Policies and Priorities to Strengthen Cyber Resilience in Ukraine

Making Ukraine more cyber resilient must be a top priority for the state, business and society. To achieve this objective Ukraine should use both its own expertise and international cooperation. This was the key message from leading experts who took part in the First Cybersecurity Roundtable held by Deloitte Ukraine jointly with The German Marshall Fund (GMF) as part of the 12th Kyiv Security Forum. The event took place on 12 April 2019 and gathered the state agents, business figures, representatives of international organizations, and opinion leaders.

"Ukraine is regarded as a very important front line in cybersecurity area on the global stage. And this encourages and urges us to expand our involvement in the activities related to information security of the state. We should strike a balance between access, ease of use and the security of data in cyberspace," said Greg Fishman, Head of the Donor-IFI Advisory Practice at Deloitte CIS, in his event opening speech.

Robert Wainwright, Senior Partner at Deloitte, who oversaw establishment of the EU Cybersecurity Center on his recent job as outgoing Executive Director at Europol (2009-2018), said that the “NotPetya” virus that hit Ukrainian state institutions and critical commercial sector assets in 2017 was a red flag for the whole world.

The incident heralded seismic changes in information security and gave a sense of the gravity of the threat at all levels: to the state, business, and society. It demonstrated that malware may have a disastrous impact on the national economy. That's why it is important to join the efforts of partner countries and enable all tools available to the international community.

Ukraine's current cybersecurity status came up for discussion that involved representatives of the state institutions, national and foreign companies: Leonid Yevdochenko, Chairman of the State Service for Special Communications and Information Security of Ukraine, Andriy Teteruk, member of the Verkhovna Rada of Ukraine, Sergiy Bondarenko, President of Liga Group, Serhii Dziuba, Chief Information Security Officer at DTEK, Andrea Rigoni, Partner, Risk Advisory & Head of Cyber Capacity Building Initiative at Deloitte Italy.

The discussion moderator, Kadri Kaska, Law & Policy Researcher, NATO CCDCOE, pointed out that the balance between security and access to information is currently a pressing issue for all countries in the world. Ukraine holds a special place in the matter, because it has to fight against institutional threats while developing a modern digital economy and civil society.

Ms.Kadri also said that, in fact, Ukraine became a testing lab for cyber operations: disinformation, cyberspace propaganda, critical infrastructure attacks, integrated cyberattacks and military operations. That's why it is now that the international community has to strengthen Ukraine's hands in order to secure own infrastructures as well.

Leonid Yevdochenko said that last year alone, the number of cyberattacks on Ukrainian government-owned sites rose from 10 mln to 100 mln. He also mentioned Ukraine is extremely interested in the protection of constitutional rights of its citizens data security. According to the expert, to that end, Ukraine work hand in glove with our international partners, and deliver trainings to Ukrainian specialists.

“National resilience to cyberattacks is more than just in the interests of an individual country. It also involves measures that have an impact on the overall ecosystem all of us are working in”, said Andrea Rigoni. The speaker shared some important Italian cases in the area of cybersecurity. In particular, he noted that Italy is currently investing in the digital development and digital security of the country.

An increasing number of Italian state institutions discontinue using passwords and step up to authorization through face recognition, smart cards, etc. In addition, Andrea emphasized that cybersecurity must not be regarded as a separate, isolated domain in technology, as it became an item on our digital agenda, an important component of economy and social life and, as such, requires a concerted arrangement and coordination from top to bottom.

Ukraine's international partners expect improvements to take place in the immediate future in such areas as key infrastructure protection regulation, differentiation of responsibility for cybercrime, further maintenance of international cybersecurity, and measures included in the Cybersecurity Action Plan. This was the topic of the second panel discussion with participation of Edvinas Kerza, Vice-Minister of National Defense of Lithuania, Robert Collett, Head, Capacity Building, Prosperity and Cybercrime, UK FCO, and Robert Wainwright.

As Edvinas Kerza mentioned in his speech, Lithuania is building a cybersecurity competency center jointly with Lithuania, USA, Georgia, and Ukraine. This means that these countries will jointly perform research and development activities, keep their eyes on the same cyber-map and develop tools that can quickly resolve any cyber-intervention.

Summarizing the event, the panel moderator, Bruno Lete, Program Director at GMF, highlighted three main aspects on the path to cybersecurity: the need for international cooperation, trust between government structures and business, trust between partner countries, and training people in cybersecurity and living in a cybersecure society.