People who are under the fire of missiles or artillery every day, suffering from man-made disasters, personal tragedies, do not think that the attacks on our country and them in cyberspace are no less intense than in the physical world. But this is true, and we should be as careful about protecting our digital borders as we are about protecting our physical borders.

The fact that the digital infrastructure of the state is working and that the citizens receive all necessary services is an important virtue of those who ensure the cyber security of the country every day. However, the work of experts who help provide protection only at the level of central government authorities is not enough. Local authorities are among the leaders in the number of cyber attacks carried out by Russian hackers, and unfortunately there are many questions in the field regarding cyber protection.

As some cyberattacks aim to create chaos or a tense atmosphere within the country, this affects infrastructure, citizens’ safety and morale.

As the State Special Service, we regularly remind ourselves that the security of our country in cyberspace is the duty of every Ukrainian. From the first people of the state to make the highest level of strategic decisions on threats and countermeasures, to every citizen who needs to know and apply the cyber hygiene rules like the back of his hand. We are only as weak as our weakest link. We hear this truth at many cybersecurity conferences and meetings, but it’s not important to just talk about it. It is important that every Ukrainian realizes this and sees his role in it.

Ukraine is one of the few countries in the world where rules for interaction of various state bodies and structures are established at the state level to ensure cyber protection. This is the organizational and technical model of cyber protection.

The model defines the task of providing cyber protection to every citizen from the president to every citizen. The President and the National Security Council determine the cyber security strategy, the central executive bodies create the state policy in their own sectors, the organizations implement it in the field, the citizens follow the cyber hygiene rules and do not neglect to inform them about the threats. At the same time, an object-level system of units should be established that will constantly communicate, exchange information at the horizontal level, and actually create a collective cyber defense system.

The role of Government Private Communications in this model is one of the key ones as we are responsible for cyber protection in our country. We carry out tasks related to the creation of a regulatory environment, the development of the technological infrastructure of cyber protection, personnel potential and international cooperation. These are the four whales that support the provision of government-to-citizen services and the operation of critical infrastructure, as the first cyber warfare continues within the framework of an all-out war against our country.

Our resources are not sufficient to physically protect every organization in the country. In all countries of the world, the owners of objects are responsible for the implementation of cyber protection requirements: authorities, operators of critical infrastructures, etc. Therefore, in addition to the central level, each country needs to develop its expertise in the field of cyber defense. Therefore, we are not alone in strengthening our cyber resilience at the local level.

Today, we actively cooperate with international partners on the sharing of knowledge and experience, and we try to disseminate the acquired knowledge among the experts of our country through trainings, hackathons, trainings, study meetings.

In April, we held the first CIREX training for energy sector experts, who are always among the most interesting targets of Russian hackers. Now the State Special Communications Service, with the support of the EU-funded EU4DigitalUA project “CIREX. CYBER. Ransomware for the development of personnel potential in the field of cyber protection in the regions”. Representatives of local self-government bodies, regional military (state) administrations and regional units of the State Special Forces responsible for cyber protection and ensuring the state of cybersecurity can participate in the training.

This is a unique opportunity for those who want to be useful to the country and deepen their knowledge, I am not afraid of this word. And we would really like it to be used by as many people as possible. We must emerge victorious from this war, especially in cyberspace. And it is impossible to do this without a reliable cybernetic in the regions.

Oleksandr Potii, Deputy Head of the State Special Communications Service

* The author’s perspective may not coincide with the agency’s position.