Lessons learned from the ongoing cyberwarfare that is raging between Russia and Ukraine ought to be applied to other scenarios, including ongoing tensions between China and Taiwan.
Laura Galante, Director, Cyber Threat Intelligence Integration Center for the Office of the Director for National Intelligence, said during the RSA Conference 2023, “As we zoom out as the intelligence community, [we should] look at some of the lessons learned in working closely with the Ukrainians and other allies.”
She added, “We need to think about how we can apply those in another scenario that is at the forefront of a lot of our thinking, from a cyber resilient standpoint and on a larger sharing between the US government and other allies. And that’s now a China-Taiwan scenario.”
Galante noted that Ukraine has been “incredibly successful” in their cyber resilience efforts and off the back of that the intelligence and cyber community can start to consider the types of upcoming partnerships we will need to defend in a situation like Taiwan and China.
Alex Kobzanets, assistant legal attaché of the US Embassy Kiev for the Federal Bureau of Investigation (FBI) added, “We know that China has paid very close attention to what is happening in Ukraine. Those are all lessons learned for China and they are cataloguing those so they can read how the world and the US would react.”
The emphasis on pre-planning was highlighted in a separate session by Eric Goldstein, who serves as the Executive Assistant Director for Cybersecurity for the Cybersecurity and Infrastructure Security Agency (CISA).
He noted that cyber-attacks carried out against Ukraine in 2015 and 2016 lead them to develop some significant steps in improving their cybersecurity resilience.
Read More: Russia’s Cyber Tactics in Ukraine Shift to Focus on Espionage
“How we think about that in case of future potential conflict and the prospect of future Chinese action against Taiwan, how do we plan ahead for future conflict that may impact an organization, how do we build those plans now?” he said.
Goldstein highlighted the need to have the correct security measures in place. He also noted that what was important for Ukraine was having both functional and societal resilience, so it is important to think about how to build that in throughout the US and allied nations.
Speaking to Infosecurity before the RSA Conference, Pam Nigro chair, board of directors, ISACA and VP of security at Medecision, said that from the private sector’s perspective, cybersecurity leaders are still paying close attention to the geopolitical landscape.
“I had spent some extra time when Russia and China were getting together. I’m a little concerned in the US that we meet with other world leaders from certain countries that other nation states may not like.”
Nigro noted that critical infrastructure is particularly vulnerable as it has been less invested in over this year, despite them working hard to catch up.
“Changes in the geopolitical landscape mean your threat actors and your threats change and come from different places with focuses on different targets,” she said.
Partnerships the Winning Formula in Ukraine
Partnerships have been crucial to Ukraine’s cyber success and speaking during day two of RSA, Illia Vitiuk, head of the department of cyber and information security of the Security Service of Ukraine, highlighted the importance of both government and private partnerships to Ukraine’s cyber resilience.
Vitiuk acknowledge that the Ukraine-Russian conflict was the first true example of a full-scale cyber war.
He said that the partnerships with US Government agencies and the wider cybersecurity industry in the early stages of the conflict had been a “psychological gamechanger.”
“Right now, there is still a lot of support we need…but for now we feel pretty supported,” he said.
He emphasized that Ukraine’s experience shows how, as part of an alliance, smaller nations can stand up to larger powers.
The support Ukraine has received from the US began in earnest in 2014, following Russia’s annexation of the Crimea region.
In relation to cybersecurity, this support involved training, sharing of best practices and joint operations against international cybercriminal organizations.