In an effort to examine the cybersecurity challenges that Ukraine faces as it prepares for presidential and parliamentary elections next year, the Transatlantic Task Force on Elections and Civil Society in Ukraine held a videoconference roundtable on November 30th devoted to the topic, linking experts and government officials in Kyiv, Brussels and Washington.
Jonathan Katz (German Marshall Fund) and Orest Deychakiwsky (U.S.-Ukraine Foundation), co-chairs of the Friends of Ukraine Network (FOUN) Democracy and Civil Society Task Force, opened the discussion with remarks about the seriousness of cybersecurity threats that Ukraine faces as part of Russia’s hybrid war against Ukraine, and the recent attack on and seizure of Ukrainian ships and sailors by Russia in the Black Sea when they tried to transit through the Kerch Strait and enter the Sea of Azov.
As noted by Jonathan Katz, the transatlantic task force “is focused on the upcoming Ukrainian presidential and parliamentary elections in 2019 as well as Kyiv’s ongoing reform efforts, including efforts to combat corruption and support for civil society. One of the primary goals of the task force …is to strengthen transatlantic security and economic cooperation with Ukraine and to cooperatively address ongoing Russian aggression.”
He added that “Russia’s attack on Ukrainian naval vessels… was not only a serious military provocation that has been condemned by leaders internationally but also a renewed violation of Ukraine’s sovereignty and international law. It also impacts the security of the United States, the European Union and NATO, including those members states in the Black Sea concerned about increased Russian aggression close to their shores.”
There is a great deal of support for Ukraine in Washington at this moment, said Jonathan Katz, and it’s important that the temporary martial law declared by the Ukrainian government not negatively impact the elections: “What is the role of civil society in responding to Russian aggression and its role in ensuring that Ukraine’s elections move forward unfettered in 2019? …There is a delicate balance between ensuring security and ensuring democracy.”
In his remarks at the German Marshall Fund venue, Orest Deychakiwsky said that It’s important to recognize that martial law was approved by a legitimate, democratically elected parliament but stressed that “the Ukrainian government needs to respond to Russia’s flagrant aggression in a way that preserves the rights and freedoms of its citizens” and he welcomed “assurances that constitutional rights will not be breached.”
Orest Deychakiwsky also stated: “It is appropriate and even incumbent upon civil society to monitor martial law’s impact on civil society. And we can’t forget that any real attacks on civil society would only play into Putin’s hands… I hope that during the election campaign… candidates and the political class try and refrain from the politicization of national security issues to the extent possible… Russia and its cronies in Ukraine will try to exploit differences, including through malign cyber activity.” He emphasized that it is Russia “that poses the existential threat to Ukraine” and that a successful election will be one that not only reduces vulnerabilities to cyberattacks and disinformation but one that is also free, fair open and transparent. “Given Russia’s latest act aggression an election that meets international democratic standards is arguably now more important than ever,” he said.
The moderator of the event in Kyiv was Olena Prokopenko, Head of International Relations for the Reanimation Package of Reforms, which unites some 80 NGOs and is a co-founder of the transatlantic task force.
Regarding the impact of the adoption of martial law in 10 oblasts across Ukraine, she explained that this will result in the postponement of local elections in some 50 amalgamated communities which were scheduled for December 23 and that the procedures for rescheduling them are not clear. But presidential elections are still set to take place on March 31st as planned.
Olena Prokopenko said: “We will be closely following the enforcement of martial law in Ukraine and will report on any restrictions that civil society believes to be unjustified or ill-grounded. We would also request our international partners to monitor developments in this regard and to react to any potential abuses of civil rights and liberties in the 10 respective regions of Ukraine.”
Next, Tetiana Slipachuk, the new Head of the Central Election Committee (CEC) of Ukraine, was scheduled to speak but was unable to attend the discussion.
