- Title: Ukraine finally battens down its leaky cyber hatches after attacks
- Date: 1st August 2017
- Summary: KIEV, UKRAINE (FILE) (REUTERS) VARIOUS OF PRESIDENTIAL ADMINISTRATION EXTERIORS
- Embargoed: 15th August 2017 10:37
- Keywords: Ukraine cyber security cyber attacks virus defence
- Location: KIEV, UKRAINE
- City: KIEV, UKRAINE
- Country: Ukraine
- Topics: Government/Politics
- Reuters ID: LVA0026SBQPTZ
- Aspect Ratio: 16:9
- Story Text: When the chief of Microsoft Ukraine switched jobs to work for President Petro Poroshenko, he found that everyone in the office used the same login password. It wasn't the only symptom of lax IT security in a country suffering crippling cyber-attacks.
Sometimes pressing the spacebar was enough to open a PC, according to Dmytro Shymkiv, who became Deputy Head of the Presidential Administration with a reform brief in 2014.
Today discipline is far tighter in the president's office. But Ukraine - regarded by some, despite Kremlin denials, as a guinea pig for Russian state-sponsored hacks - is fighting an uphill battle in turning pockets of protection into a national strategy to keep state institutions and systemic companies safe.
As in many aspects of Ukrainian life, corruption is a problem. Most computers run on pirated software, and even when licensed programmes are used, they can be years out of date and lack security patches to help keep the hackers at bay.
Three years into the job, Shymkiv is leading the fight back.
He has put together a team, led by a former Microsoft colleague, doing drills, sending out email bulletins to educate staff on new viruses and doing practice hacks offsite.
"The responsibility of the cyber defence in the contemporary world is not just building walls or building uncomfortable restrictions to the users with the need to change passwords regularly and so on. It's also educating people why we are doing this. And it's interesting because when the big tide of the virus Petya was spreading all around Ukraine, this institution was hold."
In the early days, staff complacency and resistance to change were as much a problem as insecure equipment.
"I remember the first weeks when we forced people to do a password change," Shymkiv told Reuters. "My team heard all kind of screams and disrespectful messages ... Over three years, it's a different organisation."
The team's small office has a screen with dials, charts and a green spider web showing activity on the network. If there is an attack, a voice shouts "major alarm!" in English, a recording the team downloaded from YouTube.
Eliminating bad practices and introducing good ones is the reason, Shymkiv believes, why the presidential administration was immune to a June 27 virus that spread from Ukraine to cause disruption in companies as far away as India and Australia.
"My team is constantly training how to build defence and one group is playing defence and one playing offence. We are trying to coach each other, so that they are ready for any unexpected situations. And then of course, using the latest techniques to identify the latest viruses, the new forms or new modifications of the viruses and then communicating directly with anti-virus companies to send them samples of the viruses so that anti-viruses can be upgraded."
But the country still has a long way to go. Since 2014 repeated cyber-attacks have knocked out power supplies, frozen supermarket tills, affected radiation monitoring at the stricken Chernobyl nuclear power plant, and forced the authorities to prop up the hryvnia currency after banks' IT systems crashed.
Ukraine believes the attacks are part of Russia's "hybrid war" waged since protests in 2014 moved Ukraine away from Moscow's orbit and closer to the West. Moscow has denied running hacks on Ukraine.
The head of Shymkiv's IT team, Roman Borodin, said the administration is hit by denial-of-service (DDoS) attacks around once every two weeks, and by viruses specifically designed to target it. The hackers seem mainly interested in stealing information from the defence and foreign relations departments, Borodin told Reuters in his first ever media interview.
"And after each abnormal activity we create some plan for such activities for future. If we face the same problem next time, every one of us has to know what to do in such situation."
Bruised by past experiences, Ukraine is protecting itself better.
A cyber police force was set up in 2015 with British funding and training in a project coordinated by the Organization for Security and Co-operation in Europe (OSCE).
While Ukraine is not a NATO member, the Western alliance supplied equipment to help piece together who was behind the June attack and is helping the army set up a cyber defence unit.
Poroshenko signed a decree in February to improve protection of critical institutions. This proposed legislation to spell out which body was in charge of coordinating cyber security and a unified methodology for assessing threats.
The law failed to gather enough votes the day before parliament's summer recess in July, and MPs voted against extending the session. Shymkiv called that a "big disgrace".
Attitudes can be slow to change. Borodin said a policy at the administration to lock computer screens after 15 minutes of inactivity was greeted with indignation. One staffer pointed out that their room was protected by an armed guard.
The staffer said "'I have a guy with a weapon in my room. Who can steal information from this computer?'" Borodin recounted.
- Copyright Holder: FILE REUTERS (CAN SELL)
- Copyright Notice: (c) Copyright Thomson Reuters 2017. Open For Restrictions - http://about.reuters.com/fulllegal.asp
- Usage Terms/Restrictions: None