Cybersecurity in times of war: Everyday is day zero
Russian cyberattacks are forcing an extreme reaction dynamic on Ukraine: "What doesn't work here may not be competitive."
Ihor Malchenyuk and Yegor Aushev at the Munich Cybersecurity Conference on Thursday.
(Image: MCSC/Axel Heimken)
When it comes to cyber security, Europe can learn from Ukraine's experience in the war against Russia. Russia's hybrid war has forced the country to continuously improve the security of its IT systems, said representatives of Ukrainian security authorities at the Munich Cybersecurity Conference (MCSC) on Thursday. The Ukrainians also sought Europe as a partner after the freezing of US aid via USAID tore considerable gaps in the security program budget.
The State Service of Special Communications and Information Protection of Ukraine recorded around 4300 attacks on critical systems last year. "Twelve attacks a day, and these are not small things," reported Ihor Malchenyuk, Director of the agency's Cyber Defense Department. "For us, every day is 'day zero'."
Compliance was yesterday
Malchenyuk assured that it was by no means intended to claim for Ukraine "that we have already seen everything or even know everything". The Russian attackers – Malchenyuk's authority has identified a total of 155 attacker groups – are, however, forcing the defenders to react extremely quickly. Security through compliance has not survived this new reality.
The Ukrainians also have experience with the use of large language models (LLM) by attackers: "As soon as hackers gain access to a system, all important address data is filtered out, for example." Spearphishing attacks on this basis can be observed regularly.
Almost a dozen national hackathons, the retraining of former military personnel as cyber security experts and IT security training in schools are intended to improve Ukraine's networks and systems, reports Yegor Aushev, CEO of Cyber Unit Technologies and Director of the International Cyber Resilience Conference.
Training with real-life scenarios
Many professors and students are no longer there, so the next generation needs to be trained, said Aushev. Last summer, the "Cyber Range UA", a national training platform for attack scenarios, was presented at the Ukrainian National Aviation University. The Russian attacks are simulated here.
Aushev called on participants at the Munich Security Conference, which was taking place at the same time, to take part and test their own products on the Ukrainian market. "What doesn't work here may no longer be competitive after the war," is his pitch.
Close cooperation between industry and the military is one of the success factors in the small country's resistance to the powerful aggressor, emphasized US General Chris Inglis, former National Cyber Director at the White House, in a panel of military officers.
Videos by heise
"Active countermeasures"
Europe is even more vulnerable than Ukraine, warned Natalia Tkachuk from the National Security and Defense Council of Ukraine in view of Russia's hybrid warfare. Europe lacks the legal basis for hackbacks, for example, although it is the target of Russian attacks and Russian disinformation campaigns. As a warring party, Ukraine could also defend itself with digital "weapons". Tkachuk does not want to talk about cyber offensives, but calls them "active countermeasures".
With regard to disinformation, Tkachuk also warned of the effects that not filtering large social media–platforms would have. For Ukraine, shutting down Russian social media channels was simply a matter of survival.
Tkachuk regretted that Meta's relaxation of the moderation rules went hand in hand with the end of financial support for NGOs in Eastern Europe: "Pandora's box has been opened. We still have no idea how to react to this. But we have to recognize the changed situation."
(mki)
