Shields up

The US has committed $8 million to bolstering Ukraine’s cybersecurity defenses as its eastern European ally continues to face a sustained campaign of cyber-attacks linked to neighboring Russia.

Announcing the funding, the US Embassy in Ukraine said that part of this funding, which follows a previous tranche of $10 million pledged in 2017, will support a new project that seeks to “build Ukraine’s cybersecurity capabilities through support for legal and regulatory reform, cyber workforce development, and private sector engagement.”

Run by the US Agency for International Development, the project commits to investing up to $38 million over four years.

The latest financial aid, from the US Department of State, was announced during a cybersecurity-focused meeting of officials from the two countries – their third ‘Cyber Dialogue’ – which was held at the US Embassy in Kyiv.

Officials from the FBI, US Agency for International Development and US Departments of State, Defense, Energy, Homeland Security, and Treasury, also discussed 5G security concerns, and policies around public attribution of cyber-attacks with their Ukrainian counterparts, according to the embassy announcement.

The FBI additionally presented the National Police of Ukraine Cyber Police and the Prosecutor General’s Office of Ukraine with a Director’s Certificate for their contribution to the FBI’s arrest and extradition of cybercriminals from the Ukraine to the US.

“The delegations reviewed ongoing and proposed US cybersecurity assistance projects developed in concert with relevant Ukrainian agencies and stakeholders, including strengthening critical infrastructure cybersecurity; cyber strategy development and implementation; enhancing cyber defense, incident response, and information sharing capabilities; raising cybersecurity awareness for all stakeholders; and providing training on securing industrial control systems and digital forensics,” said the embassy.


Post-Crimea conflict strays into cyberspace

The Ukraine is a key US ally in eastern Europe and has become a major recipient of US aid since Russia’s annexation from Ukraine of the Crimea region in 2014. Subsequent military entanglements in eastern Ukraine have periodically been accompanied by cyberattacks.

In December 2015 some 230,000 Ukrainians went without electricity for up to six hours in the wake of the world’s first known successful cyber-attack on a power grid, widely blamed on a Kremlin-backed advanced persistent threat (APT) group. Energy companies and other critical infrastructure targets have been hit periodically since.

Russia-affiliated threat actors were also blamed for the 2017 NotPetya attack that operationally crippled shipping conglomerate A.P. Møller-Maersk after seizing control of the software update mechanism of M.E.Doc, the de facto standard accountancy package for firms doing business in Ukraine. We’ll update this story as and when more information comes to hand.

The Daily Swig has contacted The US Embassy of Ukraine and the Ukrainian Ministry of Foreign Affairs for further comment.


YOU MIGHT ALSO LIKE The latest government data breaches in 2019/2020