The Georgian authorities, with the help of their colleagues from the United States and Europe, are investigating a powerful cyberattack that struck the South Caucasus country on October 28. Experts say that the latest cyberattack was much more powerful than the one Georgia experienced in early August 2008, when “unknown groups” (but almost certainly tied to Moscow) compromised Georgian government and private servers amidst the so-called Five Days War with Russia (Dea.gov.ge, 2011).
The Georgian Ministry of Internal Affairs reports that both last month’s attack and the “cyber-aggression” of eleven years ago were most likely carried out by actors operating “from another state,” though officials declined to name which specific country. The ministry reported on the progress of Tbilisi’s investigation, on the morning of October 29, noting, “At this stage, it was established that the goal of the attackers was to change the home page of (i.e. to deface) several thousand sites,” apparently by targeting website hosting firms. According to the internal ministry, an investigation is being conducted “with the participation of specialists from partner states,” referring to the US and several European countries (Netgazeti.ge, October 29).
The cyberattack began at around noon, on October 28, and lasted over 24 hours. Hackers simultaneously assailed thousands of websites of government agencies, as well as the online pages of several influential non-governmental organizations (NGO) and private companies (Zdnet.com, October 28). Websites were defaced to show a photo of former president Mikheil Saakashvili with the words “I’ll be back.” The television channels Imedi and Maestro reported that the attack did tremendous damage, forcing them to temporarily stop broadcasting. Saakashvili, who lives in Ukraine, immediately dissociated himself from the attack (Oc-media.org, October 28).
Dr. Vladimer Svanadze, founder and managing partner of the Cyber Security Academy of Georgia, told this author that the October 28 cyberattack on Georgian hosting companies did not represent a high-tech attack, but it was quite large in scale and can be compared to the Russian cyberattack on Georgian critical infrastructure in 2008. “The purpose of such a ‘defacing’ cyberattack is to intimidate the population, spread panic [and] probe the resilience of critical infrastructure, searching for weak and vulnerable areas. An investigation is underway at this point, though it can be assumed that the attack originated from abroad and likely from Russia,” Svanadze said. He underscored, “Georgia has achieved some success in the field of cyber security, but at this stage there is some stagnation. In fact, there are no proper approaches by the authorities, no risk assessment, no priorities set. It can be said that Georgia is clearly lagging when it comes to addressing new global challenges in the cyber security field.” Svanadze went on to state, “The United States, as a strategic partner of Georgia, can provide assistance and support, but this process should be properly defined. In particular, the emphasis should be on strengthening [the] private sector in this area […] as a provider of cyber-security services” (Author’s interview, November 4).
A representative of the Georgian company Cyber Security Group (CSG) noted that the firm had repeatedly warned authorities about the danger to the country due to an inadequate response to the “Russian challenge” in a situation wherein Moscow conducts a “cyber war” not only against Georgia but also other neighboring states and Western countries. CSG believes it is necessary to introduce special infrastructure protection systems that take into account the specifics of Georgia, and has developed a number of products that can significantly increase the country’s security in the ongoing “global cyber war.” However, the representative lamented, the government is still not ready to make the necessary decisions, arguing that it lacks the funds to proceed (Author’s interview, November 4).
Georgian experts are trying to understand why Moscow, the most likely perpetrator behind the attack, decided to carry it out at this moment. Political analyst Nika Imnaishvili noted that in the summer, President Vladimir Putin banned direct flights from Russia to Georgian resorts, thereby dealing a blow to Georgia’s tourism industry (see EDM, July 31). Then, Moscow announced efforts to modernize separatist Abkhazia’s armed forces (see EDM, September 25). But if these measures were designed to compel Tbilisi to change its foreign policy, they failed. And indeed, the US and the North Atlantic Treaty Organization (NATO) are presently working with Georgia to implement several important programs to bring the small republic closer into the Euro-Atlantic community (see EDM, October 10). “Perhaps [the October 28] cyberattack is a warning about the possibility of Moscow using other tools. These tools are close to military actions because they can cause irreparable harm to public and private infrastructure,” Imnaishvili mused (Author’s interview, November 4).
On October 30, a day after the mass hacking campaign petered out, Tbilisi hosted the NATO–Georgia Public Diplomacy Forum. The main topic of discussion was defense against the “hybrid war” that Russia is waging through cyberattacks (Commersant.ge, November 5). Within the framework of the Forum, Georgian Foreign Minister David Zalkaliani met with the US Department of State’s Special Envoy and Coordinator of the Global Engagement Center, Lea Gabrielle. Zalkaliani underscored the urgent need to combat Russian disinformation and propaganda campaigns. He underlined that Georgia needs help from the US and its Western partners (Mfa.gov.ge, October 30).
According to Gabrielle, the US highly appreciates its strategic partnership with Georgia and is committed to further broaden this cooperation. She confirmed that Washington is ready to share with Tbilisi its experience in resisting cyberattacks (Mfa.gov.ge, October 30). Such expertise will prove invaluable to Georgia if its government is to seriously attempt to build up its domestic cyber defenses.