The USAID Cyber Security for Critical Infrastructure Activity held the first Cybersecurity Dialogue  

On September 13, 2022, the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity launched a new Cybersecurity Dialogue Program in partnership with Aspen Institute Kyiv. The first event of the Program was held on the topic of National Cyber Incident Response Plan, which brought together key stakeholders and international and Ukrainian cybersecurity experts. The event was organized with the National cybersecurity coordination center at the National Security and Defense Council of Ukraine and the State Service of Special Communications and Information Protection of Ukraine.

Currently, Ukraine aims to develop and implement a National Cyber Incident Response Plan. This document defines the mechanisms for responding to cyber-attacks on a national scale against critical information infrastructure objects and subsequent recovery measures, as well as ensuring an operational, effective, and coordinated response to cyber incidents. The experience of international experts and their knowledge in the development and implementation of similar documents are crucial in creating an effective National Plan.

Christopher Abrams, Director of Economic Growth, USAID Mission in Ukraine, Serhii Prokopenko, Head of Operations Department of the National Cybersecurity Coordination Center of the National Security and Defense Council, and Oleksandr Potii, Deputy Chairman of the State Service of Special Communications and Information Protection of Ukraine. Merle Maigre, Director, Cybersecurity Programme, e-Governance Academy, moderated a discussion on International Experience in Cyber Incident Response Plan Development. International experts joined the discussion: Matt Travis and Hristiana Petkova, representatives of the US Cyber ​​Security and Infrastructure Security Agency (CISA); Chris Krebs, Partner, Krebs Stamos Group, Former Head of US Cybersecurity and Infrastructure Security Agency; Cynthia Wright, Principal, Cyber Strategy & Policy, MITRE Corporation; Jerzy Kosinski, Professor, Polish Naval Academy, Poland; Greg Ratray, Partner and Founder of Next Peak LLC, Adjunct professor, Columbia University SIPA; Junaid Islam, Expert on State Sponsored Cyberattacks on Sovereign’s team.

Christopher Abrams, Director of Economic Growth, USAID Mission in Ukraine, emphasized: “The United States Agency for International Development (USAID) has been fruitfully cooperating with the Government of Ukraine for two years in determining priorities, finding and organizing the cyber expertise that Ukraine needs. We confirm our readiness to continue to help the Ukrainian Government, to help Ukraine.”

“While developing the Response Plan, we took into account all current threats, including the experience of Ukraine’s defense in the cyber war with the Russian Federation. The crucial element of the Plan is interaction with cyber volunteers because now we have gaps in the regulatory framework that need to be resolved, – said Serhii Prokopenko, Head of the Operations Department of the National Cybersecurity Coordination Center of the National Security and Defense Council. – In addition, we must improve the mechanism of information exchange with foreign partners, taking into account the requirements of Ukrainian and international legislation, and foresee the role of cyber troops in responding to cyber crises”.

Oleksandr Potii, Deputy Chairman of the State Service of Special Communications and Information Protection of Ukraine, spoke more closely about the steps already taken to develop the National Cyber Incident Response Plan: “National Cyber Incident Response Plan at this stage especially concerns critical information infrastructure facilities. The Service developed and ensured the adoption of the Organizational and Technical Model of Cyber ​​Protection last year. In consistency with the taxonomy of the European Union and the United States, an interaction protocol was developed, and taxonomy was implemented. The Cabinet of Ministers is currently considering a draft resolution on the cyber incidents responding phases by a five-point scale of criticality levels. Following it, they are developing procedures for the interaction of the main subjects of the national cybersecurity system during the detection, response, and recovery of critical information infrastructure objects.

During 2022–2024, 10 stakeholders dialogues will be held to discuss and find better solutions in the Сybersecurity field to build and improve Ukraine’s cyber resilience. The Cybersecurity Dialogue Program aims to cover different topics, including the current challenges, the current situation in cyberspace, and the risks that have arisen with the full-scale Russian invasion of physical and cyberspace.

Cybersecurity Dialogue Program was made possible through support provided by the U.S. Agency for International Development, under a grant provided by the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity.