Monday , December 23 2024
Home / comment / Ukraine is giving the free world a masterclass on cyber-defence

Ukraine is giving the free world a masterclass on cyber-defence

The prime minister of Estonia on the need for better preparation against digital warfare

COMMENT | Kaja Kallas | Nearly two years ago, I had the opportunity to chair the first official un Security Council meeting on cyber-security. Almost everyone at the meeting stressed what all states have already agreed: international law, including the un Charter in its entirety, applies in cyberspace. Russia did not.

Eight months later, Russia began its full-scale invasion of Ukraine and violated every rule in the book. For years, we had heard predictions that the next big war would be a kind of cyber-Armageddon. But instead, Russia brought back large-scale conventional war. Images of destruction from places like Bucha, where the Russian occupiers tortured and killed civilians, shocked the world

Much of the free world’s response has inevitably focused on conventional war, and rightly so. The aggressor must be defeated on the battlefield, and for that Ukraine needs military support. But Russia is also waging an energy war, an information war and a cyberwar. Democracies need to take steps to defend themselves in all these areas, as well as holding the line to defend a world where rules still apply, and where technology works for, not against, democratic societies. In this regard, there are four things of which we need to take note, and four things all free nations must do.

First, we need to understand that integrating cyber-warfare into regular warfare is now established practice. An hour before Russian tanks rolled over Ukraine’s border, Russia disrupted Ukraine’s access to Viasat communication satellites. The aim was to leave the Ukrainian armed forces without one of their communications lines, as well as having a broader spill-over effect on broadband services that, for instance, control the remote monitoring of wind turbines in Germany. Russia has also targeted communications and it infrastructure such as data centres and wireless masts in the same way it has targeted energy infrastructure.

Second, having a well-protected digital infrastructure is crucial. Ukraine’s digital backbone has enabled the state to keep delivering services online during the war. Many Russian cyber-attacks have failed because Ukraine had spent years building up cyber-resilience, with help from Estonia and others, and has now had extensive wartime assistance. And now it has lessons to teach us. Using apps such as Diia, the Ukrainian government has shown how technology can help taxes to be paid, public services to remain available and data to be kept secure even during war. Such technology also allows Ukraine to continue providing services for millions of refugees spread across Europe or trapped under Russian occupation. Estonia is already working with Ukrainian partners to adapt Diia for our own citizens.

Third, there is still a sense that bad actors can do what they want in cyberspace. While there have been significant examples in recent years of major cyber-attacks being attributed to foreign governments, it has not necessarily led to a change in behaviour. The complexity of ascertaining who is behind attacks and following up with real consequences still makes some actors see cyber-warfare as an attractive tool. Russia continues to use so-called “ddos diplomacy” bombarding websites with traffic to send political signals and to try to disrupt services beyond Ukraine. Nearly every week, Estonia experiences cyber-attacks on government and private services. The effects have been minimal, because we are well prepared and the attackers are not sophisticated. But a bigger threat lies elsewhere: malicious state-sponsored cyber groups are becoming more active across the world and sometimes gang up with ransomware groups.

Finally, the private sector has transformed its role during this war, and taken public-private partnership up a level in defence of digital infrastructure. Though social-media platforms are not doing enough to prevent the spread of disinformation, companies like Palo Alto Networks and Amazon Web Services have provided much-needed services and security measures for Ukrainians to defend their critical infrastructure and government services. Co-operation with companies like Microsoft, cyber-security specialists Mandiant and others has also been crucial.

In the light of all this, what should democratic nations do? First, we must all be prepared for cyber-warfare to continue even after the conventional war ends, and to invest appropriately. The security environment has changed, and we must all adapt. As highly digitalised societies, we need to make sure that public services remain available and data are kept safe. To that end, last year Estonia nearly doubled its annual cyber-security budget. There is also a need for swift information exchange between like-minded countries and service providers to help prevent attacks in the future.

Second, we must step up our efforts in cyber capacity-building. Closing the digital divide must go hand in hand with building up cyber-resilience. Estonia has long shared its know-how. A recent example is helping to set up a new cyber competence centre for Latin America and the Caribbean in the Dominican Republic, called lac4, which acts as a regional hub for cyber-security education and training. We have also been helping countries in Africa, Central Asia and eastern Europe build more robust cyber-defences.

Third, we must ensure accountability, including in cyberspace. Russia’s strategic goals are much bigger than Ukraine. It wants to recast the world in its own image, where might makes right. The digital sphere is not a sideshow but the front line. In March, Russia put forward a draft for a new cyber treaty at the un. It aims to undermine states’ obligations under existing international law and to justify domestic censorship. But existing international law applies fully in cyberspace. The international community risks sleepwalking into negotiating new, legally binding international rules with a war criminal.

Finally, we must build connections beyond current institutional limitations. It is clear that security for liberal democracies can no longer happen in silos. We must set standards with those we can trust, especially as new technologies like artificial intelligence, 5g and quantum computing become realities. Governments must better link with counterparts in other countries, as well as building partnerships with businesses and civil society.

Tyrannies like Russia will keep trying to turn technology into a tool of oppression and a means to destabilise free societies. Our job is to prevent that, to help Ukraine win the war and to build solid alliances. We must ensure impunity does not prevail in any sphere, and cyberspace is no exception.

*****

Kaja Kallas is the prime minister of Estonia.

Source: The Economist

Leave a Reply

Your email address will not be published. Required fields are marked *