However, Thomas Chanussot, Global Technology and Cybersecurity Advisor to the International Foundation for Electoral Systems (IFES) described improvements in election systems technologies and training for CEC and other election stakeholders in Ukraine with the participation of international experts. Commenting on IFES collaboration with the CEC he said: “I think the CEC now is in a much better situation than it was only a few months ago. There are a lot of actions and activities that are starting that are going to greatly reinforce their capacity to absorb the [cyber] threats.”
Referring to previous cyberattacks Thomas Chanussot said: “We need to learn the lessons from previous [election] attacks from 2014, in particular. There are lots of things that are being mitigated now. But these attacks will happen again… It’s not only about gearing up the equipment… It’s also planning all these things carefully. The [CEC] website is going to be more protected, but it is going to be attacked again… What if it falls, what are the contingency plans? How do you communicate with the public if your website is down? Do you use other channels, do you use Facebook, Twitter, other news outlets? You need to plan for the worst. Even if you try to improve your defenses it might not be enough.”
In terms of cyber awareness there cannot be enough training with the public, with the stakeholders, with everybody, about what are the dangers online, how it will affect democracy, he noted. Thomas Chanussot of IFES went on to describe the joint exercise they conducted with commissioners and representatives of the communications, IT and operations departments of the CEC: “The idea of the simulation is to basically simulate an election day and inject cybersecurity events. They could be really simple tweets from a political party or… cyberattack on critical infrastructure. The idea is to look at the group dynamics, look at how the communication happens, look at the communication plan, look at the disaster recovery plan and make sure that everybody knows his role.”
Mr. Chanussot explained that the goal this time was not to simulate an attack on the technology: “Here we really wanted to work on the group dynamics, on the communication plan, and to make sure that everybody understands the role and the impact that an attack has basically on everybody’s job. And I think it was an interesting exercise just to understand, what we mentioned, the importance of the communication plan that is understood by everybody. It’s not enough to have the IT department respond to an incident… The Commission needs to communicate on it to the public. That is the message that we wanted everybody to understand.”
The next presenter was Olha Aivazovska, Chair of the Board of the Civil Network Opora, a leading NGO for public oversight and advocacy in the field of elections and democratic governance. Besides expected attacks on the CEC’s website and databases Ms. Aivazovska warns that the online accounts of journalists, civil society and candidates will be under attack. Therefore, there needs to be an effort to strengthen the personal online security culture in Ukraine. “Private security or security of political stakeholders [on the one hand] and institutions [like the CEC on the other], which will be managing the campaign, are on the same level” of importance, she stressed. This can include such straightforward measures as individuals in Ukraine not using the Russian mail.ru email service provider. And it’s important not just to focus on Kyiv, because many of the vulnerabilities to hacking are in the regions.
Olha Aivazovska emphasizes that one of the biggest risks in the upcoming Ukrainian elections is that information from the email accounts of candidates, their campaigns or other stakeholders will be hacked, manipulated and disseminated in the media—not unlike what occurred in the 2016 U.S. election. “I think that we do not have enough skills or… experience [regarding] how to protect people’s minds… against propaganda or disinformation or how to develop critical thinking,” she said, alluding to the issue of consumer media literacy.
Another challenge for election monitoring organizations like Opora involves advertising algorithms in online platforms. Olha Aivazovska says that the upcoming campaign in Ukraine will feature the highest level ever of political advertising in social media. It’s very difficult to monitor the content and distribution of this advertising because the messages are visible only to those who are targeted and not readily available in the public domain. Ukraine would benefit greatly from Western help in monitoring and analyzing election-related messages and their distribution in social media to better understand and respond to this new form of “electoral engineering” she said, adding that having a Facebook office in Kyiv would also be helpful.
As for the work of the Central Election Commission, Olha Aivazovska said that the hacking incidents of 2014 were never transparently prosecuted and this undermines the credibility of the elections process. Ms. Aivazovska was critical of what she described as the initial lack of openness of the new slate of CEC commissioners (appointed in September 2018) but that the situation has now improved, thanks to better engagement with NGOs and live streaming of meetings. Transparency of the CEC is crucial, she said, in order to legitimately withstand criticisms that often arise from the losing side in an election.
