Skip to main content
Part of complete coverage from

Cyberwar hits Ukraine

By Peter Bergen and Tim Maurer
March 7, 2014 -- Updated 1509 GMT (2309 HKT)
STORY HIGHLIGHTS
  • Ukrainian officials say phone services of members of parliament were targeted
  • Authors: Cyberattack was also reported before Russian invasion of Georgia in 2008
  • They say attacks are easier than conventional warfare but can provoke counterattacks
  • Bergen, Maurer: U.S. had a lead in cyberwarfare but that is likely to ebb

Editor's note: Peter Bergen is CNN's national security analyst, a director at the New America Foundation and the author of "Manhunt: The Ten-Year Search for bin Laden -- From 9/11 to Abbottabad." Tim Maurer is a research fellow at New America focusing on cyberspace and international affairs.

(CNN) -- Ukrainian security officials are complaining that unknown attackers are interfering with the mobile phone services of members of Ukraine's parliament, making difficult political decisions about what to do about Russia's incursion last week into Crimea that much harder.

The head of Ukraine's security service said on Tuesday, "I confirm that an IP-telephonic attack is underway on mobile phones of members of Ukrainian parliament for the second day in row."

This is reminiscent of the Distributed Denial of Service (DDoS) attacks on Georgia that preceded Russia's invasion of the country in August 2008. The attacks shut down several websites of Georgia's government including the president's.

Peter Bergen
Peter Bergen

While the Kremlin denied any involvement, Georgian officials accused Russia of being behind the attacks.

Of course, just as some states have exploited offensive cyber capabilities for their own purposes, so too has the United States.

Cyberattacks are double-edged swords. Compared to mounting a conventional war they cost little in terms of blood and treasure. However, in the long run they may have larger unintended consequences if more and more nation states and even private groups use cyberwarfare capabilities.

The Stuxnet malware that was discovered in 2010 showed the potential of cyberattacks. The joint U.S.-Israeli operation demonstrated how the nuclear enrichment facility of Natanz in Iran could be effectively disrupted using a cyberattack that interfered with Iranian centrifuges' capacity to enrich uranium.

Cyberattacks hitting close to home
Snipers attack U.S. electrical grid
Israel's cyberdefense training gym

The level of sophistication of the malware was unprecedented and affected the facility even though it was "air gapped" -- disconnected -- from the public Internet.

Last month came the news that Obama national security officials have debated since 2011 whether to target Bashar al-Assad's regime in Syria with cyberattacks.

The upside: No American boots on the ground and some potentially significant harm could be done to al-Assad's military capabilities.

The downside: What about unknown risks? Might such attacks embolden Syrian allies like Iran and Russia to launch cyber-counterattacks against targets in the U.S.?

The Stuxnet attack on Iran was not an isolated event. A January report by the Center for Strategic and International Studies points out that Iran "is the likely source of a recent series of incidents aimed at Gulf energy companies, American banks, and Israel. The most important involved a major disruption involving the destruction of data on computers used by (oil giant) Saudi Aramco...."

The Syrian Electronic Army, a group that supports the al-Assad regime, showed the potential to undermine trust in the financial system when it hacked The Associated Press's Twitter account last year to falsely report an attack on the White House, which caused the Dow Jones to drop by 150 points.

While technically not comparable to Stuxnet and its effect was only temporary -- the White House quickly refuted the reporting -- it nevertheless demonstrates the existence of a tool for shadowy organizations to influence events that did not exist before.

These recent incidents underscore both the scope and the significant differences among cyberthreats:

-- The actions by the Syrian Electronic Army did not cause a physical effect; they changed data and the content of The Associated Press's reporting.

-- The disruption at Saudi Aramco was due to the destruction of computer data, but it did not cause a physical effect either.

--Stuxnet, on the other hand, had a physical impact making Iranian uranium enrichment centrifuges spin at a rate they were not supposed to.

The DDoS attacks that appear to be happening in Ukraine right now, and the type of cyberattack that the U.S. launched against Iran that could at some point happen in some other form against Syria, raise significant moral and legal issues.

In many ways the cyberwarfare issue is akin to the issue of the use of armed drones, which greatly reduce the number of deaths that would result from a conventional armed conflict.

Whoever launches a drone attack or a cyberattack pays no costs of the kind that would typically take place on a conventional battlefield. You can't shoot down a drone pilot or kill a computer technician launching some kind of cyberattack thousands of miles from the intended target.

For this reason drones and cyber capabilities can also make conflict more likely as the barriers to entry to engage in either drone warfare or cyberconflict are so low. Moreover, there is a risk that the use of drones or cyber capabilities can escalate into a conventional armed conflict.

Similarly to the case of armed drones, the United States has had a large lead in its ability to mount effective offensive cyberattacks, but that advantage is unlikely to last. And since the United States is the only superpower and among the most technologically advanced (as well as most vulnerable), it must lead by example and harden cybersecurity at home and contribute to international agreements to govern the use of these powerful new tools.

