Ukraine has written the playbook in defending against cyber attacks after coming under siege from Russia in the most sustained hostile campaign in history.
Lindy Cameron, chief executive of the National Cyber Security Centre, said Ukraine’s network defenders were “real heroes”, whose efforts in fending off Moscow’s virtual strikes had “saved lives”.
She called on governments and businesses to learn lessons from the Ukraine campaign by improving defences and resilience, especially as Russia remained a “sophisticated cyber power that needs to be watched”.
An hour before Moscow launched its land attack in late February, it attempted to freeze the entire Kyiv government network but failed due to the Ukrainians’ training and resilience.
While it was a classic Kremlin ploy to use a virtual attack as part of its military operation, Ms Cameron described it as a “clumsy effort”.
Despite that, the war has involved “the most significant conflict in cyberspace and probably the most sustained and intensive cyber campaign on record”, she said.
Moscow’s intelligence and military branches had launched a “huge number of attacks in support of immediate military objectives” and while these may not have been “apocalyptic in nature”, the rationale was to reduce the Ukrainian government's ability to communicate and divert resources. But nearly all had been fended off by Ukraine's defenders.
“Just as we see heroic defence by the Ukrainian soldiers in the battlefield, we've seen incredibly impressive defensive cyber operations by Ukrainian cybersecurity practitioners,” Ms Cameron told a Chatham House conference. “This has been the most effective cyber activity undertaken under sustained pressure in the history of cyber security.
“The Ukrainian network defenders have been real heroes that have saved lives in the face of sophisticated and sustained Russian cyber aggression.”
The attacks had mainly been using “wiper malware”, designed to render devices useless and inaccessible by wiping out their data.
But the vast majority had been unsuccessful without producing the intended effect, due to “really impressive Ukrainian cyber defences” and Kyiv’s “impressive collaboration” on technological issues with Britain, American and the EU, Ms Cameron said.
The assault had also taught analysts that the defender had a significant advantage in that “you can choose how vulnerable you can be to attacks”.
“Strong and effective cyber defence can be mounted, particularly against an adversary as well prepared and as well resourced as the Russian Federation,” she said. “There is a huge amount that countries and organisations can learn from Ukraine about preventing cyber attacks from taking hold or minimising their objectives if they do.”
If a country was well prepared, “most threats would not be able to breach your defences”, she told the conference. She said 90 per cent of cyber incidents could be prevented if companies put in place the correct defensive structures.
The virtual bombardment of Ukraine had enabled the country and its allies to learn a significant amount in dealing with the attacks.
“Ukraine has demonstrated the advantage public-private measures for hardening cyber defences,” Ms Cameron said. “Russian actors in this space face a formidable force from cyber experts across the globe, in the UK, the US, EU and other allied nations, who are frustrating their activity every day, and this is a real ray of hope for the future.”
