Silicon Shadow: The Influence of Big Tech in Russo-Ukrainian Cyber Warfare

Lauren Bassett
International Relations
Easter Term, 2024
Cambridge Journal of Political Affairs, 5(1), pp. 70-116

Abstract

‘Be afraid and expect the worst. This is for your past, present and future’. Such was the stark warning left by hackers on the defaced website of the Ukrainian Foreign Ministry on 14 January 2022. One month later, Russia’s invasion of Ukraine ushered in a new era of cyber warfare. Despite high expectations for Russian cyberattacks in the buildup to the war, the prolific attempts of Russian cyber forces appear to have found little success. This article analyses the decisive role American ‘Big Tech’ companies have played in Ukraine’s cyber resilience throughout the conflict. The work focuses specifically on three companies: Amazon AWS, Microsoft, and Google. Through examination of open-source intelligence, company data, and government reports, this article reveals the reliance of the Ukrainian government on the private sector for the surveillance, response and prevention of Russian cyberattacks and explores the increasing dependence of state governments on multinational corporations for implementing cyber strategy. I argue that traditional cyber studies have historically underestimated the significance of private corporations in cyberspace, and outline the significant theoretical, empirical, and policy implications of this finding, both for the war in Ukraine and for the future of cyber warfare.

Introduction

Large-scale cyber operations had never been involved in a major open conflict (Carnegie Endowment for International Peace 2024; Lewis 2022, 1; O’Neill 2022), and Western fears of Russian cyberattacks in the war were mounting. During the buildup to the invasion, experts were sounding the alarm about impending waves of devastating Russian cyberattacks on Ukrainian infrastructure (Psaki, Neuberger and Singh 2022). On 12 February 2022, former NSA Director and U.S. Cyber Command founding director Keith Alexander declared, ‘Ukraine is already facing the cyber-equivalent of a howitzer’ (2022). On 26 February, The Atlantic published an article titled, ‘The Threat of Cyberwar Has Finally Arrived’ (Bogost 2022). Weeks later, President Joseph Biden warned, ‘The more Putin’s back is against the wall, the greater the severity of the tactics he may employ…one of the tools he’s most likely to use in my view, in our view, is cyberattacks’ (Miller and Sabin 2022).

Leaders had reason for concern. One does not need to reach far into their imagination to foresee possible Russian cyberattacks on Ukrainian infrastructure. Ukraine has long been called Russia’s ‘testing ground’ for cyberwar (Greenberg 2017). In June 2017, Russia launched the NotPetya malware attack against Ukraine, ultimately totalling over $10 billion in damages worldwide, becoming the most destructive cyberattack ever deployed (Ng 2018). Across the entirety of Ukraine, personal and government networks were destroyed. Ukrainians described being left stranded as transit systems crashed and stuck without petrol and groceries as ATM and credit card machines were frozen (Greenberg 2018). Given the success of its previous cyberattacks on Ukraine, as well as a successful cyberattack against Ukrainian satellites on the day of the invasion (O’Neill 2022), Russia appeared to have the upper hand against Ukrainian cyber defences. Thus, it followed that Russia’s propensity for unleashing cyberattacks upon Ukraine would only become bolder during the war. The typically cited obstacles to cyber escalation, such as deterrence (Fischer 2019) and norms against attacking civilians (Mačák 2017), had already failed. The failure of Russia’s conventional military during the war (Bergmann 2023; Golts 2023; Martin, Barnett and McCarthy 2023), as well as Putin’s weakening domestic standing (Gessen 2023; Gould-Davies 2023; Stanovaya 2023), created a major incentive to use every tool available. As such, the war in Ukraine offers the most compelling case study for examining the impact of cyberattacks in open conflict; it is a case in which the attacker has every reason to strike.

Yet, almost two years after the invasion, many of these predictions about destructive cyberattacks have yet to come to fruition. Indeed, the performance of Russian cyber operations during the war in Ukraine appears to be significantly weaker than many scholars anticipated. There may be successful Russian cyber operations that remain undiscovered or undisclosed. However, highly disruptive cyberattacks on Ukraine – such as those targeting critical infrastructure – would, by their nature, be known to the Ukrainian public. Still, there have yet to be signs of the ‘Cyber Pearl Harbor’ that had been once forecasted by policymakers (Bumiller and Shanker 2012). Whilst there has been much discussion on the role of disinformation and espionage during the war, headlines reporting large-scale destructive effects of Russian malware remain rare. In this sense, Russian cyber forces are dogs still yet to bark.

It is hard to overstate the importance of this case study to the field. On a conceptual level, the role of cyber in Ukraine provides insight into theories of the ‘Cyber Revolution’ (Kello 2017) and the possible role of cyber as the ‘fifth domain’ of warfare (Clarke and Knake 2019). The success of Russian destructive cyberattacks (or lack thereof) also relates to notions on the balance of offence and defence in cyber conflicts, the view of cyber as a ‘weapon of the weak’ (Park 2016; Craig and Valeriano 2016 144; Dossi 2019, 281) and its possible integration into kinetic operations. As for policy implications, the invasion of Ukraine has led to the biggest land war in Europe since World War II, initiated by a nation often regarded as a ‘cyber superpower’ (Breene 2016; Riaz Shad 2018, 45). Russian cyber strategy, no matter how it ultimately manifests, is currently setting precedents and moulding the expectations of government, military, and private sector leaders around the world. The evidence gathered from this case will shape the creation of policies guiding the future of cyber warfare.

Several theories have been posited to help explain the lack of impactful Russian cyberattacks during the war in Ukraine (Bateman, Beecroft and Wilde 2022; Levite 2023). A theory often cited in the early weeks of the conflict suggested that Putin was merely waiting to ‘play the cyber card’ (Kallberg 2022). However, as the war continues, this scenario appears increasingly unlikely. It has also been suggested that Russian cyber forces are simply too weak and lack the capability to launch destructive cyberattacks (Ramjug 2022). Similarly, the emphasis of Russia’s Gerasimov Doctrine on nonmilitary methods of conflict, such as intelligence and subversion, has been underlined (Wilde 2022), as well as the risk of a cyber ‘spillover effect’, suggesting that Russia is wary of launching a cyberattack that could potentially spread beyond the borders of Ukraine and provoke NATO members (Schulze and Kerttunen 2023).

However, whilst these theories demonstrate important insights, they do not offer a fully satisfactory explanation for the weaker role of cyber in the conflict. As will be discussed, reports of cyber operations in the war do not support disincentivised or incapable Russian cyber forces. Russian cyberattacks in Ukraine have been ‘formidable, intensive, even ferocious’ (Smith 2022 2:23). Furthermore, Russia has shown no qualms about striking Ukrainian civilian infrastructure through conventional means (Harmash 2023; Jayanti 2023). Indeed, the data suggests that Russian forces have been prolific in their attempts to launch cyberattacks against Ukraine, but they have found little success against a robust Ukrainian cyber defence.

Though there are undeniably many factors contributing to the strength of Ukraine’s cyber defence, one aspect remains understudied. Indeed, despite the integral influence of the private sector in cyberspace, the role of American technology companies during the war in Ukraine has largely been overlooked. Much of the existing literature has focused on the impact of international state-backed aid to Ukrainian cyber defence (U.S. Department of State 2022) and the consequences of Western companies’ content-moderation policies and withdrawals from Russia (Turner Lee and La 2022). Yet, the emergence of for-profit companies as major players in cyberspace during the war in Ukraine has significant theoretical, empirical, and policy implications. The role of non-state actors in cyberspace is not a novel topic of study, but non-state actors have rarely been credited with the resources and effectiveness of state-backed cyber forces. Furthermore, U.S. government officials have been evasive throughout the war when pressed on the rising influence of American private technology companies (Swisher and Neuberger 2022 18-28).

With that in mind, this article examines the indispensable role of Big Tech in the cyber conflict between Russia and Ukraine during the war. Not only have large American companies such as Amazon, Microsoft and Google been pivotal in rebuffing Russian cyberattacks, but their importance in this conflict also highlights the rise of private technology companies as major players in cyberspace. Instead of simply supporting state actors, private companies now wield cyber capabilities that rival, and even surpass, those of nation-states. The argument proceeds in three sections. First, I outline the available data on Russia’s attacks in cyberspace thus far in the war in Ukraine. Next, I analyse the actions and impact of private technology companies in bolstering Ukrainian technological defence and resilience. Finally, I discuss the broader empirical, political, and theoretical implications garnered from this examination.

Russian Cyber Operations During the War

Whilst much of the data on Russian cyberattacks against Ukraine remains confidential, there are still significant takeaways from open-source intelligence and technology company reports. From publicly available data, the key theme that emerges on the state of cyber conflict in Ukraine is that Russia is trying. Beyond intelligence and infowar operations, Russia has remained prolific in its attempts to launch destructive cyberattacks against Ukrainian data and infrastructure. As described by Microsoft president Brad Smith, ‘Russia has been careful in 2022 to confine destructive ‘wiper software’ to specific network domains inside Ukraine itself. But the recent and ongoing destructive attacks themselves have been sophisticated and more widespread than many reports recognize’ (Microsoft 2022, 2). Google’s Threat Analysis Group (TAG) described the cyberattacks on the Ukrainian government as ‘near-constant’ (Huntley 2023). Mandiant, a threat analysis group within Google Cloud, reported ‘more destructive cyberattacks in Ukraine during the first four months of 2022 than in the previous eight years with attacks peaking around the start of the invasion’ (Google 2023, 14).

