Cybersecurity in Ukraine: National Strategy and international cooperation

News item | 07-06-2017

In response to large-scale attacks to its critical infrastructure in recent years, Ukraine adopted in 2016 a National Cybersecurity Strategy and is making strides in its implementation. The set up of the National Cybersecurity Coordination Center in 2016 and the proposed update of the cybercrime legislation to meet the Budapest Convention requirements and best practice particularly on Internet Service Providers are two main steps in enhancing the country’s cyber resilience. These activities are complimented by strong cooperation with international partners across the cyber sphere, including on cybercrime, cybercrime and cyber defence.

Written by: Oleksii Tkachenko, International Relations Officer, Cyber Department, Security Service of Ukraine

A complex cyber threat landscape

Increased digitalization of services and reliance to the internet have brought about the evolution of cyberspace, raising also significant security challenges to governments across the globe vis-a-vis offences against and by means of computer systems. In Ukraine this has been demonstrated most significantly with the large-scale cyber attacks to Ukrainian power companies in December 2015 following attacks to major Ukrainian TV channels two months earlier on the day of local elections.

These incidents fit within the overall trend that Ukraine is witnessing the past years with an increased use of Distributed Denial of Service attacks as well as zero-day vulnerabilities exploited to penetrate and compromise critical infrastructures. The threat landscape analysis also points to targeted attacks on diplomats, law enforcement agencies, defense actors, state enterprises, mass media, as well as politicians and public figures, as well as misinformation campaigns over the Internet to influence the ‘physical’ world. The impact of these attacks can be significant as they can damage critical infrastructures and hinder the effective functioning of the national authorities. Information and psychological warfare aims at discrediting state power and fosters the conditions for the destabilization of the social and political situation.

Source: National Cybersecurity Strategy of Ukraine. Credits for the graph: StratComUA

Adoption of the National Cybersecurity Strategy

In response to these challenges, Ukraine adopted by Presidential decree its National Cybersecurity Strategy on 15 February 2016. The Strategy, which is coupled with an annual Action Plan for its implementation, has as an overarching goal to create the conditions that ensure safe cyberspace and its use in the interests of individuals, the society and the Government. The main focus of the Strategy is on three axes:

  • Developing the national cybersecurity system
  • Enhancing capabilities across the security and defence sector
  • Ensuring the cybersecurity of critical information infrastructure and of Government information resources.

The national cybersecurity system put in place by the Strategy ensures collaboration between all government agencies, local authorities, military units, law enforcement agencies, research and educational institutions, civil groups, businesses, and organizations, irrespective of their form of ownership, that deal with electronic communications and information security or are owners of critical information infrastructure.

A key step in the implementation of the Strategy has been the establishment of the National Cybersecurity Coordination Center in June 2016, which is a working body of the National Security and Defense Council. The Center has a supervising function and undertakes tasks related to analyzing the state of national cybersecurity and its preparedness for combating cyber threats, as well as forecasting and detecting relevant potential and actual threats. It will also participate in organizing and holding international and interdepartmental cybersecurity training courses.

Moreover, as a State Party to the Budapest Convention on Cybercrime, Ukraine is working towards full implementation of the Convention. Draft legislation has been prepared and is currently discussed in Parliament which entails the strengthening of the liability for cybercrimes, and defines the important terminology and update of responsibilities of the Internet Service Providers (ISPs) according to the Convention.

International cooperation and capacity building

In recognizing the need for strong international cooperation and capacity building to address cybersecurity needs and threats that is also highlighted in the new Strategy, Ukraine has been collaborating with a number of partners across the cyber domain.

In the area of cybercrime, Ukraine has been a partner in the joint European Union and Council of Europe projects ‘CyberCrime@EaP II’ and ‘CyberCrime@ EaP III’ that have a regional dimension involving all countries of the Eastern Partnership (i.e. Armenia, Azerbaijan, Belarus, Georgia, Republic of Moldova, Ukraine). The first project is focused on improving mutual legal assistance for international cooperation on cybercrime and electronic evidence and on strengthening the role of 24/7 contact points. The second project, which was launched in Kiev in April 2016, is tackling issues of public and private cooperation. The engagement with the ISPs and the Council of Europe recommendations are already benefitting the national authorities as they have fostered a structured dialogue with ISPs that has served as a trust-building exercise towards understanding and responding to each other’s’ needs. In addition, British and Estonian partners have provided modern hardware and software to Ukrainian law enforcement agencies that to conduct professional computer forensics and investigate cybercrimes more thoroughly.

In the cyber defense field, Ukraine is working with the NATO Cyber Defence Trust Fund to enhance the country’s technical capabilities in counter cyber threats. Assistance includes establishing an Incident Management Centre to monitor cyber security events, as well as laboratories to investigate cyber security incidents, coupled with training in employing this technology and equipment. The Security Service of Ukraine is taking the lead role in the framework of the Trust Fund, while the NATO partners include Romania as the lead nation with additional financial and in-kind contributions from Albania, Estonia, Hungary, Italy, Portugal, Turkey, and the United States. Together with the NATO partners, Ukraine has conducted cyber defense exercises and trainings where all the relevant national stakeholders are trained on how react to major cyber attacks at the national defense infrastructure.

Ukraine is not only participating in the international initiatives in the sphere of countering cyber threats but also contributing to the development of regional initiatives. With an initiative led by Ukraine, a working group on cybersecurity was established in the framework of the GUAM Organization for Democracy and Economic Development (i.e. Azerbaijan, Georgia, Moldova, Ukraine). The group is now discussing the development of a Memorandum of Understanding for adoption by its governments, while it has already put in place a protected communication system which allows, inter alia, the secure exchange data online and conducting of video conferences.

The Ukrainian experience demonstrates that in order to address serious and persistent cyber threats and attacks there is a need for enhanced collaboration at multiple levels – amongst national authorities, with the private sector and with international partners in order to build the necessary capacities and respond effectively to such threats.

This article first appeared in the third issue of the Global Cyber Expertise Magazine – May 2017