Better than many nations, Ireland understands how devastating a focused cyberattack can be, and one that comes out of Russia.
Last May, Ireland became the high-profile victim of a concerted attack from a Russian gang called WizardSpider using Conti ransomware – software that encrypts information on a target computer and holds it for ransom – just as the Health Service Executive had begun the large-scale rollout of Ireland's Covid vaccine programme and as the Delta variant loomed.
Hospital networks had to be disconnected, with centres reverting back to paper records, huge numbers of appointments were cancelled, and services collapsed, including time-sensitive medical care such as cancer and maternity care. Personal data leaked onto the dark web.
An already overburdened healthcare system struggled under this blow, and is still recovering.
Russia has long been a global centre for skilled software programmers, and – an unsurprising corollary – many of the world’s most adept hackers. Their role in the 2016 US election and the UK Brexit campaign has been widely documented.
Few would question Russia’s ability to conduct some forms of cyberwarfare – attempting to strategically disrupt or shut down crucial infrastructure and networks or cripple businesses in target countries – though with what degree of success remains a constant topic of debate.
While brutal past Russian cyberattacks on Estonia showed how devastating and dangerous computer-based assaults could be, hackers have not (yet) successfully penetrated and manipulated large-scale, obvious targets such as power grids in the US.
Matter of luck
Some experts feel this is more a matter of luck than adequate defence. They point to incidents such as the temporary shutdown by ransomware hackers of Colonial Pipeline's major US East Coast oil supply line, attributed to a Russian-based gang called DarkSide – even though DarkSide was apparently eager to stress they were, as the Irish saying goes, ordinary decent criminals and not nation state actors .
Attribution and motive remains open to debate with many attacks. Is it hackers within a government’s security elite? Outside gangs of sympathetic nationalists? Or a nation state hiring criminal expertise?
The consensus with Russia is that it is often some mix of nation state internal expertise and criminal gangs that do their own criminal thing – say, hacking a health system or an oil pipeline for ransom – when their services are not needed by the state.
The invasion of Ukraine has brought immediate public concern about a conjoined threat of Russian cyberattacks on Ukraine and countries who enact sanctions or take other steps against Russia. But such worries were already to the fore among EU and North American security services over not just the past few months, but years.
As new Harvard research indicates , Ukraine has likely been "a proving ground" for Russian cyber weapons dating back to the 2015 invasion of Crimea.
Several media reports have stated that the US and UK sent experts to Ukraine in recent months to help harden its networks against cyberattacks. The two countries have jointly blamed Russia for attacks that took down bank and government websites prior to the February invasion. Russia has denied involvement.
US and UK national cybersecurity organisations recently advised organisations to strengthen their cybersecurity, stating that attacks may be forthcoming as the conflict continues. But at the moment, many experts are surprised that a major Russian cyberattack wasn’t launched in conjunction with action on the ground, given Russia’s known expertise.
Missile barrage
One set ofUS researchersargued this week in the Washington Post that this is because cyber warfare is overhyped, expensive, and just darn hard – it's easier to launch a missile barrage against a power station than to hack it.
They note that “the fact that cyber operations are not always easy, cheap or effective in managing destruction at scale means they’re unlikely to produce the game-changing moment in modern warfare that many anticipated.” And anyway, they say, most devastation is wreaked by real-world attacks.
On the other hand, the Harvard researchers state that we should at the very least, expect a “spillover” of attacks from Ukraine to other countries.
And their premise that “the war with Ukraine has been likely serving as a live testing ground for its next generation of cyber weapons” echoes concerns among other experts that various cyberattacks on infrastructure in countries like the US may just be limited, probing attacks, testing capabilities in preparation for something more devastating.
As Ireland knows, it would be foolhardy to underestimate the serious effect of any cyberattack or the long-term impact. Taking out a healthcare service’s data network can threaten lives too.
Given current tensions, both organisations and individuals here should be taking basic, effective steps to protect against potential cyberattacks.
The easiest and most effective are things anyone can do: keep your software, apps and browsers up to date on your devices, use two-factor authentication everywhere you can, get a password manager for easy use of more complex, effective passwords and resist the urge to click on links from unknown sources.