On 25 June 2019, Promote Ukraine (PU) had the pleasure of holding the conference – Behind the Digital Curtain. Civil Society vs State Sponsored Cyber Attacks. The conference brought together experts from various European countries, including Ukraine and Russia, who shared their experiences and expertise of working in the field of cyber security. The conference was split into four panels, each addressing a certain topic or issue the domain of cyber security is currently facing.
Before the convening of the four panels, the key note speaker of this conference, Christo Grozev, a writer for Bellingcat, introduced the audience to the concept of information warfare and explained why Russia is so successful in conducting these hybrid operations. Mr. Grozev’s speech was well received by the audience and by the speakers who would constantly refer to it in their own panels. After Mr. Grozev’s speech the first panel convened to further elaborate on the techniques and methods used by Putin’s Russia to conduct its information warfare in Europe.
The first panel addresses the tactics employed by the Russian government while conducting cyber operations abroad. Both Alya Shandra, editor-in-chief of the Euromaidan Press and Olga Yurkova, co-founder of StopFake.org, identify that the Kremlin is incredibly good at creating belief systems, or simulacra, which relativize the truth to such an extent that people give up on trying to identify truth altogether. Ms. Yurkova offers the example of the MH17, where the accumulation of a vast amount of false news made people withdraw from the process of trying to understand the incident itself.
Given that disinformation is a problem, it is up to the European Union to stand up against it. Accordingly, Marius Laurinavičius, expert at the Vilnius Institute for Policy Analysis,asserts that because the Kremlin is undeniably good at identifying and exploiting the weak points of liberal democracies, it is precisely these weak points that the Union should seek to strengthen. To some extent, it all comes down to building resilience against hackers and cyber threats.
The second panel addresses the motivations and capabilities of Russian hackers in conducting cyber operations. Piret Pernik, researcher in cyber security at the Estonian Academy of Security Sciences, opens up this panel by bringing to light the ever expanding technical and psychological tools Russian hackers have at their disposal. However, despite this ever-expanding arsenal, Mikhailo Kropyva, Information Security Associate Director at Softserve, reveals that the strategies employed by the Russian state in conducting these cyber operations remain the same as during the times of the Soviet Union.
Aleksandr Isavnin, who is part of the Internet Protections Society – Roskomsvoboda, however, disagrees with Ms. Pernik and Mr. Kropyva, particularly when it comes to attributing these attacks to the Russian state. Mr. Isavnin propels his argument with an anecdote on how Russian students want to test themselves and their capabilities in cyber space, which leads to malicious activities on the internet. Drawing a parallel with this an NotPetya, Mr. Isavnin sparks a very interesting debate on Russian attribution which would continue into the following panels.
The third panel explores the legal and reputational risks associated with cyberattacks. Both Dmytro Zolotukhin, Deputy Minister of Information of Ukraine and Oleksandra Tsekhanovska, a member of the Hybrid Warfare Analytical Group, allude to the reputational risks posed by cyberattacks. However, while Mr. Zolotukhin highlights how these threats play on the inefficiency of the Ukrainian state services in dealing with cyberattacks on malls, metro stations, public spaces etc., which pose reputational risks for the Ukrainian government, Ms. Tsekhanovska elucidates how hackers pose a risk for the reputation of Ukraine as a whole via promoting the idea that ‘Ukraine is a fascist state’ among many others narratives.
The panel concludes with Igor Kotsiuba, a researcher at CyberDesk, who offers solutions on how to avoid reputational damage. One of such solutions proposed is the idea of closer information sharing, which could be strengthened between the private and public sectors but also between Ukraine and its EU allies.
The fourth panel looks at the possibilities of minimizing cyber threats. Oleg Derevianko, co-founder and president of the Kyiv Cyber Academy, puts emphasis on the importance of cyber security hygiene, where cyber security processes should be part of our cultural decision making. Just like the importance of washing hands was taught at school and at home, the importance of identifying and properly addressing spam and phishing emails should also be part of both the education curriculum and our everyday practices.
On a similar note to Mr. Derevianko, Olevs Nikers, researcher at Riga Stradiņš University, points out to the lack of expertise in both the domain of critical infrastructure and the financial sector in Europe and stresses the need for education and training, applicable to both politicians and private sector workers on how to deal with cyber threats. Similarly, Emoke Peter, policy officer at the European Commission, identifies that although the European Union has made significant improvements in raising awareness about the potential dangers of disinformation and other cyber threats, disinformation still remains a major issue for the Union.
Overall, the conference raised plenty of significant questions and interesting discussions, but perhaps the biggest takeaway for me was the reassurance that Ukraine has learned a valuable lesson from its previous experiences of Russian cyberattacks and our specialists can now take more appropriate measures in combating such threats in the future. Another takeaway, but this time from the side of the European Union, is the reassurance that the Union recognizes disinformation as a serious issue and has already taken some measures to combat this problem.
by Artem Kyzym