‘Done amazingly well’: Ex-UK intelligence agency chief on Ukraine’s cyber defence in Russia war
Amid rapid advancements in technology, cyberattacks on critical infrastructure have become increasingly frequent and sophisticated.
A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. (File photo: REUTERS/Illustration/Kacper Pempel)
This audio is generated by an AI tool.
Since Russia annexed the Crimea peninsula from Ukraine in 2014, Kyiv has faced relentless cyberattacks from Russian actors.
A first-of-its-kind cyberattack on power grids in western Ukraine in 2015 led to hours-long power outages for more than 200,000 people during the harsh winter. The hack has been blamed on a Russian advanced persistent threat group.
When the war entered a new dimension after Moscow’s full scale invasion of Ukraine in 2022, both sides have not just fought on the battlefield but increasingly in cyberspace.
Key players in the cybersecurity field, including those who attended the Global Cybersecurity Forum in the Saudi Arabian capital Riyadh last week, say Kyiv’s cyber strategy offers lessons for the world.
“The biggest pushback has got to be defence … that’s the only real way that you can answer these threats,” said Robert Hannigan, former head of the United Kingdom’s largest intelligence and cyber agency GCHQ.
Soon after leaving the agency in 2017, Hannigan warned that “a disproportionate amount of mayhem in cyberspace” was coming from Russia and urged people to “push back”.
When asked about how much this has come to pass, he said the situation has not improved but, in fact, gotten worse.
He pointed to how some countries such as Russia are harbouring cybercriminal groups.
“They're beyond the reach of law enforcement from the United States, European Union ... and they are helping to foment ransomware, for example, in other parts of the world. So, it is a big problem,” Hannigan told CNA.
“There is a sense that the Russian government uses these criminal groups as proxies to pursue what we call hybrid warfare against other countries.”
In terms of how much the UK has pushed back on these threats since his departure from GCHQ, Hannigan said: “I think defences are getting better, but the biggest pushback has got to be defence.”
He added that Russia has long waged a “hybrid or grey zone war” in cyberspace – one that is now intensifying.
While conventional warfare is generally understood as direct military action, there is no perfect nor fully agreed upon definition of hybrid warfare.
The NATO military alliance defines it as a combination of “military and non-military, as well as covert and overt means, including disinformation, cyber attacks, economic pressure, deployment of irregular armed groups and use of regular forces”.
“There are some lessons to learn from the war in Ukraine. The Ukrainian government came under massive attack ... in cyberspace, before the ground invasion and since the ground invasion, and they've done amazingly well (on the cybersecurity front),” Hannigan said.
“They've had a coalition of defenders, including private sector companies, big tech, big cloud providers, other European countries, US – all of them helping to defend (Ukraine).”
COLLABORATION ESSENTIAL IN CYBER DEFENCE
With technology evolving rapidly, cyberattacks on critical infrastructure have become increasingly frequent and sophisticated.
Recent studies showed cyberattacks on systems jumped 75 per cent in the five years leading up to 2024 – or about 13 attacks every second.
Chris Inglis, strategic advisor at venture capital firm Paladin Capital, who served as the US’ first National Cyber Director from 2021 to 2023, stressed the need for collaboration to tackle such attacks.
“(Even) if we make investments in our digital infrastructure, remove some number of (bad) players from the field of play, there'll be some that will still try,” he cautioned, adding there will never be perfect, impenetrable systems.
“So we must then kind of understand how these architectures are being used. That's best done as a collaboration.”
Rather than simply monitoring networks and defending them, Inglis said they must be designed to be “inherently resilient and safe”.
Governments should then invest in ensuring they can be defended, he added.
He cited Ukraine's success in defending against Russian transgressions as an example of effective cyber defence through a coalition of defenders.
“What the Ukrainians have shown us over the last three years is that it's not simply possible – it’s eminently doable,” he added.
“They made modest investments into technical architecture. They have world class expertise, and they've deployed a coalition of co-defenders – not co-combatants – to defend against the transgressions of the Russians, and they still stand tall.”
