VIKTOR ZHORA

JUNE 22, 2022

As the Deputy Head of Ukraine’s cybersecurity agency SSSCIP, Viktor Zhora offers a firsthand account of fighting in a historic hybrid war.

On February 24, 2022, Russia launched a military offensive against Ukraine, introducing the international community to a terrifying new chapter of war. As we continue to watch the situation in Ukraine unfold, we have witnessed the country experience attacks both online and offline, putting countless lives at risk. Between Russia coordinating disruptive cyberattacks with destructive military strikes and Ukraine raising the first-ever volunteer IT army, this digital war has been unprecedented in many ways. Some even claim that this conflict represents the world’s first hybrid war

To get a firsthand account of this historic war, we spoke with the Deputy Head of Ukraine’s cybersecurity agency State Service for Special Communications and Information Protection (SSSCIP). In this candid interview, Viktor Zhora shares the realities of fighting on the digital front lines.

(Edited for clarity)

DPN: Tell us about yourself.

VZ: My name is Viktor Zhora. I’m the Deputy Head of the State Service of Special Communication and Information Protection of Ukraine for Digital Development, Digital Transformation and Digitalization (CDTO).

How did you find yourself in this unique government position?

I’ve been dealing with information security, cyber defense, and cybersecurity for nearly 20 years. The company I co-founded used to be a leading one in the market, providing cyber defense for nationwide elections. A successful business, many years of experience, and my special skills have probably laid the groundwork for me being offered to apply for the SSSCIP Deputy Head position.

It was an opportunity for me to fulfill myself not only as a businessman, but as a Ukrainian citizen. Eight years of war between Russia and Ukraine were marked with numerous cyberattacks, some of them having a significant impact. My country needed stronger capability to confront attacks in cyberspace, both in the introduction of new defense systems and in the establishment of new management models.

The SSSCIP, as the agency in charge of cyber defense of public information systems and critical infrastructure, also needed to change and become more efficient. I had a vision of what needed to be replaced and what needed to be let go. This is how I became a part of the amazing SSSCIP team.

What was your job like prior to Russia’s invasion of Ukraine? Could you share insights about cyber incidents that took place prior to this conflict?  

The key task for the new management was to make the SSSCIP more efficient and transparent, as it had been a totally closed military structure for many years. I’m in charge of its digital transformation and the cyber defense reform.

So, we have launched the UA30 Cyber Reform. We implemented its flagship project and opened the renewed UA30 Cyber Center last year. It is designed to be a training base for experts on cyber defense of government agencies and institutions. The Center is also the base of operations for the Computer Emergency Response Team of Ukraine (CERT-UA).

We’ve been working hard to enhance our technological capability to resist attacks on government agencies and critical infrastructure using new approaches and state-of-the-art instruments. Promotion of public-private partnership (PPP) is especially crucial in this respect. Government agencies and businesses should stand united in creating a reliable cybersecurity umbrella for the whole country. After all, cyberattacks often begin in the private sector and then spread to public institutions and vice versa.

Our team has managed to design guidelines on cyber defense enhancement for critical information infrastructure and have them approved. They are based on the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework guidelines for cybersecurity risk management.

The new Ukrainian Cybersecurity Strategy, approved last August, is meant to ensure establishment of an efficient national cybersecurity system. This document envisages the creation of the public register of critical information infrastructure facilities and regular updates of their cyber defense requirements. The Strategy requires national standards in this field to be designed, so the SSSCIP team has drafted the Organizational and Technological Cyber Defense Model. It was approved by the Cabinet at the end of last year.

The Russian government has been waging war against Ukraine since 2014. This affects cyberspace as well. The BlackEnergy attack at the end of 2015 and NotPetya virus attack in 2017 were the most notable ones through all these years. The BlackEnergy attack was the first successful attack on energy companies. The criminals succeeded in shutting down a number of substations and leaving about 230 thousand Ukrainians without electricity. NotPetya virus has affected and deleted data on many devices at public institutions and businesses both in Ukraine and abroad. The total losses caused by this virus are estimated at $10 billion.

Following several powerful attacks from 2014 through 2017, appropriate conclusions were made, and approaches were changed. The awareness of the fact that no issue related to cyber defense should be ignored has come to the national level. So, starting in 2017, while cyberattacks continued, they no longer caused any significant impact.

Or so it was until January 14, 2022. We consider that day the starting point of the active phase of the war in cyberspace. The cyberattack that occurred on that day resulted in defacement and external infrastructure destruction of over 20 public institutions’ websites. Because of that, Ukrainians had trouble accessing certain public services, such as being unable to get their vehicles insured.

In less than a month after that, we experienced the biggest DDoS attack in history on government websites and several banks. This type of attack has become a constant companion of the Russo-Ukrainian cyberwar. The highest record by now is 279 DDoS attacks a day. The most powerful of them exceeded 100 Gbps at their peak traffic.

What is it like being on the digital front lines?

It means being ready for any possible development. Ukraine has proved itself ready. The recipe for our readiness is quite simple: constant and systematic work of the government, assisted by businesses and the expert community, as well as international support. We have done a lot to enhance the country’s cyber resilience over the last few years. Right after the January attacks, we were approached by representatives of the Ukrainian private sector. They helped us look at what has been done in a different way and suggested some new approaches and tools to help build the defense system.

Similarly, the US, the UK, the EU, and many other countries offered their assistance the next morning after the attack on January 14. Many countries are now cooperating with us at the government level and even more at the private level. We have access to innovative technologies, expertise, and analytical support. 

The very awareness of Ukraine being on the front line in this war urges the world to unite and help us confront the common enemy.

What has been the most concerning cyberattack that targeted Ukraine during this war?

