The Power of Resilience

What America can learn from our partners in Ukraine

In the late afternoon of December 23, 2015, residents in the Ivano-Frankivsk region of Western Ukraine were wrapping up their workdays and getting ready to head out into the frigid winter streets on their way to the warmth of their homes. But on this day, as one worker at the Prykarpattyaoblenergo control center was organizing his papers, he suddenly noticed that the cursor on his computer started moving quickly across the screen, completely on its own, manipulating the circuit breakers at a power substation in the region.

As he tried desperately to regain control of his computer, he was suddenly logged out. The attackers had changed his password, preventing him from logging in again.

The attackers didn’t stop there. At the same time, they struck two other power distribution centers, leaving more than 230,000 Ukrainians in the dark. They had not been ready for a cyberattack of this magnitude.

But in the days, months, and years that followed, Ukraine took concrete steps to build resilience into the fabric of the country. In 2016, Ukraine launched their National Cyber Strategy, and Ukrainian cybersecurity organizations continuously evolved to defend themselves from Russian campaigns.

Fast forward to 2022 and Ukraine would not be unprepared again. Prior to the expected Russian invasion, the private sector in Ukraine joined together with the government, as well international allies, to be ready.  

Groups like the Cyber Defense Assistance Consortium brought companies together “to help Ukraine cyber defenders secure networks, hunt for and expel malicious cyber intruders, improve attack surface monitoring, and provide cyber threat intelligence to protect critical infrastructure.”

This is resilience: Doing the work up front to prepare for a disruption, anticipating that it will in fact happen, and exercising not just for response but with a deliberate focus on continuity and recovery, improving the ability to operate in a degraded state and significantly reducing downtime when an incident occurs.

The courage and tenacity of the Ukrainian people in the years since 2015 and today exemplify what resilience looks like in practice, bravely demonstrating resilience every day.

The United States must follow suit and take a page out of Ukraine’s cyber playbook and build its resiliency now. This goes beyond cyber resilience and the capability to swiftly recover from an extensive barrage of cyber-attacks. It also involves strengthening fundamental operational resilience to withstand both cyber assaults and other forms of aggressive physical attacks. Ukraine has demonstrated an impressive ability to quickly respond to, and effectively restore its critical infrastructure, despite facing barbaric kinetic attacks. It is critical for the United States to take inspiration from Ukraine’s successes and proactively fortify its defenses and improve its response and recovery mechanisms. (1)

For the complete statement released by Easterly and Zhora, go to The Power of Resilience. 

Easterly and Zhora at Black Hat USA 2023

Jonathan Greig at The Record provided this recap of the cybersecurity leaders time on stage together at the conference:

“Speaking alongside Ukrainian cybersecurity chief Viktor Zhora at the Black Hat cybersecurity conference, Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly said Americans need to mirror Ukraine’s resilience in the face of an onslaught of damaging cyberattacks.

‘We know, given the state of networks today — the connectivity, the interdependence, the vulnerabilities that persist because technology is not secure by design — we are very likely to see attacks that cause great disruption, so [we are] learning from you about the resilience of cyber, operational resilience of cyber,’ Easterly said before turning to Zhora.

‘[Ukrainians] have demonstrated, in a shining example of unity, how to fight on to be able to achieve victory,’ Eastery said. ‘This is something Americans really need to stand firm on in the face of threats from adversary nations.’

Using the Colonial Pipeline incident and the alleged Chinese spy balloons as examples, Easterly went on to tell the crowd that she does not see the same level of resilience with Americans in terms of how the country responds to potential threats.

She said people ‘should anticipate threats, we should anticipate disruption’ while working to build resilience by identifying what’s most important, running exercises in advance and collaborating to make sure critical services can continue to be upheld in the face of disruptions.

Americans have to be unified in an effort to maintain not just cyber resilience but operational resilience and societal resilience, Easterly explained, adding that more people also have to take a longer-term view of what could affect the country over the next four to five years.

🛡️Given the continuing & unpredictable conflict in 🇺🇦Ukraine, a reminder to all our critical infrastructure partners to keep your SHIELDS UP. As the risk environment evolves, @CISAgov will continue to share timely, actionable guidance at https://t.co/noCFT0RlbG. pic.twitter.com/WyFbdRtamA

— Jen Easterly🛡️ (@CISAJen) September 28, 2022

Easterly touted the Shields Up campaign, saying it was integral in catalyzing a response from critical infrastructure operations and ‘raising the bar’ for cybersecurity across the country.

‘We have not seen significant attacks, although we’re very aware of planning for those attacks by the Russians, and part of that is deterrence by escalation and punishment, given the very serious concerns that [President Biden] articulated to President Putin. But I think part of that is also determined by denial and resilience. There was a huge effort to raise the bar on cybersecurity,’ she said. (2)

For Greig’s complete coverage of the event, go to CISA Director: US has lessons to learn about anticipating threats, disruption

https://oodaloop.com/archive/2022/03/22/the-cisa-shields-up-initiative/

https://oodaloop.com/archive/2023/07/18/the-ukrainian-national-cybersecurity-coordination-center-on-the-first-world-cyber-war/

https://oodaloop.com/archive/2023/03/09/what-executives-need-to-know-about-the-annual-threat-assessment-from-the-u-s-intelligence-community/

https://oodaloop.com/archive/2023/08/04/dr-bilyana-lilly-and-the-ooda-network-discuss-business-at-war-and-community-building-platform-innovation-for-a-weary-ukrainian-diaspora/

About the Author

Daniel Pereira

Daniel Pereira is research director at OODA. He is a foresight strategist, creative technologist, and an information communication technology (ICT) and digital media researcher with 20+ years of experience directing public/private partnerships and strategic innovation initiatives.