Chapter 1
Power in war relies in part on how quickly technology can be accessed and leveraged. While much focus has been placed on the vital military hardware countries have provided to bolster Ukrainian forces in countering the Russian invasion, the decisive and rapid action of global tech companies has also played a critical but unexpected role in the conflict. In particular, the companies that form the basis of the global internet system have successfully inhibited Russia’s information-warfare strategies and helped to disrupt the balance of power.
A key feature of warfare in the digital age is being able to use cyberspace in tandem with kinetic military action and denying or degrading national information infrastructure. From cyber-attacks designed to take down critical systems, to information jamming and psychological warfare through misinformation and disinformation, the side that controls the internet can shift the dynamics of the conflict. In this crisis, however, Russia’s control of cyberspace has been hampered by global tech companies that:
created a strategic digital blockade of Russia.
kept free and unrestricted internet content available to Russian citizens.
ensured that the internet was still accessible through satellite broadband.
counteracted Moscow’s information warfare.
prevented numerous cyber-attacks on Ukraine’s government and infrastructure.
Even before Ukraine’s Vice Prime Minister and Minister of Digital Information Mykhailo Fedorov sent tweets to Apple, Google, Netflix and Elon Musk’s Starlink asking for help, global tech companies were working to protect the internet – from its undersea cables to the 29 billion devices connected to it and the 2.5 quintillion bits of data created and carried on it daily – from the impact of the conflict. Global tech companies were able to step in with a speed and agility that individual countries did not possess, helping to neutralise Russia’s digital strategy.
If global tech companies can use their agility and innovation to counter aggression and authoritarianism, their potential to be a power for global good is unparalleled. And as they diversify their infrastructure, products and services, their role and influence in determining the future of the free, global and interoperable internet will only increase. In the case of Ukraine, this has proven to be an enormous advantage, but if tech companies aren’t supported to become responsible and accountable actors on the world stage there are significant risks to the international order.
The problem is that tech companies only intervene on an ad hoc basis, sometimes dependent on one person’s decision, and without clear strategic planning or the capacity or structures to fully anticipate the unintentional negative side effects of their actions. Trying to juggle interpreting complex public international law in the midst of crises with their own values and service commitments can lead to missteps – missteps that have previously led to accusations ranging from the distortion of the democratic process to, in the case of the Rohingya in Myanmar, the incitement of genocide.
Enabling global tech companies to act more strategically to address their wider geopolitical responsibilities – both in peace and war – will help limit these missteps and cement global partnerships to safeguard the future of the internet.
A Way Forward
In this paper we set out the areas of the internet ecosystem in which tech companies of all sizes have intervened during the Ukraine crisis. From guaranteeing internet communication and boosting cyber-defences to providing alternatives to information blocks and enforcing sanctions, these companies have been pivotal in tipping the balance of power in the conflict.
As well as a confirmation of the power of technology as a force for good, there are also signs of concern, pointing to the need for new mechanisms and frameworks to ensure that this power is wielded carefully and proportionately. There is a unique opportunity for states and global tech companies to work together to secure internet freedoms and unite the advanced technological infrastructure to counter threats to global stability.
In order to take advantage of their unique strategic position and to ensure that they operate consistently in a responsible and accountable manner, we recommend that states and global tech companies take the following actions:
Recommendations for States
The signatories to the recent Declaration for the Future of the Internet should formalise their agreement and establish a new Digital Infrastructure and Defence Alliance (DIDA) to actively counteract the threats to global stability and peace from the abuse and misuse of technology and the global internet. This alliance would:
guarantee the security of the internet infrastructure for partner states.
act as a touchpoint with global tech companies to ensure alignment in principle and practice on protecting the open internet model.
enable alignment on regulatory issues to facilitate a thriving internet economy and prevent digital borders.
coordinate investment in internet infrastructure to close the digital divide and ensure internet access.
Recommendations for Tech Companies
Tech companies should:
establish a self-regulatory geo-technology board to coordinate policies to avoid contradictory approaches and ensure that all companies act in accordance with international norms and legal frameworks.
develop robust and transparent geopolitical policy strategies to minimise policymaking under pressure and ensure coherent and consistent approaches to navigating geopolitical crises.
