{"id":2691,"date":"2025-04-09T06:00:00","date_gmt":"2025-04-09T06:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=2691"},"modified":"2025-04-09T06:00:00","modified_gmt":"2025-04-09T06:00:00","slug":"lessons-learned-about-cyber-resilience-from-a-visit-to-ukraine","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=2691","title":{"rendered":"Lessons learned about cyber resilience from a visit to Ukraine"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

During a visit to the recent Kyiv International Cyber Resilience Forum 2025<\/a> in Ukraine, I encountered a recurring theme across a plethora of speakers: always be flexible and keep your options open and active.<\/p>\n

The context for these discussions was drawn from both the kinetic and cyber wars<\/a> being fought in Ukraine against the invading Russia.<\/p>\n

For example, one panel discussion highlighted that international cooperation is key to waging a cyber war, and expounded upon how Ukraine has been successful in repelling Russia\u2019s cyberattacks due to the assistance and collaboration from private entities in the United States and Europe. And I\u2019d argue that this is a fundamental tenet of modern cyber warfare \u2014 the threats are global, and it takes a coordinated international response to defend against them.<\/p>\n

It has been widely documented how various nation-state entities from within Russia, the GRU (military intelligence), the SVR (foreign intelligence), and the FSB (state security) are engaged in cyber operations targeting Ukraine, Europe, and the United States.<\/p>\n

In addition, proxies from the Russian criminal world have joined the melee, not because Russia requires deniability and would hide behind a third-party aggressor, but rather because encouraging these entities enhances its attack capabilities. In addition, these criminal entities provide a means for gathering stolen credentials to be leveraged in the battle.<\/p>\n

Russia excels at social engineering<\/h2>\n

Russia\u2019s expertise in social engineering is not up for debate; they are good at it and they are effective wielding it like a weapon. They take an all-of-government approach to their efforts, and while the three security services may compete against one another for resources, they do collaborate and cooperate. Ukraine has seen evidence of this in a concerted effort to compromise mobile devices and garner access to Signal (a commercial secure communications application) groups.<\/p>\n

The Russians\u2019 modus operandi, shared during the forum, is to send QR codes to targets from a compromised device, inviting the individual to install Signal on their device or join an already-existing Signal group. While Signal may indeed be downloaded, following the QR code\u2019s link ensures that a malicious payload from the Russian actor comes along for the ride.<\/p>\n

In mid-February 2025, Google\u2019s Threat Intelligence Group published a comprehensive report on Russia\u2019s targeting of Signal,<\/a> which discusses the methodology at length.<\/p>\n

What to do when your partner in a fight disappears<\/h2>\n

What was evident at the conference was the reliability of Ukraine\u2019s European partners and the very evident and self-declared step back taken by the United States. Indeed, it was repeatedly stated by the SBU (Ukrainian intelligence) that Signal had inexplicably stopped working with the Ukrainian government in addressing the Russian social engineering and manipulation of Signal users, much to the chagrin of the Ukrainian teams attempting to counter Russia\u2019s actions.<\/p>\n

And here\u2019s where the necessity of flexibility as a core support for resilience was evident: The panel discussion stressed the importance of having options and alternatives when political dynamics change reality on the ground.<\/p>\n

Satellite imagery or communications, for example, might be available one day, gone the next. The harsh reality is that commercial entities (and governments) may change their level of cooperation and provision of goods and services with the political wind. Volodymyr Karastelyov, acting head of the SBU Cyber Security Department, noted that one of Ukraine\u2019s major realizations has been that it needs to find alternatives to commercially provided systems.<\/p>\n

The key takeaway from this discussion was that when your partner stops being your partner, as in the case of Ukraine, it serves to help the aggressor.<\/p>\n

In addition, the Second Additional Protocol to the Cybercrime Convention<\/a> was crafted to address the challenges of transnational cybercrime, be it by a criminal or state entity. The protocol, signed by 78 countries, is a light at the end of the tunnel. It is designed to speed up the prosecution pipeline \u2014 as it currently stands, cybercrime may take three minutes to conduct and years to prosecute, which is not much of a deterrent.<\/p>\n

Resilience is critically important to cybersecurity<\/h2>\n

Resilience is more than just a word; it is a way of thinking. The adage, don\u2019t put all your eggs in one basket holds true today for cybersecurity as it did for the child on the farm walking with their eggs back to the kitchen from the coop.<\/p>\n

Mikko Hypponen, chief research officer at WithSecure shared during a remote address to the forum how Europe has the resources to address the cyberthreats in its work with Ukraine and \u201cneed not look to a far-off land\u201d for cybersecurity solutions. And therein is the crux of the takeaway for CISOs: resources may exist where you least expect them and are figuratively speaking in the backyard in the case of Ukraine.<\/p>\n

Conversely, a service may disappear at any time, and resilience requires that an alternative capability be available. I have shared previously how in my younger days, I was engaged in telecommunications and always had multiple levels of communication available to me and my customers, with the final level being Morse Code transmissions.<\/p>\n

Planning for one\u2019s worst-case scenarios (service provider failure, catastrophic event, an insider threat becoming reality, etc.) and then never having to use that plan is not a defeatist mentality; it is a prudent one, as evidenced by the Ukrainian resilience over the course of the past decade.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

During a visit to the recent Kyiv International Cyber Resilience Forum 2025 in Ukraine, I encountered a recurring theme across a plethora of speakers: always be flexible and keep your options open and active. The context for these discussions was drawn from both the kinetic and cyber wars being fought in Ukraine against the invading […]<\/p>\n","protected":false},"author":0,"featured_media":2682,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2691","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2691"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2691"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/2691\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/2682"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2691"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2691"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2691"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}