US, EU cyber investments in Ukraine pay off amid war

The Hill
·6 min read


Recent U.S. and European investments in cyber defense in Ukraine are being put to the test following Russia's invasion of the country.

In the weeks and months leading up to the conflict, the U.S. and the European Union (EU) deployed a team of cyber warfare experts to help counter Russian cyberattacks from disrupting the country's critical infrastructure.

A newly formed EU cyber rapid response team consisting of 12 experts and a "hunt forward" team with U.S. Cyber Command were dispatched to Ukraine to look for active cyber threats inside the networks and strengthen the country's cyber defenses.

This was in response to a wave of cyberattacks that targeted local banks and Ukrainian government websites - including the parliament and the foreign affairs and defense ministries - weeks and days before the invasion. Russia has denied any involvement.

The West began actively investing in Ukraine's cyber defenses following the 2015 power grid hack and the 2017 Petya malware attack. The electrical grid attack left more than 200,000 people without power for several hours while the Petya malware disrupted key Ukrainian institutions, including banks, government ministries and companies.

James Turgal, the vice president of cybersecurity firm Optiv, said those attacks were a wake-up call for Ukraine and the West to put in place defensive measures to detect and prevent such attacks.

"Western countries, including the U.S., learned a lot from how the Russians carried that out," Turgal said. "It was certainly to our benefit - and certainly Western Europe's benefits - to assist the Ukrainians with that so that we understood what those tactics and procedures were used by the Russians."

Turgal explained that some of that Western assistance includes helping the Ukrainians understand the different types of cyberattacks as well as figuring out where they originated from and how they entered the system, how far they spread throughout the networks, and how to deconstruct them.

With the assistance of the West, Ukraine has become more resilient since the initial cyberattacks, especially given that it is uniquely vulnerable to Russian attacks since most of its infrastructure was built by Moscow during the Soviet era.

"The original basic ecosystem that Ukraine runs on was built by the Russians," said Turgal, a former executive assistant director for the FBI's Information and Technology Branch. He added that the country has probably designed new technologies and upgraded some of its infrastructure when it became independent from the Soviet Union.

Turgal also said that Ukraine's "cyber ecosystems are much stronger than they were prior to 2015," in part because of the cyber assistance provided by the West.

The U.S. commitment to aid Ukraine was recently voiced by U.S. Deputy Secretary of State Wendy Sherman, who said that this is a critical time for the U.S. and its allies to bolster its cyber defenses and help countries, including Ukraine, that have fallen victims to Russian aggression including cyberattacks.

Sherman said that the U.S. has invested $40 million since 2017 in helping Ukraine grow its information technology sector, following the numerous Russia-based cyberattacks that have targeted Ukraine's critical infrastructure, including its electrical grid and financial system.

"Our NATO Allies and European partners have also made significant contributions to help improve Ukraine's cybersecurity," Sherman said, adding that the investments have helped Ukrainians "keep their internet on and information flowing, even in the midst of a brutal Russian invasion."

Defense Department spokesman John Kirby echoed this sentiment when he told reporters at a March 9 briefing that the U.S. has "helped overtime improve [Ukraine's] resilience in cyberspace, and I think some of that resilience is on display as well."

Kirby added that just because there haven't been devastating cyberattacks launched by the Russians doesn't mean that they haven't tried. It could possibly be that "the Ukrainians have improved their ability to be resilient," he said.

Western governments are not the only ones sharing their cyber expertise with the Ukrainians. The private sector, including tech companies such as Google, Amazon and Microsoft, have also partnered up with the Ukrainian government to help it counter cyberattacks, said Jason Blessing, a cyber expert and a research fellow at the American Enterprise Institute.

Blessing said the private sector has also been at the forefront of providing technical support and cyber expertise to the Ukrainians, especially post-invasion.

A few hours before the Russian invasion, Microsoft said it detected a new piece of malware - known as FoxBlade - attempting to disrupt Ukraine's digital infrastructure. The tech company said it shared the intel with the Ukrainian government and was able to deconstruct it within three hours.

Even though cyberattacks seem to be the new weapon of choice for Russia, Blessing said that the biggest threat at the moment is physical attacks, such as bombings, which can destroy critical infrastructure.

"There is reason to be cautious about what type of cyber activity could take place on Ukrainian networks. We can't ignore that. But I think the greater threat right now is literally just physical attacks on infrastructure that can cause the same effect and are way cheaper," Blessing said.

"As the conflict drags on, cyber will be a component. It already is. But it will likely stay at low-cost, low-sophistication methods that have already been used," he added.

Western governments have also been speculating about why Russia hasn't launched much more devastating cyberattacks against Ukraine, as it did in 2015 and 2017. Some cyber experts say that Russia is probably weighing its options of whether launching a destructive cyberattack is worth it, especially following the economic sanctions imposed by the West.

Other experts believe that even though Russia has the capability of launching destructive cyberattacks against Ukraine, it is probably choosing not to completely destroy the country's critical infrastructure, especially if it plans to take over Ukraine.

"If [Russian President Vladimir Putin] is going to take over a country, he can't completely destroy all the infrastructure because they'll move in, and then they will be responsible for the [damage]," said Tom Stefanick, a visiting fellow in the foreign policy program at the Brookings Institution.

Stefanick said that Putin is probably being strategic with regard to how he uses cyberattacks against Ukraine because it can be costly to rebuild such critical infrastructure. He also said that the Russians are probably using unsophisticated cyberattacks, such as distributed denial-of-service attacks, to disrupt just enough but not entirely to destroy key sectors.

In a statement to The Hill, the FBI said it is "dedicated to investigating and combatting any malicious cyber incidents impacting Ukraine's critical infrastructure."

"We are working with our partners, domestically and internationally, to identify, disrupt, and deter these targeted cyber threats," an FBI spokesperson added.