Ukraine’s first lessons for COMCYBER – FOB

In Ukraine, cyberwar really happened, contrary to what the absence of ‘cyber Pearl Harbor’ led to believe “, declared Major General Aymeric Bonnemaison, Commander of Cyber ​​Defense, during a recent hearing in the National Assembly. In office since September 1, 2022, he returned to the first lessons learned from the Russian-Ukrainian conflict.

General Bonnemaison estimates the number of cyberattacks recorded against Ukraine during the first two months of the conflict at 350, of which 40% targeted critical infrastructure and 30% had an impact at the national level. At the end of December, the head of Ukraine’s cybersecurity department announced that it had neutralized more than 4,500 Russian attacks in ten months of conflict.

Attacks carried out in all directions and which sometimes pass through the Ukrainian network. Any ” very advanced managed, during a second wave, to reach a Viasat satellite communication channel widely used by Ukrainian forces. An attack partially offset by the Starlink network provided by SpaceX. Others, more recent, focus on the country’s electrical installations.

These ten months of conflict generated valuable lessons for COMCYBER. In the first place, ” When Gunpowder Speaks, Offensive Computer Fighting Meets Its Limits “. Put another way, ” without cyber we will certainly lose, but we will not win with cyber alone“. This one ” I didn’t do everything in the Russian-Ukrainian confrontation. His role proved to be especially important downstream of the conflict” thanks to the information it offers and the possibility it offers to form minds », estimates General Bonnemaison.

On both sides, effectiveness seems to have been quite relative. Thus, if the Ukrainian “cyber army”, the IT Army, ” made it possible to urgently structure strong viral aggression capabilities against the Russians, (…) the attacks carried out were very disorderly and of a relatively low technical level “. Onward, past the intensity of the first waves, the Russians did not succeed” fully integrate cyber capabilities into tactical maneuver, even as they achieved that in Georgia “.

Second “surprise” pointed out by COMCYBER: the ability of the defensive to gain advantage over the offensive, ” what we doubt “. The Russian Offensive was much less impactful and effective than expected “, he points out, because counterbalanced by a Ukrainian defense in depth reinforced by the massive support of the United States via government and GAFAM, ” in particular from Microsoft with regard to the analyzes “.

The observation is a source of hope for the French command. ” We protect our networks permanently, sometimes having the feeling of building a Maginot line, of which everyone knows what happened. We need defenses to natively protect our networks, combined with the ability to patrol our networks and constantly check “, emphasizes General Bonnemaison.

Finally, the third and final lesson comes from “ the little readability not only of the actions, but also of the actors “. In between ” hacktivists “mobilized according to their views, but with limited effectiveness, and cybercriminal groups that carried out attacks on behalf of certain intelligence services”, there is a great deal of confusion in cyberspace between the various actors “.

Attributing attacks is all the more complex as the porosity between the different worlds of cyberspace increases. ” My generation, which has experienced asymmetric warfare, knows that the distinction between civilians and the military is not obvious, but it is even more complex in cyberspace. “, raises the COMCYBER.

Building “world-leading cyber resilience” is, unsurprisingly, one of the 10 strategic objectives listed in the 2022 National Strategic Review. It remains to integrate Ukraine’s lessons into that ambition and translate it into financial resources and capabilities in the next military programming law for 2024 -2030.

I certainly have requirements, but it’s a great comfort and I don’t know how big the suitcase is, especially since all armies today are facing high-intensity warfare. Cyber ​​adds to the other environments and does not replace one or the other. Even if efforts are made, it will probably be difficult to pack everything. commented COMCYBER.

Image credits: Microsoft

Leave a Comment