A Webinar Featuring Illia Vitiuk
Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SSU)
On 20 April 2023, Billington CyberSecurity hosted a webinar where Founder and CEO Tom Billington interviewed Illia Vitiuk, Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SSU). Vitiuk discussed Ukraine’s cyber response in the wake of the Russian invasion in February 2022, lessons learned from years countering Russian cyber aggression targeting his country, the role of international assistance, and things to consider moving forward as Ukraine addresses future Russian cyber actions.
Ukraine’s SSU serves as the country’s primary law enforcement and counterintelligence authority (think, a combination of the FBI and the Defense Counterintelligence and Security Agency, formerly known as DSS). It is primarily led by military intelligence officers trained in counterintelligence fields including human espionage, technical investigations, and counter psychological warfare. Illia’s rise to leading the organization’s counter cyber unit, included years of learning, and leading a variety of SSU mission areas, and a stint as the unit’s deputy, before taking charge in November 2021, just months before the Russian invasion.
Mr. Vitiuk highlighted that there were numerous factors that prepared Ukraine for Russia’s initial cyber actions leading up to and at the start of its invasion. He pointed to the fact that his organization had been investigating Russian cyber aggression since at least 2014 when the Russian army first crossed into Ukrainian territory annexing the Crimean Peninsula. What followed was a full suite of aggressive Russian cyber actions to include the supply chain attack, Notpetya (considered to be the most financially damaging cyberattack worldwide to date), two directed attacks against Ukrainian energy systems in 2015 and 2016, attacks against their democratic elections, and a constant stream of pro-Russian, anti-Ukrainian and anti-Western propaganda orchestrated by Moscow-backed troll farms. Enduring and learning from these attacks—all which Vitiuk emphasized were efforts directed by Russia’s special services—provided an advanced knowledge of how Russian offensive cyber works, and a focused collective Ukrainian effort to create smarter resilience and mitigation plans.
Mr. Vitiuk dug deeper into the lessons learned from these systemic attacks. For one, the attacks pushed a stronger working relationship between his government and Ukraine’s private and infrastructure communities. Attacks against the power companies, led to a better understanding of how to leverage sensors placed at key nodes within critical infrastructure sectors, increased communication, data sharing, and collaboration among all the players, sped up the discovery process in other critical infrastructure sectors such as Ukraine’s banks, and pushed the country to seek new cyber learning environments not only for its technical community but for Ukraine citizens overall. The constant attacks also forced the government to rethink backup and contingency plans for its key energy, data and services areas, find and build new partnerships with international partners—both public and private—and to plan for and deliver new types of digital services to its citizens; all of which designed to reduce not only cyber security risks but also corruption, another form of threat that could be leveraged by Russian aggression.
Despite the incredible efforts to prepare for increased Russian cyber aggression, 2022 and early 2023, especially in the weeks leading up to and the weeks following the Russian military invasion were stressful for Vitiuk and his cyber defenders. While much of Russia’s cyberattacks were detected and thwarted, there were a lot of them. Vitiuk highlighted that in 2022, Ukraine experienced 4500 Russian cyberattacks, three and a half times the numbers experienced in 2021. The attacks included the full range of Russian intelligence efforts to include psychological attacks, use of recruited humans, and a range of new wipers designed to destroy key data centers and create fear. The Russians were also able to successfully attack Viasat, a key satellite communication system used by Ukraine’s military services in the lead up to the invasion. Ultimately, Viasat had to replace over 45000 modems that had been made useless by Russia’s successful attack.
Vitiuk highlighted several changes to Russian cyber tactics since the invasion began. He emphasized the growing role of cyber hacktivists being leveraged to target not only Ukraine, but those supporting them since February of last year. He was quick to point out that these “hacktivists” were mere fronts for Russian services and that 95% of them were being directed by the Russian government. He also pointed to a shift in Russian cyber operations becoming more focused on intelligence collection now that the war lingered longer than original projections. He did point out that the Russians remained focused on leveraging a combination of kinetic and cyber-attacks directed at Ukraine’s energy sector.
Vitiuk praised the role of foreign assistance coming from both governments and the private sector. He highlighted the role of US Cyber Command who had been instrumental in working with his unit to identify key critical infrastructure nodes, conduct initial cyber vulnerability assessments, and work to shore up these nodes’ security in preparation for increased Russian aggression during the Winter months. He mentioned that numerous US companies offered both their products and services free of charge both to help develop better cyber defenses and assess ongoing cyber-attacks. He also emphasized the role of financial donations and how this has helped to procure numerous improvements in their defense effort.
Another important aspect of Ukraine’s cyber defense has been the emergence of a counter cyber army which Vitiuk was quick to point out was voluntary, driven by Ukraine’s IT professionals wanting to help defend their country, and a small Ukrainian cybercriminal element volunteering as well. The volunteer effort has succeeded due to an ongoing successful coordination and engagement effort, mutually benefiting from intelligence obtained and shared by both sides and focused on supplemental efforts to distract, deter, and embarrass the Russian government. Beyond the volunteer army, Vitiuk was also quick to point out that Ukraine’s general population has been hugely influential in the counter Russian efforts augmented by Ukrainian government technology that provides them with a way to share intelligence quickly.
Overall, this fascinating conversation provided some unique insights into the underlying cyber parts of the conflict and some useful things to consider about how the US could leverage this knowledge to shore up our own defenses.