.
O

ne year on, Russia’s unprecedented war on Ukraine has featured several key cyber warfare lessons the rest of the world needs to take on. The war has been unprecedented because it is the first multi-dimensional war in which the kinetic aspect of war is so deeply intertwined with various forms of tech-enabled warfare including cyber, social media, disinformation, social engineering, robotics/drones, geospatial, satellite imagery, telecoms, and more. 

These multi-dimensional technologies are not only available to national militaries but also to other stakeholders through various open-source intelligence methodologies (what is widely called “OSINT”). Witness the work of investigative journalism collective, Bellingcat, who are deploying multiple technologies, social media and old-fashioned sleuthing to reconstruct Russian war crimes, among other things.

The details of the military cyber warfare aspect of this war are not clear especially to those outside the military and governmental establishment. Yet the Ukrainian example can teach us valuable lessons. With these lessons, we can be more prepared, more protective of our stakeholders and assets, and more resilient moving into the future regardless of the sector we are in–business, NGO, or government.

The unfolding Ukrainian cyber-war story is a story of preparedness and continuous improvement. Indeed, it’s a master class in value-added resilience building. 

Background to Cyber War: The Ukrainian Model

Ukraine has a history of being targeted by cyber-attacks, particularly from Russia, due to the almost decade-long conflict between the two countries. To defend against these attacks, Ukraine has developed a strong cyber-security culture and infrastructure in both the public and private sectors.

In the public sector, Ukraine has established a dedicated cyber-security agency, the State Service for Special Communications and Information Protection, which is responsible for protecting government networks and critical infrastructure. The agency works closely with other government bodies and international partners to share information and coordinate response efforts.

In the private sector, many Ukrainian companies have also invested in cyber-security, particularly in the IT, telecoms, and finance industries. These companies often have their own internal security teams and work with external security companies to protect their networks.

Additionally, Ukraine has a large pool of highly skilled and educated IT professionals. Thanks to this pool, Ukraine is one of the most sought-after countries for hiring remote skilled IT people, many of whom have experience working in cyber-security. This has helped to create a robust ecosystem of cyber-security expertise in the country.

Overall, Ukraine's investment in both public and private sector cyber-security, along with its large pool of IT professionals, has helped the country to be relatively successful in fending off cyberattacks. Yet it is important to remember that no country is completely immune to cyberattacks, and Ukraine continues to experience numerous, sometimes successful cyber-attacks.

Finally, and very importantly, the Ukrainian cyber-response to Russian aggression (together with the great example set for years by several of the Baltic nations) has had a critical influence on the U.S., EU nations, UK, and critical strategic alliances like NATO around the concept of cyber-readiness and resilience like nothing has before. 

Ukrainian Cyber-Preparedness 

In addition to its developed cyber talent and infrastructure ecosystem, Ukraine has employed various tactics to improve its cyber-security posture. One such tactic is the use of cloud technology. This allows for the decentralization and redundancy of data storage, making it more difficult for attackers to target and disrupt. Additionally, partnerships with Western companies and the use of satellite internet provided by companies like SpaceX's Starlink have provided a more resilient and diverse network infrastructure, which can help to mitigate the impact of a cyberattack.

Ukraine has also benefited from international support in the form of IT assistance and help in detecting Russian cyber threats. A recent £6 million package of support provided by the UK is an example. These types of partnerships can provide Ukraine with access to advanced technologies and expertise, which can help to improve its overall cyber-security capabilities.

It was also reported that AWS cyber security experts and IT professionals trained Ukrainians in cyber security and that they shared intelligence on cyber threats, such as malware from “state actors”—from Russia and elsewhere—that could affect AWS customers in Ukraine.

Ukrainian cyber security agency head Yurii Shchyhol states that in the month following Russia's invasion of Ukraine, his agency registered almost three times more cyberattacks on Ukrainian resources and infrastructure compared to the same period the previous year. Shchyhol emphasizes the importance of sufficient funding for cyber defense, both at the national level and at private companies managing critical infrastructure, as well as the need for cyber hygiene at all levels and extensive international cooperation. These are important factors in helping to protect Ukraine against cyberattacks, but as the article notes, the situation is constantly changing, and the country continues to face new and evolving threats.

Possible Cyber-Scenarios

No one knows how the cyber-war portion of the Russia-Ukraine war will continue to manifest itself. There could yet be large scale cyber-attacks not only against Ukrainian targets but possibly ones against EU and U.S. targets as well. 

The following are several possibilities: 

  • Bi-National Escalation: Cyber-attacks between the two countries could escalate, with both sides launching increasingly sophisticated and destructive attacks against each other's critical infrastructure and government networks.
  • National Cyber Sabotage: Russia could focus on sabotaging Ukraine's economy by targeting its financial institutions and industries such as energy and transportation.
  • International Intervention and/or Escalation: Members of the international community such as the EU or NATO could become more involved in the conflict, potentially providing aid and support to Ukraine in its cyber defense efforts, beyond whatever it may be doing today.
  • Stalemate: The situation could reach a stalemate, with both sides continuing to launch cyber-attacks against each other, but neither side gaining a significant advantage.

