Back
About RSIS
Introduction
Building the Foundations
Welcome Message
Board of Governors
Staff Profiles
Executive Deputy Chairman’s Office
Dean’s Office
Management
Distinguished Fellows
Faculty and Research
Associate Research Fellows, Senior Analysts and Research Analysts
Visiting Fellows
Adjunct Fellows
Administrative Staff
Honours and Awards for RSIS Staff and Students
RSIS Endowment Fund
Endowed Professorships
Career Opportunities
Getting to RSIS
Research
Research Centres
Centre for Multilateralism Studies (CMS)
Centre for Non-Traditional Security Studies (NTS Centre)
Centre of Excellence for National Security
Institute of Defence and Strategic Studies (IDSS)
International Centre for Political Violence and Terrorism Research (ICPVTR)
Research Programmes
National Security Studies Programme (NSSP)
Social Cohesion Research Programme (SCRP)
Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
Other Research
Future Issues and Technology Cluster
Research@RSIS
Science and Technology Studies Programme (STSP) (2017-2020)
Graduate Education
Graduate Programmes Office
Exchange Partners and Programmes
How to Apply
Financial Assistance
Meet the Admissions Team: Information Sessions and other events
RSIS Alumni
Outreach
Global Networks
About Global Networks
RSIS Alumni
Executive Education
About Executive Education
SRP Executive Programme
Terrorism Analyst Training Course (TATC)
International Programmes
About International Programmes
Asia-Pacific Programme for Senior Military Officers (APPSMO)
Asia-Pacific Programme for Senior National Security Officers (APPSNO)
International Conference on Cohesive Societies (ICCS)
International Strategy Forum-Asia (ISF-Asia)
Publications
RSIS Publications
Annual Reviews
Books
Bulletins and Newsletters
RSIS Commentary Series
Counter Terrorist Trends and Analyses
Commemorative / Event Reports
Future Issues
IDSS Papers
Interreligious Relations
Monographs
NTS Insight
Policy Reports
Working Papers
External Publications
Authored Books
Journal Articles
Edited Books
Chapters in Edited Books
Policy Reports
Working Papers
Op-Eds
Glossary of Abbreviations
Policy-relevant Articles Given RSIS Award
RSIS Publications for the Year
External Publications for the Year
Media
Cohesive Societies
Sustainable Security
Other Resource Pages
News Releases
Speeches
Video/Audio Channel
External Podcasts
Events
Contact Us
S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
Nanyang Technological University Nanyang Technological University
  • About RSIS
      IntroductionBuilding the FoundationsWelcome MessageBoard of GovernorsHonours and Awards for RSIS Staff and StudentsRSIS Endowment FundEndowed ProfessorshipsCareer OpportunitiesGetting to RSIS
      Staff ProfilesExecutive Deputy Chairman’s OfficeDean’s OfficeManagementDistinguished FellowsFaculty and ResearchAssociate Research Fellows, Senior Analysts and Research AnalystsVisiting FellowsAdjunct FellowsAdministrative Staff
  • Research
      Research CentresCentre for Multilateralism Studies (CMS)Centre for Non-Traditional Security Studies (NTS Centre)Centre of Excellence for National SecurityInstitute of Defence and Strategic Studies (IDSS)International Centre for Political Violence and Terrorism Research (ICPVTR)
      Research ProgrammesNational Security Studies Programme (NSSP)Social Cohesion Research Programme (SCRP)Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      Other ResearchFuture Issues and Technology ClusterResearch@RSISScience and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      Graduate Programmes OfficeExchange Partners and ProgrammesHow to ApplyFinancial AssistanceMeet the Admissions Team: Information Sessions and other eventsRSIS Alumni
  • Outreach
      Global NetworksAbout Global NetworksRSIS Alumni
      Executive EducationAbout Executive EducationSRP Executive ProgrammeTerrorism Analyst Training Course (TATC)
      International ProgrammesAbout International ProgrammesAsia-Pacific Programme for Senior Military Officers (APPSMO)Asia-Pacific Programme for Senior National Security Officers (APPSNO)International Conference on Cohesive Societies (ICCS)International Strategy Forum-Asia (ISF-Asia)
  • Publications
      RSIS PublicationsAnnual ReviewsBooksBulletins and NewslettersRSIS Commentary SeriesCounter Terrorist Trends and AnalysesCommemorative / Event ReportsFuture IssuesIDSS PapersInterreligious RelationsMonographsNTS InsightPolicy ReportsWorking Papers
      External PublicationsAuthored BooksJournal ArticlesEdited BooksChapters in Edited BooksPolicy ReportsWorking PapersOp-Eds
      Glossary of AbbreviationsPolicy-relevant Articles Given RSIS AwardRSIS Publications for the YearExternal Publications for the Year
  • Media
      Cohesive SocietiesSustainable SecurityOther Resource PagesNews ReleasesSpeechesVideo/Audio ChannelExternal Podcasts
  • Events
  • Contact Us
    • Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
      rsisvideocast
      school/rsis-ntu
      rsis.sg
      rsissg
      RSIS
      RSS
      Subscribe to RSIS Publications
      Subscribe to RSIS Events