The most commonly reported destructive attack has been wiper deployment and activation (Michel 2023). Wiper malwares, like the HermeticWiper and WhisperGate attacks launched by Russia during the war, encrypt files on infected devices and destroy networks (Cybersecurity and Infrastructure Agency 2022). On the day before the invasion, Russian military intelligence targeted hundreds of Ukrainian government, infrastructure and commercial organisations with destructive wiper attacks (Microsoft 2022a, 2). The most significant cyberattack thus far in the war has been the wiper malware unleashed against Ukrainian satellite provider Viasat on the day of the invasion, taking over 40,000 modems offline (Greig 2023). As noted by Mark Colacula, Chief Information Security Officer at Viasat, ‘In some cases, it was very sophisticated and they had a deep understanding of how our network worked’ (Greig 2023). Other targets of wiper malware have included Ukrainian telecommunications, media, financial institutions and government networks (Google 2023a 14-15). From May to October of 2023, Russian cyber threat group Sandworm targeted at least eleven internet and telecom providers in Ukraine. These attacks included credential stealing, hack-and-leak operations, and service disruption (Antoniuk 2023). As of March 2023, there had been over 17,000 attempts to break into the networks of Ukraine’s largest mobile provider, Kyivstar (Klochky 2023).

Russian cyberattacks have also potentially been used in conjunction with kinetic military operations on several occasions. On 11 March 2022, a Ukrainian government agency in Dnipro was hit with a destructive implant via a cyberattack, as well as by direct Russian strikes (Defending Ukraine 2022, 7-8). On 10 and 12 October 2022, Sandworm deployed novel malware against a Ukrainian critical infrastructure company, causing a blackout in conjunction with a Russian kinetic attack (Proska, Wolfram and Wilson 2023). As reported by Mandiant, ‘Sandworm potentially developed the disruptive capability as early as three weeks prior to the OT event, suggesting the attacker may have been waiting for a specific moment to deploy the capability’ (Proska, Wolfram, and Wilson 2023). This pattern was repeated in Russian attacks on Lviv, a critical transportation hub for Ukrainian armed forces and humanitarian aid. On 19 April 2022, Sandworm launched a destructive attack against a logistics provider in Lviv, followed by further reconnaissance on the Lviv transportation sector on 29 April. These cyber operations were followed by a kinetic missile strike on Lviv railway substations on 3 May (Microsoft 2022b 7).

The Role of Private Technology Companies in the War

However, whilst Russia has undoubtedly been active in cyberspace, the impact of its cyber operations appears to be limited. Indeed, other than the Viasat satellite attack at the beginning of Russia’s invasion, there have been few large-scale disruptive cyberattacks reported in Ukraine. This is not to say that Russia’s cyber forces as a whole have had a limited impact during the war. Given that much activity in cyberspace is covert, there may be potent Russian cyber operations that remain undisclosed or undiscovered. However, successful attacks that cripple essential civilian services would likely be known to the public. It is these attacks that were forewarned by experts in the leadup to the invasion (Alexander 2022; Bogost 2022; Miller and Sabin 2022), and it is these attacks that have remained startlingly rare.

One critical factor appears to be the aid of private technology companies to Ukraine’s cyber defence. Though many companies have been influential throughout the conflict (Hill 2022), this paper will focus on three critical players: Amazon Web Services (AWS), Microsoft, and Google. These three companies were awarded the Ukrainian Peace Prize by President Volodymyr Zelenskyy for their support during the war (Nolan 2022).

Much of the open-source data on these companies’ actions is derived from their own reports Potential company biases will be discussed further. However, whilst these findings are preliminary, they suggest some key takeaways. This section will summarise the actions taken by each company before discussing their implications for the future of cyber policy.

Amazon Web Services (AWS)

Ukrainian Minister for Digital Transformation Mykhailo Fedorov concisely explained the impact of AWS in Ukraine: ‘Amazon AWS literally saved our digital infrastructure’ (2022b).

Days before the outbreak of the war, the Ukrainian government passed a law allowing for government data to be moved from on-premises data centres into cloud storage (Law of Ukraine about Cloud Services 2022). Then, as the Russian invasion began, AWS head of government transformation Liam Maxwell met with Ukrainian Ambassador Vadym Prystaiko at the Embassy in London. Together, they created a plan for the massive transfer of critical Ukrainian data to the AWS cloud (Mitchell 2022). Within three days, AWS Snowball devices – tools for large transfers of data – arrived in Ukraine, and within four months, AWS had moved 10 petabytes (10 million gigabytes) of Ukrainian data to AWS cloud centres (Amazon 2022e).

This move to the cloud has been key. As described by Fedorov, ‘Cloud services became a life-saver’ (Fedorov 2022a). One of the main goals of Russian cyberattacks has been the destruction of critical Ukrainian data. By transferring this data to undisclosed AWS cloud centres around Europe, Ukraine made the mere targeting of such cyberattacks far more difficult. Furthermore, Ukraine reduced its vulnerability to Russian missile attacks that targeted on-premises data centres (Demarest 2022). Even as buildings were destroyed, the data remained intact. Fedorov elaborated on the significance of cloud capabilities at the AWS re:Invent 2022 event:

AWS leadership made a decision that saved [the] Ukrainian government and Ukrainian economy. The solution to save Ukrainian databases and state registers was cloud migration. AWS made one of the biggest contributions to Ukrainians’ victory by providing the Ukrainian government with access and resources for migration to the cloud. What we like the most about this partnership with cloud companies is that Russian missiles can’t destroy the cloud (Moore 2022).

Thus far, the data migrated to AWS cloud centres includes 42 Ukrainian government authorities, 24 Ukrainian universities, property ownership records, tax records, and anti-corruption databases (Mitchell 2022; Amazon 2022e). The private sector also transferred data – most notably Ukraine’s largest bank, PrivatBank, which serves 40% of the population. With the help of AWS, PrivatBank moved all of its operations in 2022, including 270 applications and 4 petabytes of client data, from 3,500 Ukraine-based servers to AWS cloud centres in under 45 days (Amazon 2022e). Even after the war, PrivatBank shared that they ‘intend to continue operating in this mode further on’ (PrivatBank 2022). AWS has also provided cloud-computing credits and technical support to Optima, Ukraine’s largest remote-learning school that serves over 200 educational professionals and over 100,000 students (Amazon 2022d). Furthermore, Kyivstar signed a Memorandum of Cooperation with AWS on 4 December 2023 (Kyivstar.ua 2023). As part of this agreement, Kyivstar will transition company data to the AWS cloud, in addition to ‘creating a specialized team at Kyivstar with experience working with AWS technology and a focus on data processing and artificial intelligence, as well as cloud infrastructure services’ (Kyivstar.ua 2023).

Though not perfect (Groll and Lilly 2023), the protection of Ukrainian data in the cloud has ensured sustained access to critical services and the preservation of the nation’s history (Amazon 2022a). Despite damaged buildings and infrastructure, Ukrainian schools, companies and government agencies continue to operate with considerably fewer disruptions. The retention of data will also make the recovery process far smoother. For example, the safeguarding of Ukraine’s Land Registry has preserved Ukrainians’ ownership over their properties (Amazon 2022e). Maxwell explained the impact of this innovation: ‘We used to assume that this is just how it is in war—everything gets destroyed and you have to rebuild from nothing. But by migrating to the safety and security of the cloud, the government and its citizen services prevail’ (Amazon 2022e).

In conjunction with its work moving Ukrainian data onto the cloud, Amazon has also provided technical assistance and intelligence to bolster Ukrainian cybersecurity. The company reported on 8 March 2022:

For several weeks, we have been partnering closely with Ukrainian IT organizations to fend off attacks and working with organizations in Ukraine, and around the world, to share real-time, relevant intelligence…In the lead up to this conflict, we consulted with the Ukrainian government, nations across the European Union, the European Commission, the U.S. government, NATO, and other organizations (Amazon 2022b).

Microsoft

Microsoft President Brad Smith said in 2022 that Microsoft was on ‘the frontlines of this cyberwar’ (Smith 2022a, 1:05-1:08). The company’s role in Ukrainian cyber defence began well before the first bullets were fired, including a 24/7 encrypted channel between the company and the government of Ukraine (Groll and Lilly 2023). Thus far, Microsoft has extended over $540 million in technical aid to Ukraine until the end of 2024 (Fedorov 2023a). Microsoft and the Microsoft Threat Intelligence Center (MSTIC) have played a critical role in the detection and response to cyber threats, as well as in Ukrainian data migration. Microsoft’s sprawling network gives it a unique advantage in detecting malicious activity in cyberspace. As explained by Microsoft Vice President of European governmental affairs, Nanna-Louise Wildfang Linde, ‘All the signals — 65 trillion signals — that we analyse every day to make sure that our customers are safe, we have certain insights and information that governments don’t have’ (Rethinking Security 2023).

On 15 January 2022, Microsoft detected the WhisperGate wiper virus targeting non-profit, information technology and government organisations in Ukraine (Microsoft Security Blog 2022a; Cybersecurity & Infrastructure Security Agency 2022). Then, on the morning leading up to Russia’s invasion of Ukraine on 24 February 2022, MSTIC detected the FoxBlade wiper viruses on Ukrainian digital infrastructure. At least five Ukrainian government organisations were targeted (Aviv and Ferri 2023, 4). Microsoft alerted both the Ukrainian and American governments to the threat (Sanger, Barnes and Conger 2022).

Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger explained Microsoft’s pivotal role in the FoxBlade attacks,

Wednesday evening, when Microsoft first alerted to destructive malware on Ukrainian networks, based on those instructions, they quickly alerted us…And then [we ensured] they were connected to the cyber defenders in multiple countries around the world so that those countries could take advantage of the techniques Microsoft had come up with to block that destructive malware (Swisher and Neuberger 2022, 17:25).

Indeed, Neuberger reportedly asked Microsoft Corporate Vice President Tom Burt if Microsoft would share their threat intelligence with other European nations in order to strengthen their cyber defences (Sanger, Barnes and Conger 2022). Four days later, on 28 February 2022, Microsoft President Brad Smith shared,

‘In recent days, we have provided threat intelligence and defensive suggestions to Ukrainian officials regarding attacks on a range of targets, including Ukrainian military institutions and manufacturers and several other Ukrainian government agencies…We also continue to share appropriate information with NATO officials in Europe and American officials in Washington’ (Smith 2022b).

Since then, Microsoft has proven instrumental in detecting cyberattacks and compiling threat intelligence for Ukrainian, American, and European governments, as well as publishing reports for the general public and the private sector (Burt 2023; Microsoft 2022a; Microsoft 2022b).

In addition to its work in threat detection and intelligence, Microsoft’s cybersecurity teams have also played a key role in defending Ukrainian cyberspace by actively disrupting malicious Russian cyber operations. In one instance on 6 April 2022, Microsoft took control of seven domains exploited by a Russian cyber group, redirecting them to a company-controlled sinkhole and neutralising the threat (Burt 2022). Furthermore, tools such as Microsoft Defender and Microsoft Authenticator have helped Ukrainian organisations stay secure. Reflecting Russia’s recognition of the value of these tools, one of the aims of the Russian-deployed PAYWIPE malware was to delete Microsoft Defender from Ukrainian systems (Falcone, Harbison and Grunzweig 2022).

Microsoft also extended Ukrainian government agencies, central and regional governments, universities, schools and hospitals free access to Microsoft Azure cloud capabilities through the end of 2024 (Fedorov 2023b). Azure offers further cybersecurity tools like Firewall and Microsoft Sentinel. Perhaps more importantly, the cloud capabilities of Azure equip the Ukrainian government with more security than on-premises data centres (Microsoft Azure, n.d.). Furthermore, the end-point protected connectivity of Microsoft’s networks and cloud has enabled it to rapidly deploy defences against Ukrainian malware. The company reports, ‘MSTIC on repeated occasions has been able to develop new signatures in just a few hours and distribute them back to devices across Ukraine and more globally. These have played a critical role in halting the movement of destructive malware’ (Microsoft 2022b, 9). For instance, within three hours of identifying the FoxBlade virus, Microsoft added new signatures to detect and defend against the exploit to Microsoft Defender (Smith 2022b). As tweeted by Fedorov, ‘Thanks Microsoft for the strong support. Cloud tech = resilience’ (Fedorov 2023b).

Google

Google’s work in Ukraine earned them the first-ever awarding of Zelenskyy’s Ukrainian Peace Prize (Ministry of Digital Transformation of Ukraine 2022b). The company’s efforts in the war have included extensive campaigns to limit disinformation, disrupting over 1,950 Russian disinformation operations in 2022 (Google 2023a). Google has displayed similar dedication to defending against destructive cyberattacks. Fedorov explained, ‘Google services have become our infrastructure. The tools provided by the company allowed the Government to function quickly and efficiently despite the shelling and constant threats of cyberattacks. In addition, Google ensures protection and security of Ukrainians’ data’ (Ministry of Digital Transformation of Ukraine 2022a).

Google provides protection through a variety of tools and services. After the Russian invasion, Google extended free access to Project Shield (Venables 2022) for Ukrainian public sector and government organisations, protecting against Distributed Denial-of-Service (DDoS) attacks that attempt to shut down websites by overloading them with activity. Project Shield ‘allows Google to absorb the bad traffic in a DDoS attack and act as a ‘shield’ for smaller websites, allowing them to continue operating and defend against these attacks’ (Walker 2022a). By 4 March 2022, over 200 government, humanitarian, and news organisations in Ukraine had taken advantage of this expanded protection (Walker 2022a). In addition, Google automatically increased account protections for users in the region. Google’s Advanced Protection Program, which protects against phishing, malicious downloads and information stealing, has been employed by hundreds of high-risk accounts in Ukraine (Google, n.d.; Walker 2022a). Furthermore, the company is offering a free version of the Google Security Command Center, which helps in threat detection and prevention (Venables 2022). The Security Command Center also includes artificial intelligence solutions ‘with near-instant analysis of security findings and possible attack paths … summarizing threat criticality, implications, and remediation next steps’ (Google Cloud, n.d.).

Google has also been active in threat intelligence and response. In March 2022, President of Global Affairs Kent Walker explained the company’s security teams were ‘on-call 24/7 to protect Ukrainian users and important local services’ (Walker 2022a). Google’s Threat Analysis Group (TAG) has done extensive work in threat intelligence, publishing their reports on Russian cyber operations throughout the conflict (Huntley 2023a; Huntley 2023b). All identified malicious websites and domains are added to Google’s Safe Browsing feature, limiting user exposure (Leonard 2023). Furthermore, TAG created notification systems for Gmail and Google Workspace users of Russian government-backed attacks (Leonard 2023). Mandiant also runs a Ukraine Crisis Resource Center (Mandiant, n.d.) offering free threat intelligence and preventative measures for organisations at risk and assisting in ‘providing direct assistance to Ukrainian government entities under the Cyber Defense Assistance Collaborative’ (Walker 2022b).

Akin to Microsoft and Amazon, Google’s influence is largely due to the company’s (and parent company Alphabet’s) global reach. Google’s vast ownership of platforms provides both the capability and the authority to disrupt malicious activity. From YouTube to Gmail to Android, Google’s sprawling reach allows for quicker threat detection and response. In one example from March 2022, Google disrupted a credential-harvesting attack by taking down malicious domains on the Google-owned site Blogspot (Google 2023a, 18).

Finally, Google donated 50,000 Google Workspace licenses to the Ukrainian government, giving access to Gmail, Google Drive, and Google Meet, among other services (Walker 2022b). Some of Google Workspace’s advantages include Zero Trust frameworks, client-side encryption, malware and ransomware protections, and secured endpoints (Google Workspace, n.d.). In addition, Google Workspace employs AI security protections, including classifying sensitive data and scanning over 200 billion Google Drive items each month to block unauthorised data exfiltration (Google Cloud 2022, 16:10-16:55). According to research by Google, ‘Gmail’s AI-powered defences stop more than 99.9% of spam, phishing and malware from reaching inboxes’ (Kumaran 2023). Ukrainian businesses are utilising Google Workspace as well. Vladyslav Voloshyn, Director of Information Technology at Ukraine’s fourth-largest bank, Ukrgasbank, described Google Workspace’s effect on the company’s security, ‘Before switching to Google Workspace, we installed anti-virus and anti-spam software on all our employees’ devices to prevent data breaches. We no longer need those services now that we’re using Google Workspace’ (Voloshyn 2023).

How Reliable is the Private Sector?

Private technology companies and government officials have publicly lauded the actions of Big Tech in fortifying Ukrainian cyber resilience. However, it is important to note the clear incentives for both groups to overreport their successes. The American and Ukrainian governments likely benefit from emphasising the strength of their cyber defence against Russia, minimising civilian fears and developing a positive narrative surrounding the conflict. They may also be motivated to portray these companies in a positive light to ensure their continued aid.

In addition, by stressing the supposed threat of Russian cyberattacks, private companies can present their cybersecurity services as more effective. As many of the services provided to Ukraine are also available to civilians (Google’s Project Shield, AWS cloud services, Microsoft Defender, etc.), the cyberwar in Ukraine has simultaneously transformed into a unique opportunity for product advertising. Corporations can not only highlight their company values by aiding Ukraine’s military, but they can also demonstrate the superiority of their products whilst facing off against a nation-state actor like Russia.

It is also critical to remember that these companies are governed by CEOs, shareholders and the market. The conflict between public safety and the interest of private shareholders has already led to controversy in the war around both the reliability of company information and of their services. First, Microsoft’s 2022 Report ‘Defending Ukraine: Early Lessons from the Cyber War’ offered pages of statistics on the company’s success in defending Russian cyberattacks. However, the report was soon met with scepticism, as some experts questioned Microsoft’s evidence and analysis (Smalley 2022). For example, Microsoft claimed that only 29% of attempted Russian cyber intrusions succeeded (Microsoft 2022b, 3, 11), but offered little basis for this statistic. One scholar questioned, ‘What is the scope of Russian cyber activity that you’re catching as Microsoft, with your data, or that you’re measuring, and what might you be missing?’ (van Landingham 2022, cited in Smalley 2022). Another scholar described Microsoft’s work as an ‘attempt to take technical research and turn it into a strange lobbying opportunity’ (Guerrero-Sade 2022, cited in Smalley 2022).

