Defending Ukraine: SecTor session probes a complex cyber war

It was a quick, but for a packed room of delegates attending a SecTor 2022 session in Toronto, an eye-opening 20-minute tutorial that explored the litany of Russian cyberattacks in Ukraine and what has been done to prevent them since the war broke out on Feb. 23.

The presentation on Wednesday from John Hewie, national security officer with Microsoft Canada, centred on a report issued in late June entitled Defending Ukraine: Early Lessons from the Cyber War, that was covered in IT World Canada the day it was released.

In a foreword to it, Brad Smith, president and vice chair at Microsoft, wrote that the invasion “relies in part on a cyber strategy that includes at least three distinct and sometimes coordinated efforts – destructive cyberattacks within Ukraine, network penetration and espionage outside Ukraine, and cyber influence operating targeting people around the world.

“When countries send code into battle, their weapons move at the speed of light. The internet’s global pathways mean that cyber activities erase much of the longstanding protection provided by borders, walls and oceans. And the internet itself, unlike land, sea and the air, is a human creation that relies on a combination of public and private-sector ownership, operation and protection.”

As Hewie pointed out to security professionals attending the conference, the feeling within Microsoft was that the cyber warfare and the attacks that were going on were being vastly underreported, “which is why we invested in the work that I am sharing with you today.”

He said that when the war began, there were cyberattacks on upwards of 200 different systems in the Ukraine: “We initially saw the targeting of government agencies in those early days, as well as the financial sector and IT sector.”

Prior to the invasion, added Hewie, Microsoft security professionals had already established a line of communication with senior officials in government and other sectors, and threat intelligence was shared back and forth.

“And then as the war went on, we saw continued expansion of those attacks in the critical infrastructure space – nuclear, for example – and continuing in the IT sector. When the…