Ukraine finally battens down its leaky cyber hatches - media

19:10, 01 August 2017
110 0

When the chief of Microsoft Ukraine, Dmytro Shymkiv, switched jobs to become a Deputy Head of the Presidential Administration in 2014, he found that everyone in the office used the same login password. It wasn't the only symptom of lax IT security in a country suffering crippling cyberattacks, Reuters reports.

REUTERS

Today discipline is far tighter in the president's office. But Ukraine - regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks - is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe, according to Reuters.

Three years into the job, Shymkiv is leading the fight against foreign hackers. He has put together a team, led by a former Microsoft colleague, doing drills, sending out email bulletins to educate staff on new viruses and doing practice hacks offsite.

In the early days, staff complacency and resistance to change were as much a problem as insecure equipment.

Read alsoExperts say Petya A. cyberattack similar to Russia's pro-government hackers’ actionsHowever, eliminating bad practices and introducing good ones is the reason, Shymkiv believes, why the presidential administration was immune to a June 27 virus that spread from Ukraine to cause disruption in companies as far away as India and Australia.

But the country still has a long way to go. Since 2014 repeated cyber attacks have knocked out power supplies, frozen supermarket tills, affected radiation monitoring at the stricken Chornobyl nuclear power plant, and forced the authorities to prop up the hryvnia currency after banks' IT systems crashed.

Ukraine believes the attacks are part of Russia's "hybrid war" waged since protests in 2014 moved Ukraine away from Moscow's orbit and closer to the West. Moscow has denied running hacks on Ukraine.

Bruised by past experiences, Ukraine is protecting itself better.

Read alsoUkraine "playground" for Russian cyberattacks - mediaFinance Minister Oleksandr Danyliuk told Reuters his ministry overhauled security after a hack in November crashed 90% of its network at the height of budget preparations.

The ministry is now introducing new systems to detect anomalies and to improve data protection. "We're completely revising and restructuring the ministry's IT landscape," Danyliuk said.

Ukraine is also benefiting from help from abroad.

A cyber police force was set up in 2015 with British funding and training in a project coordinated by the Organization for Security and Co-operation in Europe (OSCE).

While Ukraine is not a NATO member, the Western alliance supplied equipment to help piece together who was behind the June attack and is helping the army set up a cyber defense unit.

While there has been progress in some areas, Ukraine is still fighting entrenched problems. No less than 82% of software is unlicensed, according to a 2016 survey by the Business Software Alliance, a Washington-based industry group.

Another problem is that Ukraine has no single agency in charge of ensuring that state bodies and companies of national importance, such as banks, are protected.

Read alsoSBU says Russian special services involved in large-scale cyber attackThis surfaced on June 27, when the NotPetya virus penetrated the company that produces M.E.Doc, an accounting software used by around 80 percent of Ukrainian businesses.

Poroshenko signed a decree in February to improve protection of critical institutions. This proposed legislation to spell out which body was in charge of coordinating cyber security and a unified methodology for assessing threats.

The law failed to gather enough votes the day before parliament's summer recess in July, and MPs voted against extending the session. Shymkiv called that a "big disgrace".

If you see a spelling error on our site, select it and press Ctrl+Enter