Since his cyber-war capabilities seem to have worked well for him, why isn’t Vladimir Putin launching more cyber-attacks against Ukraine and its allies? Reports suggest he didn’t think he’d need them, plus they take time to execute. Other reports suggest he is trying to get some cyber damage on the scoreboard. Maybe the actual disruption to Ukraine from tanks and bombs, even though the Ukrainians aren’t giving him the satisfaction of a clean and easy parade-style invasion, could be redundant.

But many experts did think that much of Russia’s invasion – and Ukraine’s defense –  would take place in cyberspace. Some of that is happening, but there are reasons Russia hasn’t launched large-scale attacks. Kyle Fendorf and Jessie Miller wrote for the Council on Foreign Relations on March 24, 2022, that reasons include “the higher efficacy of kinetic attacks and difficulties in planning and executing massive cyberattacks in a short timeline.” Ukraine, meanwhile, has taken a novel approach: “attempting to mobilize international sentiment” to “create an army of cybersecurity professionals to attack military and critical infrastructure targets in Russia.” Fendorf and Miller list several Russian efforts, including DDoS attacks on Ukrainian banking and defense websites. And hackers like Anonymous have “declared war” on Russia. The group has taken credit for several successes, including interrupting television broadcasts with clips from the war and leaking thousands of confidential government files.

According to Reuters, the pro-Ukraine cyber assaults are hitting their targets, saying Russian government websites are facing “unprecedented cyber-attacks.” Relying on the Russian news agency TASS, websites for the Aeroflot airline, the Sberbank bank, and the Kremlin itself have experienced “outages and temporary access.” The Kremlin, facing greater isolation from global financial systems and supply chains, is taking steps to bolster its IT sector, such as tax breaks and easier access to lending, Reuters reports.

President Biden has warned U.S. organizations to “lock their digital doors” for fear of a Russian cyber-attack, adding that “evolving intelligence” indicates attacks are coming.

As quoted in Politico, Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, told 13,000 participants on a recent call that we should “assume that disruptive cyber activity will occur: and “we should consider every sector vulnerable.”

On March 24, the Department of Justice Department unsealed two indictments charging four Russian nationals working for the Kremlin with “attempting, supporting and conducting” cyber-attacks on the global energy sector between 2012 and 2018. The targets were hundreds of organizations in 135 countries, including the U.S. Nuclear Regulatory Commission and a Kansas power plant.  “The potential of cyberattacks to disrupt, if not paralyze, the delivery of critical energy services to hospitals, homes, businesses and other locations essential to sustaining our communities is a reality in today’s world,” said U.S. Attorney Duston Slinkard for the District of Kansas.

BBC News reported that Ukraine “has remained relatively untroubled” by Russia’s cyber weapons, but “experts now fear that Russia may go on a cyber-offensive against Ukraine’s allies. The BBC News article reminds us of the three types of Russian cyber-attacks “the West fears most,” detailing Russia’s takedown of Ukraine’s electricity grid in 2015 in an attack called BlackEnergy; the “most costly” attack in cyber history called NotPetya, a worldwide computer killer that caused $10 billion in damage, followed by WannaCry which scrambled data in 150 countries; and the one executed by a Russian criminal organization called DarkSide which caused a state of emergency in the U.S. in May 2021 when their ransomware strike shut down the vital Colonial Pipeline.

The insurance industry, which is always impacted by any global calamity, man-made or natural, is also worried about a parallel cyberwar. Ben Dyson, a reporter for S&P Global Market Intelligence, wrote on March 28, 2022, that while the industry’s direct exposures to Russian and Ukrainian cyberrisk “is likely small,” the larger risk is the “potential for spillover” to networks in other countries. “The insurance industry can look back to at least one precedent for a cyberattack related to the wider conflict between Ukraine and Russia having global implications: the 2017 NotPetya malware attack. NotPetya spread to thousands of companies globally, handing the insurance industry a $3 billion claims bill and its first taste of a cyber catastrophe. NotPetya occurred in relative peacetime and was largely covered by cyber-specific policies.”

Attorney Vincent Vitkowsky, in an article for the Insurance Journal posted on March 25, 2022, agreed that Russia may try to turn up the stress of other countries if the war drags on. “After the conflict ends, however it ends, Russia will be the object of extreme resentment and suspicion. It may launch cyberattacks to increase disorder, believing that an environment of disorder would be serve its position as a significant power.” Vitkowsky said new cyber weapons will only make the threats worse, such as “zero click vulnerabilities” which don’t even need the help of an unsuspecting employee to click on a link, and the so-called HermeticWizard, “a new strain of software designed to autonomously spread another strain, HermeticWipe, to computers in a network.”  He writes that carriers face exposure to losses from direct or indirect cyberattacks against their insureds globally, but says the so-called War Exclusions “may mitigate that exposure,” then goes on to explain how in his article. [Vince is a member of the Editorial Board of Advisors for the Journal on Emerging Issues in Litigation.]

FT technology correspondent Hannah Murphy asked Kevin Mandia, the founder of cyber security company Mandiant (which was just acquired by Google for $5.4 billion) about the current state of the cyber conflict between nations.

The current state feels like, Mandia said, “braced for impact.”

The cybersecurity expert noted operation “Shields Up” by the Cybersecurity and Infrastructure Security Agency, plus all of the private and public players in the West and NATO, “all watching the cyber domain waiting for what happens.” He sees the war in Ukraine as “an opportunity for us to figure out what is the new normal because we’re used to conflict being air, land, sea, maybe a little bit of space . . . but a cyber domain is part of that conflict, too.” He went on to say, however, he’s “not sure everyone’s got fully fleshed-out strategies for how to do warfare in the cyber domain, and when to bring it to bear.”

He predicted that if Russia wants to retaliate against sanctions and embargoes, a cyber-attack is “probably the first tool that might be chosen.”