Streszczenie

Dear Readers, I am pleased to introduce a special edition of Applied Cybersecurity & Internet Governance (ACIG) journal dedicated to the Russian-Ukrainian war and the associated cybersecurity risks. The conflict started by Russia in 2014 with illegal annexation of Crimea and a part of Donbas region has a profound implication. Our civilisation shifts to the digital dimension; therefore, understanding cybersecurity within this context has become more critical than ever...

Słowa kluczowe

Streszczenie

This article examines Russia’s cyber campaigns against Ukraine and shines some light into this corner of the ‘gray zone’ and into the ‘red zone’ warfare inflicted upon Ukraine. Hitherto, there has been a lack of in-depth, systematic studies in relation to state-on-state cyber attacks. This article means to begin to bridge this gap in knowledge with its focus on Ukraine while arguing that Russia’s cyber campaigns are components of a wider suite of active measures/hybrid warfare engagements from its state and substate entities. For the Kremlin, hybrid warfare (gibridnaya voina) is fought with all the tools at their disposal on a ‘battlefield’ that stretches beyond the four modern domains of land, sea, air, and space. The fifth domain of cyberspace is increasingly important for espionage, cyberwar, and influence operations.

Słowa kluczowe

Streszczenie

Russia under Vladimir Putin has expanded and moved rapidly to improve its ability to employ “disinformation,” or “information warfare,” as an effective instrument to help it to accomplish its specific foreign policy objectives. Although it has only been since direct Russian involvement in the U.S. presidential election of 2016 that this has been an issue of major public political concern in the United States, a flood of research on this topic has now begun to appear. Despite many years of preparation for cyber conflict against critical U.S. infrastructure and military forces, the U.S. government and cybersecurity industry were unprepared for Russian information operations targeting the 2016 U.S. presidential election. It is clear, however, that the Russian propaganda/disinformation activities in the U.S. are but one part of a policy targeted virtually everywhere across the entire world and that this policy builds upon the earlier propaganda and disinformation activities of Russia’s predecessor state, the USSR. In the present essay, we intend to track the reemergence and development of the information warfare and disinformation component of Russian policy under President Putin, including its largely successful attempt to reintegrate the components of the former Soviet Union and its deep roots in Soviet “active measures,” up until the invasion of Ukraine, when it expanded exponentially. We shall also track the areas of the world targeted, and the increasing breadth of its target audiences and the issues covered.

Słowa kluczowe

Streszczenie

Russia’s 2022 invasion of Ukraine has dramatically altered global politics, not least that several so-called pariah states appear to be cooperating at a deeper level than at any time since the end of the Cold War. Occupying a critical position between the pariahs and the rest of the community of nations is China, an adversary to the United States, but not a pariah to the degree of Russia or its allies North Korea and Iran. Each of these countries has advanced both cyber and information operations. Considered here is a framework for understanding linkages between China and the pariahs; a chronicle of cyberattacks by each of the countries mentioned as well as consideration of possible collaboration; and observations on their propagandistic information operations since the beginning of the Russo-Ukraine War.

Słowa kluczowe

Streszczenie

This article explores Estonia’s cyber support for Ukraine following Russia’s invasion in February 2022. Despite its small size, Estonia has significant cyber expertise and has played a pivotal role in safeguarding Ukrainian digital infrastructure and providing cybersecurity support. While Estonian cyber contributions to Ukraine are significant, it initially did not seek or receive international attention. Estonia is typically vocal in promoting its cybersecurity and e-governance expertise. This article aims to first explore the impact of Estonia’s cyber support for Ukraine. Second, it aims to understand why Estonia did not try to use this support to bolster its status as a cyber authority. To do this, Estonia’s cyber support is analysed and put into the proper geopolitical context. Interviews with high-ranking Estonian officials were conducted and an analysis of policy output was performed. This article finds that the impor- tance of cybersecurity assistance is not as critical as military assistance, which is one reason why Estonia has not (yet) used its cyber assistance as a status opportunity. Although cybersecurity support may be considered secondary to military support, the significance of Estonia’s cybersecurity assistance should not be overlooked. Although Estonia did not pursue status initially, there are some signs that this is beginning to change and Estonia is recognised for its cyber expertise.

