{"title":"管理战时网络攻击:乌克兰案例","authors":"Iryna Fyshchuk, Mette Strange Noesgaard, Jeppe Agger Nielsen","doi":"10.1111/puar.13895","DOIUrl":null,"url":null,"abstract":"Cybersecurity specialists face continual challenges in protecting organizations and societies from ever‐evolving cyberattacks. These challenges intensify dramatically in the context of war, yet our understanding of cyberattacks during wartime is limited. This is in part because it is difficult to gather information about cyberattacks and cybersecurity in highly tense wartime environments. Against this backdrop, we present evidence from a unique case study that examines cyberattacks and cybersecurity issues in the context of the Russian‐Ukraine war. Compared with peacetime, the nature of cyberattacks in wartime both intensifies and expands. During armed conflict, nation‐state funded cyberattacks are typically better financed, more prolonged, and have concrete aims, including to disrupt military operations, sabotage infrastructure, spark civil unrest, and spread disinformation. Countries at war experience extreme pressures due to resource scarcity, poverty, and societal conflicts, all of which make it difficult to effectively manage cyberattack threats and experiences. Based on interviews with public authority representatives in Ukraine, our study found four main challenges to managing cyberattacks during wartime. First, <jats:italic>limited financial resources</jats:italic> were a major hindrance. Decision‐makers said that they were forced to set tough economic priorities and to oscillate between allocating resources to physical assets (e.g., <jats:italic>conventional</jats:italic> military operations and rebuilding infrastructure devasted by bombing) and to cybersecurity. In such situations, cybersecurity came in second to more immediate wartime needs; this complicated sufficient investment in IT infrastructure, cyber‐awareness training, and implementing response plans. Second, the country faced serious <jats:italic>recruitment difficulties</jats:italic>. Attracting IT and cyber personnel has been hard—and sometimes impossible—as the war forced people to leave the country or parts of it, and many IT professionals left the field to become soldiers. Further, salary disparities between the public and private sectors, as well as regional differences, thwarted recruitment efforts in certain areas of the country. <jats:italic>Inappropriate human behaviors</jats:italic>, such as clicking insecure links, poor password practices, and using risky apps, always pose significant cyberattack risks. War magnifies these challenges due to lack of training, as well as to increased financial incentives for employees to compromise security. <jats:italic>Unclear cybersecurity guidelines</jats:italic> added an extra layer of complexity in managing cyberattacks. Public authority representatives at the local level said that they lacked the clear, actionable guidelines they needed for cyberattack management in a wartime situation plagued by resource scarcity. These four challenges are not unique to wartime situations; all are recognized in the cybersecurity literature covering routine IT contexts. However, our study illustrates how these four cyberattack challenges are magnified, entail critical dilemmas, and are more difficult to manage during wartime, not least because prioritizing cybersecurity is a challenge in itself. Hence, while Ukraine had upgraded its digital government capacities before the war, and government actors have attempted to continue managing ongoing cyberattack challenges—including adapting legislation and providing cyber‐awareness training for public servants to decrease inappropriate human behaviors—effectively managing cyberattack threats has remained extremely difficult. Our article contributes new insights into the challenges of managing cyberattacks in extreme situations. We showcase the challenges and dilemmas in wartime and offer practice‐based knowledge on cyberattacks and cybersecurity efforts in highly tense environments.","PeriodicalId":6,"journal":{"name":"ACS Applied Nano Materials","volume":null,"pages":null},"PeriodicalIF":5.3000,"publicationDate":"2024-11-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Managing cyberattacks in wartime: The case of Ukraine\",\"authors\":\"Iryna Fyshchuk, Mette Strange Noesgaard, Jeppe Agger Nielsen\",\"doi\":\"10.1111/puar.13895\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Cybersecurity specialists face continual challenges in protecting organizations and societies from ever‐evolving cyberattacks. These challenges intensify dramatically in the context of war, yet our understanding of cyberattacks during wartime is limited. This is in part because it is difficult to gather information about cyberattacks and cybersecurity