• Tetyana Demyanchuk
  • 20.4.2020 12:49

In March 2020, the US has committed $8 million to bolster Ukraine’s cybersecurity defences (which follows the previous tranche of $10 million in 2017). This strong support for Ukraine’s cyber transformation can be traced to the events of the spring 2014. Ukraine has been working hard beefing up its capabilities, so in the light of this financial help, this article will look at the steps that were taken, what were the successes, and what are the future challenges for Ukraine and its allies.

Major cyber-attacks on Ukraine

Since 2014, Ukraine has been used as a testing ground for Russia’s hybrid warfare, fought both in literal trenches, as well as cyber realm. Russia is the main challenger of Ukraine in the cyber domain, as it takes the opportunity to advance its strategic and military interests. Critical infrastructures of Ukraine, websites and computer networks of the ministries, state enterprises, international organisations, media, and others have all fallen victims at one point or another. 


“With Ukraine becoming more integrated with the Western internet networks, the country offers a comfortable backdoor for hackers.”


In addition to the ongoing military conflict, Ukraine is also a tempting target because numerous computers run on pirated software, which does not receive the standard security patches on regular bases. With Ukraine becoming more integrated with the Western internet networks, the country offers a comfortable backdoor for hackers.

American cybersecurity company FireEye identified groups of Russia affiliated hackers of Advanced Persistent Threats - the so-called APT29 (also known as Cozy Bear, Cozy Duke) and APT28 (also known as Sofacy Group, Tsar Team, Pawn Storm, Fancy Bear) - that since 2007, targeted the countries of Central and Eastern Europe, as well as security organisations such as NATO and OSCE. In the March of 2014, in the midst of the operation of annexing Crimea, Cyber Berkut group (using the APT28 infrastructure) launched DDoS attacks that blocked the work of the websites of Ukrainian state institutions and public organisations, as well as the main website of NATO, after it published a statement by Secretary-General Anders Fogh Rasmussen commenting on the referendum on the Crimea’s status.

Large-scale attacks by the Russian military hackers of the Sandworm hit Ukraine’s power grid in December of 2015 and 2016. The resultant blackouts were the first in history to be caused by the actions of hackers

However, the climax of Russia’s cyberwarfare came in the summer of 2017 with the malware that came to be known as NotPetya (or Petya-A). The very same Sandworm hackers hijacked the update server of Linkos Group that allowed them to create a hidden back door into the thousands of PCs around Ukraine that had M.E.Doc accounting software installed. 

The malware spread almost instantly to around ten percent of computers in Ukraine, and affected the work of more than 22 banks, ATMs and point-of sale systems, and practically every governmental agency. It then spread to 64 countries around the world, and even bounced back to Russia, striking the state oil company Rosneft.  


Cybersecurity of Ukraine

Prior to all of this, Ukraine had already had some framework in place related to the field of cybersecurity, however, the challenges called for a fast and comprehensive revision and improvement of technical and operational sides of cybersecurity (legal framework, key stakeholders, cooperation mechanisms, technical set-up). In early 2016, the government approved the first Cybersecurity Strategy of Ukraine, with the objective of “creat[ing] conditions for the safe functioning of cyberspace, application of cyberspace to benefit individual, society and the State”. 


“Ukraine strengthened its cyber apparatus by adding new responsibilities to existing organisations, creating new cybersecurity units, and nurturing a more inter-agency approach.”


As part of the implementation of the Strategy, Ukraine strengthened its cyber apparatus by adding new responsibilities to existing organisations, creating new cybersecurity units, and nurturing a more inter-agency approach. For example, the Ministry of Defence was tasked with “repelling military aggression in cyberspace” and developing a new cyber unit with NATO’s assistance, the Central Bank became involved and responsible for “establishing requirements for cyber protection of critical information infrastructure in the banking sector”, while the Security Service of Ukraine was tasked to work with the National Police to combat cybercrime, in addition to its more traditional role. 

The National Coordination Centre for Cybersecurity (a working body of the National Security and Defence Council) was created in 2016 to oversee and coordinate the transformation, as well as analyse the state of cybersecurity capabilities, and preparedness for counteracting cyber threats. 

