SBU claims Ukrainian State IT systems received 247 cyber attacks in 2016December 23, 2016
According to the SBU, Ukrainian State information systems were subjected to 247 cyber attacks during 2016 (which is 2 weeks from ending at the time of writing – so there will be more before the year is through). As a result 64 criminal proceedings are apparently under way – “proceedings” however is not defined as being arrests, or charged, or convicted.
As it appears only 64 instances have resulted in criminal proceedings with 5 convictions and 4 “wanted” circulations, it may be “proceedings” amounts to little more than “under investigation”.
Thus according to the SBU, if allocating 1 attack per day, 2 of every 3 days witnessed Ukrainian State IT systems under cyber attack throughout the entirety of 2016. Naturally that is not how matters occurred on such an evenly spaced timeline – neither does it account for the cyber ops that are and have been on-going undetected daily for months, or perhaps years, against the Ukrainian State.
Were there peaks and troughs in cyber attacks? Did those peaks and troughs align to peaks and troughs of Ukrainian allies? If there is any correlation does that provide some form of guide to the capabilities of hostile cyber foes?
Nevertheless 247 is the number of cyber attacks the SBU states the Ukraine State IT system has been subjected to.
It is however unclear what classification of cyber attacks have occurred and in what number under any sub-classifications of cyber attack. Such attacks may vary from DDoS, to data hacks, to actually taking control of the systems themselves.
Further the SBU is not the only Ukrainian institution charged with looking after and monitoring cyber naughtiness to which Ukraine is subjected. The Ministry of Interior also has a very similar statutory obligation. There is then the State Service for Special Communications and Information Protection, notwithstanding the Ukrainian Computer Emergency Response Team.
Quite whether each would measure and/or count the cyber attacks to which the Ukrainian State IT systems have been subjected to in the same way as the SBU is unknown. Are the definitions the same? Is the ability to monitor (and prevent/mitigate) such attacks the same? Which is the lead agency? Is there a lead agency?
Of the 247 attacks, which have been attributed and to whom? Specifically what was the attack? State (and/or State infrastructure)? Business (State Owned Enterprises)? Banking (State owned banks and/or the NBU)? Others?
What damage was done? What losses were incurred? What was stolen? Has the “how” been shared with allies and/or applicable regional/international treaty bound institutions?
How many can be publicly attributed to Russia and/or the known Russian proxies? If they could be attributed, were they? (Just because they can be, for either political and/or operational reasons they may not be.)
How many can be publicly attributed to organised crime – both that interconnected with Russia, that of domestic origin, and also others?
How many can be publicly attributed to those that are neither State actors (or known State associated actors), or organised (criminal) groups, but that are simply lone actors with either criminal intent or a curiosity that defies legal boundaries?
What is behind the SBU numbers? Are the numbers of the other statutory monitoring agencies similar to those of the SBU? If not, what are the discrepancies and where and why do they exist?