Accordingly, the reports of the significant aid by private companies to Ukraine’s cyber defence cannot be assumed as completely accurate. There may still be much left unreported or underreported. It is telling that Microsoft and Google’s reports on cyber activity during the war (Microsoft 2022b; Google 2023a) only detailed Russian offensive cyber operations whilst offering little, if any, information on the cyber strategy of Ukraine.

Whilst the open-source data on companies’ effectiveness has its limitations, there are still preliminary conclusions that can be drawn. The data sample suggests that private companies – most notably Amazon, Microsoft, and Google – have become critical figures in inter-state cyber conflict. Microsoft informed NATO and Ukrainian officials of cyber threats (Swisher and Neuberger 2022, 17:25). Google ran the front-lines of defence against Russian phishing attacks (Kumaran 2023). AWS moved critical data that would have otherwise been destroyed in missile strikes (Demarest 2022; Mueller et al 2023). These companies are not simply supporting governments, but offer critical functions within the war ranging from threat detection to attack remediation to citizen protection. Indeed, even if the reliability of companies’ sources remains uncertain, both private and public officials have demonstrably been emphasising the importance of the private sector for Ukrainian cyber operations. This narrative accords legitimacy to private corporations in the realm of cyber warfare and, as will be discussed, underlines the impetus for governments to secure future private sector partnerships.

Still, the continued aid of these companies is far from guaranteed (Lilly et al 2023, 79). The volatility of their support has already been demonstrated in Ukraine by the ups and downs of Starlink, the satellite communications company owned by American technology billionaire Elon Musk. The lives saved by the company in Ukraine ‘can be measured in the thousands’ (Satariano et al 2023). Yet, Starlink has not always aligned with the wishes of the Ukrainian or United States governments. In September 2022, Musk announced that Starlink would no longer provide services to Ukraine for free and requested that the Pentagon pay their fees (Marquardt 2022). He withdrew his request in the same month, tweeting, ‘To hell with it … even though Starlink is still losing money & other companies are getting billions of taxpayer $, we’ll just keep funding the Ukraine govt for free’ (Marquardt 2022). Perhaps even more worryingly, Musk has impacted Ukrainian military strategy through his willingness (or lack thereof) to provide Starlink services. Again in September 2022, Musk admitted to having refused to enable Starlink for a Ukrainian military strike, thus halting the mission (Kim 2023). One senior Ukrainian official angrily observed the consequences: ‘As a result, civilians, children are being killed. This is the price of a cocktail of ignorance and big ego’ (Podolyak 2023). Thus, the case of Starlink highlights the crux of the issue – whilst these companies have been willing to aid Ukraine during the war, there is no guarantee their charitability will endure or be replicated in the future.

Discussion

An analysis of cyber operations in the war in Ukraine reveals a complex ecosystem of nation-state and private actors. The lack of successful Russian cyber operations in the conflict cannot solely be attributed to a weak Russian offence or a strong Ukrainian defence, but must also take into consideration the impact of large, private American technology companies. The dependence of the Ukrainian cyber strategy on the private sector has a host of ramifications for our understanding of international relations in cyberspace, particularly as companies and governments alike strategise for the future of cyber warfare.

Theoretical Implications

First, non-state actors in cyberspace appear to be much more sophisticated and influential than previously recognised. A significant portion of cyber studies thus far concerning the role of non-state actors in conflict has focused on groups such as cybercriminals and cyber militias whose capabilities cannot compete with those of state governments (Francis 2020, 39-41; Ohlin, Govern and Finkelstein 2015, 104–11; Paganini 2022, 10-12l; Handler 2022). Indeed, much of the research has either portrayed private companies as benign actors subordinate to their governments (Francis 2020, 9; Sigholm 2013, 21) or primarily as victims of cyberattacks themselves (Colvin, Garrie and Rao 2013; Ohlin, Govern and Finkelstein 2015, 106). This analysis is misinformed. The most powerful non-state actors in times of cyber conflict may well be corporations, and their capabilities can rival, if not surpass, those of nation-states. Indeed, it is private companies that dominate the digital domain – these companies created it, monitor it, and will likely determine its future through innovation (Matania and Sommer 2023, 21). Nations may attempt to exploit cyberspace for their own interests, but they are still playing on the turf of the private sector. In this sense, cyberspace is always under the shadow of Big Tech.

Moreover, in contrast to the traditional notion of offensive dominance in cyberspace (Healey 2021; Liff 2012, 414-417; Nye 2010, 5), the war in Ukraine demonstrates that robust cyber defence may be possible. However, cyber defence may be best suited for private sector actors, as opposed to military or government agencies. Whilst governments have the legitimacy to pursue offensive operations, cyber defence is most effectively provided by actors with the greatest insight into cyber activity. As such, the ‘trillions of signals’ (Rethinking Security 2023) that are monitored by Microsoft offer it an advantage that is difficult to replicate. This is particularly important as cyber threats continue to mount and governments must decide how best to allocate their capacities (Brooking and Lonergan 2023). This difference between offensive and defensive capabilities in cyberspace is reflected in the changing U.S. cyber strategy. The U.S. Department of Defense’s 2015 cyber strategy implored, ‘The Defense Department must develop its intelligence, warning, and operational capabilities to mitigate sophisticated, malicious cyberattacks before they can impact U.S. interests’ (U.S. Department of Defense 2015, 14). However, such boldness is absent from the Department’s 2023 cyber strategy (Brooking and Lonergan 2023), which explains that ‘The Department, in particular, lacks the authority to employ military forces to defend private companies against cyber attacks’ and thus ‘the Department will not posture itself to defend every private sector network’ (U.S. Department of Defense 2023). Now, it appears that as governments release expectations to provide all-encompassing cyber defence, private companies’ importance in the sector will continue to grow.

The final main theoretical implication of these findings is that cyber does not appear to be the asymmetric ‘weapon of the weak’ as once-predicted (Park 2016; Craig and Valeriano 2016, 144; Dossi 2019, 281). Indeed, whilst cyberattacks may initially appear to have a lower barrier for entry than conventional attacks, in fact effective major cyber operations require high levels of expertise and resources. As such, cyber is not an asymmetrical weapon that leaves wealthy, target-rich nations exposed to guerrilla cyberattacks from less-resourced actors. Instead, the case of Ukraine demonstrates that the sophisticated cyber capabilities required for successful cyberattacks are inaccessible to most individuals, companies, and governments. Indeed, the global networks of private companies and the millions of users that comprise them accord Microsoft, Google, and AWS cyber insights that cannot be replicated. As such, rather than cyberattacks being described as a weapon of the weak, it may be more accurate to describe cyber defence as a ‘power of the few.

Policy Implications

This evolving understanding of international cyber relations invites important policy recommendations for companies and governments alike. Both must tread carefully into the future of cyber warfare. Corporations involved in the war in Ukraine have undertaken a significant risk by setting a precedent for assisting in military cyber conflicts. Whilst they may not be obligated to help nations in future wars, refusal of aid could result in backlash from the public. At the same time, willingness to engage in future conflicts may worry or deter investors. Furthermore, nations around the world have been observing the actions of technology companies during the war in Ukraine, most notably of their close coordination with the Ukrainian and NATO governments. As a result, these companies may find it more difficult to expand globally, as countries may be wary of their potential political allegiances. After aiding Ukraine, Musk reported that Starlink had been subjected to several cyberattacks (Lilly et al 2023, 78-79). Thus, Technology companies may be more of a target for governments planning future clashes with NATO nations – a salient example being China in light of a possible conflict in Taiwan. Furthermore, as seen with the migration of Ukrainian data onto the cloud, company cloud centres around the world became targets of cyberattacks (Sockrider 2022). This sparks a host of political and legal considerations in terms of responsibility over the safekeeping of nations’ most precious data.

In addition, though most companies supported Ukraine against Russia’s invasion, choosing which nations to defend may be more difficult in future conflicts. Companies may also be caught in the difficult position of selecting one government over another or facing the significant conflict of interest from assisting both. What happens when two nations whose populations both heavily use Google services come into combat? How will companies decide which users or services to prioritise? Companies have little choice but to protect their own products from attack, yet the line between defending their users’ interests and defending national interests is becoming increasingly blurred. What is clear, however, is that private companies will no longer be assumed to be neutral players in cyber conflict. Even a refusal to get involved may be interpreted as a political statement. Moving forward, it is now necessary for companies to develop their own policies for interstate cyber warfare.

Further, , states must now focus on procuring private sector support for their own protection. These companies sell their services as commercial products and are thus not restricted by the same regulations as government contractors. Ensuring aid from these key non-state actors has become critical, as states are quickly recognising the private sector’s impact on cyber defence and resilience. Nations preparing for conflict should learn from the war in Ukraine and begin to procure some of the vital services – like cloud capabilities – for themselves. As explained by President Biden in the U.S. 2023 National Cybersecurity Strategy:

The private sector has growing visibility into adversary activity. This body of insight is often broader and more detailed than that of the Federal Government, due in part to the sheer scale of the private sector and its threat hunting operations, but also due to the rapid pace of innovation in tooling and capabilities…Effective disruption of malicious cyber activity requires more routine collaboration between the private sector entities that have unique insights and capabilities and the Federal agencies that have the means and authorities to act (The White House 2023).

