U.S., Ukraine cyber leaders talk resilience, collaboration
At Black Hat 2023, CISA's Jen Easterly and Ukraine's Victor Zhora discuss cyber resilience and security hardening in the face of destructive cyber campaigns.
LAS VEGAS -- Cybersecurity leaders from the U.S. and Ukraine discussed cyber resilience during a keynote at Black Hat USA 2023 Wednesday.
The Black Hat keynote featured CISA Director Jen Easterly and Victor Zhora, deputy chairman of the State Service for Special Communications and Information Protection of Ukraine, in an interview discussion dedicated to Ukraine proving out its cyber resilience -- particularly in the wake of Russia's invasion, which began last February.
Since then, Russia has been conducting a cyber war against Ukraine alongside its kinetic one. These attacks have included destructive cyber campaigns against Ukrainian critical infrastructure as well as government entities. Russia's campaign has also heavily featured cyberespionage as well as a large-scale disinformation campaign. Last fall at the Blackberry Security Summit, Zhora described Russia's activities as aimless and opportunistic.
During the keynote, Easterly praised Ukraine for its work on security hardening that began in 2014, when Russia invaded Ukraine and annexed the Crimean Peninsula. Like now, cyberwarfare played a heavy role during that time. For example, Ukraine was one victim of the infamous and destructive NotPetya campaign, which was ultimately attributed to Russian APTs.
"The barbaric kinetic attacks get the headlines, and it really is horrific. And again, I'm so humbled and awed by the Ukrainian people. But there has been an onslaught of cyber attacks," Easterly said. "And so what you have been able to do to deal with that, I think, is something that we are learning lessons from every day."
Zhora said Ukraine was able to build its cyber defenses thanks to best practices established by the U.S. as well as European partners. Asked what the U.S. partnership has improved, he said, "Maybe everything."
"We improved the mechanisms of coordination and collaboration between our cybersecurity agencies. We improved cooperation with the private sector. We scaled our capacities in cyber defense. We continuously train people, and one of the recent results is having this wonderful opportunity to train our people [at Black Hat], which was proposed by CISA," Zhora said.
Panel moderator Lily Hay Newman, senior writer at Wired, asked Easterly about NotPetya and the U.S. government's reluctance under Presidents Barack Obama and Donald Trump to formally attribute the campaign to Russia. In response, Easterly said there is a "high bar" for the intelligence community to make a judgment, and that attribution speed is improving.
"From a cyber defense perspective, attribution is important, but it's not the main thing that you need. For us, if we see an attack or if we're told of an attack, being able to respond as quickly as possible [to] understand the threat, the tactics, [and] the indicators of compromise so that we can use our platform to be able to put together an advisory or work with our private sector partners or international partners so that we can broadcast what's happening [and] we can prevent other victims from getting hacked," she said. "That, to us, is the most important thing."
Easterly added that the Ukrainian intelligence community released and declassified "an enormous amount" of information that helped build a coalition early on "to ensure that we were able to protect critical infrastructure." She and Zhora both used the question to promote information sharing between national intelligence communities as well as the private sector.
To close the keynote, Newman asked Zhora and Easterly about the concept of "cyber war crimes," a term Zhora used last year at Black Hat USA 2022 to refer to Russia's destructive campaign against Ukraine. Zhora said the early work to formalize cyber war crimes as a concept is "very promising." Easterly said similarly.
"What I worry about … is cyber being used to have a direct impact that's going to result in loss of life. We're seeing some of these significant ransomware attacks against hospitals, for example, that cause diversions of patients from emergency rooms. Sometimes they have to delay procedures," Easterly said. "When you look at very serious attacks against critical infrastructure that could then result in loss of life, that's how I think about, potentially, the war crime aspect of it."
Alexander Culafi is a writer, journalist and podcaster based in Boston.
