top of page

‘Watch’ or ‘Stand Against’ the Digital Machinery of Aggression in Ukraine

Updated: Mar 9, 2022

OPINION — The machinery of aggression moves across the land of the people of Ukraine to their capital. There should be no words to argue with, let alone to aspire to, that shifts light from that dark reality. If the United States, the United Kingdom, Europe, and the nations of the world believe the machinery of that aggression can only move at the pace of physical geography, we are fools. If we hang our hope on that belief, then we will fail our responsibility to pursue our resolve. The machinery of that aggression will move at the speed of our digital co-dependencies.

The clearest example of the potential of aggression absent geography, is NotPetya. NotPetya was in 2017. NotPetya was unleashed through the indifference and irresponsibility of the very foe we all now condemn. The active indifference of this foe, through NotPetya, created outsized disruptive and destructive impacts on an expanse of our supply chains and business operations around the globe. We only expect in 2022, that we are prepared for more, but the potential impact of more is unacceptable, and if the equities we claim to serve are disrupted, it would be a terrible failure of our capabilities to work together.

Since before the turn of the year, experts from the cybersecurity community, government and private sector, have tracked and revealed website defacements, denial-of-service attacks, misinformation campaigns, and the lacing of Ukrainian systems with malware that was posed to cripple systems. And in the recent weeks, those consequences were realized.

All of this serves to disrupt. And all of this poses the very real potential to cross digital boundaries and cause harm. Beyond that, it is with high confidence that we believe that Russia will use our digital commons to counter-message, manipulate, and confuse. Russia will use the digital commons to excuse, explain away, and create pretense. And, as many Cipher Brief and Cyber Initiatives Group members have noted, others watch.

We know this is coming. We prepare and react. These effects have arrived. But we are slow to act. To speed up, we could choose to overcome our hesitations and defend together. We could take this moment to drop our separate agendas and form the cross-expertise collaboration and calibration that this moment calls for. The point is not about information sharing. Information sharing was just the beginning.

We must adjust quickly to what the moment calls for. That’s why we’re sending out a call to those willing to stand together. We ask our government friends to encourage us to thwart the efforts of this foe together on behalf of the networks we serve, and without hesitation (but within the boundaries of defense). Right now, there exists unparalleled expertise, definitive capability, and sound judgment in our community. This can contribute substantially to complicating the digital threats that directly and indirectly catapult outwards from this Russian aggression against Ukraine. So, we call on friends of democracy and self-determination to rally together to share ideas and knowledge, for operational collaboration, in furtherance of the defense of the principles we teach in our classrooms to our children.

Standing with Ukraine must mean devoting any, and all to help complicate the digital aggression experienced within Ukraine’s systems today. We’re thankful that many in the cyber security community and beyond, are doing just that. Aggression will transit to us digitally as Russia presses closely against the physical boundaries of the current seizure. So, for tomorrow, standing together means we must accelerate our willingness to operate without boundaries in the defense of any aggression we observe in the digital space.

The Blueprint

One way we can do this is by recognizing that the commercial space provides an expansive radar on what is knowable. Having great confidence in the knowable – the unclassified, vast knowable – allows for more precision in the use of specific capabilities, reserved for governments, in pursuit of the hardest to reach knowledge.

As argued recently in The Cipher Brief, there is both depth and breath, in commercially sourced intelligence. And to be distinct, commercially sourced intelligence should not be viewed as competitive to sensitive or classified intelligence. We need commercially sourced intelligence because it is the very information that we can use to make decisions from unclassified environments. That means it can be deployed and actioned against quickly. It can reach into the hands of those across the public and private sectors, and across contested borders, who need it; need it acutely as we stand against the digital threats that seem viscerally close, perhaps unlike ever before.

The governments galvanized in opposition to aggression can immediately, systematically, and then continually augment their holdings and analysis with intelligence from commercial providers. Not only with a potentially unique view not subject to the limits of tasked governmental resources, and to compliment sensitive and classified holdings, but also because both the questions and answers that can be applied and discovered in commercially sourced intelligence specifically allows for the immediate deployment of that intelligence to those who need to take action themselves, separately, in the defense of their own systems, services, and on behalf of the people who depend on them.

That streamlining of producing trusted knowledge in this exigent circumstance is one way to not just say that we stand with Ukraine, but to do something. And perhaps in this moment, as Kiev is encircled and likely infiltrated, it rings as not enough to discuss what we can do to protect our digital dependencies.

Acknowledging that, we also acknowledge that as intelligence and security professionals we have no option to remain with our regrets. We must mitigate what our experience tells us is likely to come. When we say we stand with Ukraine, we must start by standing together.

We believe the willing can re-examine the ways we develop, categorize, and deploy the knowledge needed to effectively collaborate; and we certainly believe using a common platform assists this aim. Beyond, we believe the willing must stand together in alliance to contend with the speed and consequences of the convergence of the physical world on the digital, and the digital world on the physical.

In doing so, with all our leadership, innovation, and energies, can we truly act together, to further help Ukraine, and to contend with the borderless digital ramifications of this history changing aggression.

Dr. Christopher Ahlberg is CEO of Recorded Future, Inc. Previously, he was president of the Spotfire Division of TIBCO, which he founded in 1996, and in 2007, sold to TIBCO (Nasdaq: TIBX). Spotfire was founded based on his ground-breaking research on information visualization. View all articles by Christopher Ahlberg

Geoff Brown joined Recorded Future in January 2022 to accelerate the company’s

impact for the missions of global governments. Geoff was CISO for the City of New York and Head of NYC Cyber Command between 2016 and December 2021, and has prior experience in financial services and the U.S. Federal Government, including with the 9/11 Commission. View all articles by Geoff Brown

Cipher Brief Subscriber+ Members receive exclusive expert briefings from members of our expert network. Upgrade to Subscriber+ today.

Read more expert-driven national security insight, perspective and analysis in The Cipher Brief


bottom of page