Yesterday (the day the Russian invasion officially started), the Ukrainian government asked the United States government to take several retaliatory measures against the Russian government due to the invasion of its neighboring country, including cutting off software updates that arrive from companies and manufacturers in the United States.

We have already been seeing since January how the war it is gestated in several areas and not only in that of weapons and violence. We have reported on computer attacks in Ukraine or how the economic blockade is also a weapon of war. Even the European Union yesterday announced sending cyber operations experts to Ukraine to help fight Russia’s digital invasion.

Yesterday Thursday, in a list of “suggested actions” (it was a document that was first leaked from Reuters and then shared in many media, although neither the authorities in Kiev nor those in Washington have confirmed that this list is true) sent to the administration of President Joe Biden, the government of Volodymyr Zelenskyy called for “the prohibition of the supply of any merchandise, including hardware and software“.

also requested “the ban on US companies supplying and updating software for the benefit of Russian consumers”. However, it is not so clear that this action can be really effective.

What could stopping security updates do?





As users we are well aware of the need to update software versions to keep our data safe. For example, Windows, one of the most used operating systems, often reminds us of this, especially when it releases new versions and warns that the old ones they will no longer have protection and support.

Well, in the case of a government, it should be even more important to keep the software up to date. Because much more sensitive information is handled. And more in times of war and conflicts. If Russia were prevented from updating the software, this would, in theory, systems without security patches were easier to hack.

Now, it is not so clear that the consequences are going to be those. Dmitri Alperovitch, a cybersecurity expert and president of the Silverado Policy Accelerator, told Vice’s Motherboard that such a ban “is only going to drive the government further into the [software] open source”. And it is that Russia has been working to move towards using more open source software since 2010and the Moscow government promised to remove Microsoft services in 2016 (as published by the Free Software Foundation Europe), a promise that it continued to make over time, thus imitating China.

If we go further, at the end of 2019 it was made public that Putin, President of Russia, was still using Windows XP with the risks that this entails, as it is a very old version of the Microsoft operating system that stopped receiving support in the spring of 2019 According to the independent Russian website Open Media, quoted by The Guardian, Russian President Vladimir Putin was still using Windows XP as the main operating system both on the computer in his Kremlin office and in his official residence in Novo-Ogaryovo.

In addition, the country has long wanted to put a stop to software that comes from other countries. In 2019, the Duma, the main legislative chamber of the Russian Federation, approved a bill to impose, as of July 2020, the pre-installation of software developed in Russia on all those devices that intend to market themselves in the country, from PCs to smartphones, through tablets and smart TVs.

On the other hand, Joe Slowik, head of threat intelligence and detections at cybersecurity firm Gigamon, told Motherboard that it would be possible to apply the banbut it could affect the operations of American companies in Russia, such as Microsoft, which has an office in Moscow.

Who does believe that it could be useful is another of the experts consulted by Vice: Lukasz Olejnik, an independent cybersecurity researcher and consultant, said that cutting software updates is “a fairly novel idea, with possible long-term consequences.” And that shows in how”Russia has long been developing its cyber-sovereignty with this risk in mind. concrete”, as we have been reviewing.

According to the expert, “it would leave many consumer devices open to cyberattacks, because, of course, blocking updates would also block patches of security”.