„Good experts and their knowledge cost” – CPF conference about cybersecurity in Kyiv
On September 27th, 2016 in Radisson Blue Hotel in Kyiv took place an international conference “Cybersecuring Ukrainian Energy Infrastructure” organized by Casimir Pulaski Foundation and “Poland–Ukraine Research Center Foundation”. The conference was culmination of Pulaski Foundation’s research project supported by International Visegrad Fund’s grant, which aimed to examine the most important technological and legal problems concerning cybersecurity of Ukraine. The project was also focused on creating guidelines for good practices and strengthening international cooperation in this field.
The conference gathered many prominent experts on energy security and securing information from Poland, Ukraine, Czech Republic and Hungary. Discussions concerned security threats in the sphere of information and energy infrastructure, which Ukraine was facing in the past few years. Experts from ISACA Ukraine, ISSP Group, Kyiv Polytechnic Institute, Security System of Ukraine, Institute of Energetic Problems of National Academy of Sciences, Dixi Group and Cyber Lab together with their international counterparts exchanged their experiences in this area. Zsolt Illesi, Head of IT Security Department in Central Bank of Ireland, draw attention to the importance of factors such as underinvestment in areas responsible for cybersecurity in public institutions. “Good experts and their knowledge cost and that is why public sector hardly ever can afford truly reliable protection.” – he remarked. “It adds to the problems such as lack of clear legislative requirements of having experts in this field, as well as lack of uniform procedures and standards concerning reacting for situations” – he added.
Oleksii Yankovsky from USACA Ukraine draw attention to the fact, that standards ready to implement already exist, but the problem which is not only in Ukraine, but also other countries, is the excessive politicization of many spheres, which leads to unnecessarily creating own solutions rather than copying existing ones. As an example in this context he mentioned NERC – North-American Electric Reliability Corporation. It is an international NGO, which develops models of solutions possible to use for creating systems of risk assessment and reacting for security threats concerning both energy and IT infrastructure.
Because critical infrastructure has a computerized center of control, it is particularly prone to attacks and that is the reason why the sector of cybersecurity pays special attention to solutions in this regard, apart from security of governments, banks and financial sector data. Vulnerability for attacks results in IT sphere being more and more often an area of hybrid warfare. Professor Oleksii Baranovskiy from Kyiv Polytechnic Institute devoted much time to this issues.
In the end of December 2015 in Ukraine sudden blackouts and disconnections of electrical energy occurred in many regions, affecting everyday life and security of their inhabitants. Responsible for blackout was virus BlackEnergy, which was found in operating systems of companies from energy sector. The incident was solved ad hoc with technological and financial support from the United States. But there is a lack of national support in this regard. The need of bigger and more institutionalized cooperation in the field of cybersecurity was also mentioned by representatives of SBU, who underlined the fact that it is difficult from the level of governmental institutions, but still necessary.
As a new area of conflicts between countries, cyberspace poses a challenge also for international law. When it comes to international, law cyber warfare creates new difficulties in interpretation of actions and legal provisions. As mentioned by Patrycja Grzebyk from Warsaw University, conventional warfare as well as use of weapons of mass destruction are phenomena much better defined in the provisions of international law. Any intentional actions of a particular state directed against infrastructure or citizens of another country can be named as purposeful actions intending to harm that country. These issues were discussed by International Law Commission, which stated: “Any intentional action of one country against another country should be punish.” As marked by the speaker, because of the lack of evidence of the governments’ direct involvement, incidents and occurrences in cyberspace are and will be unpunished.
During dicussion much time was dedicated to reform of Ukraine’s energy sector and challenges connected with stabilization of delivering and securing infrastructure. Roman Nitsovych from Dixi Group, Volodymyr Mokhor, professor Oleksii Korneiko from the Institute of Energetic Problems and Paweł Gołębiewski from Casimir Pulaski Foundation agreed that corruption and lack of clear vision of reforms of energy sector are unsolved issues until this moment. There is still no common plan for an effective reform of gas sector and electric energy market. Professor Korneiko informed on the occasion, that the strategy concerning this issue is about to be finished and will be publicly announced soon, but it does not mean the end of work on its improvement.
The conference also showed the importance of work of volunteers in the field of cybersecurity. Michał Grzybowski from Safe Cyberspace Foundation talked about many initiatives in which people from private sector are involved, in the form of public-private partnership, and can be used as a product possible to adapt by governmental institutions. Eugene Dokukin, volunteer IT specialist, presented achievements in blocking websites controlled by DNR and LNR and in disturbing functioning of businesses conducted by them. Sergii Loboyko from Center of Inovation of Mohylan Academy paid attention to the significant lack of competence and financial resources and to the importance of using force and options created by volunteers.
The whole project will be summarized in the report, that will be published soon.
Author: Agnieszka Piasecka