I ran a program that trained Ukrainians in cybersecurity
In 2014, as Russia launched a proxy war in eastern Ukraine and annexed Crimea, and in the years that followed, Russian pirates hammered Ukraine. Cyberattacks went so far as to knock out the power grid in parts of the country in 2015. Russian hackers stepped up their efforts against Ukraine ahead of the 2022 invasion, but with markedly different results. These differences hold lessons for US national cyber defense.
I am a cybersecurity researcher with training as a political officer at the United States Embassy in Kyiv and working as an analyst in countries of the former Soviet Union. Over the past year, I have led a USAID funded program during which instructors from Florida International University and Purdue University trained more than 125 Ukrainian university professors in cybersecurity and more than 700 students in cybersecurity. Many professors are leading advisers to government or consult critical infrastructure organizations on cybersecurity. The program emphasized practical skills in using key cybersecurity tools to defend simulated enterprise networks against real-world malware and other cybersecurity threats.
The invasion took place just weeks before the national cybersecurity competition was held for students from the 14 participating universities in the program. I believe that the training that professors and students have received in critical infrastructure protection has helped reduce the impact of Russian cyberattacks. The most obvious sign of this resilience is Ukraine’s success in keep your internet on despite the Russian bombssabotage and cyber attacks.
What this means for the United States
On March 21, 2022, the United States President Joe Biden has warned to the American public that Russia’s ability to launch cyberattacks is “quite large and coming.” As Deputy National Security Advisor Anne Neuberger explained, Biden’s warning was a call to prepare America’s cyber defenses.
The White House’s concern over cyberattacks is shared by cybersecurity practitioners. Ukraine’s experience of Russian cyberattacks provides lessons on how institutions ranging from power plants to public schools can help strengthen a nation’s cyber defenses.
National cyber defense starts with governments and organizations assess the risks and increasing their ability to deal with the latest cybersecurity threats. After President Biden’s warning, Neuberger recommended that organizations follow five steps: Adopt multi-factor password authentication, maintain software patches, back up data, run drills, and cooperate with government cybersecurity agencies.
Cyber defense begins at the gateways to a nation’s information networks. In Ukraine, in recent years, hackers have penetrated poorly protected networks using techniques as simple as guessing passwords or intercepting their use on unsecured computers.
More sophisticated cyberattacks in Ukraine have used social engineering techniques, including phishing emails which caused network users to reveal usernames and passwords. Clicking on an unknown link can also open the door to tracking malware that can learn password information.
Neuberger recommendation for adoption multi-factor password authentication recognizes that users will never be perfect. Even cybersecurity experts have made mistakes in their decisions to provide passwords or personal information on insecure or misleading sites. The simple step of authenticate a connection on a trusted device limits the access a hacker can gain simply by obtaining personal information.
Programmers who develop applications and networks are rewarded with improved performance and functionality. The problem is that even the best developers often overlook vulnerabilities when adding new code. For this reason, users must allow software updates, as this is how developers fix discovered weaknesses once identified.
Prior to the invasion of Ukraine, Russian hackers identified a vulnerability in Microsoft’s leading data management software. It looked like a weakness in the network software that allowed Russian hackers to release the NotPetya malware on Ukrainian networks in 2017. The attack caused damage estimated at $10 billion worldwide.
Just days before Russian tanks began entering Ukraine in February 2022, Russian hackers used a vulnerability in market-leading data management software, SQL, to place it on Ukrainian servers. malware “eraser” which erases stored data. However, over the past five years, Ukrainian institutions have significantly strengthened their cybersecurity. Most notably, Ukrainian organizations have moved away from pirated enterprise software and integrated their information systems into the global cybersecurity community of technology companies and data protection agencies.
As a result, the Microsoft Threat Intelligence Center identified new malware as it began to appear on Ukrainian networks. The early warning allowed Microsoft to distribute a patch worldwide to prevent servers from being wiped out by this malware.
Ransomware attacks already frequently target public and private organizations in the United States Hackers block users from an institution’s data networks and demand payment to restore access.
Wiper malware used in Russian cyberattacks on Ukraine works similarly to ransomware. However, pseudo ransomware attacks permanently destroy an institution’s access to its data.
Backing up critical data is an important step in reducing the impact of wiping or ransomware attacks. Some private organizations have even undertaken to store data on two separate cloud-based systems. This reduces the risk of attacks depriving an organization of the data it needs to continue operating.
Exercises and cooperation
Neuberger’s final set of recommendations is to continuously conduct cybersecurity exercises while maintaining cooperative relationships with federal cyberdefense agencies. In the months leading up to the Russian invasion, Ukrainian organizations benefited from in close collaboration with the American agencies to strengthen the cybersecurity of critical infrastructures. The agencies have helped scan Ukrainian networks for malware and supported penetration tests that use hacking tools to look for vulnerabilities that could allow hackers to gain access to their systems.
Organizations large and small in the United States concerned about cyberattacks should seek a strong relationship with a wide range federal agencies responsible for cybersecurity. Recent regulations compel companies to disclose information about cyberattacks to their networks. But organizations must turn to cybersecurity authorities before suffering a cyberattack.
US government agencies provide best practices for personnel training, including the use of tabletop exercises and mock attacks. As Ukrainians have learned, tomorrow’s cyberattacks can only be countered by preparing today.
Robert Peacock is Assistant Professor of Criminology and Criminal Justice at Florida International University.