in highly tense wartime environments. Against this backdrop, we present evidence from a unique case study that examines cyberattacks and cybersecurity issues in the context of the Russian‐Ukraine war. Compared with peacetime, the nature of cyberattacks in wartime both intensifies and expands. During armed conflict, nation‐state funded cyberattacks are typically better financed, more prolonged, and have concrete aims, including to disrupt military operations, sabotage infrastructure, spark civil unrest, and spread disinformation. Countries at war experience extreme pressures due to resource scarcity, poverty, and societal conflicts, all of which make it difficult to effectively manage cyberattack threats and experiences. Based on interviews with public authority representatives in Ukraine, our study found four main challenges to managing cyberattacks during wartime. First, <jats:italic>limited financial resources</jats:italic> were a major hindrance. Decision‐makers said that they were forced to set tough economic priorities and to oscillate between allocating resources to physical assets (e.g., <jats:italic>conventional</jats:italic> military operations and rebuilding infrastructure devasted by bombing) and to cybersecurity. In such situations, cybersecurity came in second to more immediate wartime needs; this complicated sufficient investment in IT infrastructure, cyber‐awareness training, and implementing response plans. Second, the country faced serious <jats:italic>recruitment difficulties</jats:italic>. Attracting IT and cyber personnel has been hard—and sometimes impossible—as the war forced people to leave the country or parts of it, and many IT professionals left the field to become soldiers. Further, salary disparities between the public and private sectors, as well as regional differences, thwarted recruitment efforts in certain areas of the country. <jats:italic>Inappropriate human behaviors</jats:italic>, such as clicking insecure links, poor password practices, and using risky apps, always pose significant cyberattack risks. War magnifies these challenges due to lack of training, as well as to increased financial incentives for employees to compromise security. <jats:italic>Unclear cybersecurity guidelines</jats:italic> added an extra layer of complexity in managing cyberattacks. Public authority representatives at the local level said that they lacked the clear, actionable guidelines they needed for cyberattack management in a wartime situation plagued by resource scarcity. These four challenges are not unique to wartime situations; all are recognized in the cybersecurity literature covering routine IT contexts. However, our study illustrates how these four cyberattack challenges are magnified, entail critical dilemmas, and are more difficult to manage during wartime, not least because prioritizing cybersecurity is a challenge in itself. Hence, while Ukraine had upgraded its digital government capacities before the war, and government actors have attempted to continue managing ongoing cyberattack challenges—including adapting legislation and providing cyber‐awareness training for public servants to decrease inappropriate human behaviors—effectively managing cyberattack threats has remained extremely difficult. Our article contributes new insights into the challenges of managing cyberattacks in extreme situations. We showcase the challenges and dilemmas in wartime and offer practice‐based knowledge on cyberattacks and cybersecurity efforts in highly tense environments.\",\"PeriodicalId\":6,\"journal\":{\"name\":\"ACS Applied Nano Materials\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":5.3000,\"publicationDate\":\"2024-11-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACS Applied Nano Materials\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1111/puar.13895\",\"RegionNum\":2,\"RegionCategory\":\"材料科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"MATERIALS SCIENCE, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACS Applied Nano Materials","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1111/puar.13895","RegionNum":2,"RegionCategory":"材料科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"MATERIALS SCIENCE, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0
摘要