      Getting to RSIS

      Nanyang Technological University
      Block S4, Level B3,
      50 Nanyang Avenue,
      Singapore 639798

      Click here for direction to RSIS

      Get in Touch

    Connect
    Search
    • RSIS
    • Publication
    • RSIS Publications
    • IP22052 | Bytes from Ukraine: Cyber Warfare and Cyber Tantrums
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • RSIS Commentary Series
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • Future Issues
    • IDSS Papers
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers

    IP22052 | Bytes from Ukraine: Cyber Warfare and Cyber Tantrums
    Tan E Guang Eugene

    26 September 2022

    download pdf

    In the opening days of the Ukraine conflict, some anticipated that it would become the first war fought largely in cyberspace. Six months on, EUGENE E. G. TAN argues that cyberattacks have played only a supportive role to Russia’s conventional war operations. However, he notes that cyberattacks have been used by various actors to signal displeasure to parties that have shown sympathy for Ukraine. He warns that states and their societies are increasingly likely to face such “cyber tantrums” by actors aggrieved by their policies.

    COMMENTARY

    Six months have passed since Ukraine was invaded. While the effects of the physical conflict are devastating for Ukraine, the war being fought in cyberspace dims in comparison, contrary to widespread expectation. The Ukraine war provides an interesting test case for the role of cyberattacks in warfare, as well as for the corollary of cyberattacks on states that are not party to a particular war but sympathetic to its victims. However, cyberattacks are not always readily attributable to state actors, making it difficult to link them to a clear campaign on the part of any given state.

    What lessons can we draw from recent cyberattacks? And, what do the increasing number of threatened or realised cyberattacks mean for states and societies at large?

    Role of Cyberattacks in War

    First, while cyberattacks have undoubtedly been used in times of war in recent years, their scale and impact fall well below those of the use of armed force. In his seminal piece “Cyber War Will Not Take Place”, Thomas Rid argues that cyberattacks are fundamentally a more sophisticated way of conducting subversion, espionage, and sabotage; cyberattacks on their own do not carry the same lethality that conventional warfare does and therefore do not constitute acts of war in their own right. Rid does acknowledge that in extreme circumstances a cyberattack in itself may constitute an act of war, but only when it causes massive destruction and damage. Nadia Kostyuk and Erik Gartzke agree with Rid in saying that cyber operations are most effective in pursuing informational goals. They go further by noting that cyberattacks are not pure substitutes for armed conflict but are likely to increasingly displace conventional conflict in future.

    The above being said, in 2016, the North Atlantic Treaty Organization (NATO) formally recognised cyberspace as “a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea”, making it clear that cyberattacks are considered a part of war — if not constituting its entirety.