Furthermore, on 7 December 2022, the U.S. Department of Defense announced the new Joint Warfighting Cloud Capability Procurement (U.S. Department of Defense 2022). This agreement with Google, Microsoft, Amazon (AWS), and Oracle ‘will provide the [Department of Defense] the opportunity to acquire commercial cloud capabilities and services directly from the commercial Cloud Service Providers (CSPs) at the speed of mission, at all classification levels, from headquarters to the tactical edge’ (U.S. Department of Defense 2022). Among the many benefits of this agreement listed by the Department of Defense are ‘resilient services,’ ‘advanced data analytics’ and ‘fortified security’ (U.S. Department of Defense 2022). It still remains to be seen whether contracts like this will be enough to ensure sufficient aid in future conflicts; a cyber conflict between the U.S. and China may manifest very differently than in Ukraine.

Europe, too, has taken note of the decisive role of private technology companies – as well as their U.S. origins. These companies have become enormous sources of American soft power and influence abroad. There is notable anxiety in Europe at the prospect of relying on an American ‘cyber umbrella’ (Bateman, Beecroft and Wilde 2022). As explained by Dr. Benedikt Franke, Vice Chairman and Chief Executive of the Munich Security Conference, ‘There are a good 60 percent [of Europeans] who are worried about having their data stored outside the European Union, that are worried about the U.S. government’s intent. You know in Germany we still talk about Angela Merkel’s mobile phone being hacked by the U.S. government. No hard feelings, but it’s still a thing’ (Rethinking Security 2023). These feelings were reflected in the annual conference of the European Defence Agency (EDA) on 30 November 2023, in which European Council President Charles Michel proposed ‘a European cyber force that would be a fundamental component of our European defence’ (Michel 2023.)

The incentive to invest in domestic cyber capabilities is also heightened by their potential use as a tool of diplomacy. A similar controversy arose when Israeli company NSO released the revolutionary spyware Pegasus. As every foreign sale of Pegasus must be approved by the Israeli defence ministry, there have been accusations that the Israeli government utilised Pegasus as leverage for international bargaining (Robinson 2022). Reports found that, after receiving Pegasus, Panama and Mexico began to vote more favourably to Israel at the UN. Furthermore, most of the nations that signed the 2020 Abraham Accords had been approved for access to Pegasus (Robinson 2022). Whilst there may certainly be other factors contributing to these events, the case of Pegasus demonstrates a potential future in which access to technology companies’ cyber capabilities is governed by their domestic governments.

Though the full co-optation of private technology companies may seem an extreme scenario, striking the right balance between public and private partnerships will undoubtedly be difficult. On the one hand, there have been calls from U.S. military leaders for greater integration between the government and private sectors, meaning continuous collaboration and constant information sharing (Alen, Eaton and Stieler 2023, 28). Integration of the public and private sectors offers several benefits. The information and capability-sharing would likely make threat detection and response easier and faster. It would also likely better ensure the prioritisation of public safety over private interests. As discussed above, it is in the interest of companies to garner positive publicity by effectively responding to cyber threats. Accordingly, in the crowded field of cyber defence, there is motivation for companies to guard information on potential threats for themselves so that they alone can best respond (Brashaw 2017, 114). As explained at the FIRST conference for cyber incident response, ‘if you know what the winning lottery numbers are going to be, you aren’t going to share them’ (Railton 2015, cited in Bradshaw 2017, 114). Whilst this practice may benefit companies, it also leaves cyberspace less secure. Government involvement in cyber defence of a kind that requires constant collaboration among technology companies could reduce competitiveness in cyber defence and prioritise national cybersecurity.

However, there are also serious risks in integrating the public and private cybersecurity sectors. In some ways, such collaboration could undermine the goals of governments and companies alike. Companies risk being viewed as extensions of the government, undermining the perceived security of their services as well as inviting serious consumer privacy concerns (Bannelier et a 2019, 72). For governments, integration of the private sector may lead to companies’ actions being conflated with national policy (Romanosky and Boudreaux 2020, 480), risking serious disruption and a lack of control.

Thus, in light of the cyber conflict in Ukraine, governments are now in the difficult position of navigating the role of private companies in cyberspace. They must keep companies aligned with national interests without appearing to co-opt them for national use. Agreements like the Joint Warfighting Cloud Capability Procurement appear to be a good start at establishing effective, routine partnerships without full integration – building a bridge between the private and public sectors without attempting to combine them. However, as taught by the war in Ukraine, our understanding of cyberspace is constantly and profoundly evolving. How cyber operations manifest in future conflicts remains to be seen.

Conclusion

The war in Ukraine offers critical information on the role of private technology companies in cyberspace. In contrast to initial expectations, Russia’s cyber impact thus far in the war has been relatively limited. However, analysis of publicly available evidence suggests that their lack of impact has not been due to a lack of trying. Indeed, Russian cyber operations appear to be prolific and often target critical Ukrainian infrastructure. A possible explanation for the strength of the Ukrainian cyber defence is the role of American Big Tech companies. These private actors appear to be changing the balance of power in cyberspace, as governments depend on private corporations whose cyber capabilities now match or even surpass their own.

The ultimate effects of this commercialisation of national cybersecurity remain unknown. However, its importance will likely become more salient as technologies like artificial intelligence, quantum computing, and semiconductor manufacturing open fresh ground for emerging players to stake their claim. Further research is required to investigate how these new domains, and the private companies that dominate them, will further impact international relations. Indeed, as contemporary boundaries are pushed by the private sector, the extent of Big Tech’s influence and its implications for the new era of cyber warfare are just beginning to come to light.

Citations

Alen, N., Eton, G., Stieler, J. (2023) ‘The New “Cyber” Space Race: Integrating the Private Sector Into U.S. Cyber Strategy’, Joint Force Quarterly, 109, pp. 25-32. Available at: https://ndupress.ndu.edu/JFQ/Joint-Force-Quarterly-109/Article/Article/3379355/the-new-cyber-space-race-integrating-the-private-sector-into-us-cyber-strategy/ [Accessed 11 May 2024].

Alexander, K. (2022) ‘Cyber Warfare in Ukraine Poses a Threat to the Global System’, Financial Times. Available at: https://www.ft.com/content/8e1e8176-2279-4596-9c0f-98629b4db5a6 [Accessed 11 May 2024].

Amazon (2022a) ‘Digital Ukrainian Artifacts Saved by Cultural Heritage Professionals Using AWS’. Available at: https://www.aboutamazon.com/news/community/digital-ukrainian-artifacts-saved-by-cultural-heritage-professionals-using-aws [Accessed 11 May 2024].

Amazon (2022b) ‘Amazon’s Cybersecurity Assistance for Ukraine’. Available at: https://www.aboutamazon.com/news/community/amazons-cybersecurity-assistance-for-ukraine [Accessed 11 May 2024].

Amazon (2022c) ‘AWS Contributes Technology Resources to Support Humanitarian Relief’. Available at: https://www.aboutamazon.com/news/aws/aws-contributes-technology-resources-to-support-humanitarian-relief [Accessed 11 May 2024].

Amazon (2022d) ‘How AWS is Helping Ukrainian Students Continue Learning’. Available at: https://www.aboutamazon.com/news/aws/how-aws-is-helping-ukrainian-students-continue-learning [Accessed 11 May 2024].

Amazon (2022e) ‘Safeguarding Ukraine’s data to preserve its present and build its future’. Available at: https://www.aboutamazon.com/news/aws/safeguarding-ukraines-data-to-preserve-its-present-and-build-its-future [Accessed 11 May 2024].

Antoniuk, D. (2023) ‘Russia’s Sandworm Hacking Unit Targets Ukrainian Telecom Providers’, therecord.media, Available at: https://therecord.media/russia-sandworm-hacking-ukraine-telecom-internet-providers [Accessed 11 May 2024].

Aviv, I., and Ferri, U. (2023) ‘Russian-Ukraine armed conflict: lessons learned on the digital ecosystem’, International Journal of Critical Infrastructure Protection, 43, pp. 1874-5482. https://doi.org/10.1016/j.ijcip.2023.100637 [Accessed 11 May 2024].

Bannelier, K., Bozhkov, N., Delerue, F., Giumelli, F., Moret, E., and van Horenbeeck, M. (2019) ‘Multiple moons: cyber sanctions and the role of the private sector’, in P. Pwlak and T. Biersteker (eds.), Guardian of the galaxy: EU Cyber Sanctions and Norms in Cyberspace, pp. 70–78.

Bateman, J., Beecroft, N., and Wilde, G. (2022) ‘What the Russian invasion reveals about the future of cyber warfare’, Carnegie Endowment for International Peace. Available at: https://carnegieendowment.org/posts/2022/12/what-the-russian-invasion-reveals-about-the-future-of-cyber-warfare?lang=en [Accessed 11 May 2024].

Bergmann, M. (2023) ‘What could come next? Assessing the Putin regime’s stability and western policy options’, Center for Strategic and International Studies. Available at: https://www.csis.org/analysis/what-could-come-next-assessing-putin-regimes-stability-and-western-policy-options [Accessed 11 May 2024].

Bilyana, L., Geers, K., Rattray, G., and Koch, R. (2023) ‘Business@War: the IT companies helping to defend Ukraine’, 15th International Conference on Cyber Conflict: Meeting Reality (CyCon), pp. 71-83.

Bogost, I. (2022) ‘The threat of cyberwar has finally arrived’, [‘Netwar’ could be even worse than cyberwar] The Atlantic. Available at: https://www.theatlantic.com/technology/archive/2022/02/russia-ukraine-conflict-cyberwar/622931/ [Accessed 11 May 2024].

