Ukraine slides closer to NATO with buckets of experience fending off Moscow's cyberattacks

Ukraine has taken another step toward deepening its ties to NATO by signing an agreement to formalize its participation in the security alliance's Joint Center for Advanced Technologies in Cyber Defense (CCDCOE).  

The CCDCOE functions as a cyber-defense knowledge hub, research institution, and training and exercise facility that assists members with technology, threat-sharing and policy expertise. CCDCOE membership is not limited to NATO nations.

Ukraine submitted its application to join the Estonia-based center in August 2021. Last April, the 27 sponsoring nations in the steering committee unanimously endorsed Ukraine as a contributing participant in the CCDCOE — thus giving the other member state's access to Ukraine's "valuable first-hand knowledge of several adversaries".

That language was a nod to both the cyberwarfare tactics Russia employed ahead of and during its illegal invasion of Ukraine, and Moscow's earlier attacks against Ukraine's power grids and other digital targets.

The newer technical agreement, which must be signed by all of the center's member countries, would formalize Ukraine's participation in the cyber-defense group.

"During the past year, we already actively cooperated with the United Center of Advanced Technologies for Cyber Defense of NATO," Ukraine's Yuriy Shchygol, head of state special forces, said in a statement.

Indeed, Shchygol's country has been ground zero for countering Russian cyberattacks. The Computer Emergency Response Team of Ukraine (CERT-UA) tracked 2,100 incidents and cyberattacks last year alone, and more than 1,500 of those occurred after Russia's full-scale military invasion in February.

The CCDCOE director and its international relations chief visited Ukraine in November 2022 to discuss its experience countering Russian cyberattacks. "I hope that our cooperation will only strengthen this year," Shchygol added.

The Register asked the center's Baltic member states for comment and did not immediately receive any response.

• Ukraine secures 10k more Starlink receivers with EU help
• Microsoft: (Cyber) winter is coming as DDoS attack disrupts Russian bank
• 'Russian missiles can't destroy the cloud': Ukraine leader describes emergency migration
• What keeps this FBI director up at night? China's AI work, for one

Tom Kellermann, senior VP of cyber strategy at software vendor Contrast Security, who has also held cyber posts in the US government, called the move "momentous." For one thing, Ukraine can use the center to share what it's learned from weathering cyberattacks from the Kremlin.

"Ukraine has been under siege by coordinated destructive Russian cyberattacks since January 13, 2022. This will greatly enhance NATO's situational awareness per the campaigns of the elite Russian APT groups, thus allowing NATO to harden critical infrastructures from burgeoning Russian cyber campaigns," he told The Register.

It also signifies a "dramatic shift" in both the US and NATO's doctrine related to offensive cyber-campaigns intended to disrupt Russian attacks, Kellermann added. 

"Since 2013 when General Gerasimov gave his famous speech on hybrid warfare and the utility of cyber-attacks, Russia has been attacking Ukraine and NATO members with relative impunity from a collective cyber-response," he said. "Now Russia will have to play defense." ®