrTelecom, which have substantially reduced the connectivity of Ukrainian users, generally during windows of only a few hours. »
Add to this “a constant barrage of denial of service (DDoS) attacks, defacements of websites, massive data leaks, against ministries, companies or the media, especially carried out by groups of hacktivists on both sides, in particular on the part of pro-Ukraine groups such as Anonymous. »
When Estonia suffered the first cyberwar in the world, in 2007
However, the “cyber-Pearl Harbor” is still feared, especially since it has been more than fifteen years that Russia is suspected of honing its weapons in terms of cyber-attacks against neighboring countries. Estonia thus suffered one of the first cyberwars in history, in 2007, following tensions in the country with the Russian community, linked to the removal to Tallinn of the “bronze statue”, the statue of a soldier Russian World War II.
The country first suffered a first wave of cyberattacks, which was pure denial of service, and which targeted government sites, banks and the media. Then there was a second big wave, emitted from around 60 countries. For about a month, websites were flooded in this way, forcing them to close or cut off their international connection.
“This attack against Estonia was a striking element, because it was the first state-scale cyberattack,” recalls Christine Samandel. And not just any state since Estonia, at the fall of the USSR in 1991, based the functioning of its institutions on new technologies. In this “e-Republic”, almost 100% of administrative services are digitized, and Internet access has been a right enshrined in the constitution since 2000. “There was a desire to paralyze and destabilize the country. On the other hand, the difficulty in this kind of offensive remains to officially identify its author, especially when it is a question of a State, which can operate from other territories.
Subsequently, Georgia also suffered a cyberattack in 2008 at the time of the conflict with the separatists, and finally Ukraine, from 2014. At the end of December 2015, cyberattacks were carried out against the Ukrainian electricity network, causing power outages and depriving some 220,000 inhabitants of electricity. However, cyber experts concluded that the damage could have been much worse, and that it was more of a show of force.
“Launching a cyberattack against a Western country would be a big mistake”
One of the other concerns today would be that Russia would launch a vast offensive against one or more Western countries. The United States also claims to have thwarted, very recently, an attempted Russian cyberattack against American and European infrastructures. However, “launching a cyberattack against a Western country would be a serious mistake and would not be to Russia’s advantage, because the entire international community would react”, puts Christine Samandel into perspective, recalling that in the event of a cyberattack, if it has been attributed and proves to be of state origin, “self-defense in cyberspace is authorized as long as it is proportional. »
Alexis Rapin also thinks that there is “little risk of seeing critical infrastructure or strategic entities targeted at this stage, it would present a serious risk of escalation, and at first glance, Russia’s interest is that Western countries feel [peu] involved in the conflict. »
“Real risk” against Western companies
On the other hand, he believes that there is “a real risk that hovers against Western companies, with the idea of saying:” you want to hit us financially with your sanctions, we will give you change in our way”. We can also imagine that Russia wants to punish Western companies that have boycotted or stopped their activities in Russia. »
One of the major uses of cyber in the context of armed conflict remains espionage and surveillance to spy on enemy communications and observe troop movements, “cyber obviously retains all its usefulness in the conflict” from this point of view, emphasizes Alexis Rappin.