23 March 2023

Ukraine’s Cyber Defense Offers Lessons for Taiwan

LT. COL. JAMES HESSON and ANNIE FIXLER

The Ukraine war has filled the world with graphic images of a surprisingly capable underdog resisting the advances of a lumbering aggressor. But while the pictures are far less compelling, the story is the same in cyberspace: Ukrainian defenders have thwarted an onslaught of Russian cyberattacks. While credit for this success goes to the resilience, persistence, and professionalism of the Ukrainians, America’s efforts to improve their cyber capacity played a key role, and offer lessons for defending Taiwan from Chinese cyberattacks.

Cyber cooperation between the United States and Ukraine has a long pedigree. After Russian hackers shut the lights off in Ukrainian cities in 2015 and 2016, Kyiv launched a monumental initiative to harden its defenses. A partnership with the United States began in earnest in 2017 with the first U.S.-Ukraine Bilateral Cyber Dialogue, driven by increasing cyber threats from Russia. Most importantly, the dialogue linked U.S. agencies such as the Departments of Defense, Energy, and Treasury with Ukrainian counterparts to build their defenses.

After helping Ukraine remediate the attacks on its electric grid, the U.S. Department of Energy worked with the Ukrainian government to strengthen the resilience of Ukraine’s energy sector and national-response planning. Since 2014, the U.S. government has provided more than $160 million in technical support for Ukrainian energy security. That Russia has resorted to targeting electricity systems with cruise missiles and drones instead of malware is a testament to the cyber resilience of the infrastructure.

In March 2020, the U.S. Agency for International Development, or USAID, launched a $38 million program aimed at “strengthening the cybersecurity enabling environment; developing Ukraine’s cybersecurity workforce; and building a resilient cybersecurity industry.” As a critical part of this effort, USAID delivered software and hardware tools that increased Ukrainian cyber defenses.

The Department of the Treasury, meanwhile, joined forces with the National Bank of Ukraine via the Software Engineering Institute to improve cybersecurity information sharing. The result: despite attacks in the days before the war, Ukrainian banks have so far weathered the Russian storm.

The FBI has worked closely with Ukrainian partners to share threat information on Russian malicious cyber activity and disrupt disinformation campaigns. And in July, the Cybersecurity and Infrastructure Security Agency at the U.S. Department of Homeland Security expanded its information and technical exchanges with Kyiv.

And U.S.-Ukraine cyber cooperation has entailed more than money, tools, and information. In the three months leading up to the war, U.S. Cyber Command sent teams to Ukraine for defensive cyber operations known as “hunt forward” efforts. Working alongside their Ukrainian counterparts and other European partners, U.S. operators spotted malicious cyber activity on Ukrainian networks. The hunt-forward effort identified Russian intrusions to key networks and prevented crippling cyberattacks.

Taken together, all the hard work in Ukraine is paying off, and the U.S. government is taking notes. In a recent interview, Rob Silvers, DHS undersecretary for strategy, policy, and plans, said his department is now “thinking big about cyber collaboration.” Washington, he said, “should be looking for opportunities to work with international partners more intensively across the board.” We agree.

With last month’s announcement that the United States is expanding troop levels on Taiwan, the timing is perfect to launch cyberdefense capacity-building programs for the island. CISA Director Jen Easterly recently warned that China is likely to accompany military action against Taiwan with cyberattacks not only on the island, but also on the United States and other partners. The effort that prepared Ukrainian defenders, if repeated in Taiwan, could force China to re-evaluate its ability to cripple the island’s infrastructure and could help avert war.

In addition to replicating successful programs in Ukraine, cyber capacity-building measures in Taiwan should include training programs for law enforcement agencies to fight cybercrime. Both CISA and the FBI have the requisite experience for this training program.

In December, as part of the annual defense bill, Congress directed the Department of Defense to increase joint military exercises with Taiwan. These exercises should include operational cyber exercises. The U.S.-Israel Cyber Dome VII exercise could serve as a useful template for joint training and exercising.

Ukraine has shown that in cyberspace, the best defense might actually just be a good defense. Working hand-in-hand with Taipei, Washington can build Taiwan’s defensive cyber capabilities to mitigate and thwart attacks. Doing so will better position Taiwan and the United States to counter China and protect both nations’ interests.

No comments: