UKRAINE: the interconnectedness of cyber and geopolitical risks

A cyber attack on the Ukraine telecommunications provider, Kyivstar, disrupted services for around 24.3 million customers across the country, according to local media reports late on Tuesday, 12 December. There were knock-on impacts from internet disruption, including to online banking and Ukraine’s air raid alert network.

Kyivstar CEO Oleksandr Komarov has been telling the local media the attack was an “enormous hit on the Kyivstar IT infrastructure” and that the infrastructure was “severely damaged.” Kyivstar’s parent company, Netherlands-headquartered, VEON said that the attack was a “result of the war with Russia.” KillNet, the Russia-aligned hacktivist group, claimed responsibility for the attack on the encrypted instant-messaging platform Telegram.

It is very likely that KillNet’s attack was in retaliation for November’s assault against Russia’s Federal Taxation Service and Federal Air Transport Agency by the Defence Intelligence of Ukraine (GUR). These events only highlight the irrefutable connections between geopolitical and cybersecurity risks.

As cyberwarfare capabilities, particularly offensive in nature, become more integrated into the arsenal of nation-state actors, there is an increasing risk for the private and non-governmental sectors.

The pace of evolution of offensive capabilities is much higher than the abilities to defend against attacks as organisations’ IT security teams are more focused on managing compliance and delivering basic information security awareness.

In the Russia-Ukraine war context, critical national infrastructure features high on the strategic targeting acquisition list, leaving organisations involved in this sector directly exposed. As this most recent attack highlights, however, the risk permeates down the supply and value chain.

The risk is also not isolated to Russia and Ukraine given the myriad of intensifying geopolitical rivalries involving US, China, Iran, Taiwan, UK, North Korea, South Korea, and Israel, among others.

For organisations working in a country that might be deemed as an adversary or of interest from an adversarial state, the risks are likely going to be higher in 2024 as there are limited indicators of de-escalation of geopolitical tensions. Emerging or reinvigorated conflicts will also likely heighten cybersecurity risks, as well.

Organisational action plans should factor in vigilant monitoring of geopolitical events, supply chain diversification, scenario/simulation exercises in addition to commensurate cyber security capabilities.