How NATO is helping Ukraine fend off an onslaught of Russian cyberattacks

Open this photo in gallery:

Shortly after Russia seized Crimea in 2014, the cyberattacks on Ukraine began. Some were vicious and damaging, and Kyiv attributed the attacks to Moscow.

That year, the Ukrainian vote-tallying system was hacked four days before the national election. In 2015, hackers pulverized the country’s electrical grid, triggering blackouts – the first attack of its kind in cyberwarfare.

A big one came in 2017, when the NotPetya malware attack on Ukraine messed up its banks and government offices before spreading to many other countries, including the United States, Australia and Germany. The White House attributed NotPetya to the Russian military and called it “the most destructive and costly cyberattack in history.”

Ukraine’s dire experiences in the past decade taught it a lesson: there would be more Russian cyberattacks and Ukraine had better be prepared. Its sophisticated cyberwarfare defences were built up over the years and have almost certainly prevented the worst-case scenario – the complete shutdown of the country’s power grid, internet and essential civilian and military services – from playing out.

Shortly after Crimea was annexed by Russia, NATO began to help Ukraine build its cyberdefences, offering expertise, training and equipment. The effort ramped up late last year, when Russian President Vladimir Putin began to amass troops on the Ukrainian border.

On one day alone in mid-January, more than 70 Ukrainian government websites came under attack. Some, including those of the Foreign Affairs and Education ministries, were knocked out. A message left by the hackers on the Foreign Affairs site said: “Be afraid and expect worse.”

NATO’s effort ramped up again after that attack and once again after Feb. 24, when Mr. Putin gave the invasion order.

“We stepped up Ukraine’s cybercapacity building in the run-up to the crisis and cyber support since the war started,” said James Appathurai, the Canadian deputy assistant secretary-general responsible for cyberpolicy, in an interview. “Ukraine’s overall resilience to what has been a big cyberassault has been the result of major capacity building. … Their essential functions are still operating.”

Indeed, Ukraine has been the target of relentless cyberattacks in recent months, but none have fully knocked out government or civilian services or military operations. The fear that Russian cyberattacks would cripple the country and compromise its ability to defend itself has not materialized – at least not yet.

NATO does not take full credit for Ukraine’s apparently robust cyberdefences. Ukraine is known to be a tech-savvy country with a strong cohort of software engineers, some of whom are proficient in cyberwarfare defence. Many Silicon Valley companies outsource their engineering work to Ukrainian software firms because of their proficiency, but also because wages there are a bargain by North American and European standards.

Ukraine has recruited global tech companies to help its effort to counter Russian cyberattacks and keep the internet running. Elon Musk, the chief executive of Tesla and SpaceX, has provided Ukraine with Starlink satellite internet terminals – the Starlink system has more than 2,000 satellites in orbit. On Feb. 26, two days after the invasion, Mr. Musk tweeted: “Starlink service is active in Ukraine. More terminals en route.”

At the same time, Microsoft has sent its Threat Intelligence Center into action in the war. According to a March 3 New York Times report, the centre received a warning just before the invasion started that a potentially devastating “wipe” malware was aimed at Ukraine’s banks and government ministries. Microsoft alerted Ukraine’s cyberdefence authority and was able to block the malware, which it named “FoxBlade.”

Ukraine also relies on a vast domestic and international army of civilian hackers to disable potentially dangerous Russian sites, some of which spread disinformation. That group is given “tasks” though a Telegram channel with more than 300,000 members, Oleksandr Bornyakov, Ukraine’s deputy minister of digital transformation, has said in various interviews.

Still, there is no doubt that NATO has contributed a lot to Ukraine’s cyberdefences, just as it is helping the country in other ways. Flying over Poland near the Ukrainian border, NATO E-3A surveillance planes monitor Ukrainian airspace virtually 24 hours a day to report the location and direction of Russian fighter-bombers – crucial information that is shared with Ukraine’s military. Ukraine also receives a steady stream of weapons, including portable Javelin anti-tank missiles and Stinger surface-to-air missiles, from NATO members such as the United States, Germany and Canada.

NATO recognizes that modern warfare is not fought with just bullets and bombs. It is fought with trade and financial sanctions, such as the U.S. embargo on Russian oil imports announced last week, and with cyberattacks aimed at disabling everything from radar installations to electricity supplies.

In January, NATO plugged Ukraine into its Malware Information Sharing Platform (MISP), an open-source threat intelligence system. At the time, NATO Secretary-General Jens Stoltenberg said that “NATO’s strong political and practical support for Ukraine will continue,” including enhanced cyber co-operation.

After the start of the war, NATO accepted Ukraine as a “contributing participant” in its Co-operative Cyber Defence Centre of Excellence (CCDCOE). The organization is based in Estonia, which faced devastating cyberattacks, believed to be from Russia, in 2007. It responded by building the CCDCOE. Mr. Appathurai called Estonia “a world leader in cyberdefence.”

Ukraine has applied but is not yet a NATO member. But the CCDCOE has several non-NATO members, including Sweden, Finland, South Korea and Switzerland. Its mission is to share expertise in cyberdefence, research, training and exercises. Throughout this crisis, the centre has provided threat assistance and has mapped the cyberattacks, presumably from Belarus or Russia, on Ukraine.

NATO does not know whether the Russian cyberattacks have had limited impact because of Ukraine’s strong defences or because Russia has not yet launched a full-bore attack.

Mr. Appathurai thinks Russia may be holding back somewhat, fearing an escalation that could drag in NATO. “Cyber is a military domain, like land, sea, air and space,” he said. “Maybe the Russians are being careful not to have cyber spillover from the Ukraine crisis on NATO countries.”

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.