    The Ukraine war has demonstrated these principles quite clearly. Cyberattacks have been used in a limited way in support of conventional war operations but they have neither surpassed the use of force threshold, nor have they yet had lethal consequences.

    Disclosures by Microsoft show that as part of its preparations for war Russia had deployed cyberattacks on critical infrastructure in Ukraine to disrupt Ukrainian communications. While most of these cyberattacks were thwarted by the Ukrainians, the Russians were successful in disrupting some critical services for a few days, including telecommunication services provided by ViaSat’s KA-SAT satellite network.

    It is also worth remembering that hostile cyberattacks on Ukraine are not new; they have been taking place on and off since the Russian annexation of Crimea and parts of the Donbas in 2014. The hacking of the Ukrainian power grid in the depths of the winter of 2015–2016 was particularly notorious and could potentially have been considered tantamount to an armed attack, had there been fatalities.

    These incidents probably served as impetus for Ukraine to strengthen its cyber defences against external aggression, which should be seen as a positive example of how good cyber defences can prevent the disruption of services.

    The relative lack of lethal and destructive effects means that it would be a gross overreaction to label cyberattacks in general as acts of war in themselves. This is especially the case when cyberattacks occur as one-off events without other physical manifestations of war, such as the devastation of infrastructure and loss of life.

     

    IP22052 Cyber altumcode unsplash 1
    Cyber war may not take place … but cyber tantrums will. Photo by AltumCode on Unsplash, modified.

     

    Cyberattacks or Cyber Tantrums?

    The second lesson that we might draw from the recent and mounting cyber threat — which should be more worrying to states — is the rising number of cyberattacks that take place below the threshold of war, and the reasons why these are undertaken. Critical infrastructure, services, and data are susceptible to cyberattack, and such attacks are set to heighten in sophistication and frequency, even in peacetime or on countries that are not party to wars like those in Ukraine.

    The Ukraine war has shown how societies at large have been on the receiving end of what could be called cyber tantrums, where attackers whose identities are unclear use cyberattacks to signal retaliatory discontent over a certain decision a country (or even an institution, business, or organisation in that country) has made.

    Cyber tantrums may be targeted at various spheres: cultural, like the attempted cyberattack on the May 2022 Eurovision Song Contest held in Italy (which, perhaps uncoincidentally, was won by Ukraine); political, like the attack on multiple Lithuanian government websites for the country’s decision to apply European Union sanctions against Russia for the Ukraine war; or even undertaken for personal reasons such as the religious, like the call for cyberattacks on the Singapore government in conjunction with an Indonesian preacher having being denied entry into the country.

    Singapore, too, may well see cyberattacks for its decision to speak out against the war in Ukraine. Similarly, Singapore could be subject to future attack should another state (or state-sponsored actor, hacktivist, or opportunistic actor) take umbrage at its foreign policy or remarks made by senior officials. Singapore should be prepared for the likelihood of some of these cyberattacks getting past its cyber defences, and the authorities should prime the public for such disruptive measures.

    Upholding a Rules-based Cyber Order

    The third, and arguably the most important lesson that the war in Ukraine has taught the world is that there may be costs involved in standing up for global security. Cyber tantrums will become more commonplace as a greater number of geopolitical (and even ideological) flashpoints start coming to the fore, because cyberattacks are seen as low-risk, high-reward activities which have visible, albeit reversible, consequences. For example, a hacked power grid could greatly inconvenience a state by depriving it of critical services, although for the most part, power may be restored.

    However, the risk of cyberattacks getting out of hand in times of war appears to be much lower than popularly thought, for it is generally recognised that cyberspace is governed by international law, as is the use of force and armed conflict. This principle was already agreed upon in 2013 by the United Nations Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, which two years later proposed 11 voluntary, non-binding norms of responsible state behaviour to guide state actions in cyberspace. The norms were re-endorsed by the UN General Assembly as recently as September 2021, and again by delegates to the UN Open-ended Working Group on security relating to information and communications technologies at its third substantive session in July 2022.

