Why Russia Hasn't Launched Major Cyber Attacks Since the Invasion of Ukraine

The idea that Russia has significant cyber capabilities and isn't afraid to use them, especially on Ukraine, is the most widely accepted idea in the history of cyber conflict. The Ukrainian power grid was hacked in 2015. The NotPetya software was used by Russia and it caused billions of dollars in damage and disruption. In the months after the NotPetya attacks, a lot of people thought that Ukraine was a testing ground for Russia's cyberwar capabilities.

The United States Department of Homeland Security issued a warning to businesses to be on high alert for Russian cyberattacks, as did the U.K.'s National Cyber Security Centre. The devastating Russian cyberattacks everyone has been expecting have yet to happen. There is no guarantee that a large-scale cyberattack on Ukraine's electrical grid or global banks isn't just around the corner. Russia has demonstrated time and again that it has little regard for targeting critical infrastructure and causing significant damage through cyber aggression.

As the invasion continues, it seems less and less likely that Russia has the cyber capabilities to respond to a cyber conflict. Russia'svaunted cyber capabilities have been neglected in recent years, in favor of developing less expensive, less effective cyber weapons that are easier to contain and defend against. Many of the cyberattacks directed at Ukraine in the past month have been relatively basic distributed denial-of-service attacks, in which hackers bombard Ukrainian government websites and server with so much online traffic that they cannot respond to legitimate users and are forced offline for some period of time. Denial-of-service attacks can be effective for short-term disruptions, but they are not a new or impressive cyber capability and were used by Russia to target Estonia more than a decade ago. Launching these types of attacks does not require sophisticated technical capabilities or discovery of new vulnerabilities, and they typically have fairly contained impacts on the specific, targeted computers. The recent reports that Belarusian hackers are trying to phish European officials using compromised accounts belonging to Ukrainian armed services members suggests that these efforts are not being carried out by Russian military hackers directly.

The world is watching the war between Russia and Ukraine. Russian media is telling a different story.

Microsoft has reportedly detected programs attributed to Russia in recent weeks and shared that information with the U.S. government as well as other countries concerned about Russian cyberattacks. The discovery of new Russian wipers is cause for concern since NotPetya was a form of wiper that caused massive damage. Unlike NotPetya, the programs that have been the focus of the latest wave of alert have shown little ability to spread quickly via common, difficult-to-patch vulnerabilities.

It is likely that the combined efforts of Microsoft, the U.S., and many other countries have helped to curb the damage caused by these efforts. If Russia had a large amount of undetected vulnerabilities and sophisticated software designed to exploit them, these lines of defense wouldn't be enough to prevent some significant damage and disruption. Updating critical infrastructure networks and systems is slow, expensive, complicated work and it is impossible that every potential target has been hardened to the point where it is no longer vulnerable to Russian cyberattacks.

As the conflict continues for an extended period, many of the early theories for why Russia might have abstained from more serious cyberattacks look increasingly implausible. One explanation for why Russia left Ukrainian electricity distribution and communication networks intact was that Putin wanted the rest of the world to see Russia's swift, decisive victory in Ukraine via a steady stream of images and videos that might have been hampered by such an attack. It makes less sense for Russia to leave that infrastructure untouched unless they are able to take it out. The Russian decision to strike a TV tower in Kyiv seems to support this interpretation.

Ukrainians have a secret weapon against Russia.

It would be foolish to count out Russia's cyber capabilities just because they have so far proven unreliable. It is hard to prove the absence of cyber weapons in a nation's arsenal. The longer the conflict goes on without any signs of cyber sabotage, the more likely it is that the once formidable Russian hackers are no longer playing a central role in the country's military operations.

Even if Russia doesn't have a lot of sophisticated cyber weapons right now, they will still go on to develop new ones in the future. The lack of a significant cyber conflict is an important reminder of how little we know about a country's cyber capabilities. Many of our beliefs about which countries have the most impressive hacking tools and Russia's cyber dominance are based on incidents in the past, and an awful lot can change in a few years.

We can be reached at letters@time.com.