Submit your essay to the AI-Cybersecurity Essay Prize Competition by January 2, 2025.
The AI-Cybersecurity Essay Prize Competition
Read more
Main Logo Expert commentary on tech and security

Cyber Persistence Theory in the Russo-Ukrainian war

Michael Fischerkeller / Emily Goldman / Richard Harknett 7 November 2023
Share On:
The authors of Cyber Persistence Theory assess how it stacks up in the Ukraine conflict
Main Top Image
This image was created with the assistance of DALL·E 2

Cyber Persistence Theory (CPT) was introduced in our book, ‘Cyber Persistence Theory: Redefining National Security in Cyberspace’, two months after Russian tanks rolled into Ukraine. It refers to how states set conditions in and through cyberspace by exploiting others’ vulnerabilities (technical and cognitive) while securing their own.

The book focuses on how states exploit cyberspace for strategic gain outside of armed conflict, but CPT also provides insights into state cyber behaviour during war. It has accurately explained Ukrainian and Russian cyber behaviour.

It’s about the initiative

Initiative shifts so states must persist

Russia probed, manoeuvred, and experimented in Ukrainian networks for years. As early as March 2021, Russian cyber operators reportedly began compromising Ukrainian critical infrastructure and essential government services, laying the groundwork for the invasion. Anticipating a potential attack, Ukraine requested a ‘hunt forward‘ team from US Cyber Command to search and find suspected malicious Russian activity. That team was deployed from December 2021 to mid-February 2022, shortly before the invasion began.

After the attack, Ukraine’s Telecom regulator suspended all inbound roamers from Russia and Belarus to make Ukraine’s core network attack surface (3G/4G) less vulnerable to Russian-originated cyberattacks. Ukraine’s Computer Emergency Response Team also helped to preclude potentially significant Russian cyber actions. Through initiative persistence, Ukraine seized back the edge lost from past Russian cyber intrusions.

Ukraine’s effective cyber defences and resilience surprised many. CPT has an explanation—Ukraine showed initiative persistence against Russia in and through cyberspace. Since 2017, Ukraine and US Cyber Command built trust and cooperation at the operational level to create resilience. Ukraine also partnered with private sector technology firms to improve cyber defences, which paid off once the tanks rolled. Experience and insight focusing on one main adversary enabled the Ukrainians to anticipate and proactively contain Russian cyber campaigns.

Interconnectedness in war

Interconnectedness and constant contact endure during conflict

The interactions between states, businesses, and citizens continue during war— taking on new importance. In the Russo-Ukrainian war, some non-state technology actors operated at unprecedented scale and speed. Starlink, a private internet satellite company, is perhaps the best-known example. It allowed the Ukrainian internet to continue operating during the Russian invasion days after Kyiv requested its services.

Crowdsourcing apps also aided Ukrainian military operations. In the March 2022 fight for Voznesensk, a southern town of 35,000 people, Ukrainian volunteers used the Viber social messaging app to send the coordinates of Russian tanks to Ukrainian armed forces, which allowed Ukrainian forces to direct artillery fire at Russian positions. The subsequent Ukrainian attack led to Russia’s first major rout. Retreating Russian soldiers left behind nearly 30 of their 43 vehicles, including tanks, armoured personnel carriers, rocket launchers, and trucks, as well as a damaged Mi-24 helicopter gunship.

Exploitation ≠ escalation

We can act and not escalate

As we would expect in armed conflict, Russia breached agreed competition limits by attacking Ukraine’s critical infrastructure. Yet Russia has not targeted non-combatant states in the same way.

Moscow wants to avoid NATO directly entering the war. Russia’s opening cyber salvo on the Viasat satellite system had collateral damage outside Ukraine, but subsequent strikes sought to limit spillover. Although Russian-affiliated cyber actors have significantly increased activities against NATO member states, the numerous malware strands and wiperware campaigns avoided targeting networks, systems, and devices.

Moscow still seeks strategic advantage but appears to recognise escalation risks. Its restraint suggests tacit limits still apply, even amidst armed conflict.

Cybersecurity requires all hands

Citizens play a key part, even in conflict

The logic behind a “whole-of-nation-plus” approach is to leave no flank exposed, in competition or armed conflict. A key lesson from the Russo-Ukrainian war is the vital role of the private cyber sector and populace.

CPT noted a shift toward more engaged citizens in cyber security. The US-based National Cybersecurity Alliance’s cyber education framing links individuals to national-level security, calling on all to “do your part.” Ukraine’s citizenry epitomises this, securing the nation from cyber and kinetic attacks.

For example, young Ukrainian volunteers built a system called Griselda that scrapes data from social media and other sources to provide up-to-date situational intelligence. This assists the Ukrainian military and government in identifying where minefields exist and what infrastructure repairs are required. Ukrainians have also developed apps for coordinating supply deliveries, identifying evacuation routes, and disrupting Russian military websites.

Keeping up the effort

Cyber initiative persistence is a feature of modern-day international politics because politics unfolds in cyberspace. The rationale that propels digital security does not change when strategic competition morphs into armed conflict. Opportunities and vulnerabilities may take on greater urgency when war erupts, but the core logic persists. As CPT posits, the states that understand cyber initiative persistence and apply it well will tend to gain more relative security than those that do not.

