Ukraine: The way forward on security threats in elections

In today’s world, it is impossible to imagine the further European Integration of Ukraine without at least also considering the harmonization of its legislation to that of Europe. This includes the coordination of joint EU-Ukraine activities in the realm of cyber security. This was the topic of a panel on “Security Threats in Cyber space. Alarm and Operation” during the 11th Europe-Ukraine Forum, organized by the Institute for Eastern Studies, which was held on 12-13th of March 2018 in Rzeczow, Poland.

The panel emphasized that security cannot exist without a strong economy. However, building a strong economy in Ukraine is also strongly related to a robust Ukrainian democracy. Cyber security and Internet security are increasingly at the heart of that debate.

For some years, International IDEA has worked on the issue of ICT in elections. Most recently in December 2017, when International IDEA jointly with the Committee on Communications and Informatization of the Verkhovna Rada of Ukraine organized a Committee Hearing on "Principles of e-Governance in the electoral process”. This event built on long-standing IDEA work in the area of electoral technologies, including on open source technology in elections and certification of election technology. At the Verkhovna Rad, it showed that there is growing understanding among state authorities responsible for organizing elections, that cooperation with the private sector is increasingly important. This especially concerns the successful development and use of the latest election technologies, taking into the consideration the recent rise of cyber threats in Ukraine.

UKRAINIAN REALITY

Article 7 of the Ukrainian law "On the Basic Principles of Cyber security" states that the provision of cyber security in Ukraine is based on the principles of public-private interaction, broad cooperation with civil society in the field of cyber security and cyber defense. Such collaboration particularly concerns the exchange of information on incidents of cyber security, the implementation of joint scientific and research projects, training and professional development of personnel in this area. Currently, the Ukrainian Government is focusing its efforts on creating a vertical hierarchy to provide cyber security and responses to cyber threats based on situational centers for emergency responses.

PROBLEMS

However, much of a centralized system for countering cyber threats currently does not exist in Ukraine. This is due to the following problems:

1. The lack of a centralized system for responding to cyber threats (the Coordination Council under the National Security and Defense Council is not functioning as anticipated), and the role of the state is split over several stakeholders, such as the National Security and Defense Council, the State Security Service, State Service for Special Communications and Information Protection, and Cyber Police.

2. There are insufficient human resources available in general, as well as low professional capacities of those who are currently working on the topic of cyber security.

3. Old methods are used to address new problems. In addition, corruption is a wide-spread problem throughout. For instance software is being developed for state agencies, whereas similar material is already available through open access.

4. There is a general reluctance of state bodies to lose control and resources allocated to them for existing electronic systems (primarily electronic registries). As a result, Ukraine experiences de facto sabotage of the creation of a centralized system for counteracting cyber threats, with generally accepted standards of quality and control procedures.

5. The closed nature of many public authorities and the lack of mechanisms for working with private companies.

6. The failure by the state to effectively inform the public what they are doing in the field of cyber security.

THE ROLE OF THE STATE

Taking the current situation into the consideration, the relevant state authorities should consider the following:

1. To introduce transparent rules and procedures in the area of cyber security and quality control. This includes the definition of a key stakeholder responsible for creating a centralized system for countering cyber threats and providing it with all the necessary tools.

2. To amend the existing legislation that create unnecessary obstacles for public-private partnerships, and to encourage cooperation with relevant civil society and the private sector.

3. To create incentives for retaining and further developing a pool of cyber security professionals. Many such professionals are currently leaving Ukraine to seek employment elsewhere. Reviewing remuneration and the development potential for those who work for the respective state bodies is critically important.

4. At the moment, Ukraine is unfortunately a testing ground for developing new methods of cyber attacks, which can be used against other countries in the near future. Therefore, international cooperation is critically important for all the states within and beyond EU.