Cybersecurity and Communication: Ukraine’s Readiness for New Challenges
It was emphasized by Brigadier General Yurii Shchyhol, the Head of the State Service of Special Communications and Information Protection of Ukraine, at the press conference in Media Center Ukraine — Ukrinform.
The principal system that ensures cybersecurity of the public authorities is the Secure Internet Access System for Public Authorities (the SIASPA). The system is used by approximately 200 public authorities, including the ones from the national security and defense sector. The SIASPA stops and blocks the majority of cyberattacks, including in the automated or semi-automated mode.
“The SIASPA operated by the SSSCIP professionals is one of our reliable shields that ensures cyber resilience of the state, stops and blocks intrusion attempts, DDoS, spyware infection and distribution, etc. There are thousands of cyberattacks like this every day. We repel five to forty powerful high-level DDoS attacks daily. 395 attacks were stopped and blocked in December. Also, in December alone, the System registered and informed the consumers of 170 thousand attempts to use vulnerabilities at the state information resources we are protecting. Cyber defense is our daily work,” said the Brigadier General.
Moreover, the SSSCIP is investigating the most complicated cyber incidents at other public authorities and critical infrastructural facilities. This very work is performed by our Computer Emergency Response Team of Ukraine (CERT-UA). Moreover, it also investigates incidents in the private sector: there are around 200 to 300 cyber incidents a day, which are mostly studied in the semi-automated mode.
According to the Head of the SSSCIP, the Computer Emergency Response Team (CERT-UA) registered 2,194 cyber incidents of this kind in 2022.
A quarter of them targeted the Government and local authorities. The industries that are most often under attack include the energy sector, the security and defense sector, telecommunications and developers, the financial sector, and logistics.
Targets of attacks
The annual statistics demonstrate that russian terrorists are down on military and civil cyberspace targets alike. The primary goal of russian attacks on the Ukrainian cyberspace is
- to destroy the critical information infrastructure, to spy (to obtain intelligence data on logistics, weapons, plans and operations of the Security and Defense Forces),
- and to perform psychological operations and release fake information aimed at undermining public confidence in capabilities of the public authorities, the Security and Defense Forces, and to spread panic among people.
The most widespread tactics used by russian military hackers in Ukraine is distribution of malware that steals data or destroys information systems. Such attacks make up over a quarter of their total number and may be a part of more complex and powerful operations. The hackers use public confidence in the security and defense sector to prepare such attacks and disguise themselves behind the themes associated with protection of public health and life and critical infrastructure.
It was pointed out by the Head of the SSSCIP that businesses, the government and each responsible citizen of the country had to be as careful about their protection in cyberspace as possible for that very reason.
One of the key functions of the SSSCIP in the context of counteraction to russia’s aggression is to ensure without limitation accessible mobile communications.
As at 9 a.m. on January 17, accessibility of mobile communications in Ukraine was around 77% (with account taken of accessibility of the base stations in the regions of active hostilities).
For reference, that indicator was about 40% after russia’s first mass missile attacks, which demonstrates the enhanced resilience of our networks.
Zaporizhzhia (47.6%), Donetsk (39.3%) and Luhansk Oblasts are in the most challenging situation. The communications difficulties (associated with power cuts) can be experienced by residents of Odesa (67.6%) and Cherkasy (68.4%) Oblasts. More than 20% of the base stations existing in the region before the full-scale invasion have already been restored in Kherson Oblast since the de-occupation. Accessibility of mobile communications in other regions of Ukraine is at least 70% of the total number of the base stations.
The mobile operators in coordination with the National Centre for Operations and Technology Management of Telecommunications Networks (NTNOC) promptly recover the communications and ensure network resilience. The list of the facilities that will be provided with communication services in the first place (for at least for three days) was established by the Resolution of the National Security and Defense Council of Ukraine and the Decree of the President of November 26, 2022. They include
- the public administrative authorities,
- emergency services and
- public vital facilities.
In pursuance of the Decree of the President, the NTNOC has given 802 operators an instruction that contains the list of the facilities to be provided with reliable communications for a three-days’ period.
The operators supply standup power not only to base stations, but also all the subsystems in the network, which is dozens of thousands of facilities. All the key elements of the operators’ networks have been backed up.
Since the beginning of the full-scale invasion, the mobile operators have restored in total more than 3,200 kilometers of fiber optic lines, recovered operations of 1,200 base stations, built more than 1,500 new mobile communications base stations, and enhanced the power autonomy of and upgraded more than 8,000 stations. The investment made into development of mobile networks in 2022 was at least eight billion hryvnias.
At the end of the year, the International Telecommunication Union published the official report that recorded the destruction of Ukraine’s communications infrastructure. It is an important step for imposing liability, since the report drawn up by international experts at the international level (ITU is a United Nations specialized agency) clearly states the following:
- Since February 24, 2022, the infrastructure of the information and telecommunication technologies (ICT) in Ukraine has been the principal target of attacks, including cyberattacks.
- Within a period of six months of the full-scale war, 1,123 cyberattacks were reported, targeting all the sectors of the economy of Ukraine, including IT and telecommunications, which proves that cyberattacks have turned into a full-fledged element of the war and an addition to the kinetic actions.
- The war has caused considerable losses and destruction of the ICT infrastructure in more than ten out of the twenty-four regions of Ukraine
- 1.79 billion U.S. dollars is needed to restore the telecommunication sector.