The Russian Threat the West Can’t Ignore

Western officials say Russian President Vladimir Putin is forging stronger ties between Russia’s technology developers and intelligence agencies. (Vyacheslav Prokofyev/AFP/Getty Images)

About the author: Justin Sherman is the founder and CEO of Global Cyber Strategies, a research and advisory firm, and a nonresident senior fellow at the Atlantic Council.

After meeting with Russian President Vladimir Putin in Alaska earlier this month, President Donald Trump reversed course on his initial demand for a cease-fire in Ukraine. Instead, he wrote on Truth Social, he wanted a “peace agreement” to “end the war.” It is unclear what such an agreement would look like, or how it might be feasible.

Whatever the outcome of the physical war being waged on Ukraine’s soil, Russian threats will remain in the digital domain. Russia isn’t going to let up its yearslong cyber assault on Ukraine. Even in the highly unlikely scenario that he withdraws troops, Putin is far too invested in undermining and controlling Ukraine to meaningfully curtail cyber espionage against its industry, government, and society.

Russia’s ecosystem of cyber actors, from patriotic hackers to cybercriminals, is core to the Kremlin’s power projection. Plenty of experts in the U.S. and Europe know this. But the U.S. government has given little indication it fully appreciates Russia’s cyber threat against Ukraine. Recent White House meetings of U.S. and European leaders about the war haven’t prominently featured discussions of cyber operations, despite their relevance to the war’s trajectory. Even more of the cyber defensive support burden may fall to Europe in the coming weeks and months.

Offensive cyber operations have been enmeshed with Russia’s ground operations in Ukraine since its earliest days. When Russia illegally invaded and annexed Crimea in 2014, it used information warfare to spread propaganda and misinformation about Ukrainian politics and the treatment of ethnic Russians. It launched distributed denial of service attacks—flooding a server with traffic to knock it offline—to disrupt Ukrainian communications and distract from the Russian troops on Ukrainian soil.

In its broader invasion in February 2022, Russia disrupted the Viasat satellite system, which interfered with internet access for some Ukrainians. Russian agencies have also hacked Ukrainian telecoms. Ukraine fought back. It encouraged an “IT Army” of hacktivists to carry out attacks on Russian targets and turned its state hackers onto Russia.

The Kremlin views cyber operations as pivotal to regime security and state power. Ransomware groups and other cybercriminals that operate with Moscow’s permission rake in hundreds of millions of dollars a year, some of it lining corrupt officials’ pockets. Patriotic hackers hear propaganda on TV and launch their own attacks on foreign targets, such as those in Ukraine, fulfilling the Kremlin’s wishes with a veneer of deniability.

State security agencies, meanwhile, use cyber espionage to gather vital intelligence. Russia’s Foreign Intelligence Service has used spearphishing, bruteforcing passwords, and more against defense, finance, and tech sectors during the war. Irrespective of what Putin does or doesn’t commit to vis-à-vis Ukraine, that desire to know what’s going on inside the country will remain.

In a different situation, Ukraine would strike a deal to limit damaging, destructive Russian cyberattacks on its infrastructure. Stopping all cyber espionage is virtually impossible. But there could be red lines drawn to limit the most damaging cyberattacks. Ideally, those lines would start around the most critical infrastructure systems for Ukrainian civilians, such as water treatment plants and hospitals, and apply to disruptive or degrading attacks from both state agencies and criminals.

This would require two things that are unfortunately in short supply: Any semblance of restraint from Moscow and a staffed, functional U.S. diplomatic corps that is able to have serious conversations about cybersecurity with the Russians. Trump’s State Department appointees dismantled the U.S. cyber diplomatic apparatus this summer.

More European governments may have to increase their investments in cyber capacity-building, defensive threat-sharing, and defensive cyber operational support for Ukraine. That is an easier task for some than others. The United Kingdom, for example, has capabilities and resources from its Government Communications Headquarters (its Signals Intelligence agency) or its National cybersecurity Centre to share with Ukraine. Estonia is a world leader in cybersecurity with plenty to offer—it invested tremendously in cyber defense after its own brush with Russian cyberattacks in 2007.

But the leading powers in Europe still have their own threats to tend to from Russia, ranging from rampant cyber espionage to escalating acts of sabotage. And even the major European powers may not have the money, capabilities, and expertise needed to match what the U.S. could bring to bear for Ukraine’s defense in cyberspace, if it so chose. (The U.S. delivered $82 million of such support to Ukraine in the first two years of the war).

Russian cyber threats will continue—regardless of whether the West is ready to step up defenses. The U.S. seems to think it has the luxury of ignoring that threat. But failing to meet the challenge, for Ukraine and Europe, is simply not an option.

Guest commentaries like this one are written by authors outside the Barron’s newsroom. They reflect the perspective and opinions of the authors. Submit feedback and commentary pitches to ideas@barrons.com.