Ukrainian internet technology power helps fight Russian attack
On the first day of the war, as Russian tanks rolled into Ukraine, the Internet began to shake and, for some, shut down completely. Ukraine’s main Internet service provider, Triolan, was temporarily knocked out of service, in an outage that mainly affected the Kharkiv region in the northeast of the country, the target of the Russian invasion. Although the network was restored the next day, small disruptions continued throughout the week, according to data from IODA (Internet Outage Detection and Analysis), an Internet connectivity observatory affiliated with Georgia Tech. The Russian-occupied regions of Donetsk and Luhansk also saw drops in connectivity.
As the conflict has begun, the fear is that Russian-backed hackers will attempt to disconnect the Ukrainian internet, similar to the way they knocked out the country’s power grid in 2015. Since Feb. 23, the Russian cyber army has carried out repeated distributed denial-of-service (DDoS) attacks against government websites, overwhelming them with spurious traffic in order to take them offline. (But despite what happened to Triolan, the chances of Russia conducting a complete Internet shutdown against Ukraine are low.
Logically, Internet shutdowns are decided by governments that have the ability to order Internet Service Providers (ISPs) to disconnect, limit or restrict Internet access. Staging an Internet shutdown by an outside attacker is much more difficult to achieve. Russia could try to direct its DDoS attacks or other cyberattacks on border routers that connect an ISP’s network to the global internet, says Doug Madory, director of internet analytics at Kentik, an internet measurement company, but an attack that could take down a website would have a harder time destroying the internet infrastructure. “It wouldn’t really be practical to take the whole country offline with a DDoS attack,” Madory says. “These routers are pretty robust. And probably, if it was easy, they would have done it already.”
Anything is possible: after all, earlier this year, a U.S. hacker orchestrated a DDoS attack to take down North Korea’s servers. But Ukraine has been hardened by its past run-ins with Russian cyberattacks, and its level of preparedness and sophistication is far superior to North Korea’s. Most important, however, is the fact that any attacker would face a large number of targets rather than a single vulnerable one. Ukraine’s size and geographic position means it is deeply interconnected with Europe’s Internet backbone. According to a spokesman for the Ukrainian Internet Association, the country had more than 4,900 Internet service providers as of December 2021; some of them have prepared for the crisis by establishing fail-safe links between them and creating new backup network centers, according to the New York Times.
Ukrainian internet technology has developed in a decentralized way because of market dynamics, but that has served it well in recent years, says Tanya Lokot, professor of digital media and society at Dublin City University. “We realized that it was a natural and healthy way to organize the network. When you have a variety of peering points, you have a variety of Internet service providers across the country, a variety of mobile operators; it just leads to a more reliable system overall,” Lokot says. She contrasts this model with the Russian Internet, which is dominated by a few state-controlled operators and which the government is working to separate from the global Internet with a circuit breaker. “They [the Russians] are trying to centralize control, and in terms of system resilience, that’s damaging because it’s much easier to target,” Lokot says.
Ukraine’s power goes beyond just the number of providers, however. If cyberattacks fail to take down an ISP, a Russian military determined to disconnect Ukraine could decide to simply hit the connectivity infrastructure by bombing server rooms or cutting fiber optic cables. In fact, one possible – though unconfirmed – explanation for Thursday’s outage is that Russian bombs damaged Triolan’s infrastructure in Kharkiv. But it’s unclear whether a more methodical targeting of network equipment could cause a total Internet outage. According to Vadym Hudyma, a researcher at Digital Security Lab Ukraine, a digital rights group, the Ukrainian ISP market is very crowded, and all providers have adapted to be flexible and solve even the smallest technical problem quickly and efficiently.
“Partly because of this fierce competition-sometimes accidentally, sometimes not so accidentally-providers can cut their competitors’ networks. They may, for example, ‘accidentally’ cut cables while trying to cut their own,” he explains. “So to survive in these chaotic scenarios, where sometimes a few feet of your cable can be cut in the middle of the night, every provider has to be really, really flexible and be able to redirect network flows on the fly.”
This does not necessarily mean that the country’s current internet infrastructure would be able to withstand a concerted effort by Russia to destroy it. This consideration may have led the Ukrainian government to seek – and gain – the support of SpaceX CEO Elon Musk to activate its Starlink satellite internet service in the country. But it’s questionable whether Russia really wants to disable the internet in a country it has bombarded with disinformation.
“The Ukrainian government has no interest in shutting down the internet, obviously,” Hudyma says. “But the same can be said of the Russians: They are trying to push their propaganda and influence operations on the Ukrainian people. It is useful for them to have this online communication network.”