Paul
Goble
Staunton, March 24 – Increasing cyberattacks
against strategic objects in Ukraine are part of Russia’s hybrid war against
that country, its security services warn; and Kyiv is having to play catch up
because as of now it lacks much of the legal framework and technology for
defending against them.
On the Apostrophe portal yesterday,
Ukrainian journalist Artem Dekhtyarenko says that Moscow is exploiting these
shortcomings in order to create chaos and destroy the confidence of Ukrainians
in their institutions, thus weakening them and the country as a whole (apostrophe.com.ua/article/society/2016-03-23/rossiya-nachala-ispolzovat-protiv-ukrainyi-kiberorujie/3903).
One
of the reasons Moscow has been able to do this is that its actions are hidden
within the broader growth of cybercrime in Ukraine. According to Sergey Demedyuk, who heads the
interior ministry’s cybercrime unit, there were 4800 cybercrimes in Ukraine in
2014; 6026 in 2015; and the number continues to rise.
Most
of these involve fraud or identity theft, but far from all, and “the most
dangerous examples of cybercrime” are those directed not against individuals
but against Ukrainian businesses and institutions, according to Nikolay
Kuleshov, deputy head of the information security department of the SBU.
Separating
out official Russian crimes from the mass of cybercrimes is no easy matter, he
says, because “Russian special services often use the territories of third
countries and do everything they can to mask their involvement” in this sector.
Experts
suggest that the Russian security services were behind the recent cyberattack
against the Prikarpatyevoblenergo power company which left “hundreds of
thousands of Ukrainians without light for almost six hours and also shut down
Ukrainian state enterprises including the Borispol airport. (On that, see energy.apostrophe.com.ua/enerhetychnyy-rynok/novyny/novyny-ukrayinskoyi-enerhetyky/reuters-uznal-kak-khakery-atakovaly-ukraynskykh-postavschykov-elektroenerhyy/.)
There are traces of Russian
involvement in a number of other cases, experts say, and Gennady Gudak, deputy
director for information security at the Iqusion Corporation, says that they can
involve attacks on “all spheres which today are linked to the Internet and
which realize their functions through computer networks.”
Kuleshov adds that “attacks on
strategic objects of Ukrainian infrastructure can be directed not only at
shutting it down but also to destabilize the situation and to sow chaos and
panic among people” who may as a result then engage in protests against Kyiv.
The Russians often exploit the fact that Ukrainian institutions often use electronics
of Russian origin.
Last week, President Petro
Poroshenko signed a decree approving a January 2016 Security Council decision about
dealing with cybersecurity and defining key terms like “cyber-terrorism” (apostrophe.com.ua/news/politics/government/2016-01-27/v-snbo-vzyalis-za-kiberbezopasnost/48184).
And now the interior ministry and SBU are working on new legislation in that
area.
But officials acknowledge they have
a long way to go: Demedyuk notes that “bringing cybercriminals to justice in
Ukraine is complicated by the fact that we do not have a corresponding legal
framework.” Indeed, at present, “Ukraine is a more liberal country regarding
cybercrime” and cybercriminals often use it as their base.
Moreover, as Gudak points out, Kyiv
has been anything but quick in moving on this issue. The first draft documents
about cybercrime were worked out four years ago as part of a Ukraine-NATO
meeting in Yalta. But only now is Kyiv
taking them up formally. If things don’t speed up, Ukraine will face ever
greater problems in this area.
No comments:
Post a Comment