The war in Ukraine is a pivotal moment in the history of tech geopolitics. It is the responsibility of companies, states and international institutions to collaborate to form a new vision and partnership for how to counteract the threats to global stability from misuse and abuse of technology and the internet.
Chapter 2
Even before the first shot was fired by Russia, governments and tech companies were working to shore up Ukraine’s cyber-defences. As Ukraine had been subjected to multiple large-scale Russian cyber-attacks, including the 2015 and 2016 attacks on Kyiv’s energy grid, both Ukraine and its allies were acutely aware of Russia’s potential to interrupt and isolate Ukraine’s communications systems as the tanks rolled in. State-sponsored joint cyber-defence exercises were run as Russian troops were amassing on the border, including the USAID-Ukraine National Cybersecurity Coordination Centre Grid NetWars 2021 simulation, protecting critical infrastructure from cyber-attacks. And as Ukraine sought the support of NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) from January, Estonia was facilitating cyber-exchanges between both countries in response to the growing tension.
Although US Cyber Command chief General Paul Nakasone confirmed that the US had been providing ongoing remote cyber-support since the eve of the war, it was Microsoft’s Threat Intelligence Center that discovered and provided solutions to neutralise a new round of destructive malware aimed at attacking Ukraine’s digital infrastructure. Indeed, in many instances it has been tech companies rather than governments that have taken the lead in defending all layers of the internet, trying to both preserve its continuity and limit its weaponisation.
Tech companies have worked at all levels of the internet ecosystem to ensure that:
internet infrastructure is operational.
internet infrastructure is secure.
internet services are accessible.
information is available and not weaponised.
The internet-tech-company interface
Source: TBI
Tech companies have already been playing a vital role in disrupting Russia’s information-warfare strategies, helping to level the disparity of power.
Chapter 3
The internet’s “backbone” – the wires, pipes and servers that keep it operational – is notoriously fragile. When the subsea cable providing internet to the island nation of Tonga was severed in a volcanic eruption in 2021, it took nearly five weeks for full service to be restored. Since 2014, the internet in eastern Ukraine, particularly the Donbas region, had become increasingly reliant on Russian cables following slow Russian encroachment on the routing of data, accompanied by the cyber-attack on the Viasat KA-SAT network in the first days of the conflict that affected residential modems in Ukraine. Further, in light of outages caused by severed fibre cables and the persistent threat that Russia could cut subsea cables, ensuring the internet infrastructure was intact and operational became critical in the early days of the conflict.
Several companies were vital in helping to provide these services. Elon Musk responded in just two days to Ukraine’s Vice President and Minister of Digital Information Mykhailo Fedorov’s request to provide connection to Space X’s satellite network, ultimately supplying 5,000 terminals and associated internet services in partnership with USAID to ensure "unlimited, unthrottled data connectivity" (3,667 terminals were donated by Space X and a further 1,333 sponsored by USAID). Microsoft has provided licences and services to organisations in Ukraine to move critical software services from on-site premises to the cloud to ensure continuity of service.
There have been strong calls from Ukraine to cut Russia off from the global internet, but these have been rejected by many companies who believe that this would isolate the Russian people. However, several companies, led by Cogent Communications and Lumen, have decided to stop providing their internet backbone service to Russia. Russia’s main telecom operators, including the state operator Rostelecom, Transtelecom (TTK) – the second-largest fibre backbone operator – and mobile operator VEON, have had to seek alternative transit for their internet traffic. While this has not cut off the Russian people from the internet, it has led to congestion and increased traffic, impacting internet operations as far as Tajikistan, Kazakhstan and Uzbekistan and, in the longer term, potentially Iran, Azerbaijan, Belarus and the contested area of Crimea.
