The Cyber Dimensions of the Russia-Ukraine War

The workshop gathered cyber threat intelligence practitioners, academics, and officials representing governments and international institutions. It was an invitation only workshop and adhered to the Chatham House Rule, enabling participants to express their candid ideas and reflections. ECCRI has prepared this report in consultation with attendees, to emphasize the primary topics of discussion.

This report builds upon a previous report by ECCRI on wartime cyber operations in Ukraine, based on a workshop held in Tallinn in May 2022, just three months after the full-scale invasion of Ukraine.

Key takeaways from the report:

  • In line with its doctrine of information confrontation, Russia employed a variety of cyber operations during the war at an unprecedented scale.
  • The primary goals of wartime operations – sabotage, influence, and espionage – have remained constant. Cyber operations provide new opportunities to achieve age-old objectives.
  • Cyber activity in Ukraine is associated with kinetic activity bursts and lulls.
  • The GRU has adopted a flexible approach with “pure wipers” that are easy to manipulate and launch without draining significant resources.
  • Western observers may overestimate coordination between Russian-aligned criminals and the government.
  • Distinguishing between cyber criminal and political activist groups is becoming increasingly difficult.
  • Initiatives such as the IT Army risk blurring important principles of distinction between combatants and noncombatants.
  • There is a shift in responsibilities that needs to be recognized by both the public and private sectors, with industry delivering capacity at scale.
  • While Ukraine has benefited from unity of purpose across many different Western actors, this conflict may not provide a good roadmap for the future.

Workshop Report