Also participating in the discussion were Sofiia Shevchuk of GMF and other experts in Brussels and U.S. government officials in Washington, including Brad Freden, director of the State Department office responsible for Ukraine, Moldova and Belarus. In his comments, Mr. Freden first addressed Russia’s attack on and seizure of Ukrainian naval ships and their crews in the Black Sea and Kerch Strait area: “Our view is that the Russian actions in the Sea of Azov [area] were just another example of ongoing aggression against Ukraine that started in 2014. It’s in many ways an escalation of that aggression because they have admitted openly to this attack. There are no little green men or so-called separatists. These are actual FSB people firing on Ukrainian ships. We believe that what they did was illegal under international law, regardless of the status of the Sea of Azov–whether it is an inland waterway or an international waterway. Either way, closing that strait is a violation of international law. We are deeply concerned. We are working closely with allies and partners in Europe to bring pressure on the Russian government—at least in the short term to release the Ukrainian sailors and ships. Our first priority is to get those people home and get those boats back. We are consulting with our partners on next steps.”
As for U.S. support for Ukraine against Russian cyberattacks and other forms of hybrid warfare, Brad Freden said: “On the election issue, we expect Russia to use every tool in its tool kit to try to influence the outcome of the elections, including cyber, media manipulation, disinformation, the whole gamut of tools. And we discussed this the week before last at the Strategic Partnership Commission with our Ukrainian partners. Foreign Minister Klimkin came from Ukraine. We’re working closely to try to help Ukraine ensure that these are free and fair elections. And to minimize and counteract any foreign influence.” He noted that U.S. Agency for International Development (USAID) has a 10-million-dollar program with the Central Election Commission and that the U.S. Embassy in Kyiv has an election task force that is focused on working with the Ukrainian government and civil society to do everything possible. “There’s a real concern in Washington and a real across-the-government effort to try to help Ukraine,” he stressed.
In September, experts of the Reanimation Package of Reforms published a Reforms Roadmap for the CEC, which provides a broad range of recommendations, including in the area of ensuring cyber security in elections. The suggested cyber security actions for the CEC are:
- replacement of outdated IT equipment to protect the IT infrastructure from unauthorized access/cyber attacks;
- delivery of cyber security training to the election stakeholders;
- increasing the capacity of the CEC IT staff, employees of the State Register of Voters and IT staff of the district election commissions (DECs);
- strengthening CEC cooperation with public authorities which are tasked with providing security and proper functioning of the IT infrastructure;
- drafting and adopting a comprehensive cyber security strategy; and
- conducting post-election audits to evaluate the effectiveness of the overall cyber security system.
To read about the inaugural meeting launching the Transatlantic Task Force click here.
Along with the Reanimation Package of Reforms, Ukrainian organizations participating in the Transatlantic Task Force on Elections and Civil Society in Ukraine include the Ukraine Crisis Media Center (UCMC), the Centre for Democracy and Rule of Law, the Centre for Policy and Legal Reform, the OPORA Civil Network, the Democratic Initiatives Foundation, the DEJURE Foundation, the Centre for Economic Strategy, the Anti-Corruption Action Centre, Centre UA, and Transparency International Ukraine.
The Friends of Ukraine Network (FOUN) Democracy and Civil Society Task Force is an initiative of the U.S.-Ukraine Foundation. FOUN also has task forces focusing on national security and on the economy, energy and defense sector.
Photo at top of page: From left, Thomas Chanussot, Olha Aivazovska and Olena Propokopenko, the Kyiv participants of a transatlantic task force discussion on cybersecurity threats and Ukraine’s upcoming elections. (Credit: UCMC).
Adrian Karmazyn, the author of this article, serves as Vice Chair of the Friends of Ukraine Network (FOUN) Democracy and Civil Society Task Force.