Out of these scenarios, the most likely outcome over the coming year is a continuation of the current situation, with both sides continuing to launch cyber-attacks against each other, but neither side gaining a significant advantage. However, it is important to note that the situation is constantly changing, making it nearly impossible to predict exactly what will happen.

Building a Cyber-Ready Future 

Ukraine has built its cyber resilience under fraught conditions. Thus it should not be that difficult for those of us living and working under less dire conditions to learn from their example to build better readiness, preparedness, and willpower to cyber-defend our people and assets.      

This means that leaders at the organizational level–companies, NGOs, universities–and      governmental levels should deploy the following actionable tactics:

  • Adequate Funding and Resources: Cyber defense should be adequately funded and resourced, both at the organizational level and at the national level.
  • Cyber Education and Hygiene: Organizations should maintain good cyber hygiene, including regular software updates, employee training, and incident response plans.
  • International Private/Public Cooperation: Organizations should establish partnerships and seek support from international entities, such as government agencies and other organizations, to share intelligence and best practices.
  • Redundancy and Backup: Organizations should have multiple layers of defense and have a disaster recovery plan in place to minimize downtime and data loss.
  • Continual Monitoring. Updating and Improvement: Organizations should be vigilant and monitor their systems and networks constantly to detect and respond to cyber threats.
  • Third-Party Security Vigilance: Organizations should also consider the security of their third-party vendors, partners, and contractors and have a plan in place to mitigate any potential risks associated with them.

Looking at the future, the good old days of “out of sight out of mind” no longer exist—if they ever did. Being reactive instead of proactive when a cyber-attack occurs or, what is worse, asleep at the cyber-switch or cyber-hibernating have never been options. There are only two options as the Ukrainian example has so dramatically taught us: vigilance and hypervigilance. Anything short is doomed to failure.

About
Tomer Saban
:
Tomer Saban is the CEO and co-founder of WireX Systems, before which he worked in the homeland security space, developing defense systems for intelligence agencies.
About
Andrea Bonime-Blanc
:
Dr. Andrea Bonime–Blanc is the Founder and CEO of GEC Risk Advisory, a board advisor and director, and author of multiple books.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.

a global affairs media network

www.diplomaticourier.com

Ukraine’s Cyber-Defenses a Model for Our Cyber Future

Photo by Erika on Unsplash

February 15, 2023

Ukraine hasn't just put up a robust physical defense in the face of Russia's invasion; it has also built a fabulously successful model of cyber-defense. This is a model the rest of the world can learn a lot from to best face future challenges, write Tomer Saban and Andrea Bonime-Blanc.

O

ne year on, Russia’s unprecedented war on Ukraine has featured several key cyber warfare lessons the rest of the world needs to take on. The war has been unprecedented because it is the first multi-dimensional war in which the kinetic aspect of war is so deeply intertwined with various forms of tech-enabled warfare including cyber, social media, disinformation, social engineering, robotics/drones, geospatial, satellite imagery, telecoms, and more. 

These multi-dimensional technologies are not only available to national militaries but also to other stakeholders through various open-source intelligence methodologies (what is widely called “OSINT”). Witness the work of investigative journalism collective, Bellingcat, who are deploying multiple technologies, social media and old-fashioned sleuthing to reconstruct Russian war crimes, among other things.

The details of the military cyber warfare aspect of this war are not clear especially to those outside the military and governmental establishment. Yet the Ukrainian example can teach us valuable lessons. With these lessons, we can be more prepared, more protective of our stakeholders and assets, and more resilient moving into the future regardless of the sector we are in–business, NGO, or government.

The unfolding Ukrainian cyber-war story is a story of preparedness and continuous improvement. Indeed, it’s a master class in value-added resilience building. 

Background to Cyber War: The Ukrainian Model

Ukraine has a history of being targeted by cyber-attacks, particularly from Russia, due to the almost decade-long conflict between the two countries. To defend against these attacks, Ukraine has developed a strong cyber-security culture and infrastructure in both the public and private sectors.

In the public sector, Ukraine has established a dedicated cyber-security agency, the State Service for Special Communications and Information Protection, which is responsible for protecting government networks and critical infrastructure. The agency works closely with other government bodies and international partners to share information and coordinate response efforts.

In the private sector, many Ukrainian companies have also invested in cyber-security, particularly in the IT, telecoms, and finance industries. These companies often have their own internal security teams and work with external security companies to protect their networks.

Additionally, Ukraine has a large pool of highly skilled and educated IT professionals. Thanks to this pool, Ukraine is one of the most sought-after countries for hiring remote skilled IT people, many of whom have experience working in cyber-security. This has helped to create a robust ecosystem of cyber-security expertise in the country.

Overall, Ukraine's investment in both public and private sector cyber-security, along with its large pool of IT professionals, has helped the country to be relatively successful in fending off cyberattacks. Yet it is important to remember that no country is completely immune to cyberattacks, and Ukraine continues to experience numerous, sometimes successful cyber-attacks.

