Sitting on the panel were Viktor Zhora, the deputy chair of the State Service of Special Communications and Information Protection of Ukraine; Andrii Sharonov, first deputy chief of the Cyber Police Department, National Police of Ukraine; Illia Vitiuk, head of the Department of Cyber and Information Security, Security Sevice of Ukraine; and Nataliia Tkachuk, head of the Department for Information Security and Cybersecurity, National Security Cyber Coordination Center.
Immediately,Tkachuk set a defiant tone toward the aggressors and a thankful tone toward the U.S., which drew applause from the audience of law enforcement, academics, and cyber professionals.
“Thank you for standing with us in this terrible, unprecedented, and unjust war… I know you have feelings about this war the same as we do,” she said without looking at notes. “This work is not only about Ukraine, this war is not only about our independence or territorial integrity. This war is about the democratic values for all the world, about human rights, about international stability and security about respect for international law. We have no chance to lose and that’s why your support is very important to us.”
Tkachuk then outlined a brief history of cyber defense in Ukraine that was in its infancy in 2015 when the Russian military used a trojan hack named BlackEnergy, which led to widespread power outages in the country. Ironically, she thanked the Russians for that early attack because it led to the nation codifying cybersecurity into laws, policies, and institutions.
“We didn’t have the political will to adopt the cybersecurity strategy. Our top officials didn’t understand what was the role of cyber in the context of national security. Then BlackEnergy happened. Well, it took a few months and the strategy was adopted,” she said. “We started to create our national cybersecurity system and the main steps we directed to legal framework, technical capacities, human resources, international operations, and, of course, public-private partnerships.”
Vitiuk concurred that 2015 was a watershed moment that put Ukraine on war footing well before the Feb. 23 invasion. He added that a sequence of BlackEnergy attacks were also felt in more than 60 countries, not only Ukraine. He said the various sectors of the government, as well as the private sector, began a series of so-called attack rehearsals which helped develop the muscle memory needed for when unprecedented cyberattacks began full force just before the military invasion.
“The main thing was communication within the country between the institutions, between the authorities, between public-private partnerships, and communication with our [international]partners that helped us create this whole system and make it work.”
Sharonov said another key turnaround was that all the sectors began to budget for cybersecurity. In addition, the team from cyber police formed their international partnerships as far back as 2012, when many officers visited the United States for months at a time to develop the skill, knowledge, and ability to fend off cyberattacks.
On Jan. 20, an urgent meeting of the national security defense council was called to develop tactical steps to prepare for imminent attacks, said Tkachuk. By Feb. 7 a 24-hour response center was set up where all the main government stakeholders were present “day and night” to begin monitoring threats. She cited the preparedness and professionalism of the national police, in particular, with helping the team to put in place the critical infrastructure necessary to protect the nation from cyberattacks on critical infrastructure which began in earnest just days before the military invasion.
“As you know, they didn’t get to do too much harm, not because the attacks were not sophisticated, but only because we were able to take the right steps in advance,” she said.
Just as Ukraine has received support in the form of military weapons over the past few months, it also has also gained a volunteer cyber army which the deputy chief said numbers around 200,000. Moderator Steve Hill, chief information security officer at Credit Suisse Bank, noted this has led to making Russia the most hacked country in the world today. Sharonov said that the national police accepted help from the volunteers to help block Russian propaganda on social media.
“Right now, we already blocked thousands of
channels with almost 30 million people in Russia,” he said.Hill noted that officials from the NSA in the U.S. have expressed concern about such volunteers, as they are not sanctioned nor trained by an official government, regardless of how good their intentions may be.
Sharonov concurred but said Ukraine simply doesn’t have the capacity to match the Russian aggression when it comes to hackers and Zhora dismissed any notion of a moral conundrum the volunteers might present.
“I want to highlight a serious difference between offensive actions of Russians and volunteers that help Ukraine: Russia is attacking an independent country in the 21st century while Ukraine is defending ourselves,” he said.
“This is the first global cyber war and we need to be united,” Zhora said.
He added that no country in the world can protect itself alone and that cybersecurity is not just about people, processes, and technology.
“It’s about collaboration, cooperation. It’s about exchanging knowledge, information, practices, and joint exercises that can contribute to the global cybersecurity ecosystem,” he said. “We need a cyber alliance against cyber aggression, a community of states … which help each other to protect themselves … and Ukraine wants to be an active participant of this community, and I’m confident we will.”
