Cyber Resilience – Lessons From Ukraine

Originally published by KPMG here.

Written by David Ferbrache, Leadership, Global Head of Cyber Futures, KPMG in the UK.

Alongside the tragic war in Ukraine, cyber-attacks have played their part, too. This complex and increasingly uncertain situation in cyberspace is driving many countries and organizations to bolster their cyber defenses.

What Are Some Cyber Security Lessons We Can Draw From the War in Ukraine?

The use of offensive cyber-attacks in military operations now appear to be part of the portfolio of options that countries are choosing to use. Many countries are investing in developing attack techniques, including those capable of targeting industrial control systems and national infrastructure.1 The true impact of these attacks remains unclear but it’s evident that the military doctrine of many countries now includes cyber operations, so a proliferation of military malware should be expected.

There is now more uncertainty around the likely patterns of attacks, not just from nation-states. Will Russia or its allies and supporters seek to target Western countries imposing sanctions or supporting Ukrainian military action? Western intelligence agencies believe this is now likely and preparations for such attacks may be well advanced. Yet, at scale, attacks haven’t materialized.2

But more than that, the war has polarized interests. Hacktivism is on the rise with loose collectives such as Anonymous once again back in action, and organized crime groups changing their tactics and targets.3,4 This adds complexity and shifts motivations away from pure monetary gain to hybrid motives, including broader ideological and political aims.

The polarization of interests could also apply to nation-states, as many countries have been driven to choose sides in the war. And in making this choice, questions have arisen around the solidity of their defense and control over ‘their’ internets, risking further fragmentation of the global internet, which underpins much commercial and social activity. Supply chain security has risen up the agenda, with countries questioning their dependence on software and hardware sourced from countries deemed to be on the ‘other side’ of the battle.

And the Implications Are…

Nation-states may ramp-up their investments to protect ‘their’ internets. This will likely drive investment in active defense measures (such as those pioneered by the UK National Cyber Security Centre) designed to block and counter attack at the national level, as well as disrupting the infrastructure used by attackers. Pressure may grow on critical infrastructure suppliers to improve their cyber security, with regulators being increasingly interventionist and directive.

Regulation and demands for transparency around the supply chain of key hardware and software could increase and move toward using security architectures (such as zero trust) that reduce the potential risk of an untrusted component compromising the security of a critical system. The political debate surrounding dependencies on supply chains from those countries deemed less trustworthy could also grow, as could the already surprising complexity and interconnected nature of these chains.

There will likely be continued investment in the monitoring and detection techniques aimed at identifying unusual or anomalous activity on networks and taking action to quickly respond to those attacks, particularly as malware becomes increasingly automated and aggressive.

Many regulators and firms are increasingly focused on resilience, taking a proactive mindset that assumes system breaches or disruptions will occur with an emphasis on the importance of being able to recover from the events while minimizing the impact on the business, its customers and the broader market.

Geopolitical scenarios we would have considered unthinkable just a short time ago are now plausible, realistic and need to be exercised by organizations. While firms explore the implications of extended sanctions, growing geopolitical tensions and supply chain disruption — they should also consider and plan for cyber security implications of those scenarios.

Creating a Resilient and Trusted Digital World

We are heading into a world where control over cyberspace and the information flowing through it is increasingly seen as vital to national interests, and where international consensus over the norms of behavior in cyberspace may prove increasingly elusive.

To demonstrate that they take resilience seriously while retaining the flexibility within their security posture to deal with changing patterns of attacks and disruption to their supply chains, global businesses need to navigate this complex and increasingly politicized space.

Additionally, as new cyber risks emerge, so does the need for a unified, global collaboration and response. The World Economic Forum's Centre for Cybersecurity is leading the way on developing a global answer that will help to address these systemic cyber security challenges and improve digital trust. To help create a resilient and trusted digital world, it is important that businesses, nations and wider society unite around shared cyberspace values and ideals to present a solid and unified front against cyber threats.