top of page

Spotlight: Cyberweapons as a holistic risk intelligence issue

While they are not always conceptualised this way, understanding the full impact of cyberweapons warrants a holistic risk intelligence approach. In the context of the ongoing war, Russia will likely continue to develop novel cyber tools, which will threaten private organizations regardless of their direct exposure to the conflict. PRINCEPS can help clients look beyond the cyber space to encapsulate the resulting threats as a whole.


Cyberweapons at a glance

Organisations often struggle to fit novel technologies into their operations, and cyberweapons are no exception. They present challenges similar to those posed by their historical analogues and although they have a strong history in crime and espionage, the Russo-Ukraine War sees them used as a destructive weapon at an unprecedented scale, along with combat arms. Indeed, while cyber tools can collect important intelligence, the domain offers limited means of attacking targets in such a way that directly assists physical forces in combat.

Cyberweapons come in a variety of forms and can disrupt enemy operations. In severe cases, they can even destroy equipment. In these aims, they hold several advantages over traditional munitions. First, while sophisticated methods can be expensive, simpler cyber-attacks are relatively low-cost with a low barrier to entry. They also present no direct risk to the life of the operator and facilitate deniability. Simultaneously, some of these advantages present challenges to the use of cyber weapons. Particularly, cheap, low-skill methods may lower costs but are diffuse. The developers of these methods can be independent activists or criminal organizations who do not answer directly to authorities. As attackers can threaten important systems with or without state approval, it is difficult for a nation to credibly promise that the attacks will stop upon compliance, making the risk increasingly unpredictable.

Crucially, Russia’s latest cyberweapons, both rudimentary and advanced, have proliferated, infecting corporations and threatening societies throughout the world. The resulting risks can span beyond the dimensions of the original threat and should be managed through relevant risk intelligence tools.


Hybrid impacts

Russian cyber weapons specifically have had an immense effect on the corporate world, causing billions in damages to industry. This is also the case for enterprises with no direct connections to geopolitical tensions: For example in the case of Mondelez, Chicago, which was hit by the Russian NotPetya malware in 2017. Despite intense efforts to rectify the damage, full recovery took the company several weeks and ended in a loss of over 100 million dollars. The attack permanently damaged 1700 servers and 24 thousand laptops, impacting production facilities worldwide. While the malware was initially launched as an attack on Ukraine, it quickly diffused to impact multinational companies, including the Russian oil company Rosneft.

The business sphere is understandably further affected by disruptions in the finance sector but it would be a mistake to dismiss less obvious risks in the form of civilian and political disruptions. Attacks launched by Russia since the 2022 invasion have targeted, amongst others, a Ukrainian border control station, preventing refugees from safely leaving the country, and non-government, charity, and aid organisations, hindering the distribution of medicine, food, and relief supplies. Others have involved phishing attacks directed at civilians, as well as the diffusion of false “government” messages, including the alleged government call for Ukrainian citizens to surrender. By targeting the civilian population and relief efforts, cyber-attacks transcend their use in armed combat to disrupt civil operations, thus engendering additional humanitarian risks that can affect the wider region through a range of sectors. Furthermore, attacks on government and military systems and operations resulting in disruptions, misinformation and the abuse of data threaten national political stability and security, again impacting both civilians as well as businesses in the region by proxy.


Conclusions

With the above in mind, it may be reasonable to expect governments to limit their development of destructive cyberweapons to specific scenarios and focus cyber operations on intelligence and information warfare. But although advanced destructive malware is costly and time intensive, it remains within the reach of nation-states. These new weapons, like the ones before them, will undoubtedly spread into the open market. There, they can be repurposed against any group or organisation, with tangible consequences reaching far beyond security breaches and data leaks. The diffuse character of cyber-attacks further complicates risk management in this area. It is therefore critical for cybersecurity and risk specialists to pay close attention to the developments in this field and think beyond their most immediate impacts to adequately protect their organizations.


Interested in our approach?

Follow us for news from the industry and more information about our work.

Comments


bottom of page