Bradshaw, S. (2017) ‘Cyber security in a volatile world’, Centre for International Governance Innovation, Chatham House, pp. 105–120.

Breene, K. (2016) ‘Who are the cyberwar superpowers?’, World Economic Forum. Available at: https://www.weforum.org/agenda/2016/05/who-are-the-cyberwar-superpowers/ [Accessed 11 May 2024].

Brooking, E. and Lonergan, E. (2023) ‘Welcome to cyber realism: parsing the 2023 department of defence cyber strategy’, War on the Rocks. Available at: https://warontherocks.com/2023/09/welcome-to-cyber-realism-parsing-the-2023-department-of-defense-cyber-strategy/ [Accessed 11 May 2024].

Bumiller, E., and Shanker, T. (2012) ‘Panetta warns of dire threat of cyberattack on U.S.’, The New York Times. Available at: https://www.nytimes.com/2012/10/12/world/panetta-warns-of-dire-threat-of-cyberattack.html [Accessed 11 May 2024].

Burt, T. (2022) ‘Disrupting cyberattacks targeting Ukraine’, Microsoft On the Issues. Available at: https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/ [Accessed 11 May 2024].

Burt, T. (2023) ‘Ongoing Russian cyberattacks targeting Ukraine’, Microsoft On the Issues. Available at: https://blogs.microsoft.com/on-the-issues/2023/06/14/russian-cyberattacks-ukraine-cadet-blizzard/ [Accessed 11 May 2024].

Carnegie Endowment for International Peace (2024) ‘Technology and international affairs program program: cyber conflict in the Russia-Ukraine war’. Available at: https://carnegieendowment.org/programs/technology/cyberconflictintherussiaukrainewar/ [Accessed 11 May 2024].

Clarke, R., and Knake, R. (2019) The fifth domain: defending our country, our companies, and ourselves in the age of cyber threats. New York: Penguin Press.

Colvin, C., Garrie, D. and Rao, S. (2013) ‘Cyber warfare and the corporate environment’, Journal of Law & Cyber Warfare, 2(1), pp. 1–24.

Craig, A., and Valeriano B., (2016) ‘Conceptualising cyber arms races’, NATO Cooperative Cyber Defence Centre of Excellence, pp. 141–158. Available at: https://ccdcoe.org/uploads/2018/10/Art-10-Conceptualising-Cyber-Arms-Races.pdf [Accessed 11 May 2024].

Crowdstrike Blog (2022) ‘Technical analysis of the WhisperGate malicious bootloader CrowdStrike’. Available at: https://www.crowdstrike.com/blog/technical-analysis-of-whispergate-malware/ [Accessed 11 May 2024].

Cybersecurity and Infrastructure Agency (2022) ‘Update: destructive malware targeting organizations in Ukraine’, Cybersecurity and Infrastructure Security Agency CISA. Available at: https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-057a [Accessed 11 May 2024].

Demarest, C. (2022)‘Data centres are physical and digital targets, says Pentagon’s Eoyang’, C4ISRNet. Available at: https://www.c4isrnet.com/cyber/2022/11/17/data-centres-are-physical-and-digital-targets-says-pentagons-eoyang/ [Accessed 11 May 2024].

Dossi, S. (2019) ‘On the asymmetric advantages of Cyberwarfare. Western literature and the Chinese journal “Guofang Keji”, Journal of Strategic Studies, 43(2), pp. 281–308. doi:10.1080/01402390.2019.1581613.

Falcone, R., Harbison, M., and Grunzweig, J. (2022) ‘Threat brief: ongoing Russia and Ukraine cyber activity’, Unit 42. Available at: https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/#whispergate-malware-family [Accessed 11 May 2024].

Fedorov, M. (2022). [LinkedIn]. Available at: https://www.linkedin.com/posts/mykhailo-fedorov-9670b4a3_cloud-services-became-a-life-saver-for-our-activity-7004047046668107776-FEWU/?originalSubdomain=tz [Accessed 11 May 2024]

Fedorov, M. (2022) [Twitter], 6 July. Available at: https://twitter.com/FedorovMykhailo/status/1544588065624178688 [Accessed 11 May 2024].

Fedorov, M. (2023) [Telegram]. Available at: https://t.me/zedigital/3918 [Accessed 11 May 2024].

Fedorov, M.(2023) [Twitter], 29 November. Available at: https://twitter.com/FedorovMykhailo/status/1729851466574106883 [Accessed 11 May 2024].

Fischer, M.(2019) ‘The Concept of Deterrence and its Applicability in the Cyber Domain’, Connections: The Quarterly Journal, 18(1-2), pp. 69–92.

Francis, J.(2020) ‘International Governance of Non-State Actors in Cyberspace: Is a Single Entity Sufficient for Dispute Resolution?’, Monterey, CA, USA: Naval Postgraduate School, 1–135. Available at: https://apps.dtic.mil/sti/pdfs/AD1114529.pdf [Accessed 11 May 2024].

Gessen, K. (2023) ‘Could Putin lose power?’, The New Yorker. Available at: https://www.newyorker.com/news/the-weekend-essay/could-putin-lose-power [Accessed 11 May 2024]

Golts, A. (2023) ‘Russia’s military failures in Ukraine: causes and consequences’, Stockholm Centre for Eastern European Studies. Available at: https://sceeus.se/en/publications/russias-military-failures-in-ukraine-causes-and-consequences [Accessed 11 May 2024].

Google Cloud (2022) ‘Working safer with Google Workspace’. Available at: https://youtu.be/Gw6CknFG8a8?si=qvRu1WMm8TfQdcCA [Accessed 11 May 2024].

Google Cloud (n.d.) ‘Security Command Center’. Available at: https://cloud.google.com/security/products/security-command-center?hl=en [Accessed 11 May 2024].

Google Workspace (n.d.). Available at: https://workspace.google.com/lp/business/?utm_source=google&utm_medium=cpc&utm_campaign=na-US-all-en-dr-bkws-all-all-trial-e-dr-1011401&utm_content=text-ad-none-any-DEV_c-CRE_595115551801-ADGP_Desk%20%7C%20BKWS%20-%20EXA%20%7C%20Txt%20~%20Google%20Workspace%20~%20Core_Google%20Workspace%20Core-KWID_43700060153385061-kwd-346911454270&utm_term=KW_google%20workspace-ST_google%20workspace&gclid=Cj0KCQiAsdKbBhDHARIsANJ6-jeA97mh-jQiR8NtHEy9l9g__OXHUPdf3u2d-0u5en-sLQE8waGCSq8aAuOaEALw_wcB&gclsrc=aw.ds [Accessed 11 May 2024]

Google (n.d.) ‘Google Advanced Protection Program’. Available at: https://landing.google.com/advancedprotection/ [Accessed 11 May 2024].

Google (2023) ‘Updates on our support for Ukraine’. Available at: https://blog.google/outreach-initiatives/public-policy/updates-google-support-for-ukraine/ [Accessed 11 May].

Gould-Davies, N. (2023) ‘The Wagner Revolt: implications for Russia, lessons for the west’, Survival, 65(4), pp. 25–30.

Greenberg, A. (2017) ‘Russia’s cyberwar on Ukraine is a blueprint for what’s to come’, WIRED. Available at: https://www.wired.com/story/russian-hackers-attack-ukraine/ [Accessed 11 May 2024].

Greenberg, A. (2018) ‘The untold story of NotPetya, the most devastating cyberattack in history’, WIRED. Available at: https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ [Accessed 11 May 2024].

Greenberg, A. (2022) ‘Russia’s sandworm hackers attempted a third blackout in Ukraine’, WIRED. Available at: https://www.wired.com/story/sandworm-russia-ukraine-blackout-gru/ [Accessed 11 May 2024].

Greig, J. (2023) ‘NSA, Viasat Say 2022 hack was two incidents; Russian sanctions resulted from investigation’, therecord.media. Available at: https://therecord.media/viasat-hack-was-two-incidents-and-resulted-in-sanctions [Accessed 11 May 2024].

Groll, E., and Bilyana, L. (2023) ‘Bilyana Lilly on western cybersecurity assistance to Ukraine’, CyberScoop. Available at: https://cyberscoop.com/bilyana-lilly-cybersecurity-assistance-ukraine/ [Accessed 11 May 2024].

Handler, S. (2022) ‘The 5×5—non-state armed groups in cyber conflict’, Atlantic Council. Available at: https://www.atlanticcouncil.org/content-series/the-5×5/the-5×5-non-state-armed-groups-in-cyber-conflict/ [Accessed 11 May 2024].

Harmash, O.(2023) ‘Russia’s biggest drone strike in weeks hits Ukrainian infrastructure’, Reuters, 3 November. Available at: https://www.reuters.com/world/europe/russian-drones-hit-civilian-target-ukraines-kharkiv-officials-say-2023-11-02/ [Accessed 11 May 2024].

Healey, J. (2021) ‘Understanding the offense’s systemwide advantage in cyberspace’, Lawfare. Available at: https://www.lawfaremedia.org/article/understanding-offenses-systemwide-advantage-cyberspace [Accessed 11 May 2024].

Hill, M. (2022) ‘How security vendors are aiding Ukraine’, CSO Online. Available at: https://www.csoonline.com/article/572163/how-security-vendors-are-aiding-ukraine.html [Accessed 11 May 2024].