Chapter 4
Since Microsoft’s discovery of the FoxBlade malware on the eve of the invasion, tech companies have been on the frontline protecting the internet from increased daily phishing, distributed denial of service (DDoS) and cyber-attacks on key institutions and organisations. Overall, Microsoft has detected and helped neutralise more than 237 operations against Ukraine from at least six separate Russia-aligned nation-state actors. As the 300,000 IT volunteers crowdsourced by Mykhailo Fedorov try to defend Ukraine interests and disrupt Russia’s internet, increased cyber-activity leaves critical areas of vulnerability that tech companies are left to plug.
Microsoft continues to work actively with the Ukraine government to identify and patch vulnerabilities on their systems as well as extending protections to organisations in Ukraine – helping to deflect attacks on more than 20 Ukrainian government, IT, financial-sector and civilian organisations. In response to its Threat Analysis Group (TAG) tracking multiple Russian-state-backed attacks, Google has expanded access to its Project Shield to provide protection to more than 150 websites of news publications, human-rights groups and political organisations, as well as protecting against Belarusian- and Chinese-sponsored cyber-attacks. Amazon Web Services (AWS) also responded to the increase in malicious activity by working closely with Ukrainian partners to keep their systems secure and help migrate their on-premises infrastructure to AWS to protect it from physical or virtual attack.
Smaller companies such as Cloudflare have also provided crucial support: having detected DDoS attacks on the system and re-routed traffic around data centres even prior to the invasion, they have extended protections free-of-charge to Ukraine’s government and telecoms operators. Cloudflare has also expanded its Project Galileo, providing free cyber-security protections to vulnerable organisations, and has moved quickly to secure customer data from power loss or loss of internet connectivity by moving secure encryption keys to a data centre away from any risk of being compromised.
Striking the balance between keeping Ukraine’s infrastructure secure and keeping Russian civilians online has created challenges for these companies. While companies like AWS have had a long-standing policy of not doing business with the Russian government and has no physical infrastructure in Russia, other companies have been working to comply with sanctions while resisting Ukrainian pressure to sever ties completely with Russia. Microsoft continues to provide services to non-sanctioned clients such as schools and hospitals on the basis that "depriving these institutions of software updates and services could put at risk the health and safety of innocent civilians including children and the elderly". In some cases it might not always be clear which services companies continue to provide and on what basis that could undermine their actions, such as recent suggestions that Google is still providing paid email services to RT (formerly Russia Today) and that some cloud providers are continuing services. Meeting the challenge of a nuanced response that fulfils global obligations and responsibilities but withstands peer pressure that can lead to rash actions, and acting consistently in line with companies’ values and vision, requires a sophisticated understanding of the wider impacts of the smallest actions in the internet ecosystem.
Chapter 5
A very small set of companies controls the information we can see and how content is routed across the internet. Content-distribution networks (CDNs) cache internet content on servers across the world to provide that content more efficiently. Even companies with a very small market share can have a large impact on access to the internet. For example, Fastly, which has only 5 per cent market share, had an outage in June 2021 which in turn affected access to Amazon, Reddit, Hulu, CNN, Vimeo and UK-government sites. Cloudflare – with 80 per cent of market share – is in a key position to keep the internet accessible. Fastly, alongside a number of other web companies, has ceased working with Russian-based companies altogether. However, other CDNs have stopped paid services to comply with international sanctions but have been very vocal about continuing their free services. Companies like Cloudflare that have been threatened with Russian shutdowns have taken the position that Russia would celebrate their closure if they were to exit; while they have suspended their paid services, they have opted to remain in place to provide open, private and secure internet services to the Russian people to counter Russia’s attempts to raise a digital iron curtain.
For several years, Russia been on a path to separate from the rest of the internet – actively testing such a move in 2019. Were this to happen, it would not only prevent access to the global open internet for Russian people but could also give Russia more flexibility and leverage to attack the infrastructure of the global internet. As Russian controls tighten under the banner of increasing security and preventing Russia being cut off from the internet, virtual-private-network (VPN) providers have stepped in, mostly providing VPN services for free as they are unable to receive payments from Russians due to sanctions on global payment systems. VPN use in Russia reached a peak demand of 2,692 per cent above average on 14 March as access to the open internet became constricted. Canada’s Windscribe publicly committed to providing an extra 30GB of data free to both sides of the conflict, ensuring that Russians have access to the open internet. ProtonVPN is currently waiving all fees from Russian customers on the basis that there is a “strong moral obligation” to be there and ensure the Russian people have freedom of access to the internet.
