Fighting digital aggression on different fronts seemed to be the theme at the recent BlackBerry Security Summit 2022, held at the New York Stock Exchange in New York City. In many ways, the livestream from Ukraine, along with the other speakers at the summit, exemplified how cybersecurity can be an essential to safeguarding people, physical infrastructure, and real-world assets.

Victor Zhora, deputy chairman of the State Service of Special Communications and Information Protection of Ukraine, joined the event via video for a remote fireside chat with BlackBerry CEO John Chen. “It’s calm; we have no air sirens,” Zhora said. “As you can understand, we are facing them from day to day. Unfortunately, cyber challenges are not the only one in our everyday life.”

Though he did not refer to himself as a “cyber chief,” Zhora said his role focused on cyber protection similar to the US-based Cybersecurity and Infrastructure Security Agency (CISA). “I’m just one of many, many all volunteers, cyber defenders, cyber professionals and experts,” he said, “which defend our country, defend our digital infrastructures.”

He put the cyber threats in the context of geopolitical aggression directed at Ukraine even before the current invasion began. Zhora cited a cyberattack in 2014 on the Central Election Commission of Ukraine during national elections as well as other cyberattacks that followed in 2015 and 2016 with Ukrainian media and government entities as the targets. “That was followed with the most destructive cyberattack in history -- NotPetya,” he said.

The NotPetya ransomware attack in June 2017 that targeted Ukraine struck some of the country’s banking systems and services, as well as disabled the radiation monitoring of the Chernobyl Nuclear Power Plant. Some estimates put the fiscal damage, which included entities outside of Ukraine such as shipping company Maersk, at more than $10 billion. “After NotPetya, our government put a lot of attention to cybersecurity,” Zhora said. That included the establishment of multiple agencies with different areas of responsibility for security, as well as improve coordination among agencies.

Training professionals and taskforces became important for future cybersecurity preparation, he said. “This became one of the key factors that helps us ensure cyber resilience of our country in these challenging times.”

Zhora said Ukraine has faced daily cyberattacks since the beginning of Russia’s military invasion of the country. “We expected attacks to [our] energy sector, to government entities, to media, to telecom sector, to financial sector, to all critical infrastructures and we were focusing on defending them,” he said.

Cyber incidents escalated fast at the onset of the war, Zhora said, with some highly sophisticated attacks at the end of March and the beginning of April that targeted Ukraine’s media. This has changed in the ensuing months. “Up to the moment, we see no particular strategy from our adversary,” he said. “We see rather opportunistic behavior.” That includes seeking out and exploiting vulnerabilities, but the absence of a coherent attack strategy, Zhora said, has given Ukraine the opportunity to fix such vulnerabilities and counteract. “We don’t even have time even to think about how scary attacks can be,” he said. “We are simply doing our best job to protect our country.”