Ukraine beefs up cyber defense in anticipation of Russian attack
Viktor Zhora proudly showed off the new facilities of one of Ukraine’s cybersecurity agencies, where opposing teams stage mock battles to prepare for the real thing.
The training is paying off, said Zhora, vice president of the State Service for Special Communications and Information Protection, the country’s security and intelligence service. An attack last month that targeted government websites was quickly contained by his staff with help from IT companies, including Microsoft, he said.
“We need to align our activities with the risks and threats that have increased in recent years. . . We must always be prepared for the worst. Zhora said.
Ukraine said “all the evidence” pointed to Russia’s responsibility, with officials and analysts saying that was just the tip of the iceberg.
The country has been under constant attack by Russian and Kremlin-backed hackers since Moscow’s annexation of Crimea in 2014. Cyber espionage, damage to databases and servers, power and communications disruptions and the misinformation are all part of the playbook.
As Russia masses more than 100,000 troops on the Ukrainian border and Western powers accuse Moscow of planning a full-scale invasion, the Kyiv government and independent experts expect hostile cyber activity to increase in an effort to to destabilize the country before or during any attack.
“We are registering more and more attacks on our system and we see some succeeding, unfortunately,” said Zhora, a former private sector cybersecurity manager. “Something more serious can be expected for us, but we don’t know when.”
Andrei Soldatov, a Russian security expert and senior fellow at the Center for European Policy Analysis, said Russian hackers were “getting more and more adept”.
“They have eight years of experience since 2014, and Ukraine is often where they try things first,” he said.
Russian cyberattackers accessed Ukraine’s vote counting system on the eve of the 2014 general election, destroying electronic records and leaving ballots to be counted by hand. The following year, a cyberattack caused power outages lasting several hours in western Ukraine and part of Kiev. The disruption, attributed to a group linked to Russian military intelligence, was the first known power outage caused by a cyberattack.
The NotPetya malware attack by the same group in 2017 infected 10% of all Ukrainian computer systems before spreading across the world. It was one of the most destructive cyberattacks in history, costing businesses around the world $10 billion, according to a US estimate.
Last week, Microsoft noted a group he called Actinium, which the Ukrainian government linked to Russian security services, had been targeting Ukrainian government and military offices for the “purpose of intelligence gathering” since October 2021.
“There have inevitably been many, many more attacks over the years that we don’t know about that have left malware embedded in systems ready to be activated,” said VS Subrahmanian, professor of computer science at the Northwestern University in the United States. . “It’s a bit like having a bomb planted in your house – it’s benign until someone sets it off.”
Russia has fewer financial resources to invest in cyber capabilities than the United States or China. But evidence suggests he boosts his ability by using proxy groups such as Cozy Bear and Fancy Bear whose knowledge he can deny, Subrahmanian said. They carry out attacks with little consequence for the Russian state, but Western officials and cyber experts believe they are acting for Moscow, Subrahmanian said.
Ukraine, on the other hand, suffers from a lack of public sector expertise in cybersecurity, weak regulation, limited response capacity and a lack of coordination between different agencies, which Kiev is trying to resolve, officials say.
A particular vulnerability is the prevalence of old, unlicensed software that provides hackers with numerous access holes. Zhora acknowledged the situation was “rather dangerous”, but said the problem was not as bad as it was in the mid-2000s.
A priority for his agency was to raise awareness among critical infrastructure operators and connect them to cyber information centers, so that attacks could be quickly analyzed and countered, he said.
Subrahmanian said there were ‘always vulnerabilities in every system and the attackers always have the advantage’, adding that Ukraine’s efforts to plug the holes, ‘does not mean they have managed to find them all’ .
The United States has sent experts and funds to bolster Ukraine’s cyber defenses, but the administration sees it as a long-term effort. “Major accomplishments don’t happen in weeks, so we’re realistic,” said Anne Neuberger, US deputy national security adviser for cyber, during a recent visit to Europe.
It is unclear how far Russia would go in using cyberattacks against the Ukrainian military. Greg Austin, a senior fellow at the International Institute for Strategic Studies, pointed out that Russia has never deployed a military-grade cyberattack to disable an enemy’s command and control systems, as Israel has done. in 2007.
In Operation Orchard, the Israelis disabled Syria’s air defense systems and fed it false radar information, allowing its fighter jets to bomb their Syrian targets and return to base undetected.
“An attack on a military system is very different from an attack on civilian infrastructure,” Austin said. He continued: “Past evidence supports the idea that Russia will not launch a full-scale cyber-sabotage attack on Ukraine as part of an invasion. . . The fear of reprisals is probably one of the reasons.
Indeed, last month, US President Joe Biden warned of the consequences for Russia of his ongoing cyberattacks, saying that “if they continue to use cyber efforts, well, we can respond in kind.” same way “.