Huntley, S. (2023a) ‘Fog of war: how the Ukraine conflict transformed the cyber threat landscape’, Google Blog. Available at: https://blog.google/threat-analysis-group/fog-of-war-how-the-ukraine-conflict-transformed-the-cyber-threat-landscape/ [Accessed 11 May 2024].

Huntley, S. (2023b) ‘TAG bulletin: Q3 2023’, Google Blog. Available at: https://blog.google/threat-analysis-group/tag-bulletin-q3-2023/ [Accessed 11 May 2024].

Jayanti, S. (2023) ‘Russia resumes bombing campaign of Ukraine’s civilian energy infrastructure’, Atlantic Council. Available at: https://www.atlanticcouncil.org/blogs/ukrainealert/russia-resumes-bombing-campaign-of-ukraines-civilian-energy-infrastructure/ [Accessed 11 May 2024].

Kallberg, J. (2022) ‘Russia won’t play the cyber card, Yet’, CEPA. Available at: https://cepa.org/article/russia-wont-play-the-cyber-card-yet/ [Accessed 11 May 2024].

Kello, L. (2017) The Virtual Weapon and International Order, New Haven: Yale University Press.

Kim, V. (2023) ‘Elon Musk acknowledges withholding satellite service to thwart Ukrainian attack’, The New York Times. Available at: https://www.nytimes.com/2023/09/08/world/europe/elon-musk-starlink-ukraine.html#:~:text=On%20Thursday%2C%20CNN%20reported%20on,to%20thwart%20the%20Ukrainian%20attack [Accessed 11 May 2024]

Klochko, N. (2023) ‘The President of “Kyivstar” told how Russian cyberattacks changed during a full-scale war’, novyny.live, 15 March. Available at: https://it.novyny.live/prezident-kiyivstar-rozpoviv-iak-zminilisia-kiberataki-rosiian-pid-chas-povnomasshtabnoyi-viini-82504.html [Accessed 11 May 2024].

Kumaran, N. (2023) ‘New Gmail protections for a safer, less spammy inbox’, Google

Blog. Available at: https://blog.google/products/gmail/gmail-security-authentication-spam-protection/ [Accessed 11 May 2024].

Kyivstar.ua (2023) ‘Kyivstar and amazon web services signed a memorandum of cooperation’. Available at: https://kyivstar.ua/news/id041220231425 [Accessed 11 May 2024].

Law of Ukraine About Cloud Services. No. 15, ct. 52. Available at: https://zakon.rada.gov.ua/laws/main/2075-20#Text [Accessed 11 May 2024].

Leonard, B. (2023) ‘Ukraine remains Russia’s biggest cyber focus in 2023’, Google. Available at: https://blog.google/threat-analysis-group/ukraine-remains-russias-biggest-cyber-focus-in-2023/ [Accessed 11 May 2024].

Levite, A. (2023) ‘Integrating cyber into warfighting: some early takeaways from the Ukraine conflict’, Carnegie Endowment for International Peace. Available at: https://carnegieendowment.org/2023/04/18/integrating-cyber-into-warfighting-some-early-takeaways-from-ukraine-conflict-pub-89544 [Accessed 11 May 2024].

Lewis, J. (2022) ‘Cyber war and Ukraine’, The Center for Strategic and International Studies. Available at: https://www.csis.org/analysis/cyber-war-and-ukraine [Accessed 11 May 2024].

Liff, A. (2012) ‘Cyberwar: a new ‘absolute weapon’? The proliferation of cyberwarfare capabilities and interstate war’, Journal of Strategic Studies, 35(3), pp. 401–428.

Mačák, K. (2017) ‘From cyber norms to cyber rules: re-engaging states as law-makers’, Leiden Journal of International Law, 30(4), 877–899. doi 10.1017/s0922156517000358.

Mandiant (n.d.) ‘Ukraine crisis resource center’. Available at: https://www.mandiant.com/resources/insights/ukraine-crisis-resource-center [Accessed 11 May 2024].

Marquardt, A. (2022) ‘Elon Musk says SpaceX has withdrawn request for Pentagon to fund starlink in Ukraine’, CNN. Available at: https://www.cnn.com/2022/10/17/politics/elon-musk-spacex-starlink-ukraine-pentagon-funding/index.html [Accessed 11 May 2024].

Martin, B., Barnett, S., and McCarthy, D. (2023) ‘Russian logistics and sustainment failures in the Ukraine conflict: Status as of January 1 2023’, RAND Corporation. Available at: https://www.rand.org/pubs/research_reports/RRA2033-1.html [Accessed 11 May 2024].

Matania, E. and Sommer, U. (2023) ‘Tech titans, cyber commons and the war in Ukraine: an incipient shift in international relations’, International Relations. Available at: https://doi.org/10.1177/00471178231211500 [Accessed 11 May 2024].

Michel, C., (2023) ‘A European defence for our geopolitical union’. Available at: https://www.consilium.europa.eu/en/press/press-releases/2023/11/30/a-european-defence-for-our-geopolitical-union-speech-by-president-charles-michel-at-the-eda-annual-conference/ [Accessed 11 May 2024].

Microsoft (2022a) ‘An overview of Russia’s cyberattack activity in Ukraine’. Available at: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd [Accessed 11 May 2024].

Microsoft (2022b) ‘Defending Ukraine: early lessons from the cyber war’, pp. 1–29. Available at: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE50KOK [Accessed 11 May 2024].

Microsoft Azure (n.d.) ‘Database security best practices and solutions’. Available at: https://azure.microsoft.com/en-us/resources/cloud-computing-dictionary/what-is-database-security [Accessed 11 May 2024].

Microsoft Security Blog (2022) ‘Destructive malware targeting Ukrainian organizations’. Available at: https://www.microsoft.com/en-us/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/ [Accessed 11 May 2024].

Microsoft Security Blog (2022) ‘New ‘prestige’ ransomware impacts organizations in Ukraine and Poland’. Available at: https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/ [Accessed 11 May 2024].

Microsoft Security Blog (2023) ‘Cadet blizzard emerges as a novel and distinct Russian threat actor’. Available at: https://www.microsoft.com/en-us/security/blog/2023/06/14/cadet-blizzard-emerges-as-a-novel-and-distinct-russian-threat-actor/ [Accessed 11 May 2024].

Miller, M. and Sabin, S. (2022) ‘Biden warns Russian cyberattacks “coming”’, POLITICO, 21 March. Available at: https://www.politico.com/news/2022/03/21/biden-russia-cyberattacks-00018942 [Accessed 11 May 2024].

Ministry of Digital Transformation of Ukraine (2022) ‘Mykhailo Fedorov announced new support package for Ukraine from Google: USD 2 million for digital education and 50,000 Google workspace licenses’, Ukrainian Government Portal. Available at: https://www.kmu.gov.ua/en/news/2-mln-dolariv-na-tsyfrovu-osvitu-ta-50-tysiach-litsenzii-google-workspace-mykhailo-fedorov-povidomyv-pro-novyi-paket-pidtrymky-ukraini-vid-google [Accessed 11 May 2024].

Ministry of Digital Transformation of Ukraine (2022) ‘Mykhailo Fedorov Presented the First Ukraine Peace Prize to Google’, Ukrainian Government Portal. Available at: https://www.kmu.gov.ua/en/news/mihajlo-fedorov-vruchiv-pershu-vidznaku-miru-kompaniyi-google [Accessed 11 May 2024].

Mitchell, Russ (2022) ‘How Amazon put Ukraine’s “government in a box” — and saved its economy from Russia’, Los Angeles Times. Available at: https://www.latimes.com/business/story/2022-12-15/amazon-ukraine-war-cloud-data [Accessed 11 May 2024].

Moore, Mike (2022) ‘Ukraine hails “priceless” help from Amazon web services’, TechRadar. Available at: https://www.techradar.com/news/ukraine-hails-priceless-help-from-amazon-web-services [Accessed 11 May 2024].

Mueller, G., Jensen, B., Valeriano, B., Maness, R., and Macias, J. (2023) ‘Cyber operations during the Russo-Ukrainian War’, Center for Security and International Studies. Available at: https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war [Accessed 11 May 2024].

Ng, A. (2018) ´US, UK say Russia behind ‘most destructive’ cyberattack ever´, CNET. Available at: https://www.cnet.com/news/privacy/uk-said-russia-is-behind-destructive-2017-cyberattack-in-ukraine/ [Accessed 11 May 2024].

Nolan, B. (2022) ‘Zelensky awards Amazon the Ukraine Peace Prize after AWS helped save its ‘digital infrastructure’, Business Insider. Available at: https://www.businessinsider.com/zelenskyy-amazon-ukraine-peace-prize-digital-war-support-aws-2022-7?r=US&IR=T [Accessed 11 May 2024].

Nye, J. (2010) ‘Cyber power’, Belfer Center for Science and International Affairs, Cambridge, USA: Harvard Kennedy School, 1–24. Available at: https://www.belfercenter.org/sites/default/files/legacy/files/cyber-power.pdf [Accessed 11 May 2024].

O’Neill, P. (2022) ‘Russia hacked an american satellite company one hour before the Ukraine invasion’, MIT Technology Review. Available at: https://www.technologyreview.com/2022/05/10/1051973/russia-hack-viasat-satellite-ukraine-invasion/ [Accessed 11 May 2024].

Ohlin, J.D., Govern, K. and Finkelstein, C. (2015) ‘Cyberwar: law and ethics for virtual conflicts’, Oxford: Oxford University Press, pp. 102–126. Available at: https://doi.org/10.1093/acprof:oso/9780198717492.003.0007 [Accessed 11 May 2024].