    The International Committee of the Red Cross argues that acts of cyber aggression in times of war should be covered under established international articles like the Law of Armed Conflict (or International Humanitarian Law). Hostile acts committed against Ukraine in cyberspace could therefore be considered part of the greater war on Ukraine. These could potentially include indiscriminate cyberattacks on healthcare facilities and civilian infrastructure.

    States should therefore work towards developing wider adherence to norms and international law in cyberspace, in particular the 11 norms proposed by the 2015 UNGGE. There is scope for states to enact capacity- and confidence-building measures to develop a trusted and well-equipped system to jointly tackle cyber threats. These could involve supporting one another in developing cyber defence capacity, sharing intelligence on likely threats, and tackling cybercrime. It is only through international cooperation that states might reduce the reward or satisfaction gained by malicious cyber actors and make it harder for them to penetrate their systems.

    This is not to say that errant states will not test the limits of the applicability of international law, especially if they can use proxies for deniability. The invasion of Ukraine is itself general proof that international law can be flouted. But it should be remembered that without the boundaries that international law has established, it would be difficult to even talk in terms of wrongdoing by states and other miscreants, much less pinpoint it.

    The war in Ukraine has shown how even states that are not directly involved are not spared the effects of the war, albeit these occur on a much smaller and non-lethal scale. Cyber tantrums by states or non-state actors cannot be wished away, but they can be made less effective through the deepening of cooperation between states and other stakeholders. States might often be tempted to turn a blind eye to — or even encourage — cyber tantrums, because these fit their general purposes. This must end. The message that cyber tantrums are not to be condoned must be made clear to all stakeholders, if states desire stability and security in cyberspace in times of both war and peace.

    About the Author

    Eugene E. G. TAN is an Associate Research Fellow at the Centre of Excellence for National Security (CENS) at the S. Rajaratnam School of International Studies. He is currently working on capacity building measures and norm implementation for responsible state behaviour in cyberspace.

    Categories: IDSS Papers / Conflict and Stability / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / International Politics and Security / Technology and Future Issues / Europe / Southeast Asia and ASEAN / Global
    comments powered by Disqus

    In the opening days of the Ukraine conflict, some anticipated that it would become the first war fought largely in cyberspace. Six months on, EUGENE E. G. TAN argues that cyberattacks have played only a supportive role to Russia’s conventional war operations. However, he notes that cyberattacks have been used by various actors to signal displeasure to parties that have shown sympathy for Ukraine. He warns that states and their societies are increasingly likely to face such “cyber tantrums” by actors aggrieved by their policies.

    COMMENTARY

    Six months have passed since Ukraine was invaded. While the effects of the physical conflict are devastating for Ukraine, the war being fought in cyberspace dims in comparison, contrary to widespread expectation. The Ukraine war provides an interesting test case for the role of cyberattacks in warfare, as well as for the corollary of cyberattacks on states that are not party to a particular war but sympathetic to its victims. However, cyberattacks are not always readily attributable to state actors, making it difficult to link them to a clear campaign on the part of any given state.

    What lessons can we draw from recent cyberattacks? And, what do the increasing number of threatened or realised cyberattacks mean for states and societies at large?

    Role of Cyberattacks in War

    First, while cyberattacks have undoubtedly been used in times of war in recent years, their scale and impact fall well below those of the use of armed force. In his seminal piece “Cyber War Will Not Take Place”, Thomas Rid argues that cyberattacks are fundamentally a more sophisticated way of conducting subversion, espionage, and sabotage; cyberattacks on their own do not carry the same lethality that conventional warfare does and therefore do not constitute acts of war in their own right. Rid does acknowledge that in extreme circumstances a cyberattack in itself may constitute an act of war, but only when it causes massive destruction and damage. Nadia Kostyuk and Erik Gartzke agree with Rid in saying that cyber operations are most effective in pursuing informational goals. They go further by noting that cyberattacks are not pure substitutes for armed conflict but are likely to increasingly displace conventional conflict in future.

