The Cybersecurity Risks of an Escalating Russia-Ukraine Conflict

As warnings of an imminent Russian attack on Ukraine proliferate, news networks and social media have featured clips of Russian armed forces training, exercising, and preparing to fight. Less visible are Russia’s formidable cyber forces that would be preparing to unleash a new wave of cyber-attacks on Ukrainian and western energy, finance, and communications infrastructure. Whether an invasion occurs now or not, tensions will remain high, and the cyber threat will likely wax, not wane.

The implications for business of conflict in Ukraine — whether conventional, cyber, or hybrid — will be felt far beyond the region’s borders. As a business leader, you’ve likely already assessed whether you have people at risk, operations that might be affected, or supply chains that might be interrupted. The White House recently warned of the supply-chain vulnerabilities stemming from the U.S. chip industry’s reliance on Ukrainian-sourced neon. And Russia also exports a number of elements critical to the manufacturing of semiconductors, jet engines, automobiles, agriculture, and medicines, as detailed in a Twitter thread by former Crowdstrike CTO, Dmitri Alperovitch. Given the existing pressure on U.S. supply chains from the Covid-19 pandemic, adding further shock to the system is worrisome.

But if you are just now evaluating your cyber posture, you are probably too late. Effective cyber defense is a long game requiring sustained strategic investment, not a last-minute bolt on.

Conflict in Ukraine presents perhaps the most acute cyber risk U.S. and western corporations have ever faced. Invasion by Russia would lead to the most comprehensive and dramatic sanctions ever imposed on Russia, which views such measures as economic warfare. Russia will not stand by, but will instead respond asymmetrically using its considerable cyber capability.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued a warning of the risk of Russian cyberattacks spilling over onto U.S. networks, which follows previous CISA warnings on the risks posed by Russian cyberattacks for U.S. critical infrastructure. The European Central Bank (ECB) has warned European financial institutions of the risk of retaliatory Russian cyber-attacks in the event of sanctions and related market disruptions.

Early cyber skirmishing has already begun, with Ukrainian government systems and banks attacked in the past week, and vigilant U.S. companies noting a dramatic increase in cyber probing. Rob Lee, CEO of the cybersecurity firm Dragos told us, “We have observed threat groups that have been attributed to the Russian government by U.S. government agencies performing reconnaissance against U.S. industrial infrastructure, including key electric and natural gas sites in recent months.”

The security and intelligence teams at several major multinationals indicated to us that they are anticipating Russian cyberattacks and assessing the potential for second and third-order effects on their operations. Some companies noted that they are anticipating an increase in attacks and scams in conjunction with the Ukraine crisis, with risk assessments typically contingent on whether the company has direct links to Ukrainian national banks or other critical infrastructure.