Serhiy Demedyuk: The NCCC is a “digital headquarters” for defending the state from cyber threats
The National Coordination Center for Cybersecurity has become a modern “hub” - the “general headquarters” for defending the state from cyber threats – an analytical center for detecting, preventing, responding to cyber incidents and predicting potential cyber threats in both the public and private sectors.
This was stated by Deputy Secretary of the National Security and Defense Council of Ukraine Serhiy Demedyuk.
The renovated and significantly strengthened National Coordination Center for Cybersecurity (the NCCC), Mr. Demedyuk noticed, coordinates and controls the activities of security and defense sector actors that ensure cybersecurity in relevant spheres - the State Service of Special Communications and Information Protection, the SSU, the National Police, the National Bank, the General Staff of the Armed Forces, etc.
At the same time, he noted, while the vast majority of cyberattacks are aimed at the private sector, cooperation with its subjects has been insufficient. “The vast majority of cyber incidents that can be detected in real time and that are of interest to all security and defense sector actors involved in cybersecurity have occurred in the private sector that is being attacked and tested for malware”, - he said.
The Deputy NSDC Secretary pointed out that the lack of proper communication and protection by the state caused distrust of private sector entities to the authorities and even led to “hushing up” cyber incidents.
Therefore, Mr. Demedyuk noted, the Decree of President of Ukraine Volodymyr Zelenskyy of 28.01.2020 №27 2020 “On Amendments to the Decrees of the President of Ukraine of January 27, 2015 № 37 and of June 7, 2016 № 242” strengthened the capacity of the NCCC and changed the format of its activities, in particular, cybersecurity specialists from the private sector are involved in its operation.
According to the Deputy NSDC Secretary, public-private partnership – the exchange of data on current cyber threats and tools to counter them, building trust between cybersecurity regulators and the top-management of private enterprises contributes to an effective cybersecurity system of the state.
“Establishing fruitful contact with the private sector, launching a single base for exchanging information on cyber incidents allows timely and professional detection and localization of detected cyberattacks, development of an algorithm to prepare for them, high-level coordination of the activities of all cybersecurity actors”, - Mr. Demedyuk stressed.
He also informed that public actors in the security and defense sector, together with representatives of the private sector, are working to develop unique software for detecting cyberattacks at early stages.
“We want to enshrine in legislation the standards of cybersecurity services and their obligatory provision, we are working to create a database of private sector specialists qualified by State Service of Special Communications and Information Protection and the NCCC, who can provide relevant consulting assistance”, - the Deputy NSDC Secretary said. - We also plan to use the private sector to test various types of software for vulnerabilities or malicious code, as well as new methods of protecting systems, to further apply this knowledge to protect government agencies”.
Among the NCCC’s priorities Mr. Demedyuk also named the implementation of educational activities in the sphere of cyber hygiene, as, according to him, the lack of relevant people’s knowledge is perhaps the main cause of vulnerability to cyberattacks.
Summing up, the Deputy NSDC Secretary noted that the NCCC will serve as a platform to establish “a single base for the exchange of cyber incidents so that all entities can observe what is happening in cyberspace of Ukraine and the world, study means of protection, identify which entities are most vulnerable to cyberattacks, cooperate and provide recommendations”.
According to him, this “will allow working on equal ground and effectively detecting cyber threats, responding in a coordinated and prompt manner to threats both in particular industries and at the state level, improving the protection of information systems from outside interference and leakage of confidential information”.
Serhiy Demedyuk also stressed that this year the NCCC has already successfully organized the localization of a number of cyberattacks on state information resources, as well as prevented the leakage of personal data of citizens from public and private information systems.