Dmytro Shymkiv, whose direct boss is Ukrainian President Petro Poroshenko, received one call after another as he was interviewed by the Kyiv Post on Nov. 13.
As deputy head of the Presidential Administration, his schedule is hectic. His responsibilities include coordinating, implementing and monitoring reform innovations, as well as e-governance. He also co-chairs the Executive Reforms Committee and is secretary of the National Reforms Council.
Before joining the government in 2014, Shymkiv was the general manager of Microsoft Ukraine. During that time, Microsoft’s Ukraine office was named one of the top-performing Microsoft subsidiaries worldwide.
This well-qualified 42-year-old Lviv native has another big task — perhaps the biggest: Help protect the nation, including the Presidential Administration, from cyber threats.
Cyber security is something he deals with constantly, and is at the top of his priority list.
“It’s ongoing, it’s all the time. It’s not that it is priority A or priority B,” Shymkiv said. “It’s constantly on my mind.”
Back in December, Poroshenko reported in a public statement that there have been 6,500 cyberattacks on 36 Ukrainian targets in a two-month period. Shymkiv didn’t have an updated figure to hand, but he emphasized that the cyberattack threat is “huge.”
Shymkiv is in close contact with the president. Depending on the project, he can meet with his boss either multiple times per day or once every two weeks.
Such access to the president is crucial for the man who oversees the administrations cyber security, especially in a country that is highly vulnerable to attacks.
“If I need to discuss something, I sign up for a meeting or I text the president directly,” Shymkiv said.
Ukraine is “in the process” of building immunity against cyber threats, he said.
But Ukraine, like the rest of the world, still has much to do. Retired U. S. General Keith B. Alexander, the longest-serving director of the U. S. National Security Agency, said during the Yalta European Strategy conference in September that most nations are not ready for the cyberattacks that could come their way.
Russia’s footprint
Shymkiv attributes 99 percent of the cyberattacks against Ukraine to Russia.
Ukraine experienced two major blackouts in December 2015 and December 2016, during which hundreds of thousands of Ukrainians were left without electricity for hours. Later, in 2017, Ukraine’s Odessa airport and Kyiv metro system came under cyber attack. Ukraine has since been attacked by the Petya, NotPetya and Bad Rabbit computer viruses, which inflicted various degrees of damage on Ukraine’s economy.
Even though it is difficult to address who is directly behind the attacks, because the attackers mask their internet protocol addresses, the signs point to Russia.
“I certainly believe as a politician that the attacks are being initiated and orchestrated by Russia,” Shymkiv said. “When you look at the cases, they definitely want to destroy Ukrainian independence. And if you look at the enemies of Ukrainian independence, in the majority of the cases you will see Russia.”
The attacks also have similar characteristics and often happen on historic dates or during significant events in Ukraine, such as holidays or during the government’s end-of-the-year budget preparations.
How to prepare
There are two effective ways to prepare against such attacks. General Alexander advises Ukraine to train IT students at university in cyber security so that they can become the future defenders of the government or private business.
Shymkiv agrees.
“The key concerns are about education, and the preparedness of the IT folks to defend the country or its institutions,” he said.
Currently, the National Security and Defense Council coordinates the country’s cybersecurity initiatives. In addition, the council will have a separate national cyber security center.
Back in 2015, the Education Ministry implemented special educational programs across universities to teach students about Internet communications.
Ukraine is also partnering with the United States, NATO and the European Union to jointly counter cyber threats. Ukraine’s U.S. collaborators include the Federal Bureau of Investigation, the Central Intelligence Agency, and the U. S. Department of Energy.
Shymkiv also personally works with 300–400 Ukrainian cybersecurity specialists.
And although many countries are still at the initial stage of learning how to deal with cyberattacks, Russia is not immune to the threat either.
“Russia is also vulnerable to a great extent,” Shymkiv said, adding that he supports the idea of Ukraine retaliating to Russia’s cyberattacks. “It is a weapon that should be used if necessary.”
But, despite the temptation, General Alexander said that nations have to be careful before going on the offensive themselves.
“If you use cyber weapons, that invites somebody else to attack,” he said.
Lack of personnel
All the same, Ukraine is unlikely to launch retaliatory cyber attacks, as it has a shortage of qualified experts who can execute them while at the same time defending Ukraine.
A lot of government bodies are struggling to find personnel who are both able and willing to do the job. As usual, it mostly comes down to money: the government can’t afford to pay those with the necessary cyber skills, and they are in high demand internationally.
“What is very critical in this job is remuneration,” Shymkiv said. “The market offers, I think, one thousand percent more than the government can offer.”
But the government is also short of money for even basic needs, such as licensed software and hardware for its various departments. The problem puts the whole nation at risk: when government employees use illegitimate software they cannot access vital security updates, which results in vulnerabilities.
When asked why the president’s administration had yet to tackle this problem, Shymkiv pointed to the Finance Ministry.
“We had a case where we tested some hardware and software but unfortunately, we didn’t have funding for it,” he said. The hardware would have cost Ukraine millions of hryvnias, he said.
Steps taken
Ukraine has made progress however in creating a cyber police unit that mainly tackles domestic cyber crimes. Ukraine has also created a unit in the Security Service of Ukraine that deals specifically with cyberattacks.
Further steps require basic education of Ukrainian citizens in what Shymkiv calls “cyber hygiene” since most Ukrainians still do not understand the risks.
“If you focus on a certain level of precautions, the risk rate will go down,” he said. “It’s not just a game of ‘let’s see if the government does something.’ It’s everybody’s job.”
