– Our internal cooperation in the Ukraine needs to become
more efficient, says Ukrainian cyber security expert Dr Oleksandr Tsaruk.
Oleksandr is a member of Nordic IT Security’s advisory
board, he is also chief advisor to the Committee on ICT, Ukrainian Parliament.
– The Ukraine has very limited funds for changing the IT
security infrastructure. We have to cooperate with NATO, the US and the
European Union, he explains.
But Oleksandr does not want to over-emphasise the
possibility, of large scale cooperation with the US, that a country like Israel
for example has.
– The United States do not provide the Ukraine, with a lot
of equipment at the moment. We should have as much bilateral cooperation as
possible, with the European Union and NATO countries. But if we could receive a
lot of technology and expertise from the United States in the future, it could
be very helpful.
One thing that the Ukraine is doing at the moment, is
working with the information, that it’s population has access to.
– We can not stop fake news online. But we can explain to
people, that “this is not true”. And in the Ukraine, we currently have
interesting initiatives. Like the “Stop fake news” initiative.
Oleksandr summarises:
– There needs to be government, public and private
cooperation. It is happening now. But not so efficiently.
Oleksandr attended the Ukrainian “Global Cybersecurity
Summit 2017”, held in June. We asked him to provide a report, for Nordic IT
Security’s readers. And here it is:
“Recently, WIRED published an excellent article on longread,
about the Ukraine as a testing lab, for cyber warfare. Giving light, on former
and future threats, on almost every aspect of Ukraine’s public and private
sectors.
This and other articles, describe the Ukraine, as a cyber
playground for the Kremlin digital tools. Which – after testing – will later
threaten, deter, or even attack the United States.
Definitely, some lessons have been learned already. For in
the US, in one of the first public statements on priorities as president,
Donald Trump promised to develop a “comprehensive plan to protect America’s
vital infrastructure, from cyber attacks.”
Just a few day before, Kiev, the capital of Ukraine – had
hosted a first worldwide event on cyber policy, the “Global Cybersecurity
Summit 2017”.
It was mostly focused on discussing cyber threats and
policies, but was also followed by an IT exhibition.
The Global Cybersecurity Summit was organised by Globee
US-UA, which is a non-governmental organisation. The summit attracted top
speakers from western vendors such as Cloudflare, VISA, Oracle, IronNet,
LastWall, HP, EY and Symantec.
But also former leadership from the US State Department, and
some of Washington DC:s think tank consultants.
The organisers tried to sell the idea, that the Ukraine had
recently been at the number one focal point, of cyber issues. The exclusivity
of the event attracted an interest of the public, media, experts and high-level
corporate executives. With in total, about a 700 strong participation.
For them, it was a chance to establish a business
partnership, and get expert advice. It was also a good opportunity to advertise
IT solutions of vendors, at the famous venue Parkovy event centre, in the
basement of which is located a super modern “Tier III” data center.
This is the biggest data processing facility in the Ukraine,
but at the same time, it is using only one tenth of its capacity. And rumours
say, that it is for sale, as the principal investor’s closeness to the former
president Yanukovych, has weakened it’s reputation…
A lot of experts underlined speeches of such policy movers
like of Mr Antony Blinken, the former US Deputy Secretary of State, and the
former US Deputy Security Advisor. Mr Matt Chessen, a former EAP Coordinator
for International Cyber Policy, at the State Department. And also Mr Dmitry
Shimkiv, the acting Deputy Chief of the President’s Administration in the
Ukraine.
The former Deputy National Security Advisor, and the Deputy
Secretary of State Antony “Tony” Blinken, argued that the threat posed by
cyberattacks to “human infrastructure” (meaning what we think and believe) is
as important, as the threat to critical physical infrastructure.
He suggested that the best defence against the threat to
“human infrastructure”, is educated end users, with a strong critical thinking
ability. He also recommended the following solutions, to current cyber threats:
Demanding a collective response from academia, private sector and NGOs, PPP in
defences, developing common cyber security standards, and imposing costs on
entities that carry out cyber attacks.
Blinken stressed, that by setting spheres of influence, some
countries are limiting the sovereignty of others. Moreover, these fences are
being built in human minds.
Mr Shimkiv suggested that the Ukraine should go in a similar
way as Israel, in developing bilateral cooperation with the US, in cyberspace
issues. He also argued on the importance of education, because if there is no
brain that connects, after the soft- and hardware, there is no way to be protected.
Probably the most sophisticated contribution from the
speakers, came from Mr. Chessen. As speaker and panellist, he gave light on
such phenomena as “Cognitive security”, “Weaponized narrative” and “Hybrid
warfare”.
Probably, Cognitive security is a “terra incognita”, for
many cyber experts. And a new field, that focuses on evolving frontiers. This
suggests that, in the future – researchers, governments, social platforms, and
private actors will be engaged in a continual arms race, to influence (and
protect from influence) a large groups of users online.
The weaponized narrative phenomenon, is an attack that seeks
to undermine an opponent’s civilization, identity, and will. By generating
confusion, complexity, and political and social schisms, it confounds response
on the part of the defender.
But: What are really the lessons learned?
Both former US department leaders, provided insights to some
aspects of “How Russia hacks our democracy”. Russia is engaging in hybrid
warfare with ‘the West’, broadly defined as the liberal democracies that make
up NATO and its allies.
The Kremlin weaponizes money, culture and information – in
an effort to shatter enemy communications, demoralize it’s enemies – and to
disrupt enemy command structures.