Cybersecurity Challenges. Will Ukraine Become More Secure?

March 27, 2018
Life in our times of modern technology is a set of endless upgrades and growing masses of information which are getting increasingly harder to deal with. First of all, it is difficult to cope with information in the context of protecting it. Even though we have not yet learned to carefully publish private information about ourselves and filter the information that we perceive, we already need to have the ability to defend ourselves against phishing, skimming, spam, trojans, DDoS attacks, and so on. We have to understand what all these processes mean and the threats they pose.
article-photo
Photo credit: Luca Bravo on Unsplash

Today's Ukraine is known not for systematic methods of protection, but for constant attacks and cybercrimes.

Today's Ukraine is known not for systematic methods of protection, but for constant attacks and cybercrimes. In June 2017, many public institutions in Ukraine appeared to be defenseless against the Petya virus (banks, airports, even post offices). In February 2018, the cyber police detained a 33-year-old resident of Poltava, the alleged organizer of the Avalanche network, despite the fact that the network itself was exposed and liquidated in November 2016. This network was involved in money laundering and cyber-attacks throughout the world. In March 2018, Ukrainians who assigned themselves UAH 7 million by cybercrimes, including through the illegal collection of money for charity, were arrested. In his commentary to Ekonomichna Pravda, the head of Ukraine's cyberpolice Serhiy Demidyuk, noted the growth in detected cybercrimes in Ukraine by 2,500 annually.

In October 2015, a cyberpolice unit was created as a separate subdivision of the Ministry of the Interior in order to fight cybercrime in Ukraine. At the same time, the financial and human resources allocated for the work of the cyberpolice are not sufficient to provide fully-fledged counteraction against all threats. The Strategy of Cybersecurity of Ukraine was approved in January 2016, which also became a unique marker of attention to the topic in the country. Its priority areas are: development of safe, stable and reliable cyberspace; cybersecurity for state electronic information resources; critical infrastructure of cyber security; the development of cybersecurity in the defense sector and the fight against cybercrime. At present, the strategy is a framework document that needs to be outlined in detail in new legislation, but the IT community has welcomed its endorsement. The Ukrainian Parliament approved bill № 2126a entitled On the Basic Principles of Cybersecurity of Ukraine on October 5, 2017. This bill was the first time that terms such as cybersecurity, cyberattack, cyber threats, cyber-espionage, cyberterrorism, etc., received definitions at legislative level

However, such official documents are not enough. The Government of Ukraine is making a few concrete steps towards solving issues related to cybersecurity. For example, the "pause" in determining the terms of the status of cryptology in Ukraine does not enable one to talk about a speedy reaction to the actual issues in the field. The unclear status of cryptocurrencies enables the non-taxation of exchange operations, activities of stock exchanges and exchange offices. At the same time, for average users, this also means the inability to appeal to law-enforcement agencies to protect their interests from cybercriminals who are able to steal cryptocurrencies. Although the essence of cryptography should be independent from governments and banks, this does not mean that the state should not regulate circulation of cryptocurrencies. On the contrary, it should create a safe environment for all cryptocurrency-related operations. Different states define the status of cryptogoods differently. For example, in the EU it is a "medium of exchange", in Australia a "property, but not a financial product", and in the US it is a "convertible decentralized virtual currency."

With the constant Russian cyberattacks against Ukraine and the coverage of these attacks on cyber defense issues in the media, digital security is gradually becoming a "hot topic" in public discourse.

With the constant Russian cyberattacks against Ukraine and the coverage of these attacks on cyber defense issues in the media, digital security is gradually becoming a "hot topic" in public discourse. Each institution needs targeted solutions. However, a significant number of organizations and users are potentially likely to be targeted by attacks, as they still use non-licensed software, do not update antivirus software and applications, use unprotected communication channels, and set simple passwords such as "qwerty" or "123456789" to their accounts. Again, recalling the Petya virus that paralyzed Ukrainian financial and government institutions in 2017, carelessness and negligence towards digital security exist only before people lose data, while cybercriminals block sites and demand money.

There are few sources of specialized information about digital security in Ukraine. There is the Digital Security School 380, based on NGO Internews-Ukraine, a rather new NGO called Laboratory of Digital Security, the Ukrainian Digital News website, and thematic articles on digital security in various media outlets.

Ukraine faced the issue of combating the hybrid methods used by Russian propaganda, including those relating to cyberspace with the onset of the EuroMaidan protests and the Anti-Terrorist Operation later on. In this context, for example, the International Center for Defense and Security in 2014 tried to analyze the situation in Ukraine's digital security and offer the best ways to improve the situation. The main ones were cyber defense skills and capabilities development; cyber security policy, legislation and strategy development; material and technical assistance.

The development of cyberspace and, accordingly, cybercrimes is an inevitable feature of future technology, as journalist Kevin Kelly notes in his book "The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future". Thus, if Ukraine does not want to find itself on the periphery, it should respond quickly to changes in the field and take concrete steps to strengthen digital security in Ukraine.

Vitalii Moroz and Olha Hurtovenko
Coordinators at Digital Security School 380, a joint project of NGO Internews-Ukraine (Kyiv, Ukraine) and eQualit.ie (Montreal, Canada)