Thursday

30th Mar 2023

Opinion

The unheralded success story of Ukraine's cyber-defences

  • The key Wales Nato summit in 2014 - where Ukraine president Petro Poroshenko, and the then leaders of the US, France, Italy, Germany and UK, gave Ukraine funding for cyber-defences (Photo: Wikimedia)
Listen to article

A few days before Russia's invasion, public authorities in Ukraine facilitated the migration of national data to the public cloud from servers operating entirely within the country.

Carried out with the help of a few technological giant, this move has proven to be significant. It enabled the protection of critical data and has since played a considerable role in provision of services to the Ukrainian citizens, by allowing secure access to national databases.

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • A few days before Russia's invasion, public authorities in Ukraine facilitated the migration of national data to the public cloud from servers operating entirely within the country (Photo: FLY:D)

Viewed through a wider policy lens, this migration of data highlights a basic tenet about cyber resilience -while defences might be overcome, having a backup for critical data that is separate can offset the consequences of an attack.

For Ukraine, cyber resilience is a priority. It has been a victim of Russian cyber-attacks for some time now with energy grids and election infrastructure being frequent targets. Since the invasion, Russian actors — both with suspected links and known links to the government — have maintained a high operational pace of cyber-attacks.

Electrical substations, public administration, media entities, satellite internet terminals have been targeted with destructive malware. Despite this, there has been a general underemphasis on cyber operations during the war, as detailed in Globsec's latest report The War on Ukraine: A Look at (Underemphasised) Russian Cyber Operations.

One plausible explanation for why Russia's malicious cyberspace activity since the war has been underemphasised could be because its effects have been largely muted — owing to Ukraine's bolstered cyber-defences. Ukraine's own efforts towards building its cyber-defences and the collective contributions of the European Union, US, and Nato are yielding results.

These efforts — both predating the invasion and since the invasion — have been crucial in limiting the effects of Russian cyber operations during conflict. Furthermore, this early success of a transatlantic effort to pushback against Russia is indicative of the level of cooperation forged between Ukraine and the EU, US, and Nato countries on cyber resilience.

The contribution of the private sector — where a huge chunk of the capability and technical superiority lies — has also been critical in supporting not only the government (as seen in the migration of data) but also Ukrainian citizens (providing free security services, for example).

The transatlantic response to Russia's aggression in cyberspace has been swift, mirroring their efforts to support Ukraine in all other domains including humanitarian aid, physical resources, and financial resources. That support has entailed deploying experts to boost Ukrainian cyber-defence, donating telecommunications equipment, and facilitating Ukraine's admission in key European institutions as well as Nato centres to bolster their access to critical information.

Here, two aspects are pivotal — firstly, the support offered is wide-ranging and across categories. This includes physical resources, financial aid, operational cooperation, public advocacy via diplomatic efforts including political and technical attributions of cyber-attacks, and support in the domains of policy and institutions.

Secondly, many key programs that facilitated foundational developments towards Ukraine's cyber resilience predate the war. A noteworthy example is the $38m [€35.6m] cybersecurity reform programme under USAID, launched in 2020, to strengthen Ukraine's cybersecurity legal and regulatory environment and build its cyber workforce.

Initiatives of the European Union — like the EU4Digital Cybersecurity East Project launched in 2019 — have sought to significantly bolstered the operational capacities for cybersecurity incidents management in Ukraine.

Seven years ago in Wales

Furthermore, at the Nato's summit 2014 in Wales, five trust funds were created with streamlined focus intended to help Ukraine modernise its defence capabilities including on cyber-defence. The Nato Trust Fund on Cyber Defence was established and declared operational in 2014 — with the specific target of developing its defensive capabilities in cyberspace.

The first phase of the project under the fund was successfully completed with Romania as lead — with a focus on protecting Critical Information Infrastructure (CIIs) as a priority.

With concrete steps of Western unanimity against Russia comes the very real threat of escalation in cyberspace as the war continues with no signs of abating.

As the war progresses, specific elements of critical infrastructure in the energy and financial sectors are particularly vulnerable targets for Russia's cyber operations — there is already increasing evidence of broad-based targeting of energy facilities against Western countries.