Finally, and very importantly, the Ukrainian cyber-response to Russian aggression (together with the great example set for years by several of the Baltic nations) has had a critical influence on the U.S., EU nations, UK, and critical strategic alliances like NATO around the concept of cyber-readiness and resilience like nothing has before. 

Ukrainian Cyber-Preparedness 

In addition to its developed cyber talent and infrastructure ecosystem, Ukraine has employed various tactics to improve its cyber-security posture. One such tactic is the use of cloud technology. This allows for the decentralization and redundancy of data storage, making it more difficult for attackers to target and disrupt. Additionally, partnerships with Western companies and the use of satellite internet provided by companies like SpaceX's Starlink have provided a more resilient and diverse network infrastructure, which can help to mitigate the impact of a cyberattack.

Ukraine has also benefited from international support in the form of IT assistance and help in detecting Russian cyber threats. A recent £6 million package of support provided by the UK is an example. These types of partnerships can provide Ukraine with access to advanced technologies and expertise, which can help to improve its overall cyber-security capabilities.

It was also reported that AWS cyber security experts and IT professionals trained Ukrainians in cyber security and that they shared intelligence on cyber threats, such as malware from “state actors”—from Russia and elsewhere—that could affect AWS customers in Ukraine.

Ukrainian cyber security agency head Yurii Shchyhol states that in the month following Russia's invasion of Ukraine, his agency registered almost three times more cyberattacks on Ukrainian resources and infrastructure compared to the same period the previous year. Shchyhol emphasizes the importance of sufficient funding for cyber defense, both at the national level and at private companies managing critical infrastructure, as well as the need for cyber hygiene at all levels and extensive international cooperation. These are important factors in helping to protect Ukraine against cyberattacks, but as the article notes, the situation is constantly changing, and the country continues to face new and evolving threats.

Possible Cyber-Scenarios

No one knows how the cyber-war portion of the Russia-Ukraine war will continue to manifest itself. There could yet be large scale cyber-attacks not only against Ukrainian targets but possibly ones against EU and U.S. targets as well. 

The following are several possibilities: 

  • Bi-National Escalation: Cyber-attacks between the two countries could escalate, with both sides launching increasingly sophisticated and destructive attacks against each other's critical infrastructure and government networks.
  • National Cyber Sabotage: Russia could focus on sabotaging Ukraine's economy by targeting its financial institutions and industries such as energy and transportation.
  • International Intervention and/or Escalation: Members of the international community such as the EU or NATO could become more involved in the conflict, potentially providing aid and support to Ukraine in its cyber defense efforts, beyond whatever it may be doing today.
  • Stalemate: The situation could reach a stalemate, with both sides continuing to launch cyber-attacks against each other, but neither side gaining a significant advantage.

Out of these scenarios, the most likely outcome over the coming year is a continuation of the current situation, with both sides continuing to launch cyber-attacks against each other, but neither side gaining a significant advantage. However, it is important to note that the situation is constantly changing, making it nearly impossible to predict exactly what will happen.

Building a Cyber-Ready Future 

Ukraine has built its cyber resilience under fraught conditions. Thus it should not be that difficult for those of us living and working under less dire conditions to learn from their example to build better readiness, preparedness, and willpower to cyber-defend our people and assets.      

This means that leaders at the organizational level–companies, NGOs, universities–and      governmental levels should deploy the following actionable tactics:

  • Adequate Funding and Resources: Cyber defense should be adequately funded and resourced, both at the organizational level and at the national level.
  • Cyber Education and Hygiene: Organizations should maintain good cyber hygiene, including regular software updates, employee training, and incident response plans.
  • International Private/Public Cooperation: Organizations should establish partnerships and seek support from international entities, such as government agencies and other organizations, to share intelligence and best practices.
  • Redundancy and Backup: Organizations should have multiple layers of defense and have a disaster recovery plan in place to minimize downtime and data loss.
  • Continual Monitoring. Updating and Improvement: Organizations should be vigilant and monitor their systems and networks constantly to detect and respond to cyber threats.
  • Third-Party Security Vigilance: Organizations should also consider the security of their third-party vendors, partners, and contractors and have a plan in place to mitigate any potential risks associated with them.

Looking at the future, the good old days of “out of sight out of mind” no longer exist—if they ever did. Being reactive instead of proactive when a cyber-attack occurs or, what is worse, asleep at the cyber-switch or cyber-hibernating have never been options. There are only two options as the Ukrainian example has so dramatically taught us: vigilance and hypervigilance. Anything short is doomed to failure.

About
Tomer Saban
:
Tomer Saban is the CEO and co-founder of WireX Systems, before which he worked in the homeland security space, developing defense systems for intelligence agencies.
About
Andrea Bonime-Blanc
:
Dr. Andrea Bonime–Blanc is the Founder and CEO of GEC Risk Advisory, a board advisor and director, and author of multiple books.
The views presented in this article are the author’s own and do not necessarily represent the views of any other organization.