Cybersecurity experts discuss wins, losses and lessons at western Ukraine gathering
JUANA SUMMERS, HOST:
A year and a half into Russia's full-scale invasion of Ukraine, cybersecurity experts there are still facing serious digital - not to mention physical - threats. But that hasn't stopped them from meeting to talk about their successes, ongoing challenges and plans for the future. NPR's Jenna McLaughlin joins us with more from Kyiv. Welcome, Jenna.
JENNA MCLAUGHLIN, BYLINE: Thank you for having me.
SUMMERS: So Jenna, I understand that you were at a gathering of cybersecurity experts in western Ukraine. What can you tell us about it?
MCLAUGHLIN: Yeah, it's a bit surreal here. There's constant missile alerts. But in Ukraine, life must go on. This event was co-hosted by a Ukrainian government cybersecurity agency and a collection of IT companies that are based in Lviv. We actually weren't told the details of the physical location of the event until hours before. The venue was concrete. There were no windows in sight. But it honestly wasn't so different from hacker conferences happening out in Las Vegas this week that I've been to before. The speakers were brought to the stage with jaunty music. There were fancy decorations. And the goal of the event was similar, too. It was to talk about practical lessons of cybersecurity and how those lessons might be applied to the future, to new regulation, to data-sharing pacts with foreign partners. They even discussed putting together a legal case to accuse Russian hackers who targeted critical infrastructure during the war of war crimes.
SUMMERS: You mentioned some legal challenges there. Do you have a sense of what those cases might look like?
MCLAUGHLIN: Yeah, the experts here tell me that there are ongoing efforts - also in the U.S. and elsewhere in the world - to gather forensic evidence of Russian cyberattacks that have hit critical infrastructure, like the power grid. I'm told there's already a huge case file of evidence, particularly against the Russian intelligence hacking group known as Sandworm. The Ukrainian cyber police, intelligence agencies and the state security service - they're all working with the prosecutor general's office to start building this case even before the war ends. We've really never seen an international criminal court consider a cyberattack case like this, so it would set a major precedent if they're successful.
SUMMERS: As I'm watching this from the outside, it seems that these daily missile strikes remain the true threat in this war rather than Russian cyberattacks. How did people at the cyber gathering that you attended put those two types of threats into perspective?
MCLAUGHLIN: Yeah, I think from outside Ukraine, there was this huge expectation before the war that Russia would launch these catastrophic cyberattacks that would shut off all the power and communications and that it would be crippling to the country. Russia did try to do a lot of those things with both digital and physical means, like you mentioned. As I'm talking to people here, you know, they're really proud of their cyberdefenses, but there's also very little appetite to give Russia any credit for their success in cyberspace.
My sense from talking to people is that they're aware of the damage that Russia's caused. You know, one panelist said that a Ukrainian company lost $10 million in a cyberattack. There's a lot of data and systems that have been damaged for good. And there's ongoing attacks against media, health care providers, logistics, transportation and, of course, the power sector, like I mentioned.
SUMMERS: OK. So I'm hearing you say that there's definitely still a threat there on the cyber front. What's the priority as the counteroffensive drags on and as Ukraine heads into fall and winter?
MCLAUGHLIN: Winter is on everyone's minds here. Experts are worried about ongoing physical and digital attacks on the power sector because, honestly, it's really hard to run a power plant without a connection, and it's even harder to keep it secure when you're trying to hook it up to a Starlink, for example. Those are the internet satellites that Elon Musk sent over at the beginning of the war. Even so, Ukraine has had a lot of practice defending against these kinds of threats last winter. And I'm even told that soldiers on the front line have gotten really strong with security. They're using simple things like two-factor authentication and other more sophisticated techniques to prevent Russians from spying on them.
Ultimately, my conclusion here is that this is really one of the first truly digital wars, for better or worse. I keep hearing that the cyberdefense stories here in Ukraine could fill several books after the war, and that seems very likely.
SUMMERS: NPR's cybersecurity correspondent, Jenna McLaughlin, in Kyiv. Jenna, thanks for your reporting.
MCLAUGHLIN: Thank you. Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.