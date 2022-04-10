



In 2014, when Russia launched a proxy war in eastern Ukraine and annexed Crimea, Russian hackers attacked Ukraine for the next few years. Cyber ​​attacks have even destroyed the power grid in parts of the country in 2015. Russian hackers have stepped up their efforts against Ukraine for the 2022 invasion, but the results have been significantly different. These differences retain the lessons of US national cyber defense.

I am a cybersecurity researcher who is a political commissar at the US Embassy in Kieu and an analyst in the former Soviet Union countries. Last year I led a program funded by USAID. In this program, Florida International University and Purdue University instructors trained more than 125 Ukrainian university cybersecurity faculty members and more than 700 cybersecurity students. Many faculty members are leading government advisors or consult with key infrastructure organizations on cybersecurity. The program emphasized practical skills to protect simulated enterprise networks from real malware and other cybersecurity threats using leading cybersecurity tools.

The intrusion took place weeks before the National Cyber ​​Security Contest was held for students from 14 universities participating in the program. I think the training that faculty and students received to protect critical infrastructure helped mitigate the effects of Russian cyberattacks. The most obvious sign of this resilience is Ukraine’s success in maintaining the Internet despite Russian bombs, sabotage and cyberattacks.

What this means for the United States

On March 21, 2022, US President Joe Biden warned the American people that Russia’s ability to launch a cyberattack was “quite important and coming.” As National Security Adviser Anne Neuberger explained, Biden’s warning was a call to prepare for US cyber defense.

Concerns about cyberattacks at the White House are shared by cybersecurity experts. Ukraine’s experience with Russia’s cyberattacks provides lessons on how institutions ranging from power plants to public schools can contribute to strengthening the country’s cyber defenses.

A country’s cyber defense begins with the ability of governments and organizations to assess risk and respond to the latest cybersecurity threats. After President Biden’s warning, Neuberger recommended that the organization take five steps. Adopt multi-factor password authentication, keep software patches up to date, back up data, perform drills, and work with government cybersecurity agencies.

Access control

Cyber ​​defense begins at the entrance to the national information network. In Ukraine in recent years, hackers have infiltrated poorly protected networks with simple techniques such as guessing passwords and intercepting use on insecure computers.

More advanced cyberattacks in Ukraine used social engineering techniques such as phishing emails to trick network users into revealing their IDs and passwords. Clicking on an unknown link may also open the door to tracking malware that can learn password information.

Neuberger’s recommendations for adopting multi-factor password authentication recognize that users will never be perfect. Even cybersecurity experts make mistakes in their decision to provide passwords and personal information to insecure and deceptive sites. The simple procedure of authenticating a login on an authorized device limits the access that a hacker can obtain by simply retrieving personal information.

Software vulnerabilities

Programmers who develop apps and networks are rewarded for improving performance and functionality. The problem is that even the best developers often overlook vulnerabilities when adding new code. For this reason, users must allow software updates. This is because it is a way for developers to fix identified weaknesses.

Prior to breaking into Ukraine, Russian hackers identified vulnerabilities in Microsoft’s major data management software. This was similar to the weakness of network software that allowed Russian hackers to unleash NotPetya malware on Ukrainian networks in 2017. The attack caused an estimated $ 10 billion in damage worldwide.

A few days before Russian tanks began to invade Ukraine in February 2022, Russian hackers used a vulnerability in the market-leading data management software SQL to send malware to Ukrainian servers to erase stored data. “Wipe”. However, over the last five years, Ukrainian institutions have significantly enhanced cybersecurity. Most notably, Ukrainian organizations have moved away from pirated enterprise software and integrated information systems into the global cybersecurity community of technology companies and data protection agencies.

As a result, the Microsoft Threat Intelligence Center has identified new malware that is beginning to emerge on the Ukrainian network. Early warning allowed Microsoft to distribute patches around the world to prevent the malware from erasing servers.

Data backup

Ransomware attacks often already target public and private organizations in the United States. Hackers lock out users from the institution’s data network and request payment to return access to them.

The wiper malware used in Russian cyber attacks on Ukraine behaves like ransomware. However, pseudo-ransomware attacks permanently destroy your organization’s access to data.

Backing up important data is an important step in reducing the effects of wiper and ransomware attacks. Some private organizations even store their data in two separate cloud-based systems. This reduces the likelihood that an attack will rob your organization of the data it needs to stay operational.

Training and cooperation

Neuberger’s final recommendation is to continue cybersecurity training while maintaining partnerships with federal cyber defense agencies. In the months leading up to the Russian invasion, Ukrainian organizations have benefited from working closely with US agencies to enhance cybersecurity in critical infrastructure. The agency helped scan the Ukrainian network for malware and supported penetration testing using hacker tools to look for vulnerabilities that could allow hackers to access the system.

Large and small organizations in the United States concerned about cyberattacks need to seek strong relationships with the various federal agencies responsible for cybersecurity. Recent regulations require businesses to disclose information about cyberattacks to their networks. However, organizations should rely on cyber security authorities before experiencing a cyber attack.

US government agencies provide best practices for staff training, including the use of tabletop and mock attack exercises. As the Ukrainians have learned, tomorrow’s cyber attacks can only be countered by preparing today.

Robert Peacock is an assistant professor of criminology and criminal justice at Florida International University.

