Ukraine: The First Cyber Lessons - AFCEA
2023-09-01 05:03 (EST) - Diego Laje
As Russian forces pushed toward the Ukrainian capital, Kyiv, two tasks topped the agenda: to relocate vital servers and data storage and to move some information resources outside the country.
Few knew the war started well over a month before the first Russian tank crossed the border. In fact, the cyber war began 41 days before February 24—the date the kinetic war started.
“The cyber attacks, which started on January 14, were so severe, were continuous, together with [distributed denial-of-service] attacks and with a number of disruptive attacks,” said Victor Zhora, chief digital transformation officer at the State Service of Special Communication and Information Protection of Ukraine. Zhora’s agency is tasked with coordinating cybersecurity and cyber resilience in the country.
Zhora, together with actors from the public and private sectors around the world, was directly involved in all cyber actions since the beginning.
As experts saw unprecedented levels of aggression, deep worries shook the routine of government work. Questions revolved around the essence of a 21st-century country’s data: who votes, pays taxes, is in the military and owns real estate and financial assets. The answers to these questions are discovered only through consulting databases. In the case of Ukraine, the country was transitioning to virtual ID cards; therefore, keeping servers connected meant that millions of refugees could access basic benefits and services worldwide with their phones.
“Closer to the full-scale invasion ... it became clear that the risk of losing this data in case of attack on Kyiv, or even potential occupation, was very high,” Zhora said.
Ukraine received funds and technical assistance from the United States to deal with Russian cyber threats. Since 2016, the country has received $83 million and was pledged $37 million more, according to the Ukrainian Ministry of Foreign Affairs.
Two weeks before the invasion began, protecting critical data and the servers that store it became a top priority. “The first task was to physically relocate servers and data storage to a data center somewhere in more safe places on the territory of Ukraine,” Zhora said.“The second task was to allow the storage of some of the information resources outside of the country.”
This job was not easy as local laws prohibited the use of servers overseas to host the most important data.
A series of actions were ordered to protect the integrity of the country’s most relevant information sets and services. Prior to the invasion many followed the Kremlin’s line that there would be no war and that this was only another military exercise.
Still, early attacks proved to be heightened cyber bullying from Moscow in a much longer campaign.
“[Ukraine] has been attacked by Russia since, basically, they took Crimea in 2014,” said Marcus Murray, CEO of Truesec, a cybersecurity company with interests in Ukraine and Eastern Europe that was involved in moving digital assets out of the country in the early days of the war, according to two separate Ukrainian cyber experts. One early move from Kyiv gave enough room to operate, as they “prevented themselves from being too dependent on single points of failure,” Murray explained.
