As international tensions increase, so does the threat of state cyber attacks. The example of Ukraine shows how data in the cloud can be more easily protected from adversary attacks: With help from western allies, the country moved important data and services to the cloud within hours of the start of the war. Ukrainian institutions were thus able to maintain their work.
Intelligence services are preparing for the escalation of conflicts in the digital space. Experiences from Ukraine, defended by numerous cyber specialists from home and abroad, show how online services and data can be effectively protected.
Representatives of intelligence agencies agree that Germany is facing a new Cold War. Sinan Selen, Vice President of the German Federal Office for the Protection of the Constitution (BfV), said at the Potsdam Conference for National Cyber Security of the Hasso Plattner Institute (HPI): "In the new Cold War, all means are permitted, too. The difference to the old cold war is that the range of possibilities has become much wider. According to Selen, it is no longer just about the economy and politics, but about society as a whole.
Opponents permanently analyse Germany's weak points
Major General Wolfgang Wien, Vice President of the German Federal Intelligence Service (BND), comes to a similar assessment: "Peace, crisis, war has become competition, crisis, war", i.e. constant competition between systems in peacetime. This is a strongly reminiscent of phases from the Cold War of the last century, such as the Sputnik shock. Then the competition raged in space, now in cyberspace. Adversaries are constantly searching Germany's IT landscape for weaknesses "in order to prepare things that can be directed against us", reports Wien. Accordingly, one must position oneself in cyberspace in order to be armed against them. Wien adds: "Every weakness of ours is analysed 1:1." But Gerhard Schabhüser, vice-president of the German Federal Office for Information Security (BSI), emphasises: "There is no cyber war between Germany and Russia". Nevertheless, he says, cyberattacks have regularly increased with new arms deliveries from Germany to Ukraine.
In recent years, Ukraine has received massive support from Western countries to build a cyber defence, with cloud services being a priority. "Cloud services have the potential to be very robust. We have also seen that in Ukraine," confirms Schabhüser. With Western help, they had begun to outsource important services to the cloud at an early stage. Large providers such as Amazon and Microsoft have made contingents available for this and offered assistance. In December last year, the Ukrainian digital minister Mychaylo Fedorov reported on these measures at a conference in the US: "We have backed up all our data in the cloud, and we use thousands of satellite terminals from various companies". Confidently, he said, "Russia cannot destroy this cloud, nor can it attack these terminals." Immediately after the invasion began, hundreds of terabytes of data were moved from Ukrainian servers to the cloud within 48 hours using the AWS data transport system "Snowball", Fedorov said. Snowball is based on hardware containers that allow customers to transfer large amounts of data without needing data lines with large bandwidths.
Ukrainian Cyber Army with numerous volunteers
In the meantime, the Ukrainian data stock at various cloud providers is said to have grown to several dozen petabytes. According to Fedorov, this has enabled Ukrainian institutions to continue operating despite missile attacks and power outages. Digitalisation was already a central focus for Ukraine before the war. Citizens can access many state services via apps, for example. This is now benefiting the country. With the start of the Russian attack, Fedorov said he built up an official cyber army with around 300,000 specialists who are said to have volunteered for this. How many of them come from Ukraine or are foreign supporters, he left open.
Russia shifts attacks to IT components
IT security specialists from the Google subsidiary Mandiant, who have been working in Ukraine for a long time, report a shift in attacks by the Russian intelligence service GRU. Instead of the phishing attacks that were common in the past, they now directly target IT components such as firewalls, routers and email servers. To do this, they exploit vulnerabilities in these devices. Control over these systems is often accompanied by control over the entire network or communication. The Mandiant analysis also makes clear that Ukrainian networks and servers had already been infiltrated a year before the invasion. These access points were massively used after the invasion to launch further attacks from there. BfV vice-president Selen warns: "Our counterparts are prepared to use all means; only a fraction of this becomes visible".
Author: Uwe Sievers