Could understanding the evolution of cyberattacks better prepare us for the future of warfare?

While most of us are focused on the ground war in Ukraine, there could be another battleground that's less visible: cyberspace.

Russia has been attacking Ukraine (and other countries) with internet and network disruptions for years. But the ground invasion has brought new attention to cyberwarfare and what we can do to protect ourselves.

"I would certainly say that we're entering a new phase of cyberwarfare awareness, because the world is looking at Ukraine in a way that it wasn't even a month ago," said Andy Greenberg, a senior writer at Wired and the author of the book, Sandworm: A New Era for Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers.

Greenberg spoke to Spark host Nora Young on March 15, 2022, around three weeks into Russia's invasion of Ukraine.

So how does the role of cyberattacks change in the context of a land invasion?

Russia and Ukraine have been engaged in cyberwarfare for several years now, and the consequences have been much bigger than simple internet outages. Hospitals and airports have been paralyzed, large shipping companies have seen their operations shut down, and even pharmaceutical companies like Merck in the U.S. have been dramatically affected, he said.

Much of the attacks have come from a Russian group called Sandworm, which works for Russia's military intelligence agency. Its malware has caused the shutdown of Ukraine's postal service, banks, hospitals, airports and even the fare payment system in Kyiv's metro.

And it's spreading, he said. "Before Ukraine was on everyone's mind, we in the West treated Ukraine as this faraway place, kind of within Russia's sphere of influence. Russia had been digitally and physically abusing Ukraine for decades, in some ways for centuries. And we kind of ignored that in the West and allowed Russia to cross all these red lines, thinking that we would not be affected," Greenberg said.

"But on the internet, we're connected in ways that are not intuitive, and it turns out we're on the border of our adversary the same way that Ukraine was, we were connected to Ukraine, and to its enemies, in ways that we didn't fully understand. And I think we suffered the consequences of that misunderstanding."

Of course, Russia is not alone in issuing cyber attacks at the state level. Greenberg called the lack of international diplomatic responses to state-sponsored malware "appalling," but said that's changing. He'd like to see a set of "red lines" created beyond which attacks can be internationally prosecuted. He likened it to the Geneva Conventions, which dictate what is and isn't "fair play" in wartime.

Lauren Zabierek, the executive director of the Belfer Center's Cyber Project at Harvard's Kennedy School echoed Greenberg's concerns.

She cited the WannaCry malware, developed in North Korea, that all but shut down the United Kingdom's National Health Service, but also pointed out the tension between public and private interests, especially when it comes to protecting infrastructure from cyberattacks. Private corporations, which are largely unregulated, manage most critical infrastructure in the U.S..

However, the U.S. Congress recently passed legislation that requires operators of critical infrastructure to report any security breaches, she said.

Though it's challenging to verify the source of an attack, and accusing an actual state of engaging in cyberwarfare can be diplomatically challenging, she added.

"People have even said in the past that it's impossible to attribute where those attacks are coming from, especially [from] our adversaries in this domain, but it's not impossible, it can be done. Technical capabilities are getting better and better all the time. [But] so does the adversaries' ability to obfuscate their operations."

Written by Adam Killick. Produced by McKenna Hadley-Burke, Samraweet Yohannes and Michelle Parise.