“Not only are we better prepared, we can also share our lessons learned,” said George Dubynskyi, deputy security minister at Ukraine’s Ministry of Digital Transformation.
That has resonance in Europe and the United States, which have worked closely together to protect Ukraine and are now importing strategies and intelligence to defend their own cybernetworks.
“The Russian invasion has led to increased cyber cooperation between the US and key allies, particularly in Eastern Europe,” said Brandon Wales, executive director of the US Cybersecurity and Infrastructure Security Agency (CISA) and coordinator of the US interagency defense response. “When it comes to work in domestic critical infrastructure sectors, the war has boosted the operational collaboration we had begun.”
Ukraine had good reason to expect the worst. Russia had used innovative attacks against specialized software controls during the winters of 2015 and 2016 to cut power to parts of the country, and it continued to use its rival as a proving ground with the release of NotPetya, a wildly destructive software that spread through a Ukrainian tax program and caused $1 billion in damage. The United States has charged six Russian intelligence officers in those attacks.
That heightened sense of danger helped. U.S. intelligence agencies and several major U.S. tech companies worked closely with Ukraine for years, sharing intelligence on emerging threats and working through a list of best practices within critical facilities, such as two-factor authentication, proper offline backups, and using multiple cloud vendors accessible from anywhere.
Ukrainian authorities installed better hardware and software, and passed legislation to give its regulators more power and more flexibility to protect the data it holds about citizens, Dubynskyi told The Washington Post.
“We were able to store copies in the cloud a week before the invasion. It was a breakthrough,” said Dubynskyi. “We were able to move our critical data abroad without formalities to Amazon AWS, Microsoft Azure, Oracle and other vendors.”
The result was not an airtight architecture and some attacks got through. Russia stepped up its social media phishing attacks, using stolen employee accounts to better target individuals within the government. But restricting access to a limited number of users who had physical tokens as a second authentication factor helped prevent disasters.
Russia has otherwise deployed a variety of destructive programs known as data wipers and has stolen passport data from border stations that it could use to track down Ukrainians. It also hacked into the Viasat satellite communications system used by the military and sidelined the Turkish-made Bayraktar drones whose successes against the invaders in the early months of the war were celebrated in widely circulated videos. Google has disclosed the hack this month, but did not specify what stolen intelligence the Russians used to beat the drones.
It also combined cyberattacks and physical explosions to force internet traffic through the infrastructure it controlled.
“They cut optical fibers and destroyed cell towers to deprive people of access to Ukraine’s digital space, to switch them to Russian digital space,” Dubynskyi said. “If you don’t have a digital space, cybersecurity is useless.”
A direct appeal to Elon Musk brought Starlink terminals into the country and helped maintain internet access for most of the country, he said.
The Russian government and allied criminal hackers have attempted to break into most Ukrainian ministries, and in some cases succeeded, most recently through pre-war backdoors.
Russia and its allied groups, some posing as patriotic hacktivists, have claimed that all kinds of government documents have been leaked. Most are fakes or exaggerations, but not all. His other propaganda campaigns, including online, have been extensive and continue around the world.
Some propaganda has been boosted by networks of automated social media accounts for rent, which briefly made #ZelenskyWarCriminal onto Twitter Trending lists in the United States, France, Italy and other countries. Some of the same accounts also praised cryptocurrencies and, more recently, Nigerian presidential candidate Peter Obi, according to researchers at the nonprofit organization Reset.
But Russia’s Ukraine’s biggest attempt to take power again, with a version of the specialized software used against industrial targets in 2016, was caught by security software for reusing too much of the earlier code.
Other proprietary software intercepted more intrusions, in part by checking for unusual behavior. Dubynskyi praised Microsoft, Google and Cloudflare for their help, drawing in part from their analysis of massive user activity. He noted that it was in their interest to see what was happening in Ukraine and apply that to protect customers worldwide.
Microsoft set up a 24-hour secure hotline so Tom Burt, the company’s vice president of security, could immediately call Ukraine’s top defenders when it detected an attack in progress.
Burt said it was the company’s practice to notify all targets of state-sponsored hacking attempts, but that the hotline and personal approach “is a kind of white glove reporting” for war-related attacks that has now expanded to NATO and some NATO governments.
Like Dubynskyi, Burt warned that Russia continues to try new techniques. But they do this under a microscope: “We are learning more about how these actors work and how they develop their response.”
The US government has helped by battling criminal ransomware groups, some of which have turned their attention to Ukrainian targets. Arrests, removals, and seizures confused some in that shadow economy, and sanctions cut off some of their revenues, causing total collections to fall.
“The sanctions have made it difficult to actually pay these guys,” said Billy Leonard, Google’s lead analysis for government threats.
Officials in the United States are applying what worked in Ukraine to their own cybersecurity efforts. Wales said the two-year-old Joint Cyber Defense Collaborative (JCDC), which includes major cloud, communications and security providers, is sharing more information, including some to be released within a day.
“We were able to get information from the first infections in Ukraine within hours, where JCDC members shared it and used it in their systems, protecting hundreds of thousands of critical infrastructure operations across the United States,” said Wales.
Like Ukraine’s broader outreach efforts, CISA is now targeting what it calls “target-rich, cyber-poor” sectors of the economy, protecting the hospitals, schools and local governments that have been ravaged by ransomware in recent years.
Perhaps most importantly, CISA learned the lesson from Ukraine’s resilience that proved that doing the basics is much better than doing nothing, Wales said.
“Slowly and steadily they made improvements to their security architecture and benefited from Western support, including the private sector,” he said. “Nation states have a lot of cyber capacity, but you can make it more difficult.”
A year of the Russian war in Ukraine
Portraits of Ukraine: Every Ukrainian’s life has changed since Russia launched its full-scale invasion a year ago – in both big and small ways. They have learned to survive and support each other in extreme conditions, in bomb shelters and hospitals, devastated apartment complexes and devastated marketplaces. Scroll through portraits of Ukrainians reflecting on a year of loss, resilience and fear.
Attrition: Over the past year, the war has moved from a multi-front invasion, including Kiev in the north, to an attrition conflict largely centered along a vast area in the east and south. Trace the 600-mile front line between Ukrainian and Russian troops and see where the fighting is concentrated.
Living separately for a year: The Russian invasion, coupled with Ukraine’s martial law that prevents men of fighting age from leaving the country, has forced millions of Ukrainian families to make painful decisions about how to balance security, duty and love, shattering lives that were once intertwined. were intertwined, have become unrecognizable. This is what a train station full of farewells looked like last year.
Deepening the global division: President Biden has proclaimed the strengthened Western alliance forged during the war a “global coalition,” but a closer look reveals that the world is far from united on issues raised by the war in Ukraine. There is ample evidence that the attempt to isolate Putin has failed and that sanctions have not stopped Russia, thanks to its oil and gas exports.