This also extends to space and communication infrastructure.

In addition to these threats, the risk of spill-off effects to European and North American networks is high. 2017's NotPetya ransomware, attributed to Sandworm (a group affiliated to Russia's GRU) is a stark reminder of the level of economic damage that spill-off effects can cause. In the coming months, therefore, transatlantic allies must also jointly identify the areas in which actionable progress can be made to protect their own networks.

This piece is based on GLOBSEC's latest briefing, The War on Ukraine: A Look at (Underemphasised) Russian Cyber Operations, published as part of the GLOBSEC Future of Cyberspace Initiative: Transatlantic Chapter.

Author bio

Michael Chertoff is former secretary of the US Department of Homeland Security. Anushka Kaushik is a cyber-security expert at the GLOBSEC think-tank in Bratislava.

Disclaimer

The views expressed in this opinion piece are the author's, not those of EUobserver.

How to enhance EU cybersecurity

The Hungarian hacking allowed Russian intelligence to read 'over the shoulder' of an EU member state for an extended period of time. The difficulty for the EU is that it's not one nation, but a combination of 27 cybersecurity policies.

Squeezed between China and Russia, Mongolia backs Ukraine

Due to its geography, squeezed between China and Russia, the government of Mongolia is forced to perform a balancing act. However, public opinion in Mongolia resolutely condemns the brutal attack against this sovereign nation.

The overlooked 'crimes against children' ICC arrest warrant

An unprecedented component of this announcement has received less attention: the ICC also issued an arrest warrant for Maria Alekseyevna Lvova-Belova, Putin's commissioner for children's rights. Lvova-Belova is accused of deporting and unlawful transfer of Ukrainian children to Russia.

Column

What does China really want? Perhaps we could try asking

Perhaps even more surprising to the West was the fact that the Iran-Saudi Arabia deal was not brokered by the United States, or the European Union, but by the People's Republic of China. Since when was China mediating peace agreements?

Column

What does China really want? Perhaps we could try asking

Perhaps even more surprising to the West was the fact that the Iran-Saudi Arabia deal was not brokered by the United States, or the European Union, but by the People's Republic of China. Since when was China mediating peace agreements?

Biden's 'democracy summit' poses questions for EU identity

From the perspective of international relations, the EU is a rare bird indeed. Theoretically speaking it cannot even exist. The charter of the United Nations, which underlies the current system of global governance, distinguishes between states and organisations of states.

Latest News

  1. The overlooked 'crimes against children' ICC arrest warrant
  2. EU approves 2035 phaseout of polluting cars and vans
  3. New measures to shield the EU against money laundering
  4. What does China really want? Perhaps we could try asking
  5. Dear EU, the science is clear: burning wood for energy is bad
  6. Biden's 'democracy summit' poses questions for EU identity
  7. Finnish elections and Hungary's Nato vote in focus This WEEK
  8. EU's new critical raw materials act could be a recipe for conflict

Stakeholders' Highlights

  1. InformaConnecting Expert Industry-Leaders, Top Suppliers, and Inquiring Buyers all in one space - visit Battery Show Europe.
  2. EFBWWEFBWW and FIEC do not agree to any exemptions to mandatory prior notifications in construction
  3. Nordic Council of MinistersNordic and Baltic ways to prevent gender-based violence
  4. Nordic Council of MinistersCSW67: Economic gender equality now! Nordic ways to close the pension gap
  5. Nordic Council of MinistersCSW67: Pushing back the push-back - Nordic solutions to online gender-based violence
  6. Nordic Council of MinistersCSW67: The Nordics are ready to push for gender equality

Stakeholders' Highlights

  1. Azerbaijan Embassy9th Southern Gas Corridor Advisory Council Ministerial Meeting and 1st Green Energy Advisory Council Ministerial Meeting
  2. EFBWWEU Social Dialogue review – publication of the European Commission package and joint statement of ETUFs
  3. Oxfam InternationalPan Africa Program Progress Report 2022 - Post Covid and Beyond
  4. WWFWWF Living Planet Report
  5. Europan Patent OfficeHydrogen patents for a clean energy future: A global trend analysis of innovation along hydrogen value chains

Join EUobserver

Support quality EU news

Join us