Słowa kluczowe

Streszczenie

One of the main lessons learned in the context of Russia’s full-scale invasion of Ukraine starting in February 2022 is that foreign information manipulation and interference (FIMI) operations are closely coupled with cyber threats. Regardless of whether cyberattacks are followed by an information manipulation component and vice versa, the merger of the two can be an early indicator of the potential for a conflict to escalate from the cyber area to the ground. Our article is premised on the idea that today’s highly technologised information ecosystem is a fertile ground for cyberattacks and information manipulation in the context of FIMI; more specifically, it enables cognitive hacking, meaning hacking the human mind and human cognition altogether through technological disruption and cyber pressure. Starting from this premise, the aim of the article is to highlight the technological determinants of cognitive hacking and identify silent or emerging threats that bypass technological sensors and seek to disrupt and manipulate the information environment. The empirical part is based on observation as a descriptive method, which is used to analyse a case of cognitive hacking carried out via a YouTube malvertising campaign targeting Romanian users. This case study is analysed qualitatively by matching the DISinformation Analysis & Risk Management (DISARM) framework with evidence collected through Open-Source Intelligence (OSINT) tools, following an innovative analysis structured according to the purposes, actions, results and techniques (PART) model. The extensive analysis of the identified case shows that applying the DISARM framework to cyber-enabled operations can be useful for anticipating and responding to FIMI threats, even when such operations do not appear to have a specific, immediately identifiable purpose.

Słowa kluczowe

Streszczenie

Situational awareness (SA) has become one of the key concepts in military sector. The Russian-Ukrainian war led to the development of information technology in Ukraine to manage troops and combat situations. The army was supported by numerous volunteer initiatives involving IT professionals. As a result, Ukrainian army has received modern software solutions based on the principles of SA for use in real combat conditions. The purpose of the study is to analyse the development of military and civilian SA information systems during the war between Russia and Ukraine. In the course of the study, the methods of system analysis of the problem of SA were used. The research classifies information solutions, assesses the distribution of products by different classification sectors, and conducts a strengths, weaknesses, opportunities, and threats (SWOT) analysis of the developed products. Using the example of the most common solutions, the main features of existing software products and the technologies on which they operate were identified. Prospects for the development of solutions, their contribution to military management, and problematic issues are identified.

Słowa kluczowe

Streszczenie

This article examines the Russian military’s Information Warfare (IW) activities. The particular focus here is on the use by this military of operations in cyberspace as a strategic force-multiplier. It seeks to shed light on why such operations are so important to this military and what goals it hopes to achieve through their use. In particular, this article highlights the role played by what Russian analysts refer to as cyber-psychological and cybertechnical operations. Having established the background to the Russian military’s IW thinking, this article then goes on to examine the application of its cyberspace operations against Ukraine: both before the 2022 invasion and as part of it. It is from this examination of the cyberattacks conducted against Ukraine that a better understanding of the potential of Russian IW can be generated. As such, lessons can be drawn from this conflict as to how, in the future, the Russian military might employ IW specifically against NATO states as part of a major kinetic confrontation. But, as this article notes, drawing lessons as to the actual strength of Russian IW capabilities from the Ukraine conflict may be a flawed process. It may be the case that the Russian military might not have shown its true cyber hand in Ukraine. It may be saving its best cyber tools for any future conflict with NATO itself.

Słowa kluczowe

Streszczenie

The socio-economic development that has taken place in recent years takes into account cybersecurity issues. Cybersecurity has many different dimensions, including the economic dimension. The Russian-Ukrainian conflict has shown that modern war is not only conventional, but also cybernetic. Earlier, the massive shift to remote communication systems forced by COVID also increased the demand for cybersecurity. This means that cybersecurity companies receive new orders, which can have a positive impact on their financial results. In the opinion of many experts, investing in such companies could be a good business. The research conducted in this article focuses on testing assumptions related to the recognition of investments in technology companies as prospective investments. Therefore, this study examines the impact of Russia-Ukraine war (from February 2022 to December 2024) and the COVID pandemic (from March 2020 to February 2022) on the valuation of cybersecurity companies. The period from January 2015 to February 2020 was used as the comparative period. The research material consists of companies and stock indices from the American and Polish markets. The results of the research are inconclusive. In fact, there are some examples of companies that took advantage of the Russian-Ukrainian conflict to achieve above-average returns. Such a business is risky, which is why these companies are achieving above-average returns with increased shares price volatility. However, it turns out that automatically assigning a company to the cyber or IT category does not mean that it will be a good investment in times of war or pandemic.