Affordable hardware has been one of the driving factors in the spread of the internet, with powerful, cost-effective chips enabling the proliferation of smartphones and other devices which need to tap into its power. Sales of semiconductors, computers, phones and server hardware have been significantly restricted by sanctions, with most providers (including Apple, Samsung, Lenovo, HP, AMD, Dell and Intel) stopping sales to Russia. While this has so far had a limited impact, the potential long-term consequence could be limitations on who has access to the internet in Russia, leading to a new form of digital divide.
Timeline of internet company actions in Russia and Ukraine
Source: TBI
Chapter 6
Today’s internet user requires the web’s many platforms to access information. Google, social media and the Android and Apple App Stores control the user interfaces of the internet and have been the subject of most of the political discourse around the open internet and the geopolitical influence of tech companies. Their status as geopolitical actors is not only related to the influence of the information that they can facilitate, but also to the fact that they have huge financial resources.
Internet companies’ market capitalisation
Source: TBI
Internet platforms, in particular Meta, Twitter and Google, have been trying to forge a new role to address the dissemination of information that could lead to incitement of violence. Following recent investigations into the role of social media in the storming of the US Capitol in January 2021 and Russia’s policy of weaponising information to meet its strategic aims, internet platforms have had to find a new paradigm for balancing the provision of legitimate information without becoming tools for disinformation or misinformation and without endangering civilians or facilitating the progress of the war, while complying with sanctions regulations.
From the moment an invasion of Ukraine became increasingly likely, platforms were alert to the need for vigilance and rapid action to avoid being complicit in the spread of disinformation. In what has become dubbed the “First TikTok War”, with information being shared in real time, Meta established a special operations centre of experts including Russian and Ukrainian speakers to constantly monitor the platform. Twitter also responded quickly, taking steps to prevent the sharing and amplification of misinformation. As Russian state-owned media companies emerged as driving forces in pushing false content about the invasion, multiple platforms including Meta, Reddit, TikTok, Alphabet (the parent company of Google and YouTube), Microsoft, Spotify and Telegram restricted access to RT and Sputnik news in Europe and in some case globally, and their apps were banned from app stores. Adobe prevented Russian-government-controlled media organisations from accessing its creative and document cloud services to avoid being complicit in the creation of harmful information. Google, YouTube, Twitter and Meta have restricted Russian state-based entities from being able to monetise ads on their platforms and companies including Snapchat and the Japanese-based company Viber have implemented wider bans on displaying ads across their apps. Search engines including DuckDuckGo, Google and Bing have downranked links associated with Russian disinformation.
In the early stages of the war, several platforms were directly blocked by Russia for their efforts to restrict content and for flagging posts from Russian state media. As Facebook, Twitter and TikTok took steps to flag tweets or posts sharing links to Russian or Belarusian state-affiliated media websites, they found themselves blocked by the Russian government amid accusations of "violating the rights and freedoms of Russian citizens". Meta has worked to block accounts being used in misinformation campaigns, including images of Ukrainian soldiers surrendering, and both Meta and Twitter reacted rapidly to remove a deepfake video of President Zelensky surrendering. Amazon’s Twitch, a platform popular with video gamers, committed to blocking users "whose online presence is dedicated to pushing widely debunked misinformation with clear risks of real-world harm, such as conspiracies that promote violence”. Even some Chinese platforms such as Douyin, Weibo, WeChat and Bilibili have undertaken a process of blocking accounts spreading misinformation, warmongering, vulgar jokes and content that could end up endangering Chinese students in Ukraine.
After the implementation on 4 March of Russia’s new media law punishing “fake news”, most media companies and platforms were forced to exit Russia entirely. At the same time, many companies have sought alternative ways of providing legitimate information to the Russian people. Twitter launched a parallel site on the dark web as well as shadow-banning Russian-government accounts, and media outlets have maintained a presence on Telegram which has been particularly successful at maintaining and growing its presence in both Ukraine and Russia, being consistently relied on for essential communication by both the government and people. And numerous telecom networks, including Microsoft’s Skype, extended free communication in and out of Ukraine. The cumulative effect of these actions has been significant in disrupting and denying Russia’s strategic overt and covert information operations both domestically and abroad, altering the balance of power in the information domain.