    The above being said, in 2016, the North Atlantic Treaty Organization (NATO) formally recognised cyberspace as “a domain of operations in which NATO must defend itself as effectively as it does in the air, on land and at sea”, making it clear that cyberattacks are considered a part of war — if not constituting its entirety.

    The Ukraine war has demonstrated these principles quite clearly. Cyberattacks have been used in a limited way in support of conventional war operations but they have neither surpassed the use of force threshold, nor have they yet had lethal consequences.

    Disclosures by Microsoft show that as part of its preparations for war Russia had deployed cyberattacks on critical infrastructure in Ukraine to disrupt Ukrainian communications. While most of these cyberattacks were thwarted by the Ukrainians, the Russians were successful in disrupting some critical services for a few days, including telecommunication services provided by ViaSat’s KA-SAT satellite network.

    It is also worth remembering that hostile cyberattacks on Ukraine are not new; they have been taking place on and off since the Russian annexation of Crimea and parts of the Donbas in 2014. The hacking of the Ukrainian power grid in the depths of the winter of 2015–2016 was particularly notorious and could potentially have been considered tantamount to an armed attack, had there been fatalities.

    These incidents probably served as impetus for Ukraine to strengthen its cyber defences against external aggression, which should be seen as a positive example of how good cyber defences can prevent the disruption of services.

    The relative lack of lethal and destructive effects means that it would be a gross overreaction to label cyberattacks in general as acts of war in themselves. This is especially the case when cyberattacks occur as one-off events without other physical manifestations of war, such as the devastation of infrastructure and loss of life.

     

    IP22052 Cyber altumcode unsplash 1
    Cyber war may not take place … but cyber tantrums will. Photo by AltumCode on Unsplash, modified.

     

    Cyberattacks or Cyber Tantrums?

    The second lesson that we might draw from the recent and mounting cyber threat — which should be more worrying to states — is the rising number of cyberattacks that take place below the threshold of war, and the reasons why these are undertaken. Critical infrastructure, services, and data are susceptible to cyberattack, and such attacks are set to heighten in sophistication and frequency, even in peacetime or on countries that are not party to wars like those in Ukraine.

    The Ukraine war has shown how societies at large have been on the receiving end of what could be called cyber tantrums, where attackers whose identities are unclear use cyberattacks to signal retaliatory discontent over a certain decision a country (or even an institution, business, or organisation in that country) has made.

    Cyber tantrums may be targeted at various spheres: cultural, like the attempted cyberattack on the May 2022 Eurovision Song Contest held in Italy (which, perhaps uncoincidentally, was won by Ukraine); political, like the attack on multiple Lithuanian government websites for the country’s decision to apply European Union sanctions against Russia for the Ukraine war; or even undertaken for personal reasons such as the religious, like the call for cyberattacks on the Singapore government in conjunction with an Indonesian preacher having being denied entry into the country.

    Singapore, too, may well see cyberattacks for its decision to speak out against the war in Ukraine. Similarly, Singapore could be subject to future attack should another state (or state-sponsored actor, hacktivist, or opportunistic actor) take umbrage at its foreign policy or remarks made by senior officials. Singapore should be prepared for the likelihood of some of these cyberattacks getting past its cyber defences, and the authorities should prime the public for such disruptive measures.

    Upholding a Rules-based Cyber Order

    The third, and arguably the most important lesson that the war in Ukraine has taught the world is that there may be costs involved in standing up for global security. Cyber tantrums will become more commonplace as a greater number of geopolitical (and even ideological) flashpoints start coming to the fore, because cyberattacks are seen as low-risk, high-reward activities which have visible, albeit reversible, consequences. For example, a hacked power grid could greatly inconvenience a state by depriving it of critical services, although for the most part, power may be restored.

