Officials from Ukrainian cyber agency the State Service of Special Communications and Information Protection (SSSCIP) and its European Union (EU) counterpart, the EU Agency for Cybersecurity (ENISA), have held high-level talks in Athens with the objective of developing deeper cooperation on cyber issues during the ongoing Russian invasion.
SSSCIP deputy head Viktor Zhora and secretary of Ukraine’s National Security and Defence Council (NSDC) and chief of the NSDC Office for Information and Cybersecurity, Natalia Tkachuk, were among a delegation visiting ENISA HQ under the auspices of the EU’s Cybersecurity East Project, which launched in 2019 and is designed to support EU Eastern Partnership countries in developing their own cyber capacities and legislative frameworks, and promoting cyber cooperation with the EU.
Also present were representatives of other states frequently threatened by Russian aggression, including Armenia, Georgia and Moldova.
The SSSCIP, which is on the front line of the frenetic cyber and information war that has accompanied Russia’s seven-month onslaught, said it had raised the need for a roadmap to further enhance cooperation, given the current situation, but that equally important was the prospect of Ukraine attaining ENISA Special Partner status. This will be a significant step towards the possible accession of Ukraine to the EU because it begins the process of harmonising Kyiv’s cyber legislation with that of Brussels.
“Cooperation with the European partners includes two key vectors for our country,” said Zhora. “On the one hand, Ukrainian experience in cyber war, confronting cyber threats from Russia, would definitely be beneficial for other democracies.
“On the other hand, having gained candidate status for EU membership, our country has to bring its national legislation in conformity with European standards. Intensified collaboration with ENISA will let us make this process much more efficient.”
Other points of discussion at the summit were assessments of the current cyber threat landscapes facing the various post-Soviet states, and an account of some of the specific cyber challenges faced; the implementation experiences of EU states linked to the NIS and NIS2 directives and other cyber certifications and standardisation initiatives; cyber capacity- and awareness-building; approaches to more generalised cyber crime; and the role and structure of ENISA as a pan-EU body.
The latest round of discussions follows a 29 September 2022 meeting between SSSCIP and ENISA officials in Poland, when both parties reached an agreement on the provision of ongoing political, financial and material support to Ukraine’s cyber defences.
To date, the EU has provided €29m (£25.5m) of support to bolster these defences, of which €10m has already been spent on new cyber equipment, software and other support, with a further €19m earmarked to support resilient digital transformation across Ukrainian organisations.
Support such as this, coupled with pro bono donations of security support and services from the cyber industry, has seen Ukraine maintain a remarkably resilient cyber posture during the war.
Speaking at a Chatham House conference at the end of September, Lindy Cameron, CEO of the UK’s National Cyber Security Centre, said this support had so far stopped Russian cyber attacks from being as impactful as feared.
“Just as we have seen inspirational and heroic defence by Ukrainian military on the battlefield, we have seen incredibly impressive defensive cyber operations by Ukrainian cyber security practitioners,” she said. “Many commentators have suggested that this has been the most effective defensive cyber activity undertaken under sustained pressure in history.”
Cameron said that having been such a frequent victim of Russian and Russia-backed cyber attacks over the past decade, Ukraine was in many ways “match fit” for such a conflict.
But she also warned against slipping into complacency, saying that just because no organisations in the UK have experienced major cyber incidents related to the war, the risk of escalation on the cyber battlefield remains very real.