When Russia invaded Ukraine, many analysts expected an unprecedented level of cyberattacks—which so...
When Russia invaded Ukraine last month, many security analysts were expecting a level of cyberwar never seen before, because of Russia's history of such aggression.
Such assaults were unsurprising; Ukraine has faced a barrage of cyberattacks since conflict flared with Russia in 2014.
Russia has deployed cyberattacks in its most recent conflicts, including its invasions of Georgia in 2008 and Crimea in 2014.
Russia has the capability to use cyberwarfare to disrupt enemy communications, organization and supplies, leading many to expect that it would deploy such tactics in this war, says Trey Herr, a cybersecurity-policy researcher at the Atlantic Council, a think-tank in Washington DC. So why hasn't Russia used cyberwarfare, as expected?
If Russia thought it would take Ukraine quickly, preserving parts of Ukraine's infrastructure, rather than destroying and having to rebuild them, might serve its interests, says Zhanna Malekos Smith, a systems engineer at the Center for Strategic and International Studies, a think-tank in Washington DC. Russia could also have tapped into some networks, such as Ukraine's telecommunications system, as a source of intelligence, she adds.
Zabierek's leading hypothesis is that Russia is holding back to avoid escalation or spillover effects beyond Ukraine, which could prompt a response from the West.
Russia might be keeping its more aggressive cyberweapons in reserve, says Malekos Smith.
If the ground war stalls and financial sanctions bite, Russia could increase cyberattacks, she says.
Although Russia might want to cause damage to mirror the effects of sanctions, it is unlikely to cross the line that would provoke states' right to self-defence, says Malekos Smith.
The National Cyber Power Index by the Belfer Center, where Zabierek works, ranks Russia's cybercapabilities below those of the United States, China and the United Kingdom.