Ukraine's vibrant digital civil society and tradition of activism are largely to thank for some of the country's cyber-resilience (Photo: ec.europa.eu)
Recently, a flurry of articles have appeared in the media outlining lessons we should be learning from the digital battlefield in Ukraine. The problem is many of the reasons Kyiv has so successfully fended off Russia’s onslaught in cyberspace cannot simply be replicated anywhere else.
Granted, there are several, evident takeaways from the conflict for other nations.
The crucial role of technology companies, with their high-end capabilities and valuable insights garnered from the vast amount of data processed, is one.
The need for ever-closer public-private collaboration and the support of allies is another. Establishing data embassies abroad is certainly an option most governments should consider.
But many other aspects are specific to the Ukrainian context.
First, consider the country’s effectiveness in responding to and mitigating a barrage of sophisticated cyberattacks from a range of state and state-sponsored actors. This is, in part, a result from the direct experience it has gained in eight years of war against the Kremlin and its proxies.
Next, the mass mobilisation of Ukrainian volunteer hackers and patriotic programmers, many under the banner of the “IT Army”. Their contribution to Ukraine’s cyber counter-offensive seems to have been consequential.
If president Volodmyr Zelensky was able to rely on so many tech-savvy men and women, it is in large part because Ukraine has long been a global IT powerhouse with a talent pool of up to 300,00 professionals in the lead up to the war.
Being able to rely on such a full-spectrum society response, with the private sector and non-profits pitching in to the war effort alongside government, has offered Ukraine considerable support in shoring up cyber resilience.
The country’s vibrant digital civil society and tradition of activism are largely to thank for this.
Law-breaking problems
However, a number of reports have rightly highlighted the many ethical and legal issues connected with this ‘cyber militia’.
Among the Russian targets allegedly attacked by the IT army are civilian facilities, including universities and banks, which are prohibited under international humanitarian law.
There are data privacy and security risks for potential collateral victims of their attacks.
In some respects, some of Ukraine’s hacking collectives now bear the same trappings as the Kremlin-backed proxies that the West has spent years denouncing. In light of this, an ‘IT Army’-like scenario would likely face significant hurdles in other countries.
Last, but certainly not least, in terms of information operations around the theatre of war.
Ukraine’s success can be partly attributed to its familiarity with the Russian playbook in terms of disinformation.
But, in the battleground for the hearts and minds that is social media, Ukrainian’s efforts to shape — or even control the narrative — have also been facilitated by their ability to communicate in the Russian language. Zelensky himself was able to take his message directly to the Russian people, in Russian, on the eve of the invasion.
On “VK, a predominantly Russian-language social media, pro-Ukrainian posts have flooded the platform” and certain hashtags privileged over others to reach “a wide audience within Russia.”
So, what can others learn and eventually apply in terms of cyber-defence?
It is too early to guess even when and how the war will end. But it’s only natural for states to look for lessons learned to best prepare for what’s ahead.
And while many political, cultural, and contextual specificities mean that parallels have their limits, some countries, Taiwan included, would do well to draw inspiration from specific chapters of Ukraine’s cyber-warfare manual.
Source: euobserver.com