Słowa kluczowe

Streszczenie

Nowadays, the number of sophisticated cyberattacks targeting critical infrastructure or banking systems is increasing. Cases of successful attacks are not uncommon, as statistics in Ukraine demonstrate, and they are becoming more frequent and advanced. This results in an increased risk for companies listed on the stock exchange. The article provides examples of cyberattacks in Ukraine, including those using ransomware, attempts to infiltrate energy systems, and attacks on government institutions. It is noted that the presence of cyber threats is strongly linked to the political and international situation of the country. Analyses conducted focus on the examination of cyber threat events in Ukraine and their impact on the WIG_UKRAIN stock index from 2015 to 2023. The evaluation includes the index’s return rates on the day of the cyber threat occurrence, the following day, and the average return rate within five sessions after the threat. An analogous study for the WIG index is adopted as a benchmark. Based on the obtained results, it can be said that before the year 2022, cyberattacks on Ukraine did not have a significant impact on the value of the Ukrainian company stock index. The situation changed after 2022, where each potentially economically harmful cyberattack contributed to the decrease in the value of Ukrainian-listed companies. Generally, the start of hostilities in 2022 significantly increased the volatility of the WIG_UKRAIN index quotations. This is to be expected, as markets react badly to uncertainty.

Słowa kluczowe

Streszczenie

This study attempts to explore the extent to which EU support during the decentralisation process in Ukraine facilitates local authorities’ digitalisation and strengthens their resilience against cyber attacks. The Ukrainian cyber attack cases are becoming more frequent in 2022 and 2023 in terms of war, especially on the websites of local authorities. The article demonstrates that decentralisation with the support of the EU-funded U-LEAD assistance programme provides an opportunity to bring state services closer to citizens and, accordingly, increase the efficiency of their provision. Decentralisation and digitalisation go hand in hand in the process of implementation in Ukraine. The digitalisation in this direction of local administrations becomes a tool for achieving this goal because it allows local administrations to offer more of their services in a digital format, which ensures the resilience of the development of local authorities. At the same time, the local authorities are less protected against cyber attacks, especially during the war. The article employs a semi-structured interview method to analyse data, revealing that representatives from local authorities participate in various training courses to enhance cybersecurity skills. However, the challenges vary and include issues such as lack of personnel, lack of funding, complex application procedures, lack of coordination, and technical capacity limitations. Indeed, Ukraine is still in the process of improving its own model of cyber defence for local authorities and the country as a whole in terms of countering Russian aggression, using among others practices of NATO and EU countries in the specified field.

Słowa kluczowe

Streszczenie

The methodology of a quantitative assessment of organisation’s network cyber threats was developed in order to quantitatively assess and compare the cybersecurity threat landscape in conditions of limited data while applying the risk-oriented approach. It can be used either for assessing the level of network cyber threats of a particular organisation (as a quantitative measure of the criticality of cyber threats that are detected within the organisation’s network) or for comparing the level of network cyber threats of several organisations during the same or different time periods, giving grounds for supporting the process of making managerial decisions regarding the organisation’s cybersecurity strategy. The proposed scheme of the algorithm can be used to automate the calculation process. The assessment of network cyber threats that are considered in the article is not a full-fledged measure of the cyber risk because the methodology was developed considering the common circumstances of the deficiency of the risk context data. Nevertheless, the results of the methodology implementation partially reflect the overall level of the organisation’s cyber risk and are expected to be used in the case when the full-featured proper cyber threats assessment can’t be organised for some reason.

Słowa kluczowe

Streszczenie

Shared understanding of the operational environment in the cyber domain is the key enabler of NATO’s cyber posture. However, there have been no attempts to evaluate empirically the impact of the war in Ukraine on intra-Alliance coherence. This study applies a novel methodology based on computation text analysis to evaluate the trends within the recently adopted national cyber strategies with regards to the description of threats, risks, and actors involved in carrying out these threats – in particular, Italy, Latvia, the United Kingdom, and the United States. The analysis shows that before the large-scale invasion, the congruence was low between the two continental European states vis-a-vis the UK and the US on threat and risk assessment. After the invasion, these dif- ferences became smaller and the language of the updated National Cyber Security Strategies became more homogeneous as measured by the cosine similarity scores. There are still differences in the discussion of relevant actors in cyberspace. The methodology applied here can be extended to measure the cohesiveness of the Alliance’s cyber posture along other dimensions.