Geopolitical Cyber Risk: War and Coercive Diplomacy

This is how cyber warfare looks, according to ChatGPT ^_^

Hello everyone,

Today, we’re diving into an intriguing case of cyber risk in the world of international politics, focusing on a specific cyber attack that occurred during the Russia-Ukraine conflict. This post aims to unpack the complexities of cyber attacks in the realm of global politics and their impact on international relationships.

Our focus will be on a series of cyber attacks targeting Turkish airports, an event that’s particularly interesting given Turkey’s unique position in the ongoing conflict between Russia and Ukraine. Through this analysis, we’ll get a glimpse into how cyber operations are used in modern diplomacy and conflict, and what this means for countries involved.

We’ll try to explore why these attacks happened, what Turkey’s role in the larger Russia-Ukraine conflict might mean in this context, and how cyber tactics are becoming key tools in the arsenal of countries and groups looking to push their agendas on the world stage.

Lastly, we’ll extract insights and make forecasts which we can use to preposition our defenses against potential changes in the geopolitical landscape. Understanding these dynamics is crucial for anticipating future threats and strengthening our cyber security posture proactively.

So, let’s get started and unravel this intriguing story of cyber conflict, strategy, and the delicate dance of international politics.

The Incident

During the earlier stages of the Russia-Ukraine conflict, several Turkish airports were hit by intense DDoS attacks, thought to be carried out by Ukrainian hacktivists. During this attack, messages demanding the halt of flights to Russia were inserted into the HTTP packets, specifically stating “Stop flights to Russia” and “Cancel flights to Russia”. Notably, Turkey is not directly involved in the conflict between Russia and Ukraine.

In response to these cyber attacks, the airports took action by blocking the HTTP requests that contained the word “Russia”. Afterwards, the hackers did not adapt their attack against this measure. Also, no hacktivist group claimed responsibility for it afterwards.

Background and Turkey’s stance on the conflict:

Turkey holds significant geopolitical significance in the context of the Russia-Ukraine conflict due to several key factors:

• Turkey controls the Bosporus and Dardanelles straits, which are vital maritime routes connecting the Black Sea to the Mediterranean. This control gives Turkey substantial influence over Russian naval access, especially for Russia’s Black Sea Fleet based in Sevastopol, Crimea.
• Despite being a NATO member, Turkey has pursued an independent foreign policy that often includes cooperation with Russia. This includes purchasing the Russian S-400 missile defense system, which caused friction with NATO allies. Turkey’s ability to maintain relationships with both Western countries and Russia places it in a unique position to influence or mediate in the conflict.
• Turkey has provided significant military support to Ukraine, most notably the Bayraktar TB2 drones, which have been effectively used by Ukrainian forces. This military assistance enhances Ukraine’s defense capabilities against Russian aggression.
• Turkey is a key transit country for Russian oil and gas pipelines to Europe, notably the TurkStream pipeline. This role in energy transit gives Turkey leverage in the region’s energy dynamics, especially relevant given the conflict’s impact on global energy markets.
• Turkey has offered to mediate between Russia and Ukraine and has hosted diplomatic talks. Its unique position as a country with good relations with both Russia and Ukraine enhances its potential as a mediator.
• Turkey has significant trade relations with both Russia and Ukraine, including in the agricultural and energy sectors. The conflict has implications for Turkey’s trade dynamics, especially concerning grain and energy imports.
• Turkey is a popular destination for Russian tourists, and the Russian market is important for Turkey’s tourism industry. Economic ties between Turkey and Russia, including Russian investments in Turkey, add another layer to their complex relationship.

In summary, Turkey’s geopolitical significance in the Russia-Ukraine conflict stems from its strategic geographic location, its role in regional energy dynamics, its military capabilities, and its unique position in balancing relations with NATO, Russia, and Ukraine. Turkey’s actions and policies can significantly influence the conflict’s dynamics and the broader regional security landscape.

Making sense of the DDoS incident

DDoS and other disruptive cyber attacks have increasingly become tools of “coercive diplomacy”. In the past, various state and non-state actors have utilised these cyber tactics as a means to exert pressure, influence policy decisions, or retaliate against actions deemed contrary to their interests in a less confrontational way. In light of these precedents, let’s assume that the attack on Turkish airports is also an attempt at using cyber capabilities for coercive diplomacy, and try to explore possible objectives behind it. Without clear attribution, Turkey may find it challenging to respond diplomatically. The uncertainty could lead to heightened tensions and suspicions, not just towards Ukraine but potentially towards other nations or independent cyber groups.

In this brainstorming scenario, analysts can employ frameworks such as STEMPLES or DIMEFIL, along with SATs like Outside-in thinking and 1–2–4, to envision various scenarios and gain a comprehensive understanding of the factors at play in any given situation. Subsequently, these scenarios can be organised into broader hypotheses, followed by the application of contrarian techniques to question each hypothesis. Analysis of Competing Hypotheses can then be utilised to pinpoint the most probable scenarios.

