EU activates cyber rapid response team in response to Ukrainian crisis

February 23, 2022 |

The European Union has activated its cyber security team to help Ukrainians from Russian cyber attacks.  Actually, more Russian cyber attacks given the US attributed a DDoS cyber attack on the Ukrainian Ministry of Defence to the Russian Main Intelligence Directorate.  On the back of that the Australian Government issued a joint media release by Ministers Andrews, Payne and Dutton (is there an election in the air?) saying the same thing as the US providing:

The Australian Government joins the United States and the United Kingdom in publicly attributing the cyber attacks against the Ukrainian banking sector on 15 and 16 February 2022 to the Russian Main Intelligence Directorate (GRU).

In consultation with our partners, the Australian Government assesses that the GRU was responsible for these distributed denial of service (DDoS) attacks.

The Australian Government stands in solidarity with Ukraine and our allies and partners to hold Russia to account for its ongoing unacceptable and disruptive pattern of malicious cyber activity.

The international community must not tolerate Russia’s misuse of cyberspace to undermine Ukraine’s national security, sovereignty and territorial integrity by seeking to disrupt essential services, businesses and community confidence.

Russia’s actions pose a significant risk to global economic growth and international stability.

The global community must be prepared to shine a light on malicious cyber activity and hold the actors responsible to account. All members of the international community – including Russia – should abide by existing international law and norms of responsible state behaviour which apply in cyberspace. Australia calls on all countries to honour and uphold their commitments.

Australia is committed to upholding the rules-based order online, just as we do offline, and supporting our partners in the face of cyber threats.

Australia will continue providing cyber security assistance to the Ukrainian Government, including through a new bilateral Cyber Policy Dialogue and further cyber security training for Ukrainian officials.

Australia commends the swift action taken by Ukrainian authorities and the private sector to substantially mitigate the impacts of this incident.

Governments, the private sector and households must remain vigilant about the ongoing threats we face in cyberspace.

The Government is taking concrete action to protect Australians against cyber criminals, investing $1.67 billion over 10 years to build new cybersecurity and law enforcement capabilities to protect Australian businesses and communities, and passing new laws to protect our critical infrastructure assets from malicious cyber attacks.

This was picked up in the Australian’s Australia offers cyber security aid to Ukraine. 

The reality of modern conflict is that cyber attacks are an intrinsic part of strategic plans down to tactical implementation.  It has been played out in Ukraine since 2017 with the NotPetya cyber attack which disabled a radiation monitoring system at the Chernobyl power plant.  The Economist has a very perceptive article on this with Ukraine at mercy of cyber onslaught which provides:

“Be afraid and prepare for the worst,” read a coded warning left by hackers after they targeted Ukrainian state databases on January 14. A month later, a powerful cyber-attack paralysed services at two big banks and on the defence ministry’s website. On both occasions, Russia denied ­involvement. But the messaging was unsubtle, coinciding as it did with the presence of more than 150,000 troops on Ukraine’s borders.

America and Britain say these soldiers could soon be heading for Kyiv, Ukraine’s capital. At the very least, Moscow appears to be rekindling its eight-year-old proxy conflict in the Donbas region of southeastern Ukraine. On Tuesday the two chambers of Russia’s parliament will meet in an extraordinary session, offering a chance for President Vladimir Putin to present his next move.

Russia could recognise the ­“independence” of the self-proclaimed Donetsk and Luhansk ­republics, as it did in the case of ­Abkhazia and South Ossetia after its war with Georgia in 2008, and then use them as a bridgehead for a further push westwards.

But even if Russia does not make a physical move, Ukraine stands in line for an onslaught of a different sort, from the country widely recognised as the world leader in digital warfare.

Ukraine is not the easy target it was when the first Russian attacks hit its electoral systems in June 2014. It now draws on significant local expertise, and gets help from Western security services including America’s Cyber Command. Eight years of experience has made it a world leader in detecting and fixing threats. Australia will also provide Ukraine with cyber security advice in virtual training sessions ­between the two countries.

But Victor Zhora, the sleep-­deprived deputy of Ukraine’s own Cyber Command, says Russia is probably keeping its most dangerous tools in reserve. “They are ­already trying a huge variety of ways to get control over our networks and critical infrastructure,” he says. “Of course, it’s only the tip of the iceberg.”

Andrei Baranovich, a spokesperson for the Ukrainian Cyber Alliance, an activist collective, ­reported that his group had found backdoors to critical parts of Ukraine’s IT and operations management within two weeks of searching in 2017. Some are even advertised for purchase on the black market: “Water canals, power stations, and even the atomic energy sector – you name it, we found a way in.”

The “NotPetya” cyber-attack in 2017, considered to be the most damaging in Ukraine’s history and attributed to Russia by the White House, disabled a radiation-monitoring system at the defunct but still highly contaminated Chernobyl power plant.

The ferocity of Russia’s cyber operations will depend on its wider intentions: whether the aim is to cause pain and perhaps topple ­Volodymyr Zelensky’s government, to support a conventional military operation or both. Cyber operations could have devastating psychological effects on the Ukrainian population without a missile being fired.

“Imagine the panic on Kyiv’s streets if people weren’t able to call one another, war or not,” says ­Volodymyr Omelyan, Ukraine’s infrastructure minister from 2016-2019. He argues that not enough has been done to protect mobile networks.

A bigger worry is that the Kremlin would shut down power, mobile and internet networks to create chaos ahead of a possible ­invasion. It could create scares around the country’s 15 nuclear power stations.

Dmitri Alperovitch, whose CrowdStrike cybersecurity company uncovered the Russian hacking of the US Democratic National Committee in 2015-16, says that Moscow has the capacity to do all of that. It could, he suggests, physically target the dozen data-­exchange points that connect Ukraine to the internet, and use electronic-warfare capacities to jam the airwaves in places, affecting mobile phones and other radio-dependent means of communication.

Satellite phones have been unavailable for purchase in Ukraine since the start of the year. In the event of a bloody war, internet outages would be particularly helpful for the Kremlin, preventing the dissemination of troop movements and atrocities. If Lenin ­focused on the telegraph station, Putin’s generals would be as concerned by TikTok.

But most cybersecurity experts argue a complete communications outage would be difficult to achieve. Disabling broadband connections would, they reckon, require a risky physical operation inside Ukraine. The architecture of the country’s mobile network, with overlapping masts, also makes it resilient to nationwide disruption.

“We have everything in place to protect the base network,” says Dmytro Shymkiv, a former government official who now serves as chair of the supervisory board of Kyivstar, Ukraine’s largest mobile network. “As long as Kyiv stands, we’ll have a network.”

It may be easier to disable ­crucial parts of energy, transport and supply-line infrastructure. In 2015 and 2016, Russia attacked the national grid, causing blackouts in three regions; the following year, Ukrainian air-traffic control was disrupted.

Andrew Grotto, who was head of digital security for the US ­National Security Council at the time, says the attacks were a watershed moment. “We had ­always ­assumed Russia had the ability, but to see it used against a live target was a big deal,” he said. America sent digital-security teams to Kyiv to learn as much as they could about the emerging capabilities.

In the event, Ukraine was able to restore order by switching to manual control of air traffic and power stations – something that would be extremely difficult in America. Ukraine’s relative technological backwardness turned out to be a trump card. This advantage will probably persist.

“What the Ukrainians have going for them is that there aren’t a load of master switches to go after,” Grotto says. “The Russians could achieve some success, but it won’t be like a hot knife going through butter.”

Leave a Reply