Written by Bradley Fowler, MA, MS, MPP, MMIS
Now that Russia has deployed an official attack against Ukraine and invaded their territory; increased security must be launched to counter the attack. First strategy is always to protect citizens’; technology is second. Not only does the public sector need to deploy effective security mitigation strategies, so does the private sector. The combined reliance on technology between public and private sector is essential to the economic stability of the country. Thus, it is time to assess threats and vulnerabilities that were not effectively secured and/or managed prior to this attack. Cybersecurity policy helps a government strategy and implement mitigation and risk management that reduces potential vulnerabilities and deter successful attacks. In this case, Ukraine is faced with reliance on its current cybersecurity infrastructure, effective or not. Thus, defense strategies currently in place need to be effective to thwart cyber-attacks, cyber-warfare, cyber-bullying, cyber sabotage, cyber-stalking, cyber-crime, and cyber-terrorism.
In addition, Ukraine must assess how to defend against cyber-attacks deployed against their computer information systems, business systems, health systems, academic systems; hardware, software, artificial intelligence, geospatial-i.e., GPS, Internet of Things, cloud computing architect, and robotics. These systems are all vulnerable for exploitation and can impact the ability to prevent one form of cyber-attack from becoming a domino effect and impacting all other systems. Therefore, Ukraine must consider humbling itself and building a stronger alliance with the world, to gain their support in helping pull off the dogs.
Enacting a well-conveyed cybersecurity public policy that defines key steps and strategies to deter successful attacks, will be an essential step in building a stronger security posture against the evil efforts deployed by Russia. Luckily, Ukraine has public ‘access’ knowledge of Russia’s weak cybersecurity personnel infrastructure. Furthermore, Ukraine also has public ‘access’ knowledge that “Russia’s technological achievements are likely to be limited in select areas due to political corruption and a lack of human capital, monetary capital and innovation” (NATO.int, 2021). Thus, Ukraine can improve its defense against successful cyber-attacks, by adopting cybersecurity public policy plans, strategies, and infrastructure. Otherwise, the country will erode, and technology defenses will not be enough to save it.
The United States, NATO, EU, and UN have partnered in developing cybersecurity defense strategies and policy, countries are adopting and weaving into their cybersecurity public policy infrastructure. In fact, while many countries are limited as Russia and Ukraine are in defending against cyber-attacks, cyber-warfare, cyber-bullying, cyber-sabotage, cyber-stalking, cyber-crime, and cyber-terrorism. Relying on effective cybersecurity research to collect intelligence that effectively enables Ukraine and countries alike, to improve cybersecurity public policy value and significance, is a step forward is protecting both public and private sector, Ukrainians from victimization.
One recommended methodology to increase public and private sector education and training in cybersecurity public policy, is adopting and aligning all Ukraine cybersecurity public policy with the recommendations and guidelines developed by the National Institute of Standards and Technology-i.e., NIST. The introduction of NIST Special Publications under the 800 series are essential to effectively secure information technology assets, networks, and systems. Utilizing these policy recommendations and guidelines will help increase security posture and deter unauthorized access to information systems hosting Ukrainian’s sensitive data. It’s also crucial, Ukraine adopt the NICE Framework to increase cybersecurity training and education for both public and private sector. NIST Special Publication 800-181, (NICE) National Initiative for Cybersecurity Education in the Workforce Framework, encompasses government cybersecurity public policy, including the National Cyber Strategy, to define a strategy public and private sector can model to effectively implement and enforce cybersecurity policy in the workplace.
Enacted by the “Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. §3553 et seq., Public Law (P.L.) 113-283” (National Institute of Standards and Technology, 2017, p. 3). The NICE Framework can be a step ahead in the game of cybersecurity defense, if applied effectively. After all, there is no one step approach to securing information systems, hardware, software, business systems, health systems, academic systems; hardware, software, artificial intelligence, geospatial-i.e., GPS, Internet of Things, cloud computing architect, or robotics. Thus, Ukraine must take action that will secure its computer information systems, both public and private, and align the cybersecurity posture of these assets with strategic planning efficacy. Doing so will help thwart any intentional attack deployed against each one of these vital information development, storage, and transmission systems. Most importantly, Ukraine needs to invest in research database personnel, who can comb through the unlimited “known” cybersecurity defense public policies, openly, available for public usage without cost. Successful methods of improving Ukraine’s cybersecurity public policy defense.
Regional Perspective Report on Russia. 2021. NATO.int. https://www.act.nato.int/application/files/9816/1350/4281/regional-perspectives-2021-01.pdf
National Institute of Standards and Technology (2017, August). National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. Retrieved from: https://csrc.nist.gov/publications/detail/sp/800-181/final