Cybersecurity in Ukraine: Deep Dives vs Broad Brush

Volodymyr Kaplun and Chris Doten opening conversation on emerging cybersecurity threats in Ukraine

The internet has never felt like a scarier place. Whether from sophisticated nation-state actors or freelancing hackers, democracy and human rights organizations face dangerous threats online. Despite the risks, civic and political players must be active in the digital arena with their country’s citizens to have an impact. NDI is working to help these organizations engage online and stay safe. Ukraine is in a dangerous digital neighborhood so political parties, civil society organizations and elected officials have a heightened need for cybersecurity.

Cybersecurity isn’t simple. Defending an individual or organization on the internet demands tailored analysis, time and long-term support. That’s great, when feasible, but it is necessarily limited in reach because of the huge investment required. On the other hand, to reach as many organizations as possible, one must take a more broad-brush approach focused on awareness-raising. Each approach has its place – and we applied both in Ukraine.

This effort was one of the first big pushes on cybersecurity support under the aegis of the Design 4 Democracy Coalition (D4D). The coalition is focused on helping democracy and human rights organizations around the world navigate the challenges of disinformation and digital threats endemic to our virtual world.

NDI worked with two important civil society organizations on detailed cybersecurity assessments to generate tailored recommendations and action plans. We based our work on a streamlined version of Internews’s excellent SAFETAG framework for organizational risk audits. Over an afternoon, we asked detailed questions of the civil society groups about their technology operations and information security – from their use of cloud services to the locks on their doors. With that data in hand and a joint understanding of their adversaries and goals, we are preparing a detailed set of short- and long-term risk-mitigation strategies for these organizations. The prep, interviews, analysis and recommendation development took many days of work for each organization, and our support over the months ahead will take many more. While this hands-on approach is awesome and high-impact, it’s only possible to do a handful these meetings before filling up your calendar.

On the other end of the spectrum, we met with thirty-five people from ten Ukrainian parties from across the political spectrum to provide basic cybersecurity awareness-raising – being careful of course to avoid creating false senses of security. Of course, in a few hours one cannot provide a master class in the nuances of network security, but raising awareness of and strategies for mitigating the most common cybersecurity threats has an important place as well. To that end, NDI and sister organization the International Republican Institute have proudly partnered with the Harvard Belfer Center and their Defending Digital Democracy Partnership on internationalizing their Cybersecurity for Campaigns Playbook. The Playbook provides an accessible and practical guide to help political organizations and campaigns from around the world understand and navigate the most likely and highest-impact threats that they face.

Sometimes online threats can feel so daunting we ignore them, or they cause us to feel hopeless and give up. However, it’s possible for everyone to be safer – and improved security is essential for pillars of democracy like civil society, political parties, and government. Whether through an intense, tailored effort or the sharing of basic best practices, folks working in international development, politics, or governance should think about cybersecurity in all their programs. It’s irresponsible not to do so.