We have been preparing for high-complexity attacks from Russian hackers. The number of attacks has indeed increased. It has tripled compared to the previous year at the beginning of the war. Now, this proportion is closer to 2.5 times. However, only a handful of these attacks were even partially successful.

One of those is the attack on satellite provider Viasat. It had a significant impact on Ukrainians and residents of other European countries, rendering them unable to use the company’s services. Another one is the attack on Ukrtelecom JSC, which operates the largest fiber-optic backbone network. When it comes to the number of subscribers, it is the second-biggest Internet provider in the country. Thanks to the prompt response, the attack was neutralized quickly, and the company resumed its services in less than a day.

An attack on one of the regional power supply companies could have caused grave consequences. It was arranged by the Sandworm group, the same group that was behind the BlackEnergy attack back in 2015. This time the threat was recognized beforehand, so the citizens did not experience any troubles. But the attack itself was the most complex and well-prepared one of all. Cybercriminals planned to cut off 1.5 to 2 million Ukrainians from their power supply.

How have these wartime cyberattacks impacted citizens on the ground?

Actually, I have already mentioned some actual and potential impacts in my answer to the previous question. The only thing worth mentioning is that looking at the major targets of these attacks, we see that the public authorities, media resources, energy, logistics, and telecom sectors are targeted the most. The Russian government pursues the same goals in cyberspace as their troops do on the battlefield, i.e. to inflict the biggest possible damage to infrastructure. They focus their efforts on public infrastructure, not so much military infrastructure.

They attack public authorities either to make citizens believe that the government is weak or for misinformation, such as when they post fake capitulation messages or call upon Ukrainians to lay down their arms. Misinformation is also the primary purpose of attacks on mass media. Telecommunication networks are being attacked to render Ukrainians unable to get information or get in touch with their loved ones, thus intensifying panic.

Could you explain how cyberwarfare affected your life in a way that is unexpected?

I’d rather say, not just cyberwarfare, but the ongoing war in general. It gave me an opportunity to see people in a new light. To see how we all joined together and turned into a single unbreakable force that is not afraid of hardships and is ready to defend its future, its right of existence. Many people in these hard times have made us look at them in a whole new way, showing their best qualities we failed to notice before. And when someone points the finger at such a person and asks what kind of superpower they have, I will no doubt answer that their superpower is being a Ukrainian.

How has this impacted your family or friends?

We live in a country that is fighting on land, air, sea, and cyberspace. Not only have Ukrainians joined together to resist the enemy and help each other but have also succeeded in uniting the whole democratic world around themselves.

It is hard to find a Ukrainian who is not a part of this process. Someone defends the country with arms. Another helps defenders with supplies. Someone else offers food or housing for those who end up homeless due to this war. Another works to send their own money to the army or volunteers.

Each one of us has our own experiences, thoughts and emotions we share when we have a chance. Yet, each one of us realizes that we are doing everything we can for our common victory. The most important thing is that we keep supporting each other as much as we can, because not losing our faith and not giving up is essential in these hard times.

As one of Ukraine’s top cybersecurity officials, what keeps you up at night?

To answer this question, we’ll have to go back to that night between January 13 and 14. The attack began late at night. At three in the morning, the whole team was awake and busy doing everything possible to prevent the attack from spreading and reduce its impact on information systems.

Time and space are rather conditional concepts for cyberspace. An attack can come at any moment. And should it succeed, the working day might last several days at best. This is why our key task is to prevent cyberattacks from succeeding or restore affected systems as soon as possible, minimizing discomfort for the citizens. This is an integral part of our job.

No system can be 100% protected from cyberattacks. New technologies and solutions keep appearing, both in defense and offense. It is a permanent arms race. And when you are on the front line of cyberwarfare, you cannot stop thinking of ways to defend your country against the enemy, even at night.

What do you tell people who are unaware of the threat of cyberattacks and cyberwarfare, or who might not take these threats seriously?

Unfortunately, there are still many people who neglect their own cybersecurity. After all, it’s a rather new area of life, and it is hard for people to realize that they themselves are living targets for both Russian hackers and Russian troops. Any data leaked and any account hacked may result in an attack on a vital enterprise whose operation defines the well-being of hundreds of thousands of people. Sometimes, even their lives literally depend on it. Hackers are looking for every possible way to find Ukrainian activists, veterans, and Territorial Defense Forces members. If they learn that such people are staying in the areas controlled by Russians, those people will most probably be tortured and killed. These are some horrid scenarios, but they are real, and that is what we are trying to convey to people.

The bigger and wealthier a company, the more likely it is to be a target. When the sustainable operations of that company are important for many people, the likelihood, power, and technical level of cyberattacks will keep increasing. That is why it is so important to enhance our defense systems right now.

What do you think needs to be done to prevent another hybrid war from happening again?

The first cyberwar in history, when a country purportedly targets another country’s infrastructure, has shown that no one is safe from cyberattacks. One can stop a war by destroying enemy troops and storming enemy borders. But cyberspace has no borders. Hackers wear no stripes and can hide their origins in every possible way. They do not risk their lives directly. So, there is no doubt that the cyberwar will go on even after the conventional hostilities are over. Governments all over the world will become targets.

After all, cyber aggression is a reflection of the country’s real intentions. To prevent another hybrid war from happening, we need to properly punish those who started previous ones. Everyone should be aware that the payback for their actions is inevitable. 

At the same time, all civilized countries should start working on a common system of cyber defense. A common shield would enable us to effectively resist intensifying cyber threats. Ukraine has a lot of experience in confronting Russian military hackers and Kremlin-backed hacker groups, and we are ready to share our experience with other countries to make cyberspace a safer place for all.

Thank you so much for your time.