The conflict in Ukraine has shown that warfare has entered its “fourth plane” – cyber space, according to Microsoft’s President Brad Smith, speaking during Microsoft Envision in London, UK, today.
He argued that Russia’s invasion of Ukraine marks a significant shift in how warfare is conducted. This follows previous eras, in which land, sea, and air were prominent arenas. Smith noted that we are approaching the three-month point of the Russia-Ukraine conflict, “the world’s first major hybrid war.”
Smith pointed out this is a phenomenon Microsoft has already considered. For example, in calling for a Digital Geneva Convention to “obligate governments to protect civilians in times of peace as well as war. It also helped set up the Cybersecurity Tech Accord, which involves 150 companies from 29 countries around the world. This “brought us together to think about the principles for which we would stand as we saw a proliferation of weapons moving into cyber space.”
However, he expressed surprise that he would be discussing these principles in the context of a “significant, major war” so soon after.
Smith then set out three major tech roles Microsoft has focused on concerning the Russia-Ukraine conflict:
Sustaining a Government
He highlighted that the UK government had to move its communications underground in World War Two. “Technology changed where communication needed to live,” he stated. Something similar has happened in respect of the Ukrainian government, except this time, “communications have moved to the cloud.”
Smith said that even one week before the invasion began, the Ukrainian government ran entirely on-premise. It realized this was dangerous, and Microsoft helped the government very quickly move to the cloud, in addition to other parts of the country’s economy. “We recognized that we needed in this case not just to move their data and infrastructure to the cloud, but in some instances to move it to the cloud outside Ukraine.” He added: “The best way to protect a country in time of war is to make sure its continuity by dispersing its digital assets.”
Defending a Nation
Smith emphasized that the first shots of the war were not fired on February 24, when the invasion began, but before then, “where the first “shells” were actually fired in cyber space.” The first weapon was malware called FoxBlade, which simultaneously attacked more than 300 targets across the Ukrainian government and critical industries. This attack showed that in warfare, “distances have shrunk, and speeds accelerated.” He added that “cyber weapons today can go halfway around the world at the speed of light – far faster than any hypersonic weapon.”
“Cyber weapons today can go halfway around the world at the speed of light – far faster than any hypersonic weapon.”
Microsoft threat intelligence personnel are at the frontline of these threats, stated Smith. They have observed that Russian cyber-attacks have been “incredibly sophisticated,” delivered in a very coordinated way from seven different units in three different parts of the Russian government. Unlike the NotPetya attacks in 2017, which spilled over to organizations worldwide, these are “precisely targeted,” designed to penetrate a domain and only affect computers within that domain.
He noted that the nature of cyber-attacks evolved from the start of the conflict when techniques like DDoS and website defacement were prevalent. As the war continued, Russia used a combination of cyber and kinetic attacks. For example, in early March, in the space of a couple of days, Russia went from taking down a network in a nuclear powerplant to attacking that powerplant. “We’re seeing in real-time the evolution of this hybrid war,” Smith explained.
This trend demonstrates the importance of “rapid defense.” Smith said Microsoft has worked to quickly send information about attacks they see “to the people who can stop them.” This first line of defense is often ordinary people working in a business, like network administrators or CIOs. “We have to find them any way we can,” he outlined.
In the same way that radar enabled Britain to quickly respond to enemy bombers during World War Two, Smith commented that detection and security are critical to defending Ukraine’s government and critical infrastructure from cyber-attacks.
Smith also highlighted the role of disinformation in the conflict, which “is part of an integrated operation that is being done to support Russian military aims in Ukraine on a global basis.” Therefore, “we are going to need to develop the offensive capabilities to combat this kind of cyber-attack in the same way that we combat others.”
Protecting People
The role of protecting innocent civilians at this time “is the most fundamental for all of us,” said Smith. Most fundamentally, this involves ensuring there is accountability for war crimes contraventions during the war, such as shelling hospitals. Tech has a huge role in gathering the evidence required to prosecute perpetrators, particularly in “collecting, preserving and analyzing data related to war crimes investigations.”
He revealed that using Satellite imagery, Microsoft had developed an AI algorithm “that can identify each day hospital, school and water tower being attacked, damaged or destroyed.”
Smith added that it is important “to use all of the tools that we have to try to protect people, and it’s important to ensure that we create the foundation to do what was done after World War Two at Nuremberg.”