Information technologies are rapidly developing today, creating serious threats for national and international security all over the world.
On March 15, 2016 the Ukrainian National Security and Defense Council’s resolution “On the Cyber Security Strategy of Ukraine” has been enforced by Ukrainian President’s Decree.
It should be noted that the need to adopt provisions on cyber security is long overdue in Ukraine because of cyberspace is becoming a separate, alongside the traditional “Earth,” “Air,” “The Sea” and “Space”, warfare sphere, in which the proper units of leading countries armed forces act more and more actively.
Considering widespread use of modern information technologies in the defense and security sector and creation of a sole automated control system of the Armed Forces of Ukraine, defense of Ukraine becomes more vulnerable to cyber threats.
Moreover adoption of measures for strengthening of cyber security is primary today’s task because of Russian aggression. In general it is undoubtedly that Ukraine is now in the face of external threat.
Current cyber security protection in Ukraine is rather low, cases of illegal collection, storage, use, distribution of personal data, illegal financial transactions, theft and fraud become more and more common on the Internet.
Moreover various sectors of the Ukrainian economy and life are very vulnerable in cyberspace now, state and private companies suffer from cyber attacks to which they were completely unprepared. Unfortunately Ukraine has no any instruments for prevention and repulse of attacks in information sphere, all measures of cyber protection are unsystematic and ineffective.
The problems which complicate the fight against cyber crimes connected primarily with lack of clear legal regulation of the national state policy on cyber security. Secondly there is no common state coordination structure for cyber crimes counteractions in Ukraine. As a result – growth of a threat to critical infrastructure, growth of computer piracy and violations of copyright.
The purpose of the new Cyber Security Strategy of Ukraine (hereinafter – Strategy) is to create conditions for the safe operation of cyberspace, its use for the benefit of individuals, society and the state.
It should be noted that in connection with the Strategy the National Security and Defense Council of Ukraine has decided to establish special new body as its working body – National cyber security coordination centre.
The Strategy defines, among others, such main priorities for safe, stable and reliable cyberspace in Ukraine:
- the development and operational adaptation of state policy in cyber security field, achieving compatibility with the relevant standards of the EU and NATO;
- creating a national regulatory and terminology framework in this area, harmonization of regulations in the field of electronic communications, information protection, information and cyber security in accordance with international standards and standards of the EU and NATO;
- development of cyber security technologies of mobile communication tools;
- development of electronic communications infrastructure;
- development and improvement of state control system of information security and also of the system of information security independent audit;
- development of network response teams to computer emergencies;
- development of international cooperation in the field of cyber security, supporting for international initiatives in the cyber security field which meet the national interests of Ukraine, intensification of cooperation between Ukraine and the EU and NATO in order to strengthen Ukraine’s capabilities in cyber security.
In this connection the Strategy defines that cyber defense of critical infrastructure should consist, among others, primarily of:
- improving complex legal framework of critical infrastructure cyber defense;
- organization and maintenance of the state register of the critical infrastructure objects;
- development and implementation of mechanism for information exchange between government bodies, private sector and citizens regarding threats to critical information infrastructure.
According to the Strategy development of potential of security and defense sector in the field of cyber security must include the realization, in particular, the following main measures:
- protection of technological processes on critical infrastructure objects, where control or monitoring are controlled by information-communication technologies, from unauthorized interference in their work;
- development and implementation of protocols of joint actions, including information exchange in real time;
- realization of state strategic planning and program-oriented software in the field of electronic communications, IT, information protection and cyber defense;
- creating a sole sub-unit to ensure cyber security and cyber defense of the Armed Forces of Ukraine on strategic, operational and tactical levels;
- development of cyber security and cyber defense units of the Armed Forces of Ukraine, State Service for special communications and information protection of Ukraine, Security Service of Ukraine, National police of Ukraine, intelligence agencies, achievement of compatibility with the relevant units of cyber security and cyber defense of states – members of NATO;
- development of rapid response to computer emergencies;
- limitation of participation in activities to ensure informational and cyber security of any entities that are controlled by the aggressor state, recognized by the Verkhovna Rada of Ukraine or by countries and persons against whom the special economic and other restrictive measures (sanctions) are in effect, adopted on national or international level as a result of aggression against Ukraine, and also limitation of use of products, technologies and services of such entities to provide technical and cryptographic protection of state information resources, strengthening of state control in this field.
The most innovative measure among abovementioned ones is establishment of special sub-unit of the Armed Forces of Ukraine which never exists, and development of such sub-unit in other government bodies. Such measure implies attraction of IT-specialists to these bodies which, in its turn, implies additional cash costs. At the same time it is very important that such specialists will have sufficient qualification for cyber defense.
The Strategy foresees that fight against cybercrimes in Ukraine must include such measures:
- creation an effective and convenient contact-center for reporting the cases of cybercrimes and fraud in cyberspace, improving efficiency of reaction to cybercrimes of enforcement bodies;
- improvement of procedural mechanisms for the collection of evidences in electronic form;
- implementation of blocking of certain information resource by communication operators and providers under the court decision;
- determination of order on urgent fixing and further storage of computer data, data saving on traffic by operators and providers;
- training of judges (investigative judges), investigators and prosecutors for operation with evidences of crime received in electronic form considering cyber crimes features;
- implementation of special order for interception in case of cyber crime investigation.
It should be noted that Cabinet of Ministry of Ukraine with Security Service of Ukraine, External intelligence Service and National institute of strategies researches must approve within two months (i.e. before May 15, 2016) a plan of action for 2016 to implement Cyber Security Strategy of Ukraine and to further develop and approve such plans within the Strategy implementation period before the planned corresponding year.
Let’s consider whether all above measures and priorities are realistic and exercisable.
Central idea of abovementioned measures and priorities in the Strategy consist of Ukraine should create a great hi-tech system for providing of communications security and reliability. It seems to be not easy, taking into consideration the current state of such security protection instruments.
Moreover the Strategy defines the purpose to create “active cyber defense” that means an execution of politico-military, military-technical and other measures to empower the state military organization, security and defense sector in cyberspace, creation, development of forces, facilities and instruments for possible response to aggression in cyberspace, which can be used as a deterrent of military conflicts and threats in cyberspace. In other words, Ukraine must create mechanism of retaliatory cyber attacks. It is unknown how it will be implemented in practice because such mechanism needs serious investments and knowledge.
The Strategy has finally legislatively determined the concept of a critical infrastructure objects, such as energetic and transport main networks, oil- and gas pipe lines, seaports and so on.
Granting the intelligence agencies on-line access instruments to subscribers computer data, it is also important to keep balance between citizens’ right for privacy and national security interests, that is often not easy task in practice. For example, in the case of necessary access to personal data of subscribers – obtaining of such access is possible by court order only.
However, when talking about cyber crimes – immediate reaction of intelligence agencies is needed and obtaining of court decision may, of course, delay such reaction.
It’s hardly to say whether the new cyber security strategy is enough to adequately protect Ukraine against cyber crime or not.
Certainly the Strategy is still declared program of necessary actions which requires making a number of changes into Ukrainian legislation, toughening measures of responsibility for violations in the cyber space sphere and serious investments.
However it is obvious that Ukraine has to make considerable shift in the question of protection data in cyberspace and the Strategy is undoubtedly a good foundation for positive changes in this sphere.