Ukraine’s intel chief: We weren’t ready

By Joseph Marks

Russia showed a sophistication on hybrid warfare that Ukraine couldn't match.

When undercover Russian troops first invaded Crimea last year, the Ukrainian government and military were wholly unprepared for the new brand of hybrid warfare they launched, Vitaly Naida, director of information security counterintelligence for Ukraine’s Security Service, told POLITICO.
The Russian forces integrated traditional but covert military actions with cyberattacks and propaganda campaign, giving themselves a free hand to eavesdrop on officials’ emails and cellphone communications, gathering information about Ukrainian military operations and policy debates long before they were public. In some cases, Naida said, they were able to target Ukrainian military forces with lethal artillery fire by geolocating a mass of cellular signals from the phones soldiers carried.
Naida and Andriy Taranov, deputy chief of staff to Ukrainian President Petro Poroshenko, crisscrossed Washington last week, meeting with lawmakers, State Department and White House officials, sharing a PowerPoint they say offers definitive proof of Russian military aggression in the disputed regions and asking for additional military assistance.
The U.S. has provided millions of dollars in non-lethal military assistance to Ukraine since the outbreak of hostilities, but has stopped short, so far, of offering up weapons and other lethal aid. Democrats and Republicans alike have pressed the Obama administration to take more decisive action, including authorizing lethal assistance to the Ukrainian military in the National Defense Authorization Act. The Senate version of that legislation listed “cyber capabilities” as an appropriate category for assistance, but the fate of the bill is unclear after a threatened presidential veto.
After his D.C. meetings, Naida sat down with POLITICO to talk about the cyber dimensions of the conflict. The edited transcript is below. The Russian embassy did not respond to a request for comment.
What role are cyberattacks and cyber breaches playing in the military conflict in eastern Ukraine?
Russians rely on cyberattacks when they try to penetrate the information and resources of state authorities. We, the Security Service of Ukraine, together with State Special Communications Service, we do our best to protect information and resources. However, the spear phishing is very effective. Russians are very effective with spear phishing. They attack not only state authorities but Ukrainian embassies abroad. Last year they penetrated some Ukrainian embassies.
Which embassies?
I cannot say which ones. Definitely some embassies in western countries. They do not care about the Ukrainian embassy in Kazakhstan or the Ukrainian embassy in Australia. They think only about NATO supporters, those countries that support Ukraine in its resistance against the Russian Federation. But several foreign missions were penetrated by spear phishing.
Attribution is always difficult in cyberspace. Have you been able to definitively attribute these attacks to the Russian government?
To some extent, yes. But we do not want to show up with this information in public, because the information is very sensitive [and exposes] the technology that we are using. We fail right now to conduct sufficient protective measures against Russians. Russians, they use very sophisticated techniques. So, we don’t want to reveal our abilities to anybody right now.
What information are they looking for and what’s the effect on Ukrainian government and military operations?
They’re looking to get information on policy issues. If you’re speaking about [the] possibility to [disrupt] operations, they’re not so effective. Because, in the field, we protect our resources. We protect all lines of communication together with other services.
But, sometimes, they are getting information that makes it more difficult to conduct military operations?
Yes. The same situation [occurs] with the cellphones. Unfortunately, in Ukraine, there is no domestic cellphone provider. We have three main providers — two Russian, one Turkish with Russian parts. So, from the very beginning, before we took measures, it happened. The very first days of full engagement, Russian shells [hit] Ukrainian troops being deployed to the scene — even in between villages, in the fields [and] in forests — only by knowing the geolocation of a big amount of cellphones gathered in the rural area. And that’s it. And they shelled with missile launchers [and] artillery and they killed Ukrainians.
What measures have you taken since then?
Different. Sufficient.
If you can’t tell me the measures themselves, can you say who are you looking to for help on this?
We’re speaking with our NATO allies. We have very good relations with some European countries. I won’t say all of them because [some] countries would not like to show their unique cooperation with Ukraine in front of the Russians. But, we’re definitely cooperating a lot with Estonia, with some other countries like Poland, like Romania, like Great Britain [and] some others. They’re definitely helping us.
Helping with what?
With technical support, providing the methodology, sharing know how [and] technology, [teaching us] how to protect the resources from Russian penetration.
What would you like from the U.S. and NATO that you’re not getting right now to help combat cyber aggression?
Training. Sharing knowledge and methodology and trainings for our officers — not only for the Security Service, [but] for all state entities [that] play their separate but key roles in defeating cyberattacks [and] protecting critical infrastructure communications. So education, education and more education.
NATO committed in December to fund several cyber defense and command and control projects in Ukraine. Can you give us an update on those?
I was the one who initiated the NATO trust fund in [the] cyber sphere. Right now, we are in the process of signing the agreement. Education is already there, and our experts are already training in some NATO countries. Equipment that will help our [Computer Emergency Response Team] to become more powerful is on the way to Ukraine.
So you have a national CERT already stood up, and this would upgrade the technology there?
Yes. Exactly.
I’ve heard that one problem facing Ukraine is that the government’s own cyber hygiene is low. That insecure laptops and cellphones are getting on the network. Is that true?
It’s an educational process. [We need] to limit their ability to bring personal cellphones inside buildings where sensitive information is discussed. You cannot stop any governmental official from bringing [a] cellphone to [an] office where they do not discuss classified or secret information. But, we do protect the conference halls and offices where they discuss sensitive issues.
How vulnerable is Ukraine to destructive cyberattacks against critical infrastructure or other targets?
The cyber component is not so crucial. We don’t have such a sophisticated infrastructure in the cyber sphere in Ukraine, unfortunately. But fortunately, for now, because we do not depend critically on [it] our nuclear power stations, they are absolutely separate. They do not have any cyber issues, any connections with the cyber world.
Is that true of other critical infrastructure too?
Most.
Are distributed denial of service attacks having a significant impact on Ukrainian government operations?
We are capable to defend when we see an active DDoS attack, but those attacks are constant. During the [2014 parliamentary] election period, the power of the DDoS attacks was enormous. We used all our state resources to prevent them from blocking our information and resources. But, we withstood the attacks.
Could Ukraine have been better prepared for the cyber dimensions of this conflict?
For the last decade, Ukraine was not preparing to defeat cyberattacks and to increase our capabilities in cyberspace. We were fighting minor criminals who hacked some computers to steal money. We were not ready to face such a strong enemy in an almost state of war. We [had] to learn during the battle. We’re relying on the experience of Western countries, because Ukraine did not have the experience of combating the joint threat [from the] military sphere and cyber sphere.
Broadly, what does this conflict say about the future of hybrid war?
There’s no simple answer. We’re still in the war. What I can say, right now, is Ukraine has a unique experience fighting the strongest army, at least in Europe, the biggest army in Europe. And we are facing not only the physical enemy with conventional weapons, but we are facing the threat of spreading terrorism and cyberattacks and there are several more issues to talk about. [There’s] Propaganda: Cutting down Ukrainian TV channels and introducing extremely powerful TV broadcasting systems that spread propaganda of [the] Russian brainwashing machine.