Ukraine’s 2019 Elections: Preparing for More Russian Cyberattacks

BY NIKOLAS KOZLOFF

If history is any indication, Ukraine can expect further Russian cyber interference ahead of the upcoming March 2019 presidential election. What is the state of Kyiv’s cyber-defense capabilities, and how committed is the Western alliance to shoring up Ukraine? To get a better grasp on such matters, I recently attended the Yalta European Strategy (YES) conference in Kyiv, a high-level meeting that brings together experts, politicians, and Western defense hawks intent on countering Moscow’s aggressive posture in the wider region.

My interest was particularly piqued by the presence of a number of Estonians who have a long experience with Russian destabilization and cyberattacks. Indeed, it was Russian interference in Estonian affairs that caused that small Baltic country to develop well-regarded cyber defenses of its own. In 2007, hackers hit Estonia’s parliament, media, banks, and internet providers. Cyber experts traced the attacks back to Moscow, which had become incensed at Tallinn’s removal of a Red Army statue from the center of the city. If Russia thought such interference would deter Estonia, however, the exact opposite proved true: the Baltic nation resiliently bounced back, promoting its own IT industry.

Today Estonia boasts the most technologically advanced governmental system on Earth. Citizens have their own “digital identities,” which allows online voting and online filing of tax returns. Perhaps even more important, Estonia has become a hub for cyber-defense technology, and Tallinn boasts its own NATO-funded research center, which brings together cybersecurity experts from across the globe. In addition, Estonia sports its own “cyber-army” which falls under the purview of the nation’s armed reserves. “The memory of 2007,” notes the BBC, “is a good recruiting sergeant. The attacks have stuck in the national consciousness by proving to Estonians the importance of cybersecurity.”

Baltic Perspective

To gain further insight into the Estonian cybersecurity industry and its connection to Ukraine, I caught up with Oliver Väärtnõu, CEO of Cybernetica, a company that has recently signed IT contracts with Ukraine’s civilian government. The projects provide for the digital sharing of information between different government databases or entities, which in turn allows cities to allocate services more efficiently. Speaking to me at a local Kyiv hotel hosting YES participants, the young Väärtnõu explained that many countries had learned from Estonia’s embattled cyber experience with Russia, and that to this day “a lot of nations get advice from us on how to protect institutions and how to mitigate cyberattacks in case something happens.”

Gert Ansu, Estonia’s ambassador to Ukraine, knows all about Russian interference. Speaking to me at the YES conference, the diplomat explained that he had graduated from high school just as Estonia achieved independence from the Soviet Union, and as a result, “like so many other people, [I felt] doing something for the country was a no-brainer.” Ansu remarked that Estonia had held cybersecurity talks with Ukraine earlier this year. The sessions involved training Ukrainians in Estonia and examining which specific Ukrainian institutions were most vulnerable to cyberattack.

Yet another YES participant, Marko Mihkelson, outlined Estonia’s relationship to Ukraine. Mihkelson, who is the Estonian parliament’s chairman of foreign affairs, noted that Tallinn is one of the largest donors of foreign development aid to Ukraine, with the Baltic nation making particular contributions in the arena of e-governance systems and helping to put together a viable cyber-defense strategy.

Cyberwar “Blitzkrieg” against Ukraine

Why has the issue of cyberwar jumped to the top of the agenda at YES? In light of its history, it’s no coincidence that Ukraine is hosting high-level Estonians. In December 2015, a cyberattack crippled Ukraine’s power grid, temporarily depriving some areas in the country’s west of electricity. A year later, hackers struck an electrical transmission station north of Kyiv, causing a temporary blackout of part of the Ukrainian capital. Both attacks are widely believed to have originated with Russia.

Another digital attack hit Ukraine in June 2017 in the form of the NotPetya virus, which took down government agencies, businesses, the national bank, the state power company, and largest airport, while simultaneously disabling ATMs and crippling hospital systems. Both the U.S. and UK governments attributed the NotPetya attack to the Russian military. And just this year, Russia is believed to have been behind a campaign called VPNFilter that infected routers and storage devices around the world, perhaps as a prelude to another cyberattack on Ukraine.

Current State of Cyber Defense

There’s some indication, however, that Ukraine is getting better at defending itself, thanks in part to foreign assistance. In the wake of the 2015 attack on Ukraine’s power grid, the FBI and the U.S. Department of Homeland Security assisted Ukraine in its investigation of the hack. CEO Väärtnõu told me, “I know the hack of Ukraine’s electrical grid has provided a valuable case study for NATO as the alliance analyzes how systems can be manipulated.”

What’s more, U.S. authorities reportedly broke up the VPNFilter attack before it could spread to Ukraine, with the FBI seizing an internet domain that a Russian hacking group may have used to control infected devices. Meanwhile, NATO is reportedly taking cyberattacks much more seriously: in 2016 the alliance recognized cyber as an official “domain of operations.” Impressed by cyber assistance from the United States, the UK, and NATO, Ukrainian officials now say they are better equipped to handle such emergencies.

Vasyl Filipchuk, a former diplomat and senior adviser at the Kyiv think tank International Center for Policy Studies, seems confident that Ukraine has weathered the storm. Speaking to me at YES, he remarked, “Experts are confident that we have one of the best cyber security defense systems in the world. We have neutralized Yandex and Kaspersky, so I think Russia would find it quite hard to intervene now. We have well-trained intelligence services and Western assistance, so as far as cyber is concerned, I doubt hackers can do anything detrimental.” Despite such sentiments, experts warn against complacency since sophisticated Russian “spearphishing” attacks are still difficult to repel. 

The Cyber Dimension of Ukraine’s 2019 Elections

Just how safe is the upcoming Ukrainian presidential election from an outside cyberattack? It’s a valid question to ask in light of what happened during the 2014 earlier presidential election. Four days prior to the vote, hackers infiltrated computers at the Central Election Commission (CEC) and destroyed files necessary for vote tabulation. Authorities claimed to have repaired the system, but on the day of the vote, websites sending vote counts to the commission were hit with a denial-of-service attack. Later, officials revealed that on the night votes were tabulated, experts uncovered malware on CEC computers that incorrectly declared the far-right leader Dmytro Yarosh the winner. Though the government removed the malware, a Russian news outlet reported the false results. Not surprisingly, there are suspicions that Russia itself was behind the hack.

Since the 2014 hack, observers claim, the situation has improved. “We vote on paper ballots,” Filipchuk told me, “so Russia can’t interfere. All ballots will be counted manually at the Central Electoral Council, so there’s nothing to hack.” After people vote using paper ballots, the votes are tallied in district centers and the count is transmitted electronically. That doesn’t mean, however, that the system is risk-free. Indeed, the CEC is short of the funds necessary to secure election infrastructure from attack. Meanwhile, the network itself could be compromised through infected files or flash drives. Poroshenko has said that Ukraine has beefed up cyber cooperation with its international partners in advance of next year’s election, though the president has little doubt that Moscow will try to interfere by launching further cyberattacks to disrupt the contest. Far from receding, cyber interference looms as a constant fixture of geopolitical conflict in this part of the world.