As Ukraine crisis heats up, so will cyberattacks, experts warn

Western nations, including Canada, should brace themselves for the possibility of more cyber and ransomware attacks if current tensions between Ukraine and Russia become worse — or even explode into open warfare early in the new year.

While Moscow likely would not sanction direct, attributable attacks on NATO members, experts say it would almost certainly use its vast cyber and disinformation capabilities to sow confusion and disaccord among Ukraine's closest supporters and allies during a crisis.

"I think they could expect high-level cyberattacks just short of Article 5, just short of war, whether or not Putin goes into Ukraine," said Matthew Schmidt, an associate professor and national security expert at the University of New Haven, Connecticut.

"That has become a constant background fixture of modern warfare. It's going on now."

Schmidt said he believes the Baltic countries, which are NATO members, will be singled out because of their Russian-speaking populations. Canada leads the Western military alliance's forward presence battle groups in Latvia and has been on the receiving end of Russian cyber and disinformation campaigns in the past.

The United States and its allies are clearly concerned about how Moscow could launch cyberattacks on Ukraine. The New York Times reported last week that the U.S. and Britain had dispatched cyberwarfare teams to the eastern European country to help bolster its defences and prevent attacks like the one that took down a major portion of Ukraine's power grid in 2015. 

Former U.S. military leaders have warned for more than a month — ever since Russia began placing as many as 100,000 troops on the Ukrainian border — that the opening salvo of any conflict would be destabilizing cyberattacks.

Targeting Ukraine is one thing. Taking aim at NATO countries would be a much more risky gambit — one some defence observers have said would threaten to trigger a wider European conflict.

"Of course Russia has the ability to threaten a NATO country, but in the context of this broader crisis, that becomes very dangerous," said Stefanie von Hlatky, an associate professor and defence policy expert at Queen's University in Kingston, Ont.

While ruling out Western troops fighting to defend Ukraine, the Biden administration has said it's prepared to send weapons and perhaps increase training efforts.

There are 200 Canadian soldiers helping to train Ukrainian forces in the finer points of combat and Canada's top military commander has said that the timing of their withdrawal will depend on conditions on the ground at the time. Disrupting that kind of support and distracting Western leaders during such a crisis would be a key strategic aim of the Kremlin, military leaders have said.

It's not as if Russia and its proxies have shied away from attacking Western targets before. Last spring, a major U.S. pipeline company, Colonial Pipeline, paid hackers affiliated to a Russia-linked cybercrime group known as DarkSide a $4.4 million ransom to regain control of its system.

In September, the European Union formally accused Russia of involvement in the so-called Ghostwriter cybercampaign, which targeted the elections and political systems of several member states. The campaign saw the social media accounts of government officials and news websites hacked with a goal of creating distrust in U.S. and NATO forces. 

Just short of war

Those attacks have always landed below the threshold of provoking a NATO response, although at their summit last spring U.S. President Joe Biden warned that the consequences would be "devastating" should a cyberattack on the United States be traced back to Russia.

"I pointed out to him that we have significant cyber capability. And he knows it," Biden said following the meeting in June.

NATO has established a new Cyberspace Operations Centre in Mons, Belgium, in part to increase the cyber situational awareness of military commanders. 

"A serious cyberattack could trigger Article 5, where an attack against one ally is treated as an attack against all," NATO Secretary General Jens Stoltenberg said in 2019 when the centre was established.

The alliance has been deliberately vague about what sort of cyberattack would trigger a collective response. Stoltenberg has said repeatedly over the years that it would be a political decision made on a case-by-case basis but retaliation "will always be measured, defensive and proportionate."

A significant number of cyberattacks are not carried out by states but rather by an informal army of proxies and cyber-criminal organizations.

In the context of the current crisis, avoiding "political attribution and legal attribution" will be among Russia's foremost concerns as events unfold, because NATO nations are bound together under a self-protection clause, said von Hlatky.

An attack on one is seen as an attack on all and NATO recently introduced a policy framework that governs when a cyberattack is critical enough to trigger a real-world response.

"I think Russia always has an advantage to keeping it below that threshold in a way where attribution takes time and where it's more diffuse."