网络安全专家在保护组织和社会免受不断演变的网络攻击方面面临着持续的挑战。这些挑战在战争背景下急剧加剧,但我们对战时网络攻击的了解却十分有限。部分原因在于,在高度紧张的战时环境中,很难收集到有关网络攻击和网络安全的信息。在此背景下,我们通过一项独特的案例研究,对俄乌战争背景下的网络攻击和网络安全问题进行了分析。与和平时期相比,战时网络攻击的性质既加剧又扩大。在武装冲突期间,民族国家资助的网络攻击通常资金更充足、持续时间更长、目的更明确,包括扰乱军事行动、破坏基础设施、引发内乱和传播虚假信息。由于资源匮乏、贫困和社会冲突,处于战争状态的国家承受着极大的压力,所有这些都使其难以有效管理网络攻击威胁和经验。根据对乌克兰公共机构代表的访谈,我们的研究发现,战时网络攻击管理面临四大挑战。首先,有限的财政资源是一个主要障碍。决策者们表示,他们不得不制定严格的经济优先事项,并在将资源分配给有形资产(如常规军事行动和重建被轰炸破坏的基础设施)和网络安全之间摇摆不定。在这种情况下,网络安全仅次于更紧迫的战时需求;这使得在 IT 基础设施、网络意识培训和实施响应计划方面的充分投资变得复杂。其次,国家面临严重的招聘困难。由于战争迫使人们离开国家或部分地区,许多 IT 专业人员离开这个领域去当兵,因此吸引 IT 和网络人员很难,有时甚至不可能。此外,公共部门和私营部门之间的工资差距以及地区差异也阻碍了该国某些地区的招聘工作。人类的不当行为,如点击不安全链接、密码使用不当和使用有风险的应用程序,总是会带来巨大的网络攻击风险。由于缺乏培训,以及员工破坏安全的经济动机增加,战争加剧了这些挑战。不明确的网络安全准则为管理网络攻击增加了额外的复杂性。地方一级的公共机构代表表示,在资源匮乏的战时形势下,他们缺乏网络攻击管理所需的明确、可操作的指导方针。这四项挑战并不是战时所独有的;所有这些挑战在涉及日常 IT 环境的网络安全文献中都得到了认可。然而,我们的研究说明了这四项网络攻击挑战在战时是如何被放大的,如何带来关键的两难问题,以及如何更加难以管理,尤其是因为优先考虑网络安全本身就是一项挑战。因此,尽管乌克兰在战前已经提升了数字政府的能力,而且政府行为者也试图继续管理持续存在的网络攻击挑战--包括调整立法和为公务员提供网络意识培训,以减少不当的人类行为,但有效管理网络攻击威胁仍然极其困难。我们的文章对在极端情况下管理网络攻击的挑战提出了新的见解。我们展示了战时的挑战和困境,并就高度紧张环境下的网络攻击和网络安全工作提供了基于实践的知识。
Managing cyberattacks in wartime: The case of Ukraine
Cybersecurity specialists face continual challenges in protecting organizations and societies from ever‐evolving cyberattacks. These challenges intensify dramatically in the context of war, yet our understanding of cyberattacks during wartime is limited. This is in part because it is difficult to gather information about cyberattacks and cybersecurity in highly tense wartime environments. Against this backdrop, we present evidence from a unique case study that examines cyberattacks and cybersecurity issues in the context of the Russian‐Ukraine war. Compared with peacetime, the nature of cyberattacks in wartime both intensifies and expands. During armed conflict, nation‐state funded cyberattacks are typically better financed, more prolonged, and have concrete aims, including to disrupt military operations, sabotage infrastructure, spark civil unrest, and spread disinformation. Countries at war experience extreme pressures due to resource scarcity, poverty, and societal conflicts, all of which make it difficult to effectively manage cyberattack threats and experiences. Based on interviews with public authority representatives in Ukraine, our study found four main challenges to managing cyberattacks during wartime. First, limited financial resources were a major hindrance. Decision‐makers said that they were forced to set tough economic priorities and to oscillate between allocating resources to physical assets (e.g., conventional military operations and rebuilding infrastructure devasted by bombing) and to cybersecurity. In such situations, cybersecurity came in second to more immediate wartime needs; this complicated sufficient investment in IT infrastructure, cyber‐awareness training, and implementing response plans. Second, the country faced serious recruitment difficulties. Attracting IT and cyber personnel has been hard—and sometimes impossible—as the war forced people to leave the country or parts of it, and many IT professionals left the field to become soldiers. Further, salary disparities between the public and private sectors, as well as regional differences, thwarted recruitment efforts in certain areas of the country. Inappropriate human behaviors, such as clicking insecure links, poor password practices, and using risky apps, always pose significant cyberattack risks. War magnifies these challenges due to lack of training, as well as to increased financial incentives for employees to compromise security. Unclear cybersecurity guidelines added an extra layer of complexity in managing cyberattacks. Public authority representatives at the local level said that they lacked the clear, actionable guidelines they needed for cyberattack management in a wartime situation plagued by resource scarcity. These four challenges are not unique to wartime situations; all are recognized in the cybersecurity literature covering routine IT contexts. However, our study illustrates how these four cyberattack challenges are magnified, entail critical dilemmas, and are more difficult to manage during wartime, not least because prioritizing cybersecurity is a challenge in itself. Hence, while Ukraine had upgraded its digital government capacities before the war, and government actors have attempted to continue managing ongoing cyberattack challenges—including adapting legislation and providing cyber‐awareness training for public servants to decrease inappropriate human behaviors—effectively managing cyberattack threats has remained extremely difficult. Our article contributes new insights into the challenges of managing cyberattacks in extreme situations. We showcase the challenges and dilemmas in wartime and offer practice‐based knowledge on cyberattacks and cybersecurity efforts in highly tense environments.
期刊介绍:
ACS Applied Nano Materials is an interdisciplinary journal publishing original research covering all aspects of engineering, chemistry, physics and biology relevant to applications of nanomaterials. The journal is devoted to reports of new and original experimental and theoretical research of an applied nature that integrate knowledge in the areas of materials, engineering, physics, bioscience, and chemistry into important applications of nanomaterials.