These tools that will only get more powerful as the world becomes more connected and ever-more dependent on computers.

Follow us on Twitter @CNNOpinion.

Join us on Facebook/CNNOpinion.

ADVERTISEMENT
Part of complete coverage on
December 27, 2014 -- Updated 0127 GMT (0927 HKT)
The ability to manipulate media and technology has increasingly become a critical strategic resource, says Jeff Yang.
December 26, 2014 -- Updated 1617 GMT (0017 HKT)
Today's politicians should follow Ronald Reagan's advice and invest in science, research and development, Fareed Zakaria says.
December 26, 2014 -- Updated 1319 GMT (2119 HKT)
Artificial intelligence does not need to be malevolent to be catastrophically dangerous to humanity, writes Greg Scoblete.
December 26, 2014 -- Updated 1505 GMT (2305 HKT)
Historian Douglas Brinkley says a showing of Sony's film in Austin helped keep the city weird -- and spotlighted the heroes who stood up for free expression
December 26, 2014 -- Updated 1303 GMT (2103 HKT)
Tanya Odom that by calling only on women at his press conference, the President made clear why women and people of color should be more visible in boardrooms and conferences
December 27, 2014 -- Updated 2327 GMT (0727 HKT)
When oil spills happen, researchers are faced with the difficult choice of whether to use chemical dispersants, authors say
December 25, 2014 -- Updated 0633 GMT (1433 HKT)
Danny Cevallos says the legislature didn't have to get involved in regulating how people greet each other
December 23, 2014 -- Updated 2312 GMT (0712 HKT)
Marc Harrold suggests a way to move forward after the deaths of NYPD officers Wenjian Liu and Rafael Ramos.
December 24, 2014 -- Updated 1336 GMT (2136 HKT)
Simon Moya-Smith says Mah-hi-vist Goodblanket, who was killed by law enforcement officers, deserves justice.
December 24, 2014 -- Updated 1914 GMT (0314 HKT)
Val Lauder says that for 1,700 years, people have been debating when, and how, to celebrate Christmas
December 23, 2014 -- Updated 2027 GMT (0427 HKT)
Raphael Sperry says architects should change their ethics code to ban involvement in designing torture chambers
December 24, 2014 -- Updated 0335 GMT (1135 HKT)
Paul Callan says Sony is right to call for blocking the tweeting of private emails stolen by hackers
December 23, 2014 -- Updated 1257 GMT (2057 HKT)
As Christmas arrives, eyes turn naturally toward Bethlehem. But have we got our history of Christmas right? Jay Parini explores.
December 23, 2014 -- Updated 0429 GMT (1229 HKT)
The late Joe Cocker somehow found himself among the rock 'n' roll aristocracy who showed up in Woodstock to help administer a collective blessing upon a generation.
December 23, 2014 -- Updated 2115 GMT (0515 HKT)
History may not judge Obama kindly on Syria or even Iraq. But for a lame duck president, he seems to have quacking left to do, says Aaron Miller.
December 23, 2014 -- Updated 1811 GMT (0211 HKT)
Terrorism and WMD -- it's easy to understand why these consistently make the headlines. But small arms can be devastating too, says Rachel Stohl.
December 22, 2014 -- Updated 1808 GMT (0208 HKT)
Ever since "Bridge-gate" threatened to derail Chris Christie's chances for 2016, Jeb Bush has been hinting he might run. Julian Zelizer looks at why he could win.
December 20, 2014 -- Updated 1853 GMT (0253 HKT)
New York's decision to ban hydraulic fracturing was more about politics than good environmental policy, argues Jeremy Carl.
December 20, 2014 -- Updated 2019 GMT (0419 HKT)
On perhaps this year's most compelling drama, the credits have yet to roll. But we still need to learn some cyber lessons to protect America, suggest John McCain.
December 22, 2014 -- Updated 2239 GMT (0639 HKT)
Conservatives know easing the trade embargo with Cuba is good for America. They should just admit it, says Fareed Zakaria.
December 20, 2014 -- Updated 0112 GMT (0912 HKT)
We're a world away from Pakistan in geography, but not in sentiment, writes Donna Brazile.
December 19, 2014 -- Updated 1709 GMT (0109 HKT)
How about a world where we have murderers but no murders? The police still chase down criminals who commit murder, we have trials and justice is handed out...but no one dies.
December 18, 2014 -- Updated 2345 GMT (0745 HKT)
The U.S. must respond to North Korea's alleged hacking of Sony, says Christian Whiton. Failing to do so will only embolden it.
December 19, 2014 -- Updated 2134 GMT (0534 HKT)
President Obama has been flexing his executive muscles lately despite Democrat's losses, writes Gloria Borger
ADVERTISEMENT