In our case, the majority of scenarios center around four possibilities, assuming that the hacktivist group is indeed acting in alignment with Ukraine’s interests (which may not be the case):

Four key hypotheses

Hypothesis 2 appears less convincing because the attack was deliberately designed to have minimal disruptive effects. Similarly, Hypothesis 4 is not strong, as there was no immediate need for Ukraine to retaliate when the incident occurred. Additionally, the DDoS attack was not modified to sustain its disruptive impact, and the absence of any hacktivist group claiming responsibility further undermines Hypothesis 4.

This analysis primarily supports Hypotheses 1 and 3 as the most probable scenarios. Next, we will focus on translating these conclusions into forecasting models for enhancing cyber defense strategies.

Forecasting

We will now examine each scenario individually, assuming its validity, and attempt to identify the factors influencing decision-making in the context of cyber attacks for each case.

Disruption of Russia-Turkey Connectivity: Potential Impact on Other Nations

For this hypothesis, we assess that the targets should meet the following criteria:

• The country should be neutral or not actively supporting Ukraine in the conflict.
• The country should have significant economic ties with Russia, especially in commerce or tourism.

Countries that align with these criteria and may therefore be at risk in such attacks include:

• Egypt: A favoured destination for Russian tourists. Before the suspension of direct flights in 2015, Russian tourists represented about a third of all inbound tourists to Egypt. [*] Disrupting air travel could severely impact its tourism industry and harm economic ties with Russia.
• United Arab Emirates (UAE), particularly Dubai: As a global business hub with strong Russian connections [*], any disruption in air travel could affect not just Russian enterprises but also international businesses in the region.

Pressure on Neutrality: Potential Impact on Other Nations

For this hypothesis, we assess that the targets should meet the following criteria:

• The country should be neutral or not actively supporting Ukraine in the conflict.
• The country’s position should hold the potential to strategically affect the course of the conflict.

Countries that align with these criteria and may therefore be at risk in such attacks include:

Countries assessed to be at risk. BRICS definition: https://en.wikipedia.org/wiki/BRICS

Indications of Change: What actions in the future could trigger a similar disruptive cyber attack against Turkey?

While purely speculative, there are certain actions by Turkey that could hypothetically trigger a cyber-disruptive attack from either Russia or Ukraine, considering the complex dynamics of the Russia-Ukraine conflict. Here are some hypothetical scenarios:

It’s important to underline that these scenarios are speculative, formulated on the basis of historical patterns of cyber operations in international affairs. Nevertheless, devising these scenarios and monitoring substantial shifts in the geopolitical sphere can be immensely valuable for predictive defense. Armed with these insights, we can prepare for the most probable scenarios and their potential effects on our cyber security.

In a real-life application, it’s beneficial to have a behavioural model for each country’s cyber operations. This model would provide insights into the types of cyber operations a country might employ, the circumstances under which they would be used, and the potential targets. Such models can be developed by analysing historical data of cyber operations during times of war or diplomatic tension. This approach greatly aids in accurately predicting the type and targets of potential cyber attacks in a given scenario.

To track the unfolding of these scenarios, we could establish Google Alerts using keywords tailored to each specific scenario, thereby initiating our monitoring process.

Google Alert Keywords for “Military”:

• Scenario A: “Turkey UAV supply Ukraine”, “Bayraktar TB2 Ukraine”, “Turkey military support Ukraine”
• Scenario B: “Turkey military aid Ukraine”, “Turkey intelligence support Ukraine”
• Scenario C: “Turkey Bosporus straits NATO”, “Dardanelles straits military access”, “Turkey Black Sea NATO”

Google Alert Keywords for “Diplomatic”:

• Scenario A: “Turkey recognizes Russia annexed territories”, “Turkey opposes sanctions Russia”, “Turkey diplomatic shift Ukraine”
• Scenario B: “Turkey recognition political entities Russia”, “Turkey Russia diplomatic escalation”

Google Alert Keywords for “Economic”:

• Scenario A: “Turkey Ukraine grain export deal”, “Black Sea grain export disruption”, “Turkey Russia grain deal Ukraine”
• Scenario B: “Turkey economic sanctions Russia”, “Turkey energy sector sanctions”

Setting up alerts in languages other than English can be highly beneficial, as the volume of news related to a conflict often increases nearer to its source, leading to faster updates. For our purposes, adding Russian, Ukrainian, and Turkish keywords in the alerts, tailored to specific scenarios, would be good. Additionally, Twitter serves as a valuable resource for rapid updates, although it usually requires more effort to filter through irrelevant or less useful information.

Conclusion

As we’ve explored in this post, cyber operations have become integral to the strategies of nations and non-state actors alike, often blurring the lines in between. This case study highlights the importance of analysing geopolitical tensions and alignments to anticipate and mitigate the risks of changing security landscape.

In conclusion, by dissecting such incidents, we gain valuable insights into the tactics and motivations driving cyber conflicts. This understanding is vital for developing more effective security measures and strategies in response to the complex interplay of technology, politics, and international relations.

I hope you found this article useful.

See you in the next one!