While the internet has revolutioned economies and changed lives around the world, cyberattacks threaten to undo its magic, as Ukraine knows very well.
In Ivano-Frankivsk Oblast on Dec. 23, the country may well have suffered the world’s first power outage caused by a cyberattack, informational technology experts say. About 230,000 Ukrainians were plunged into darkness for six hours after hackers inserted malware into control systems of part of the oblast grid.
Ukraine blamed Russia for the attack, and the malware used, BlackEnergy, has its origins in Russia, according to experts. However, there is no definitive link between the cyberattack and the Russian government, according to U.S. officials.
To counter future threats of this kind, Ukraine is going to have to rely on its blossoming IT sector, Dmytro Shymkiv, the deputy head of the Presidential Administration, said at an event organized by European Business Association IT Committee in Kyiv on March 21.
Shymkiv, who was once a general manager at Microsoft Ukraine, blamed lax cybersecurity at the oblast power company for the outage.
“The classic hacking environment is based on the laziness of IT personnel,” he said.
Cyberattacks exploit “loopholes in the systems,” and Ukraine’s IT community can help explain to people “how they can be hacked,” Shymkiv said. According to him, hackers target power grids because a successful attack on such a system can create chaos.
However, relations between Ukraine’s IT community and the authorities have been strained of late.
A crackdown last fall by law enforcement on pirated content, tax evasion and hacking at the country’s tech companies caused some firms to threaten to leave the country.
Companies complained that checks by law enforcement either partially paralyzed their operations or stopped them completely. They said that the checks were mostly unjustified, and often based on anonymous tip-offs. Some of the firms fought back, and even won court cases against the law enforcement agencies.
Despite efforts over the winter by the Economy Ministry to mediate between the sides, the searches of IT company offices by law enforcement continue to this day.
Nevertheless, as the December cyberattack shows, the state needs IT companies as never before to help maintain the country’s cybersecurity. To help prevent future cyberattacks, Shymkiv proposes to legalize and popularize the practice of probing a computer system, network or Web application to find vulnerabilities that “cyber military forces and cyberterrorists” could exploit.
Dmytro Shymkiv (center), the deputy head of the Presidential Administration, and Sean Manchanda (right), the managing director at Avasant (Photo credit: Volodymyr Petrov, The Kyiv Post)
Currently, the Ukrainian law on cybercrime is not up to date. Computer crime laws make it illegal to access or attempt to access a computer or computer network without authorization or in excess of authorization – which makes it illegal for independent IT workers to carry out the kind of security tests that Shymkiv has in mind.
“There are evil masterminds working against us every day,” Shymkiv said. “Penetration testing will allow us to find loopholes,” and thus be ready to defend “critical infrastructure,” he said.
Shymkiv said he was sure Ukraine could even benefit from the Dec. 23 attack on the power grid — if the Ukrainian authorities and IT community look on it as a learning moment.
Shymkiv’s co-speaker at the IT committee event, Sean Manchanda, agreed. Manchanda, the managing director at Avasant, a global consulting firm specializing in digital transformation services, thinks Ukraine can also take advantage of the global demand for cybersecurity specialists.
“Cybersecurity is top on the agenda for any corporation, any government,” Manchanda said. “Russia, China, and the United States all have companies that train hackers. This is one of the areas in which Ukraine could take a prominent position, from an IT perspective.”
According to Manchanda, additionally to outsourcing work, Ukrainian mathematicians, engineers and computer scientists could also focus on creating next generation cybersecurity companies and eventually become number one in providing professionals in this field.
“This is a very hot area within the tech industry, and an opportunity for Ukraine,” he said.
This story first appeared in The Kyiv Post, a partner of Ukraine Digital News.