In 2014, when Russia launched a proxy war in eastern Ukraine and annexed Crimea, and in the years that followed, Russian hackers attacked Ukraine. Cyberattacks went so far as to disrupt the power grid in parts of the country in 2015. Russian hackers stepped up their efforts against Ukraine in the run-up to the 2022 invasion, but with markedly different results. Those differences hold lessons for the US national cyber defense.
I am a cyber security researcher with experience as a political officer at the US Embassy in kyiv and working as an analyst in countries of the former Soviet Union. During the last year, I led a USAID funded program in which instructors from Florida International University and Purdue University trained more than 125 Ukrainian university cybersecurity professors and more than 700 cybersecurity students. Many of the faculty are leading government advisers or consult with critical infrastructure organizations on cyber security. The program emphasized practical skills in using leading cybersecurity tools to defend simulated business networks against real malware and other cybersecurity threats.
The invasion occurred just weeks before the national cybersecurity competition for students from the 14 universities participating in the program. I believe that the training that faculty and students received in protecting critical infrastructure helped reduce the impact of Russian cyberattacks. The most obvious sign of this resilience is Ukraine’s success in keeping your internet on despite russia bombssabotage and cyber attacks.
What this means for the US
On March 21, 2022, USA President Joe Biden warned to the American public that Russia’s ability to launch cyberattacks is “pretty big and it’s coming. As Deputy National Security Advisor Anne Neuberger explained, Biden’s warning was a call to prepare US cyber defenses.
The concern in the White House about cyber attacks is shared by cybersecurity practitioners. Ukraine’s experience with Russian cyberattacks provides lessons on how institutions, from power plants to public schools, can help strengthen a nation’s cyber defenses.
National cyber defense begins with governments and organizations Risks evaluation and increase your ability to deal with the latest cybersecurity threats. Following President Biden’s warning, Neuberger recommended that organizations take five steps– Adopt multi-factor password authentication, keep software patches up-to-date, back up data, run drills, and cooperate with government cybersecurity agencies.
Cyber defense begins with the gateways to a nation’s information networks. In Ukraine, in recent years, hackers have broken into poorly protected networks using techniques as simple as guessing passwords or intercepting their use on unsecured computers.
The most sophisticated cyberattacks in Ukraine used social engineering techniques, including phishing emails that tricked network users into revealing IDs and passwords. Clicking on an unknown link can also open the door to tracking malware that can learn password information.
Neuberger’s recommendation to adopt multi-factor password authentication recognizes that users will never be perfect. Even cybersecurity experts have made mistakes in their decisions to provide passwords or personal information on insecure or misleading sites. The simple step of authenticating a login on an approved device limits the access a hacker can gain simply by obtaining personal information.
Programmers who develop applications and networks are rewarded by improving performance and functionality. The problem is that even the best developers often overlook vulnerabilities when they add new code. For this reason, users should allow software updates because this is how developers patch discovered weaknesses once identified.
Before the invasion of Ukraine, Russian hackers identified a vulnerability on Microsoft’s leading data management software. This was similar to a weakness in network software that allowed Russian hackers to unleash the NoPetya malware on Ukrainian networks in 2017. The attack caused an estimated $10 billion in damage worldwide.
Just days before Russian tanks began crossing into Ukraine in February 2022, Russian hackers used a vulnerability in market-leading data management software SQL to plant on Ukrainian servers. Malware “cleaner” which erases the stored data. However, in the last five years, Ukrainian institutions have significantly strengthened their cybersecurity. In particular, Ukrainian organizations have moved away from pirated business software and integrated their information systems into the global cybersecurity community of technology companies and data protection agencies.
As a result, the Microsoft Threat Intelligence Center identified the new malware when it began to appear on Ukrainian networks. The early warning allowed Microsoft to distribute a patch worldwide to prevent this malware from wiping servers.
Ransomware attacks are already frequently targeted public and private organizations in the US Hackers lock users out of an institution’s data networks and demand payment to restore access.
Wiper malware used in Russian cyberattacks in Ukraine works similarly to ransomware. However, pseudo-ransomware attacks permanently destroy an institution’s access to its data.
Backing up critical data is an important step in reducing the impact of eraser or ransomware attacks. Some private organizations have even gone so far as to store data in two separate cloud-based systems. This reduces the chances that attacks could deprive an organization of the data it needs to continue operating.
Drills and cooperation
Neuberger’s latest set of recommendations is to continually conduct cybersecurity drills while maintaining cooperative relationships with federal cyber defense agencies. In the months leading up to Russia’s invasion, Ukrainian organizations benefited from work closely with US agencies to strengthen the cybersecurity of critical infrastructure. The agencies helped scan Ukrainian networks for malware and supported penetration tests that use hacker tools to look for vulnerabilities that could give hackers access to their systems.
Small and large organizations in the US concerned about cyber attacks should seek a strong relationship with a wide range of the federal agencies responsible for cybersecurity. Recent regulations require companies to disclose information about cyberattacks on their networks. But organizations should turn to cyber security authorities before experiencing a cyber attack.
US government agencies offer better practices to train personnel, including the use of simulation exercises and simulation exercises. As Ukrainians have learned, tomorrow’s cyberattacks can only be countered by preparing today.
Robert Peacock is an assistant professor of criminology and criminal justice at Florida International University.