Importantly, the strategy paved the way for the Cybersecurity Law that establishes the regulatory framework, outlines for the direction of the state policy, roles of the stakeholders, and introduced the concept of critical infrastructure and critical information infrastructures. 


Ukraine-EU-NATO cooperation

In development of its cybersecurity framework, Ukraine oriented towards the EU model in the areas of protection of the networks and counteracting cybercrime and in its cyberdefence on the NATO’s approach which can be seen in recognising the cyberspace as one of the domains of operations. 

Ukraine counts on the support from the EU and NATO, while the EU and NATO need an area of peace and stability in the territory of Ukraine, as a guarantee of stability on its eastern neighbourhood/flank and hence their own security. 

The EU efforts concentrated on increasing the country’s technical preparedness, helping it to establish effective legal frameworks to address cybercrime and cybersecurity problems, and enhancing its capacity for effective international cooperation in these areas.

So, for example, within the framework of the EU Advisory Mission to Ukraine (EUAM), the EU allocated more than 2.5 million euros to various projects related to the area of cybersecurity. The mission promoted the betterment of the technical equipment of Ukrainian law enforcement agencies, conducted training and exchanged experience (with the involvement of the experts from Europol and other EU institutions).

There are also some important bilateral initiatives. Estonia, for instance, has been working closely with the Ukrainian authorities, helping them to set up a secure electoral IT system.

In the field of cyberdefence, major cooperation between Ukraine and NATO was conducted under the NATO Cyber Defence Trust Fund (2014-2017). The Fund aimed to strengthen the country’s CSIRT-type technical capabilities for countering cyber threats. Assistance included the establishment of an Incident Management Centre that helped monitoring cyber security events, as well as laboratories investigating cybersecurity incidents, and included training on how to employ the needed technology and equipment.

In this cooperation the Security Service of Ukraine and the State Service of Special Communications and Information Protection of Ukraine were the major recipients of the help from the Trust Fund. For the whole project NATO allocated more than $1 million. The NATO partners (with Romania as the lead nation, acting through the Romanian Intelligence Service) provided additional financial and experience contributions, which resulted in common cyber defence exercises and training, concentrating on how to react to major cyber-attacks. 



While Ukraine visibly made some progress in enhancing its cyber capabilities, the defences are not at the level expected from a country under the fire of the Russian cyberwarfare. There are issues in the communication and coordination between the governmental agencies, there is lack of financial incentive to attract the best specialists into working for the government, and there is a sizable problem of the cooperation between the public and private sectors that is crucial for success. 

Nonetheless, Ukraine is trying to learn from its mistakes, and importantly for the Western partners – it offers new knowledge. This is why American and European cybersecurity authorities regularly ask for analysis of the major threats in Ukraine to look for experience that can be applied “back home”. In 2019, three years after Russia disrupted the 2016 US presidential elections, European officials were worried that the European Parliament elections were the next on the line. So, the EU watched the Ukrainian presidential elections closely, as it offered  insight on the trends. 


“Much of the enhancement of the Ukrainian cyberdefence would have not been possible without the financial and training help of the Western partners.”


There were altogether 9000 cases related to cybersecurity, which included malware attacks from Russia associated APT Dragonfly that attempted to gain unauthorised access to Vybory (one of the two central IT systems for elections and which displays real-time updates in the vote count). Nonetheless, overall, the presidential elections of 2019 occurred securely and were not derailed.

Cyber is one of the fields that demonstrates clearly the interdependence of Ukraine, the EU and NATO. Much of the enhancement of the Ukrainian cyberdefence would have not been possible without the financial and training help of the Western partners. Continuing to work on the technical and operational sides is still Ukraine’s internal challenge, however, the way forward is not only to enhance the cyber capabilities at the national level, but also through a continued comprehensive international cooperation. This is simply because the battles fought in Ukrainian cyberspace cannot be contained by the physical state borders.

About author: Tetyana Demyanchuk


Tento web používá k analýze návštěvnosti soubory cookie. Používáním tohoto webu s tím souhlasíte. Další informace