EU Activates Cyber Rapid Response Team Amid Ukraine CrisisSeveral Cyber-Military Experts Will Focus on Safeguarding Ukrainian Networks
Stay tuned for updates on this developing story.
Amid rapid escalation in the Russia-Ukraine conflict derived from historical grievances and qualms with Ukraine's plan to join the military alliance NATO, the world's network defenders remain on high alert. And on Tuesday, the European Union confirmed that it will activate its elite cybersecurity team to assist Ukrainians if Russian cyberattacks occur.
The news comes after the U.S. government attributed last week's DDoS attack on the nation's Ministry of Defense, which oversees Ukraine's military, and at least two banks, to the Russian Main Intelligence Directorate, better known as the GRU. Russia has denied the allegations (see: Report: Cyberattack Hits Ukrainian Defense Ministry, Banks).
The EU's Cyber Rapid Response Team entails some 10 national cybersecurity officials from Croatia, Estonia, Lithuania, the Netherlands, Poland and Romania, each of whom can provide assistance to a nation under cyberattack. The team is part of the EU's Permanent Structured Cooperation, and this is its first deployment, according to Politico, which first reported the news.
Russian President Vladimir Putin has for months hinted at a full-scale invasion of the former Soviet state and has amassed more than 100,000 troops along Ukraine's eastern border. The mobilization - which U.N. officials have called the largest in decades - stems from Putin's grievances with Ukraine's plan to join NATO. Putin initially demanded Ukraine renounce such plans and directed NATO to remove its troops from Eastern Europe.
On overall cyber defense, a NATO official tells ISMG: "Cyberspace is an operational domain for NATO, alongside land, air, sea and space. As such, it is part of NATO’s core task of collective defense. NATO allies have made clear that a serious cyberattack could trigger Article 5 - the collective defense clause of our founding treaty. … We will not speculate on how serious a cyberattack would have to be in order to trigger a collective response. Any response could include diplomatic and economic sanctions, cyber measures, or even conventional forces, depending on the nature of the attack."
Engaging the Rapid Response Team
Just weeks prior to the DDoS attack on one of Ukraine's top ministries, several government websites were defaced with dire messaging and propaganda, along with wiper malware. Ukrainian officials later attributed the January attacks to Russian threat actors.
According to Margiris Abukevičius, vice minister at the Ministry of National Defense in Lithuania, the Rapid Response Team's participating members deliberated over this week's activation. Details on the deployment, including which experts will be working on Ukrainian IT defense, remain unclear. According to Politico, however, Abukevičius said it is possible the unit will be stationed in Ukraine. The activation follows a request Friday from the Ukrainian government for related EU support, particularly from cyber military leaders, Politico writes.
Ukraine's Foreign Minister Dmytro Kuleba urged the EU to dispatch such leaders to Kyiv to hunt for vulnerabilities on its networks, Politico says. Ukraine's top diplomat also reportedly requested technical equipment and software to bolster its cyber infrastructure.
EU High Representative for Foreign Affairs and Security Policy Josep Borrell Fontelles, who met with Kuleba in Brussels, later confirmed that "a mission of experts" will be directed to support Ukrainian systems.
The latest escalation follows years of cyber uncertainty, as Ukraine's electric grid was the target of Russian cyberattacks during peak winter season in 2015 and 2016. The following year, Russia allegedly leveled its NotPetya malware on Ukrainian systems - before the self-propagating worm spread worldwide.
NCSC Sounds Alarm
Also on Tuesday, the U.K.'s National Cyber Security Center, aka NCSC, like U.S. federal agencies, warned of potentially damaging cyberattacks stemming from the Russia-Ukraine conflict. NCSC is a part of GCHQ, the U.K.'s intelligence, security and cyber agency.
As part of its warning, NCSC officials said: "Following Russia's further violation of Ukraine's territorial integrity, the NCSC has called on organizations in the U.K. to bolster their online defenses.
"While the NCSC is not aware of any current specific threats to U.K. organizations in relation to events in and around Ukraine, there has been a historical pattern of cyberattacks on Ukraine with international consequences."
The officials urge organizations to take several steps to bolster their defense, including:
- Check system patching;
- Verify access controls;
- Ensure existing defenses are working;
- Monitor key logs and antivirus logs;
- Review backups;
- Implement an incident response plan;
- Ensure the organization can properly reduce and respond to phishing lures;
- Ensure there is a comprehensive understanding of what level of privilege is extended into the systems
- Access and share NCSC resources;
- Brief the wider organization on security posture.
Russia has long targeted Ukraine - which earned its independence in 1991 at the fall of the Soviet Union - in similar cyber or disinformation offensives. Foreign policy experts say it continues to view Ukraine as part of its sphere of influence.
Commenting on the wider conflict, the EU's Josep Borrell Fontelles said via Twitter: "The decrees by President Putin ordering a so-called peacekeeping mission into the so-called Donetsk and Luhansk people’s republics is another outright aggression against Ukraine, a violation of its territorial integrity and sovereignty."
On another thread, he wrote: "The EU and its partners will react with unity, firmness and with determination in solidarity with Ukraine."
While details were unfolding rapidly on Tuesday, Russian state media reported that the upper chamber of its parliament had approved the use of armed forces outside of the country, according to CNN.
Ukrainian President Volodymyr Zelenskyy is also reportedly considering breaking off diplomatic ties with Russia, NBC News reported.
What's more, a 100-truck military convoy was reportedly spotted traveling toward the Ukrainian border, according to The Guardian. NATO Secretary General Jens Stoltenberg, speaking in Brussels, confirmed that NATO allies have more than 100 warplanes on "high alert" and more than 120 warships ready at sea from the Arctic Circle to the Mediterranean Sea, according to a real-time feed compiled by The Guardian.
White House Updates
In a press conference on Tuesday, U.S. President Joe Biden introduced the first tranche of sanctions against Moscow, including cutting off two Russian banks from Western finance. Biden vowed to defend NATO territory and said U.S. intelligence points to further maneuvers into Ukraine, which he called a blatant violation of international law.
Just an hour later, U.S. Secretary of State Antony Blinken said in a press conference that the U.S. will sanction members of the Russian elite and confirmed that the Department of Defense will be sending additional U.S. forces to NATO's eastern flank to deter Russian aggression. Blinken called Putin's activity the "greatest threat to security in Europe since World War II."
On Tuesday evening, U.S. press secretary Jen Psaki confirmed that there are "no current, pending" Russian cybersecurity threats, though the U.S. remains "prepared."
Biden on Monday issued an executive order that "will prohibit new investment, trade, and financing by U.S. persons to, from, or in the so-called DNR and LNR regions," according to a senior White House official (see: As Russia Invades Ukraine, Cyber Escalation Threat Looms).
In a speech on Monday, Putin said Ukraine is "not just a neighboring country" and "is an integral part of our own history, culture, spiritual space."
Update - Feb. 22, 4:45 p.m. EST: This story has been updated with remarks by U.S. Secretary of State Antony Blinken.
Update - Feb. 22, 6:30 p.m. EST: Remarks from press secretary Jen Psaki have been added.