The first attack in the Ukraine war was not physical – it was digital. Shortly before the first missiles struck, the cybersecurity community became aware Ukraine was being targeted by widespread malware attacks designed to disrupt access to information and critical services.
These relentless and destructive cyberattacks are a lesser-seen, but potentially still highly damaging, side of the conflict.
Tom Burt, Corporate Vice President for Customer Security and Trust at Microsoft, sees this as a new era of warfare.
“We now know from this war that future wars are going to be hybrid wars,” Burt says in the latest installment of our Tech Fit 4 Europe podcast. “We will see cyberweapons deployed alongside kinetic weapons, and sometimes maybe cyberweapons alone without kinetic weapons.”
In the episode, he talks to Microsoft Vice President for European Government Affairs Casper Klynge about sophisticated cyberattacks as a weapon of war, and the role of technology companies in supporting steps to improve cybersecurity and resilience in the face of targeted action from nation states.
Here are some key takeaways from their conversation:
The new age of warfare requires increased international cooperation
On February 23, hundreds of systems in Ukraine were attacked with malware. Targets included government, as well as the IT, media, energy, and financial sectors.
“If you’re on the ground as a cyberdefender in Ukraine, you have been under relentless, aggressive cyberattacks since the beginning of this conflict,” Burt says.
Even before the war, Ukraine faced the second-highest number of cyberattacks on any nation after the United States, data published in Microsoft’s Digital Defense Report shows. Russia used Ukraine as a test bed for its cyberattackers, against a backdrop of rising and increasingly sophisticated cybercrime globally, including by nation states.
“These are sophisticated, destructive malware tools that the Russians are developing, and they have clearly brought their A-team,” continues Burt. “The key organizations that we track are very much involved, both in the destructive malware, but also in the espionage activity that’s being conducted in Ukraine in support of the Russian war effort.”
The United Nations has established a set of guidelines governing conduct in cyberspace, and others are specified in the Paris Call for Trust and Security in Cyberspace. But the international community, including technology leaders, need to work together to establish these norms more widely.
Equally, these rules need to be more strictly policed, particularly when they are broken in times of conflict. Greater agreement and cooperation on this would allow coordinated action and sanctions against nation states that do not follow the rules.
Cybersecurity adds a new dimension to data sovereignty
Since the start of Russia’s full-scale invasion of Ukraine, 16 of 17 Ukrainian ministries have migrated their workloads out of the country and into the cloud, greatly boosting their resilience to cyberattacks.
There is also a security technology component to using the cloud – Microsoft is using the security signals we see in the cloud to help identify threats and stop attacks before they can be launched. And all the latest patches and security innovations can be applied.
“These [potential threats] for a nation state to use cyberweapons against another nation state, they’re not theoretical anymore,” Burt warns. “They’re now very, very real.
“And as we’re working with cybersecurity officials in Europe, I think there’s now a much greater understanding that this is a risk that has to be balanced against some of those other risks as countries think about the appropriate way to manage their data.”
Cyberskilling is vital to defend against future attacks
The cybersecurity skills gap is persistent. Plugging it is vital to continuing to build a strong defense against increasingly sophisticated attacks.
“There’s just an incredible appetite for people with cybersecurity skills,” Burt says. “We are actively partnering with governments globally on how we can advance that training and bring more people into the cybersecurity workforce, and to especially double down on how we can do that with a diverse workforce.”
Microsoft has recently launched a cybersecurity skilling campaign that covers 24 countries and has a particular focus on bringing women and historically excluded groups into the cybersecurity workforce. LinkedIn data suggests that the demand for cybersecurity skills has grown by an average of 22% over last year alone in 12 European countries Microsoft analyzed.
Transparency is key to digital peace
Tackling malicious online activity requires an environment of transparency and close cooperation, including between the private and public sector.
There is an important and evolving role for the private sector in supporting governments, using the insights they have to educate and help tackle cyberthreats.
For example, Microsoft can use its technologies and telemetry to provide useful information about cyberattacks to the Ukrainian authorities. This would make it easier for Ukraine to find the source of the attack and defend itself.
And it is important for the global community to be aware of the malicious cyberactivity that nation states are carrying out. The vast majority of the activity that Microsoft’s threat intelligence teams are seeing comes from Russia, China, Iran, and North Korea.
“I’m proud to say that Microsoft recognized that even though it might cause some friction in our efforts to expand our business in those geographies, it was also important to attribute the nation state activity that we saw to the country from which it was originating,” Burt says. “This meant we could have the global discussion about how to constrain that kind of activity and make cyberspace a more secure place.”