    However, the risk of cyberattacks getting out of hand in times of war appears to be much lower than popularly thought, for it is generally recognised that cyberspace is governed by international law, as is the use of force and armed conflict. This principle was already agreed upon in 2013 by the United Nations Group of Governmental Experts (UNGGE) on Developments in the Field of Information and Telecommunications in the Context of International Security, which two years later proposed 11 voluntary, non-binding norms of responsible state behaviour to guide state actions in cyberspace. The norms were re-endorsed by the UN General Assembly as recently as September 2021, and again by delegates to the UN Open-ended Working Group on security relating to information and communications technologies at its third substantive session in July 2022.

    The International Committee of the Red Cross argues that acts of cyber aggression in times of war should be covered under established international articles like the Law of Armed Conflict (or International Humanitarian Law). Hostile acts committed against Ukraine in cyberspace could therefore be considered part of the greater war on Ukraine. These could potentially include indiscriminate cyberattacks on healthcare facilities and civilian infrastructure.

    States should therefore work towards developing wider adherence to norms and international law in cyberspace, in particular the 11 norms proposed by the 2015 UNGGE. There is scope for states to enact capacity- and confidence-building measures to develop a trusted and well-equipped system to jointly tackle cyber threats. These could involve supporting one another in developing cyber defence capacity, sharing intelligence on likely threats, and tackling cybercrime. It is only through international cooperation that states might reduce the reward or satisfaction gained by malicious cyber actors and make it harder for them to penetrate their systems.

    This is not to say that errant states will not test the limits of the applicability of international law, especially if they can use proxies for deniability. The invasion of Ukraine is itself general proof that international law can be flouted. But it should be remembered that without the boundaries that international law has established, it would be difficult to even talk in terms of wrongdoing by states and other miscreants, much less pinpoint it.

    The war in Ukraine has shown how even states that are not directly involved are not spared the effects of the war, albeit these occur on a much smaller and non-lethal scale. Cyber tantrums by states or non-state actors cannot be wished away, but they can be made less effective through the deepening of cooperation between states and other stakeholders. States might often be tempted to turn a blind eye to — or even encourage — cyber tantrums, because these fit their general purposes. This must end. The message that cyber tantrums are not to be condoned must be made clear to all stakeholders, if states desire stability and security in cyberspace in times of both war and peace.

    About the Author

    Eugene E. G. TAN is an Associate Research Fellow at the Centre of Excellence for National Security (CENS) at the S. Rajaratnam School of International Studies. He is currently working on capacity building measures and norm implementation for responsible state behaviour in cyberspace.

    Categories: IDSS Papers / Conflict and Stability / Country and Region Studies / Cybersecurity, Biosecurity and Nuclear Safety / International Politics and Security / Technology and Future Issues

    Popular Links

    About RSISResearch ProgrammesGraduate EducationPublicationsEventsAdmissionsCareersVideo/Audio ChannelRSIS Intranet

    Connect with Us

    rsis.ntu
    rsis_ntu
    rsisntu
    rsisvideocast
    school/rsis-ntu
    rsis.sg
    rsissg
    RSIS
    RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    Getting to RSIS

    Nanyang Technological University
    Block S4, Level B3,
    50 Nanyang Avenue,
    Singapore 639798

    Click here for direction to RSIS

    Get in Touch

      Copyright © S. Rajaratnam School of International Studies. All rights reserved.
      Privacy Statement / Terms of Use
      Help us improve

        Rate your experience with this website
        123456
        Not satisfiedVery satisfied
        What did you like?
        0/255 characters
        What can be improved?
        0/255 characters
        Your email
        Please enter a valid email.
        Thank you for your feedback.
        This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
        OK
        Latest Book
        more info