CISA boss says US alliance with Ukraine over past year is closer than Five Eyes
And maybe shore up that critical infrastructure some more, America
Black Hat The head of the US government's Cybersecurity and Infrastructure Security Agency (CISA) has extolled the ongoing relationship between America and Ukraine barely a year into a crucial security information sharing pact.
In a keynote at the Black Hat conference on Wednesday, Jen Easterly sat down with Ukraine's Victor Zhora, a man who conference founder Jeff Moss joked has the longest job title he's seen in a while – Chief Digital Transformation Officer at the State Service of Special Communications and Information Protection. It was a spirited discussion, and one that showed quite how much support the beleaguered state has been getting from Western powers to fight Russia's invasion of the sunflower nation.
"Having seen this for decades now you think about how closely we work with international partners and obviously the US has a very close relationship with our Five Eyes partners," she told the crowd.
CISA director Jen Easterly, right, and Ukraine cyber-chief Victor Zhora, center, with moderator and jouro Lily Hay Newman
"But I would say what we've been doing together over the past year now," the CISA director continued, referring to the US and Ukraine, "it's probably the closest we've worked – operationally speaking – with any foreign partner in terms of how we're thinking about sharing information with our computer emergency response team and enriched with what we're both getting from the private sector and other national partners."
I would say what [the US and Ukraine] have been doing together over the past year now, it's probably the closest we've worked – operationally speaking – with any foreign partner...
That's perhaps surprising to hear for some, though remember that Ukraine is deep in actual war, and the Five Eyes nations – a tight alliance of the United States, the United Kingdom, Canada, Australia and New Zealand – are not.
Easterly said that almost exactly a year ago the US and Ukraine signed a memorandum of understanding to share threat intelligence information to try to help ameliorate the online assaults against the invaded country.
The result was a "really extraordinary" volume of threat data and training dating back to 2014 that has been declassified and shared with Ukraine to help it deal with IT intrusions and disruptions, according to both speakers.
Easterly said the United States had learned as much from Ukraine in terms of dealing with an active cyberwar as Ukraine had learned from America. Zhora said the ability to learn from and train with US and EU infosecurity professionals had been crucial in protecting core systems and ensuring that Ukrainian citizens could live a normal-enough existence without losing the technology that makes civil life function. It has also shown how private companies can work effectively with governments to augment online defenses.
In an interview with The Register ahead of the talk, Zhora explained the full details of the digital onslaught Ukraine has faced. In the keynote he said that, despite all the cruise missiles and artillery strikes Russia has launched against the country, life goes on thanks to defending where you can, particularly online.
"We are doing this for people who, despite all the circumstances and challenges, can live their normal life despite cyber threats or power shortages, curfews or shortages, they can live a normal life and even develop the economy," he told the conference.
Easterly pointed out that this experience with Ukraine has been invaluable in preparing for a potential cyber conflict with other nations. She said that if China invaded Taiwan and the US aids the defense of that democracy, analysts predict the Middle Kingdom would "almost certainly" come hunting for US critical systems online – and America better be prepared for that. More so than it is now.
- Ukraine's Victor Zhora: Russia's cyber 'war crimes' will continue after ground invasion ends
- Russian military satellite comms provider offline after hack
- Five Eyes nations detail dirty dozen most exploited vulnerabilities
- It's that time of the year again: The trinity of infosec conferences
"When you look at some of the reactions to the attack on the Colonial Pipeline, when you look at some of the reactions to the high-altitude balloon, I don't see that level of resilience in terms of how we respond to potential threats," she opined.
The answer is planning ahead, running exercises and gaining the buy-in from the commercial sector to work on protecting core structures.
It's the democracy, stupid
Towards the end of the session, moderated by veteran journalist Lily Hay Newman, the thorny subject of elections came up. With America facing a presidential election next year, Easterly noted CISA has made huge efforts since 2017 to ensure elections are free, fair, and unhacked. The results have been good so far, she argued.
"The US government doesn't run elections, we don't administer, we don't manage, it's our mission to provide the support to state and local officials that they need to ensure the security, the safety, and the resilience of elections," she commented.
"Frankly it's been a sea change in terms of how we work together with state and local election officals and we are talking to them on a regular basis to ensure their cyber capabilities but also their protection from physical threats, insider threats, from serious disinformation and foreign influence. We've seen that from Russia, from China, we've seen it from Iran.
"When I was in uniform people used to say 'Thank you for your service.' Well, when you go out to vote thank election officials for their service because they are there, some of them volunteers, and some of them making very little money, but they're doing it because it's the right thing."
Zhora, who has done a lot of work securing against election hacking in his home country since 2004, agreed.
"Elections are the core and baseline for society to proceed," he asserted. "It's a very difficult task. We should be united and train all people involved in the election process, even politicians. We will always face technical issues but we should do everything to avoid the freezing of trust in an election. We will succeed." ®