predicted a similar build-up of Russian hackers along the ideological boundaries of cyberspace;

ready to match any physical assault with an equally damaging virtual attack.

The country has proven itself a leading offensive cyber power — whether that be by interfering in

and influencing foreign elections or by mounting cyberattacks on critical infrastructure

such as air traffic control systems and water treatment facilities.

Yet, months into Moscow's brutal military invasion,

a cyberwar of similar consequence has yet to materialize.

Essentially, Ukraine's digital defense has proved as determined as its physical one.

Before the full-scale invasion of Ukraine,

Russia was harassing Ukraine relentlessly in cyberspace.

Still, the risks of cyberwar have not gone away.

As the world becomes increasingly reliant on technology across all walks of life,

the potential for cyberwarfare to wreak havoc on society remains —

whether in this conflict or the next.

So, what exactly could a cyberwar entail and how prepared are we?

For the first time in human history, it's possible to inflict large-scale harm

on another country, from a different country

without anybody ever setting foot on the territory of that country.

Cyberwarfare can be broadly defined as an act of aggression

conducted through a digital network by state-sponsored actors.

The targets can be military or civilian, but the end goal is to coerce

a sovereign state to bend to the actor's will.

This is different from cyberterrorism, which is typically conducted by independent actors.

It's now, more than ever, critical that we are preparing for such events.

Security experts have been raising the alarm on such cyber risks for decades.

Back in 2012, then-U.S. Defense Secretary Leon Panetta warned the country was facing

a potential “cyber-Pearl Harbour,” with the national power grid, transportation,

financial network and government having grown increasingly vulnerable to foreign hackers.

Britain considered the risks so significant that in 2016,

GCHQ, the country's electronic intelligence and security agency,

launched a unit specifically designed to deal with cyber threats.

Ciaran Martin was the founding CEO of GCHQ's National Cyber Security Centre and is now

a professor at the University of Oxford's Blavatnik School of Government.

He explained more.

There's this sort of Hollywood version of cyber that everything's connected to everything else.

That's not really the way cyber operations work.

But they are really serious, quite pernicious and nasty social and economic threats

from cyberspace, and we need to be realistic about telling people what they are.

Such events are not unheard of.

Already, there have been several serious cyberattacks with wide-reaching consequences —

both intended and otherwise.

In 2010, Iran's nuclear facilities were severely disrupted

by a malicious computer worm known as Stuxnet,

in the first known example of a digital weapon causing physical damage.

Then, in 2017, a mock ransomware attack known as NotPetya brought Ukrainian businesses

to their knees, damaging systems and deleting data, with major knock-on effects internationally.

An accounting organization in Ukraine was attacked and Maersk had to suffer

a massive fallout as a consequence, even though they were not the target.

So the challenge with the cyber realm is that you don't necessarily need to be the target,

you can be collateral damage.

And roughly one hour before Russia invaded Ukraine, internet access in Ukraine and

swathes of Europe were crippled after a cyberattack

against U.S. satellite communications provider Viasat.

The outage affected the Ukrainian military's ability to communicate with

its frontline troops — a move the West has blamed on Russia.

In the first four months of 2022, Russian hackers launched more than 200 cyberattacks

against Ukraine, targeting government agencies and private companies,

according to analysis from Microsoft.

The report noted that the cyberattacks “have also sought to disrupt people's access

to reliable information and critical life services on which civilians depend.”

However, the intensity of these attacks by Russia in the cyber realm

have surprised experts, who were anticipating more.

Is it a lack of kind of ability from the Russian side?

Or do you think it's just so fundamental to the fact that cyberwar doesn't actually

have the kind of overall impact that maybe traditional military warfare has?

So there are various theories.

Firstly, there was the quick victory theory.

If, as it is believed they thought, they were going to take the whole of Ukraine

in three or four days, why would you devastate it digitally when you're going to be ruling it?

Perhaps at the almost other end of the spectrum of theory, some of the Russian military equipment

seems to have been so poor that Russian infantry themselves are using GPS,

they're using WhatsApp to communicate, so if you take out the Ukrainian internet infrastructure,

then the Russian soldiers can't use it.

There is of course then — and I think there definitely is something in this —

that when you're in a period of high tension short of war, cyber is a very, very useful tool.

When you're actually at war, and you can send bomber planes in and so forth,

the complexity and time and resources of a cyber operation becomes less useful.

That doesn't mean the risks of cyber conflict have faded, however.

No special rules apply in cyber, so if Russia's going to do aggressive behavior,

it could do it in cyberspace.

What is potentially even more concerning is there is a lot of noisy activity in cyberspace

at the moment between Russia and Ukraine, but the way the network world works means

you cannot cauterize that activity necessarily between Russia and Ukraine.

Physical attacks, just by nature, can be contained a bit.

You know where you're attacking, you can control it to a certain degree.

Unfortunately, that's not the case when it comes to cyberattacks.

As a result, authorities are now calling for greater efforts to help prevent —

or at least prepare for — potential cyberattacks.

That includes encouraging governments and businesses to work more closely together

to understand their cybersecurity vulnerabilities.

One part of it is ensuring the resilience of government establishments.

I think the other and more important priority also is to ensure

how are they supporting the private sector in this endeavor.

Public-private cooperation is the key to all this.

In response to rising Russian cyber risks, the U.S. passed a new law in March 2022

requiring owners and operators of critical infrastructure

to report cyber incidents within 72 hours and ransomware payments within 24 hours.

A year earlier, Russia-based cybercriminals targeted the U.S.'s largest fuel pipeline.

The Colonial Pipeline ransomware attack resulted in widespread energy shortages

and a regional state of emergency.

President Joe Biden said in a statement, “Russia could conduct malicious cyber activity

against the United States, including as a response

to the unprecedented economic costs we've imposed...”

At the same time, authorities are trying to determine the legal boundaries of cyberspace.

In 2021, President Biden gave President Putin a list of 16 critical sectors

he said should be “off limits” to cyberattacks.

Those included telecommunications, food, energy and healthcare.

It follows continued calls from Western policymakers to establish

some form of global cyber treaty outlining the red lines for cyberwarfare.

Similar to the Geneva Convention, it could, for example, draw virtual no-fly zones around hospitals,

making any life-threatening attack on medical facilities a war crime.

The jury is out on how much buy-in such an agreement would get

in a world currently so at odds.

I'd be cautious about thinking there's some grand treaty coming

that's going to take care of this problem.

In actual fact, what I think is more likely at the moment is that thanks to the rise

of China and its technological base, the technological world is splitting into two techno spheres,

one led by the United States and its allies, and one led by China.

And if that trend continues, as it looks likely to, I think what you might find is a set of

sort of rules and standards in the U.S.-led model and a different set of standards

in the China model, and then a bunch of competition for influence afterward.

Still, there are some limitations to cyberspace which experts say offer hope that a cyber conflict,

if it were to occur, might not be as catastrophic as once feared.

We do have to understand that this problem, it is about computer code.

There's serious harm you can do with it, but it's pretty hard, actually,

to blow up the world via computer code.

There are technical limitations, there are scientific limitations on what can be done.

We have a chance to improve the security of technology.

We can see what's coming, we have that discussion, we can get ahead of it

so we can have a safer digital environment in 10 years' time than we have now.