Chapter 7
While tech companies have sought to act with the best intentions as gatekeepers of legitimate information and internet services, they have found themselves challenged to balance their responsibilities with the potential negative implications of their actions. At the outset of the war, Google Maps was used to detect early Russian troop movements at the border, providing advantages for Ukraine’s operations. However, traffic updates and “busyness” features had to be turned off to prevent exposing Ukraine’s troop movements or movements of concentrated groups of civilians that could make them vulnerable. Social-media platforms are also facing a dilemma in enforcing their terms of service that prevent the posting of illegal and harmful content in the form of images of violence, in as much as this could eradicate crucial evidence of war crimes needed for future criminal tribunals.
Meta had to face the inconsistencies within their own content-moderation policies when evidence emerged that they had provided a temporary change to their hate-speech policies to allow calls for violence against Russians and Russian soldiers including Russian President Vladimir Putin and Belarusian President Alexander Lukashenko. They then had to revise, limit and reverse decisions in the face of accusations from Russia that they were fuelling hate against Russian people. Subsequently, in order to try to find greater clarity for its decision-making, Twitter turned to international humanitarian law to validate their decision to ban tweets that show images of prisoners of war. And the provision of Clearview AI as a means to identifying dead soldiers, even though supplied free of charge to Ukraine with supposed good intent, has highlighted the potential dangers of rolling out controversial technologies that can be subject to misuse without clear policy guidelines.
This points to the challenges and dangers of trying to formulate sensitive policies under pressure and the urgent need for tech companies to be able to assess the impact of their individual and cumulative actions in a crisis or in post-crisis stabilisation and reconstruction. At the same time, governments and the international community need to rethink their interactions with big-tech companies to ensure that they are providing sufficient support for these companies to balance their actions with the core principles and norms of the liberal and democratic world order.
Chapter 8
While it is hard power that will determine the outcome of the conflict, the Ukraine war has demonstrated the extraordinary potential of tech companies to impact a political crisis. This will increase as these companies increasingly consolidate power as they diversify their offering and scope across the different levels of the internet stack.
Figure 4 – Diversification and consolidation of tech companies through internet stack
Diversification and consolidation of tech companies through internet stack
Source: TBI
Top undersea-cable owners
Note: Indicates cables in which listed owners have an ownership stake (does not imply sole ownership).
With tech companies now involved at every level of the internet, from its core infrastructure to the availability and security of the information it carries, they are set to wield greater power in setting the agenda for the internet in both war and peace.
Since Microsoft’s call in 2017 for a Digital Geneva Convention to protect civilians in cyberspace, tech companies have been at the forefront of trying to create new norms to protect online technologies, their infrastructure and users. In 2018, 34 companies – including Meta (Facebook and Instagram), Oracle, LinkedIn, Cloudflare and Fastly – followed Microsoft’s lead and signed the Cybersecurity Tech Accord to advance global online security and resilience. This group, now numbering 150 tech companies, has been a leading force in efforts to influence multilateral efforts to reach an agreement on measures to increase international cyber peace and security, while advocating for the need for greater participation of the diverse actors who implement cyber-norms and international law into the decision-making process. And as the need for more alignment and coherence grows, more than 700 private companies, including hundreds of tech companies, have joined 81 governments and hundreds of civil-society organisations in driving forward the Paris Call for Trust and Security in Cyberspace – a process that the US and EU only joined in November 2021 – promoting greater multi-stakeholder engagement at the UN.
In the wake of their impact on the Ukraine war, tech companies will be able to leverage their influence over the development processes of future norms, demonstrating beyond doubt that their voices on geopolitical issues can no longer be ignored.
