Cyberattacks loom as EU stiffens sanctions on Russia
By Andrew Rettman and Elena Sánchez Nicolás
Political and private sector experts are warning the EU to take more precautions against the kind of Russian cyber-attacks unleashed on Ukraine, amid concern Russia could use them in response to EU sanctions.
EU leaders on Thursday (24 February) called on Russia and Russian-backed hackers to stop the ongoing "disinformation campaign and cyber-attacks" on Ukraine that are being waged alongside Russia's military campaign to cut off and capture Kyiv.
Join EUobserver today
Become an expert on Europe
Get instant access to all articles — and 20 years of archives. 14-day free trial.
Choose your plan
... or subscribe as a group
Already a member?
They did so amid an asset-freeze on Russian president Vladimir Putin and foreign minister Sergei Lavrov and the likelihood of further economic sanctions on Russia.
And Russian malware and ransomware attacks were likely to rise in Europe as a response to the new EU measures, according to lawmakers who have familiarised themselves with the kinds of strikes Ukraine is facing.
"This [cyberwar] will not stop with Ukraine," Dutch member of the European Parliament Bart Groothuis said Thursday.
Groothuis spoke to EUobserver after recently visiting the Baltic States to get first-hand information on cyber threats. He said the same malware attacking critical infrastructure in Ukraine has already been detected in Latvia and Lithuania.
Cyber-security should be an EU "foreign affairs issue," not a technical one, given the "strategic costs" of cyberattacks, Groothuis said.
Europe needed a common response to cyber threats, because all EU member states can become victims if a serious attack gets under way, he said.
The European Union Agency for Cybersecurity has issued guidelines to step up security of public and private organisations in Europe in response to the Ukraine war, amid similar moves in the US and UK.
Lithuania, The Netherlands, Poland, Estonia, Romania and Croatia were planning to send a team of cybersecurity experts to Ukraine this week — but that was before the Russian invasion.
Meanwhile, the EU foreign service and national cyber-response teams have also been gaming out a fictional scenario in which a cyber-attack by Blueland, a thinly-veiled Russia, prompts failures in hospitals and power plants across Europe.
The fictional attack causes casualties, triggering EU sanctions, and activation of a mutual defence clause in the EU treaty, which was last used when terrorists attacked Paris in 2015.
Nato has likewise adopted internal guidance on what type of cyber-attack could be considered an "armed attack", triggering its mutual defence clause.
"We will not speculate on how serious a cyber-attack would have to be in order to trigger a collective response," said a Nato official, who spoke on condition of anonymity. "Any response could include diplomatic and economic sanctions, cyber measures, or even conventional forces," the official said.
"Whatever the response, Nato will continue to follow the principle of restraint, and act in accordance with international law," the official said.
But cybersecurity is as much a private concern as a public one — and so tech associations also have been pressing the EU to get more involved.
Shares in cybersecurity companies have jumped in value, amid rising fears of escalating threats.
Tech associations from Romania, Moldova, Lithuania, Slovakia, Estonia, Hungary, Poland, and Finland on Thursday called on EU leaders to build up a "digital shield," increasing training and investing heavily in cybersecurity.
Cyberattacks against Ukraine grew in intensity in the weeks ahead of Russia's military invasion on Thursday, Aleksandr Valentij, an information security officer at cybersecurity company Surfshark, said.
The first major attacks on private companies and state institutions in Ukraine were recorded nearly a decade ago — and just ahead of a pro-EU uprising in Kyiv in 2014, Valentij said.
Significant internet disruptions had been reported in several cities for at least a couple of weeks — leaving citizens unable to call an ambulance, police, or even just to communicate with relatives.
"All of this is part of the Russian plan to destabilise the situation in Ukraine," Anton Gerashchenko, an adviser to the minister of the interior of Ukraine, wrote on Facebook last week.
Several government websites and banks in Ukraine were hit earlier this week, according to reports from NetBlocks, another cybersecurity company. Hackers also took aim at online media, according to the Kyiv Post newspaper.
Bur beyond the cybersecurity work of Nato and EU member states and private firms, there are, of course, other actors.
Take, for example, the hacker collective Anonymous: this week it declared a vigilante "cyber war" against Russia.