The future of cyberwar
The U.S. rallies its cyberdefenses as the Russia-Ukraine conflict escalates on and off the battlefield.
The sound of the first bombs exploding over Ukraine will live on in the memories of many Americans for years to come. But other recent Russian attacks on Ukraine began more quietly, when over 70 Ukrainian websites were disabled weeks prior, among them the website for the nation’s ministry of foreign affairs. Hackers left a chilling message on the foreign-ministry website, which read, in part:
“Ukrainians! … All information about you has become public. Be afraid and expect worse. It’s your past, present and future.”
Though a Russian spokesman denied responsibility for the cyberattacks, people around the world understood in that moment that warfare would not be restricted to the battlefield.
Cybersecurity experts say the attacks illustrate the pressing need for more cybersecurity training in this country and around the world.
“The cyber domain is being exploited by profiteers in the form of cybercriminals taking advantage of desperate individuals seeking safety and freedom,” said Richard Mac Namee, director of the Cybersecurity Center at Metropolitan State University of Denver, which the National Security Agency recently designated as a National Center of Academic Excellence in Cyberdefense.
“We’re also seeing the evolution of well-meaning ‘hacktivists,’ as well as more nefarious groups stepping into the arena and in some instances learning on the job,” Mac Namee added.
Some experts estimate that over 150 cyberattacks have been launched against Ukraine since January, though due to encryption, decentralization and a lack of reporting, the exact number is difficult to pinpoint. Still, President Joe Biden issued a preemptive warning to Russia, stating in a live address that the U.S. is “prepared to respond” to critical cyberthreats.
Paired with Russia’s long history of international cyberattacks, Biden’s warning raises concern about cyberattacks hitting home. A senior FBI official has asked government officials and businesses to stay on high alert for potential cyberattacks on critical infrastructure such as hospitals and transportation. And Gov. Jared Polis issued a warning to Colorado organizations after the state announced its plan to place sanctions on Russia.
“Russia may well be targeting cyberattacks to a wide range of businesses and locations,” said Steve Beaty, Ph.D., MSU Denver chair and professor of Computer Sciences. “With the types of sanctions being used, certain business sectors can expect to be targeted, such as banking and financial services, as well as governmental entities and other critical infrastructure sectors. We know Russia has successfully attacked the power grid in Ukraine and with little regard to everyone’s health and life safety.”
While no catastrophic cyberattacks have happened yet as the result of the conflict in Ukraine, many experts are warning that it’s only a matter of time. Meanwhile, hackers are seeking and destroying any vulnerable websites they can find. The fallout from Covid-19 has only amplified the conditions required for widespread cyberattacks.
“A huge amount of information has moved to the cloud,” Mac Namee said. “Everything we’ve done during the pandemic, from Uber Eats to Peloton, is all up in the cloud. And that’s going to present us with a whole host of new problems.”
Many more people are now working from home as well, which has expanded organizations’ cyberdefense perimeters, Beaty said. Home networks, including TVs and personal devices, are likely more vulnerable than laptops and desktop computers, and most people don’t have a dedicated information-technology staff at home that can maintain security of routers and firewalls.
While compromised personal information may seem like a small threat compared with attacks on critical infrastructure, hackers in Ukraine are taking down Russian websites to incite chaos in everyday life so that it “creates a kind of panic in the country,” one such hacker told 1834 magazine.
These types of attacks may cause collateral damage that crosses borders, and many experts worry that the U.S. will feel the effects.
“A typical approach is to scan wide swaths of the internet looking for vulnerable computers and then automatically launch attacks against those found to be vulnerable,” Beaty said. “As humans aren’t involved in choosing the targets, these attacks may be launched against computers in places not directly involved in the conflict.”
The next generation
While the U.S. has shored up its cyberdefenses in recent years and many experts agree that Russian-based cyberattacks on the U.S. would be unlikely in the near future, the Russia-Ukraine conflict has revealed vulnerabilities in the U.S. cybersecurity industry.
“There are about 590,000 unfilled cyber jobs in the U.S., and about 20,000 of those jobs are in Colorado,” Mac Namee said. MSU Denver’s Cybersecurity Center provides students with hands-on, experiential learning that will prepare them to fill those vacant cyber jobs.
The center’s recent designation as a National Center of Academic Excellence in Cyberdefense brings with it more opportunities for professional relationships and funding for students.
“With this certification, the NSA (National Security Agency) recognizes that MSU Denver’s Cybersecurity program adheres to high standards of academic excellence,” said MSU Denver President Janine Davidson, Ph.D. “Our innovative and interdisciplinary programming, along with our approach to industry partnerships, focused on experiential learning in our Cyber Range, makes MSU Denver a key player in developing the nation’s next generation of cyber professionals.”
RELATED: Cyber superheroes prepare for battle
Experiences fielding cyberattacks at the Cybersecurity Center have cemented students’ interest in the field. Daniel Weinert, an MSU Denver student pursuing a bachelor’s degree in Cybersecurity, knew he wanted to work with computers, but it wasn’t until he started participating in scenarios that required him to defend against cyberattacks that he “fully fell in love with the field.”
“Before the class, I had never participated in attack scenarios,” he said. “It was an absolutely awesome experience, and I learned a lot from it.”
Mac Namee noted that the ongoing cyberattacks in Russia and Ukraine have created some uncertainty among students who are seeing escalated activity in cyberspace and aren’t sure how to respond. The hope is that students such as Tyler Miller, a junior in the Cybersecurity bachelor’s program, will one day have the skills to protect businesses and individuals from these threats.
“The current cyberattacks in Russia and Ukraine have really shown me the importance of cybersecurity,” Miller said. “Cybersecurity is something that many people don’t really think about, but it’s a vital part of our everyday lives.”