Chapter 9
Just as governments have intervened in the Ukraine crisis by imposing sanctions and providing weaponry, global tech companies have taken action to withdraw from Russia and ensure the security and integrity of the internet. Through disrupting and denying the influence of Russia’s tried-and-tested information operations – from cutting communications infrastructure to preventing strategic deception, psychological operations and information operations – tech companies have meaningfully altered one arm of Russia’s offensive capability.
While the exact measure of the extent to which these actions have impacted the course of the conflict can only be revealed in time, it is clear that tech companies have the influence to disrupt the balance of power in any geopolitical crisis. The crisis has also shown the challenges and dangers inherent in trying to formulate policy while in the fog of war, and the need for governments, international institutions and the companies themselves to rethink how they prepare and cooperate in order to be able to act consistently and coherently to protect the internet during geopolitical crises.
There are several practical steps that can be taken to enable tech companies and states to become more responsible geopolitical actors:
What States Can Do
Establish a Digital Infrastructure Defence Alliance (DIDA): The Ukraine crisis has highlighted both the fragility of the philosophical and structural core of the internet, and the urgent need for cooperative action to prevent its erosion. In response, the recent US-led Declaration for the Future of the Internet brought together 60 global partners to reaffirm their commitments to preserve an “open, free, global, interoperable, secure and reliable” internet. The DIDA would be the practical mechanism by which states could implement this vision to coordinate across the breadth of internet security and regulatory and infrastructure issues. This would include guaranteeing the security of the internet infrastructure for partner states, enabling alignment on regulatory policy to prevent digital borders, investing in infrastructure to close the digital divide, and to be a touchpoint to work together with tech companies to achieve these aims and to protect all the layers of the internet ecosystem from geopolitical tensions.
Build a tech-forward foreign-policy capacity: States need to be able to successfully coordinate with all key stakeholders as they work to ensure the free, open and interoperable internet. This requires a fresh approach to integrating economic security, national security and tech. The new US Bureau of Cyberspace and Digital Policy with its Ambassador for Emerging Critical Technologies has been established to create new partnership opportunities with states and companies on global tech issues. While there is a range of models states could choose from, those countries that have the capacity to successfully interact with all players in the internet ecosystem will be able to have greater influence in shaping solutions to future geopolitical crises and challenges.
What Tech Companies Can Do
Formulate a robust and transparent geopolitical policy: Many companies validated their actions in the Ukraine crisis on the basis of moral obligations, however this may not always be a clear benchmark for a company to know when and how it should act within a crisis. To avoid rushed policymaking that may cause more harm than good, tech companies need to formulate a clear geopolitical policy and guidance for their decision-making process during geopolitical crises. This includes either building in-house capacity or engaging external experts on geopolitical conflict and security, international law and human rights.
Create an internal geopolitical crisis board: Following the example of Meta, which created a special operations centre for the Ukraine crisis, tech companies should have a geopolitical crisis board as an integral part of their geopolitical strategy. This should be composed of key decision-makers and experts to ensure the smooth implementation of its geopolitical policy and rapid realignment in response to shifting dynamics.
Build representation in key centres of geopolitical decision-making: In 2020, Microsoft opened an office opposite the UN in New York "to advance global multi-stakeholder action on key technology, environmental, humanitarian, development and security goals". Global tech companies should build capacity close to international decision-making and “norm-development” institutions to be able to participate and partner in multi-stakeholder processes for the preservation of a free, secure and interoperable internet.
Establish and join a self-regulatory geotechnology board: Tech companies should establish and join an independent, self-regulatory body that includes companies from all levels of the internet ecosystem for more unified and aligned engagement on key geopolitical issues. By pooling resources, companies can coordinate policies and reduce liabilities that could emerge from contrasting and contradictory policy implementation.
The war in Ukraine has challenged many assumptions about the stability of the geopolitical order. It has also accelerated our understanding of the crucial role of the internet and those influencing the internet ecosystem – in particular global tech companies – in disrupting the balance of power. As global tech companies learn to navigate the implications of their involvement in geopolitical crises, it is imperative that we create the structures and opportunities for that power to be used responsibly to counteract misuse and abuse of technology, including the internet, and to become partners in ensuring global stability.
Lead Image: Getty Images