Paganini, P. (2022) ‘Non state actors in cyberspace: an attempt to a taxonomic classification, role, impact, and relations with a state’s socio-economic structure’, Firenze: Università degli Studi di Firenze Center for Cyber Security and International Relations Studies. Available at: https://www.cssii.unifi.it/upload/sub/Pubblicazioni/2022_Paganini_Pierluigi.pdf [Accessed 11 May 2024].

Park, D. (2016) ‘North Korea cyber attacks: a new asymmetrical military strategy’, The Henry M. Jackson School of International Studies at the University of Washington. Available at: https://jsis.washington.edu/news/north-korea-cyber-attacks-new-asymmetrical-military-strategy/ [Accessed 11 May 2024].

Podolyak, Mykhailo (2023) [Twitter], z Available at: https://twitter.com/Podolyak_M/status/1699820072418656331 [Accessed 11 May 2024].

Polityuk, P. (2022) ‘Massive cyberattack hits Ukrainian government websites as west warns on Russia conflict’, Reuters. Available at: https://www.reuters.com/technology/massive-cyberattack-hits-ukrainian-government-websites-amid-russia-tensions-2022-01-14/ [Accessed 11 May 2024].

PrivatBank (2022) LinkedIn. Available at: https://www.linkedin.com/feed/update/urn:li:activity:6925778441250201600/ [Accessed 11 May 2024].

Proska, K., Wolfram, J. and Wilson, J. (2023) ‘Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology’, Mandiant. Available at: https://www.mandiant.com/resources/blog/sandworm-disrupts-power-ukraine-operational-technology [Accessed 11 May 2024].

Psaki, J., Neuberger, A. and Singh, D. (2022) ‘Press briefing by press secretary Jen Psaki, deputy national security advisor for cyber and emerging technology Anne Neuberger, and deputy national security advisor for international economics and deputy NEC director Daleep Singh’. Available at: https://www.whitehouse.gov/briefing-room/press-briefings/2022/02/18/press-briefing-by-press-secretary-jen-psaki-deputy-national-security-advisor-for-cyber-and-emerging-technology-anne-neuberger-and-deputy-national-security-advisor-for-international-economics-and-dep/ [Accessed 11 May 2024].

Ramjug, P. (2022) ‘Russia hasn’t launched a massive cyberattack on Ukraine yet. Why not?’, Northeastern Global News. Available at: https://news.northeastern.edu/2022/03/07/ukraine-russia-cyberattack/ [Accessed 11 May 2024].

Rethinking Security When So Many Threats Are Invisible (2023) The New York Times. Available at: https://www.nytimes.com/2023/10/03/world/europe/cyber-security-athens-democracy-forum.html. [Accessed 11 May 2024]

Riaz Shad, M. (2018) ‘Cyber threat in interstate relations: case of US-Russia cyber tensions’, Policy Perspectives, 15(2), pp. 41–55. https://doi.org/10.13169/polipers.15.2.0041. [Accessed 11 May 2024]

Robinson, K. (2022) ‘How Israel’s Pegasus spyware stoked the surveillance debate’, Council on Foreign Relations. Available at: https://www.cfr.org/in-brief/how-israels-pegasus-spyware-stoked-surveillance-debate [Accessed 11 May 2024].

Romanosky, S. and Boudreaux, B. (2020) ‘Private-sector attribution of cyber incidents: benefits and risks to the U.S. government’, International Journal of Intelligence and CounterIntelligence, 34(3), pp. 1–31. https://doi.org/10.1080/08850607.2020.1783877 [Accessed 11 May 2024].

Sanger, D.E., Barnes, J.E. and Conger, K. (2022) ´As tanks rolled into Ukraine, so did malware. then Microsoft entered the war´, The New York Times, 28 February. Available at: https://www.nytimes.com/2022/02/28/us/politics/ukraine-russia-microsoft.html [Accessed 11 May 2024].

Satariano, A., Reinhard, S., Metz, C., Frenkel, S. and Khurana, M. (2023) ´Elon Musk’s unmatched power in the stars´, The New York Times. Available at: https://www.nytimes.com/interactive/2023/07/28/business/starlink.html [Accessed 11 May 2024].

Schulze, M. and Kerttunen, M. (2023) ´Cyber operations in Russia’s war against Ukraine: uses, limitations, and lessons learned so far´, German Institute for International and Security Affairs. Available at: https://www.swp-berlin.org/10.18449/2023C23/ [Accessed 11 May 2024].

Security Magazine (2023) ´Between 80- and 95% of cyberattacks begin with phishing´. Available at: https://www.securitymagazine.com/articles/99696-between-80-and-95-of-cyberattacks-begin-with-phishing [Accessed 11 May 2024].

Selipsky, A. (2023) LinkedIn. Available at: https://www.linkedin.com/posts/amazon-web-services_the-war-in-ukraine-has-impacted-residents-activity-7034975500968071168-6At2 [Accessed 11 May 2024].

Sigholm, J. (2013) ´Non-state actors in cyberspace operations´, Journal of Military Studies, 4(1), pp. 1–37. https://doi.org/10.1515/jms-2016-0184 [Accessed 11 May 2024].

Smalley, S. (2022) ´Cybersecurity experts question Microsoft’s Ukraine report´, CyberScoop. Available at: https://cyberscoop.com/cybersecurity-experts-question-microsofts-ukraine-report/ [Accessed 11 May2024].

Smith, B. (2022) ´Countering foreign information operations: developing a whole society approach to build resilience´, Microsoft. Available at: https://youtu.be/m_R1jbYoxkI?si=Mo-iVGC9QkQFO74e [Accessed 11 May 2024].

Smith, B. (2022) ´Digital technology and the war in ukraine´, Microsoft. Available at: https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/ [Accessed 11 May 2024].

Sockrider, G. (2022) ´Geopolitical unrest drives DDoS activity´, NETSCOUT. Available at: https://www.netscout.com/blog/geopolitical-unrest-drives-ddos-activity [Accessed 11 May 2024].

Stanovaya, T. (2024) ’Putin’s age of chaos: the dangers of Russian disorder’, Foreign Affairs. Available at: https://www.foreignaffairs.com/russian-federation/vladimir-putin-age-chaos [Accessed 11 May 2024].

Swisher, K. and Neuberger, A. (2022) ´Are we ready for Putin’s cyber war? I asked one of biden’s top cybersecurity officials´, New York Times. Available at: https://www.nytimes.com/2022/03/10/opinion/sway-kara-swisher-anne-neuberger.html?showTranscript=1 [Accessed 11 May 2024].

The White House (2023) ´National cybersecurity strategy´. Available at: https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf [Accessed 11 May 2024].

Turner Lee, N. and Lai, S. (2022) ´Is there too little oversight of private tech companies in the Russia-Ukraine conflict?´, Brookings. Available at: https://www.brookings.edu/articles/is-there-too-little-oversight-of-private-tech-companies-in-the-russia-ukraine-conflict/ [Accessed 11 May 2024].

U.S. Department of Defense (2015) ´The DOD cyber strategy´, National Security Archive. Available at: https://nsarchive.gwu.edu/document/21384-document-25 [Accessed 11 May 2024].

U.S. Department of Defense (2023) ´2023 cyber strategy of the Department of Defense summary´. Available at: https://media.defense.gov/2023/Sep/12/2003299076/-1/-1/1/2023_DOD_Cyber_Strategy_Summary.PDF [Accessed 11 May 2024].

U.S. Department of Defense (2022) ´Department of Defense Announces Joint Warfighting Cloud Capability Procurement´. Available at: https://www.defense.gov/News/Releases/Release/Article/3239378/department-of-defense-announces-joint-warfighting-cloud-capability-procurement/ [Accessed 11 May 2024].

U.S. Department of State. (2022) ´U.S. support for connectivity and cybersecurity in Ukraine´. Available at: https://www.state.gov/u-s-support-for-connectivity-and-cybersecurity-in-ukraine/ [Accessed 11 May 2024].

Venables, P. (2022) ´How Google Cloud is helping those affected by war in Ukraine´, Google Cloud Blog. Available at: https://cloud.google.com/blog/products/identity-security/how-google-cloud-is-helping-those-affected-by-war-in-ukraine [Accessed 11 May 2024].

Voloshyn, V. (2023) ´How Ukraine’s fourth largest bank relies on Google Workspace during unprecedented times´, Google Workspace Blog. Available at: https://workspace.google.com/blog/customer-stories/ukraines-fourth-largest-bank-relies-google-workspace [Accessed 11 May 2024].

Walker, K. (2022) ´Helping Ukraine´, Google Blog. Available at: https://blog.google/inside-google/company-announcements/helping-ukraine/ [Accessed 11 May 2024].

Walker, K. (2022b) ´New ways we’re supporting Ukraine´, Google. Available at: https://blog.google/outreach-initiatives/public-policy/new-ways-were-supporting-ukraine/#:~:text=Through%20Google.org%20and%20our [Accessed 11 May 2024].

Wilde, G. (2022) ´Cyber operations in Ukraine: Russia’s unmet expectations´, Carnegie Endowment for International Peace. Available at: https://carnegieendowment.org/2022/12/12/cyber-operations-in-ukraine-russia-s-unmet-expectations-pub-88607 [Accessed 11 May 2024].