Key international and Ukrainian cybersecurity news for April 2023
The European Union continues to take steps to reform its cybersecurity legal framework. The adoption of the EU Cyber Solidarity Act provides for the introduction of important additional elements to protect information systems against growing risks and threats from foreign actors, primarily russia.
International cooperation is becoming increasingly practical and includes not only the exchange of technical information between relevant units, but also the publication of common approaches to important issues. This month, a number of joint documents were presented: on smart city security, secure-by-design principles, a study of cyberattacks by russian ART groups (based on ART28), and Singapore and France started cooperation on the use of AI in cybersecurity.
Disruptive cyber activity is accelerating the pace of implementing stricter cybersecurity requirements around the world. CISA released an updated maturity model for zero trust. The U.S. Department of Defense is preparing to implement stricter requirements for subcontractors to comply with the CMCS. For the first time, the United Kingdom has comprehensively described its own model of active actions in cyberspace against malicious actors.
The Ukrainian side is building the capacity of cybersecurity specialists. Thus, under the auspices of the NCSCC, trainings are held for the OCI staff on vulnerability management (VDP), a memorandum of cooperation between the State Special Communications Service and CYBER RANGES was signed to improve the skills of employees in the field of cyber defense, and the UA30CTF national cybersecurity competition was held.
The legal framework is changing. In April, Ukraine approved a common procedure for all government agencies to respond to cyber incidents and cyber attacks. A decision was made to establish a National Register of State Information Resources Backup and a resolution of the Cabinet of Ministers of Ukraine on the use of the Platform for the rapid creation and management of state registers.
russian cyber activity is on the rise. While groups such as KillNet cannot seriously damage important systems with their DDoS attacks, other groups are looking for opportunities to conduct more sophisticated and complex operations. These attempts are likely to increase, and russian cyber activity will only grow.
Read more about legislative changes, initiatives of national actors, trends, forecasts and analytical assessments, international and Ukrainian news in the field of cybersecurity in Ukraine here.