The current conflict in Europe aligns with CPT’s expectations. Cyber action alone may not be independently decisive in armed conflict, but it can be cumulatively strategic. Ukraine’s efforts to seize the cyber initiative certainly helped stave off early defeat.

 

The views expressed are those of the authors and do not necessarily reflect the official views of any US government department or agency.

avatar
Michael Fischerkeller
avatar
Emily Goldman
avatar
Richard Harknett

Related

Featured image
Book Binder
Warbot 2.0: Reflections on the fast-changing world of AI in national security
Kenneth Payne 28 March 2024
Read more arrow
Featured image
Book Binder
Offensive cyber operations in the test of time
Daniel Moore 7 November 2023
Read more arrow
Featured image
Book Binder
What Does Critical Cybersecurity Look Like?
Noran Fouad 14 November 2024
Read more arrow

Terms and Conditions for the AI-Cybersecurity Essay Prize Competition

Introduction

The AI-Cybersecurity Essay Prize Competition (the “Competition”) is organized by the European Cyber Conflict Research Incubator (“ECCRI CIC”) in partnership with the Munich Security Conference (“MSC”). It is sponsored by Google (the “Sponsor”). By entering the Competition, participants agree to these Terms and Conditions (T&Cs).

Eligibility

The Competition is open to individuals worldwide who are experts in the fields of cybersecurity and artificial intelligence (“AI”). Participants must ensure that their participation complies with local laws and regulations.

Submission Guidelines

Essays must address the question: “How will Artificial Intelligence change cybersecurity, and what are the implications for Europe? Discuss potential strategies that policymakers can adopt to navigate these changes.”

Submissions must be original, unpublished works between 800-1200 words, excluding footnotes but including hyperlinks for references.

Essays must be submitted by 2 January 2025, 00:00 am CET., through the official submission portal provided by ECCRI CIC.

Only single-authored essays are accepted. Co-authored submissions will not be considered.

Participants are responsible for ensuring their submissions do not infringe upon the intellectual property rights of third parties.

Judging and Awards

Essays will be judged based on insightfulness, relevance, originality, clarity, and evidence by a review board comprising distinguished figures from academia, industry, and government.

The decision of the review board is final and binding in all matters related to the Competition.

Prizes are as follows: 1st Place: €10,000; Runner-Up: €5,000; 3rd Place: €2,500; 4th-5th Places: €1,000 each. The winner will also be invited to attend The Munich Security Conference

Intellectual Property Rights

The author retains ownership of the submitted essay.

By submitting the essay, the author grants ECCRI CIC exclusive, royalty-free rights to use, reproduce, publish, distribute, and display the essay for purposes related to the Competition, including but not limited to educational, promotional, and research-related activities.

The author represents, warrants, and agrees that no essay submitted as part of the essay prize competition violates or infringes upon the rights of any third party, including copyright, trademark, privacy, publicity, or other personal or proprietary rights, breaches, or conflicts with any obligation, such as a confidentiality obligation, or contains libellous, defamatory, or otherwise unlawful material.

The author agrees that the organizers can use your name (or your pseudonym) and an image of you in association with your essay for purposes of publicity, promotion and any other activity related to the exercise of its rights under these Terms.

The organizers may remove any essay-related content from its platforms at any time and without explanation.

The organizers may block contributions from particular email or IP addresses without notice or explanation.

The organizers may enable advertising on its platforms and associated social media accounts, including in connection with the display of your essay. The organizers may also use your Material to promote its products and services.

The organizers may, at its sole discretion, categorise Material, whether by means of ranking according to popularity or by any other criteria.

Data Protection

Personal information collected in connection with the Competition will be processed in accordance with Virtual Routes’ Privacy Policy. Participants agree to the collection, processing, and storage of their personal data for the purposes of the Competition.

Liability and Indemnity

ECCRI CIC, MSC, and the Sponsor will not be liable for any damages arising from participation in the Competition, except where prohibited by law.

Participants agree to indemnify ECCRI CIC, MSC, and the Sponsor against any claims, damages, or losses resulting from a breach of these T&Cs.

General Conditions

ECCRI CIC reserves the right to cancel, suspend, or modify the Competition or these T&Cs if fraud, technical failures, or any other factor beyond ECCRI CIC’s reasonable control impairs the integrity or proper functioning of the Competition, as determined by ECCRI CIC in its sole discretion.

Any attempt by any person to deliberately undermine the legitimate operation of the Competition may be a violation of criminal and civil law, and, should such an attempt be made, ECCRI CIC reserves the right to seek damages from any such person to the fullest extent permitted by law.

Governing Law

These Terms and Conditions are governed by the laws of the United Kingdom, without regard to its conflict of law principles. Any dispute arising out of or in connection with these Terms and Conditions, including any question regarding its existence, validity, or termination, shall be referred to and finally resolved by the courts of the United Kingdom. The participants agree to submit to the exclusive jurisdiction of the courts located in the United Kingdom for the resolution of all disputes arising from or related to these Terms and Conditions or the Competition.