Thursday

28th Mar 2024

Opinion

The unheralded success story of Ukraine's cyber-defences

  • The key Wales Nato summit in 2014 - where Ukraine president Petro Poroshenko, and the then leaders of the US, France, Italy, Germany and UK, gave Ukraine funding for cyber-defences (Photo: Wikimedia)
Listen to article

A few days before Russia's invasion, public authorities in Ukraine facilitated the migration of national data to the public cloud from servers operating entirely within the country.

Carried out with the help of a few technological giant, this move has proven to be significant. It enabled the protection of critical data and has since played a considerable role in provision of services to the Ukrainian citizens, by allowing secure access to national databases.

Read and decide

Join EUobserver today

Get the EU news that really matters

Instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

  • A few days before Russia's invasion, public authorities in Ukraine facilitated the migration of national data to the public cloud from servers operating entirely within the country (Photo: FLY:D)

Viewed through a wider policy lens, this migration of data highlights a basic tenet about cyber resilience -while defences might be overcome, having a backup for critical data that is separate can offset the consequences of an attack.

For Ukraine, cyber resilience is a priority. It has been a victim of Russian cyber-attacks for some time now with energy grids and election infrastructure being frequent targets. Since the invasion, Russian actors — both with suspected links and known links to the government — have maintained a high operational pace of cyber-attacks.

Electrical substations, public administration, media entities, satellite internet terminals have been targeted with destructive malware. Despite this, there has been a general underemphasis on cyber operations during the war, as detailed in Globsec's latest report The War on Ukraine: A Look at (Underemphasised) Russian Cyber Operations.

One plausible explanation for why Russia's malicious cyberspace activity since the war has been underemphasised could be because its effects have been largely muted — owing to Ukraine's bolstered cyber-defences. Ukraine's own efforts towards building its cyber-defences and the collective contributions of the European Union, US, and Nato are yielding results.

These efforts — both predating the invasion and since the invasion — have been crucial in limiting the effects of Russian cyber operations during conflict. Furthermore, this early success of a transatlantic effort to pushback against Russia is indicative of the level of cooperation forged between Ukraine and the EU, US, and Nato countries on cyber resilience.

The contribution of the private sector — where a huge chunk of the capability and technical superiority lies — has also been critical in supporting not only the government (as seen in the migration of data) but also Ukrainian citizens (providing free security services, for example).

The transatlantic response to Russia's aggression in cyberspace has been swift, mirroring their efforts to support Ukraine in all other domains including humanitarian aid, physical resources, and financial resources. That support has entailed deploying experts to boost Ukrainian cyber-defence, donating telecommunications equipment, and facilitating Ukraine's admission in key European institutions as well as Nato centres to bolster their access to critical information.

Here, two aspects are pivotal — firstly, the support offered is wide-ranging and across categories. This includes physical resources, financial aid, operational cooperation, public advocacy via diplomatic efforts including political and technical attributions of cyber-attacks, and support in the domains of policy and institutions.

Secondly, many key programs that facilitated foundational developments towards Ukraine's cyber resilience predate the war. A noteworthy example is the $38m [€35.6m] cybersecurity reform programme under USAID, launched in 2020, to strengthen Ukraine's cybersecurity legal and regulatory environment and build its cyber workforce.

Initiatives of the European Union — like the EU4Digital Cybersecurity East Project launched in 2019 — have sought to significantly bolstered the operational capacities for cybersecurity incidents management in Ukraine.

Seven years ago in Wales

Furthermore, at the Nato's summit 2014 in Wales, five trust funds were created with streamlined focus intended to help Ukraine modernise its defence capabilities including on cyber-defence. The Nato Trust Fund on Cyber Defence was established and declared operational in 2014 — with the specific target of developing its defensive capabilities in cyberspace.

The first phase of the project under the fund was successfully completed with Romania as lead — with a focus on protecting Critical Information Infrastructure (CIIs) as a priority.

With concrete steps of Western unanimity against Russia comes the very real threat of escalation in cyberspace as the war continues with no signs of abating.

As the war progresses, specific elements of critical infrastructure in the energy and financial sectors are particularly vulnerable targets for Russia's cyber operations — there is already increasing evidence of broad-based targeting of energy facilities against Western countries.

This also extends to space and communication infrastructure.

In addition to these threats, the risk of spill-off effects to European and North American networks is high. 2017's NotPetya ransomware, attributed to Sandworm (a group affiliated to Russia's GRU) is a stark reminder of the level of economic damage that spill-off effects can cause. In the coming months, therefore, transatlantic allies must also jointly identify the areas in which actionable progress can be made to protect their own networks.

This piece is based on GLOBSEC's latest briefing, The War on Ukraine: A Look at (Underemphasised) Russian Cyber Operations, published as part of the GLOBSEC Future of Cyberspace Initiative: Transatlantic Chapter.

Author bio

Michael Chertoff is former secretary of the US Department of Homeland Security. Anushka Kaushik is a cyber-security expert at the GLOBSEC think-tank in Bratislava.

Disclaimer

The views expressed in this opinion piece are the author's, not those of EUobserver.

How to enhance EU cybersecurity

The Hungarian hacking allowed Russian intelligence to read 'over the shoulder' of an EU member state for an extended period of time. The difficulty for the EU is that it's not one nation, but a combination of 27 cybersecurity policies.

Ukraine — what's been destroyed so far, and who pays?

More than 50 percent of Ukraine's energy infrastructure, large parts of its transport network and industrial capacity, around 150,000 residential buildings damaged or destroyed. The bill is between €378bn to €919bn.

Squeezed between China and Russia, Mongolia backs Ukraine

Due to its geography, squeezed between China and Russia, the government of Mongolia is forced to perform a balancing act. However, public opinion in Mongolia resolutely condemns the brutal attack against this sovereign nation.

EU Modernisation Fund: an open door for fossil gas in Romania

Among the largest sources of financing for energy transition of central and eastern European countries, the €60bn Modernisation Fund remains far from the public eye. And perhaps that's one reason it is often used for financing fossil gas projects.

Why UK-EU defence and security deal may be difficult

Rather than assuming a pro-European Labour government in London will automatically open doors in Brussels, the Labour party needs to consider what it may be able to offer to incentivise EU leaders to factor the UK into their defence thinking.

Column

EU's Gaza policy: boon for dictators, bad for democrats

While they woo dictators and autocrats, EU policymakers are becoming ever more estranged from the world's democrats. The real tragedy is the erosion of one of Europe's key assets: its huge reserves of soft power, writes Shada Islam.

Latest News

  1. German bank freezes account of Jewish peace group
  2. EU Modernisation Fund: an open door for fossil gas in Romania
  3. 'Swiftly dial back' interest rates, ECB told
  4. Moscow's terror attack, security and Gaza
  5. Why UK-EU defence and security deal may be difficult
  6. EU unveils plan to create a European cross-border degree
  7. How migrants risk becoming drug addicts along Balkan route
  8. 2024: A Space Odyssey — why the galaxy needs regulating

Stakeholders' Highlights

  1. Nordic Council of MinistersJoin the Nordic Food Systems Takeover at COP28
  2. Nordic Council of MinistersHow women and men are affected differently by climate policy
  3. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  4. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  5. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  6. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?

Stakeholders' Highlights

  1. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  2. UNOPSFostering health system resilience in fragile and conflict-affected countries
  3. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  4. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  5. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  6. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA

Join EUobserver

EU news that matters

Join us