A cybersecurity kill chain is a framework that helps security teams understand the sequence of events during an external attack. Derived from the military concept that identifies the steps in a military attack, a cyber kill chain breaks a cyber attack into steps to help security analysts understand the behaviors and tactics of threat actors.

SANS Institute released the Industrial Control System Kill Chain in 2015 to help analysts understand attackers' behaviors and tactics specifically in ICS attacks. Based on Lockheed Martin's IT Cyber Kill Chain, the ICS Cyber Kill Chain accounts for specific ICS security threats and the layered nature of ICS environments today.

The ICS Kill Chain is especially useful when conducting risk assessments and pen tests against ICS environments. In Chapter 17, "Penetration Testing ICS Environments," of Industrial Cybersecurity, Second Edition, author Pascal Ackerman describes the ICS Kill Chain, including its evolution from the cyber kill chain, steps and phases, as well as how to base pen tests on the ICS Kill Chain. Download a PDF of Chapter 17 for more on ICS pen tests.

Due to its unique features and deployment, the ICS requires considerable knowledge about the target's industry -- the ICS environment -- to be able to carry out a successful attack. These unique challenges of an industrial control system require the attacker to avoid interfering with the multitude of sensors and controls and automation devices while performing the attack, as well as being able to pivot through multiple layers of networks that are usually found in such environments (the internet to enterprise networks, to the industrial network to enclaves, and so on).

To put these unique challenges into perspective, the SANS Institute (https://www.sans.org/about/) published a report in 2015 that adapts the Cyber Kill Chain to industrial control system environments. This report expands upon the original Intrusion Kill Chain stages by, among other things, dividing the stages into two distinct phases, with the purpose of articulating the ICS characteristics. The following diagram shows the first phase of the ICS Kill Chain:

This first phase is quite similar to the original Kill Chain model and corresponds to what was traditionally called espionage or intelligence operations. Phase 1 reflects the activities and processes of a structured and targeted attack campaign aimed at obtaining the initial foothold into an organization's enterprise/business network. Within this model, the following stages take place:

When the attacker has successfully compromised the target, phase 1 of the ICS cyberattack is considered complete. The attack will continue with the second phase. Note that in some cases, phase 1 of an attack is not implemented. This can be the case where access to the industrial network is gained some other way, such as through an internet exposed ICS system or device or if the attacker comes in through a supply chain compromise, such as a breached vendor or engineering/support company.

The following diagram shows the second phase of a typical ICS cyberattack:

In the second phase, knowledge that was collected during the first phase of the attack is used to prepare the attack on the ICS environment. This phase could follow directly after successfully completing phase 1, but a delay between phases is possible.

Typically, the following stages are part of the second phase of the Cyber Kill Chain:

With that, we've explained the ICS Cyber Kill Chain, detailing how attackers go through distinct attack phases and stages to reach a certain objective. Next, we will learn how to use this model while performing penetration testing engagements.

So, how does this fit into the task at hand; that is, performing ICS penetration test engagements? Let's look at a high-level overview of the ICS Cyber Kill Chain:

Here, we can see that there are four main steps:

To make our penetration test engagement as accurate as possible to the real-world attack approach, we shall tailor the engagement around these four main steps. The specific implementation (tools, techniques, and procedures used) of the engagement should be tailored to the target organization and environment and take into account aspects such as rules of engagement (what is off limits, when, what, how, and so on), the target's ICS environment, and other unique characteristics.

About the authorPascal Ackerman is a seasoned industrial security professional with a degree in electrical engineering and more than 20 years of experience in industrial network design and support, information and network security, risk assessments, pen testing, threat hunting and forensics. His passion lies in analyzing new and existing threats to ICS environments, and he fights cyber adversaries both from his home base and while traveling the world with his family as a digital nomad. Ackerman wrote the previous edition of this book and has been a reviewer and technical consultant of many security books.

The rest is here:
ICS kill chain: Adapting the cyber kill chain to ICS environments - TechTarget

For months, governments across the world have rattled their cyber sabres, threatening to cut TikTok off at the knees.

The reach and influence of the popular app, harnessed by everyone from porn stars to politicians, is undeniable, with more than 1 billion monthly users when measured in 2021.

But yesterday, the Albanese government finally swung its own sword, announcing thatpublic servants would soon be banned from having the popular app on their work-issued devices, over fears it could be a secret Chinese tool.

The move made Australia the last nation in the Five Eyes intelligence network which includes the United States, Canada, United Kingdom and New Zealand to forbid officials from using the app, over concerns that it could be used by the Chinese Communist Party (CCP) for political interference.

But while TikTok will soon be wiped from the public service's phones, it raises three key questions for everyday Australian who use TikTok on the train or in front of the TV:

It depends on who you ask.

There's no doubt that TikTok has become a powerful platform which is being used to directly reach new and younger audiences, who have long been untethered to traditional broadcasting because of age, interest or, more likely, both.

The ban has, predictably, infuriated TikTok which is owned by ByteDance, a multi-billion dollar Chinese internet giant, that fiercely denies it poses any risk to national security.

TikTok's Australian boss, Lee Hunter, said there was no evidence the app was a security risk to Australians.

"We're extremely disappointed with this decision. In our view, this is driven by politics and not by fact," Mr Hunter said.

But Fergus Ryan, a China analyst at the Australian Strategic Policy Institute, said that's not true.

"We've known for years now that TikTok user data is accessible in China, and because of the suite of national security laws that are in place in China, it means that there's effectively no barrier between user data and the Chinese party state," he said.

Mr Ryan said that type of data was incredibly valuable to a foreign government.

He said the greater risk facing Australians was political interference because of the "enormous leverage" that China's government has over ByteDance, due to Beijing's national security laws.

"It would be trivially easy for ByteDance, having been compelled to by the CCP, to either promote or demote certain political messages, and the effect that has is to distort the political discussions that Australians are having on that app," he said.

The Australian ban follows months of pressure on the Chinese-owned app which has faced bruising congressional hearings with angry American politicians, and been the target of a scathing submission to Australia's select committee on foreign interference.

Alastair MacGibbon, the chief strategy officer at cybersecurity firm CyberCX, said Chinese national security laws were a key concern for politicians with a ban in the forefront of their minds.

Mr MacGibbon is a former national cybersecurity adviser, the former head of the Australian Cyber Security Centre, and was the nation's first eSafety Commissioner.

"The laws in China compel organisations to do what they say," he said

"Now, if you're a Chinese company, why wouldn't you do that? It's literally a matter of whether you keep your freedom and your company so of course, they will comply.

Mr MacGibbon said TikTok had a poor track record.

"If you're a contractor doing work for the government then your device might be targeted for the purposes of finding out about that work," Mr MacGibbon said.

"It might be that you're a journalist and TikTok is upset at the articles that you're writing, and actually uses that data to track you and find out who your sources are.

"All of those things are real and happen and we have to wake up as a country and ask ourselves not whether a normal government would do this, the question is whether or not the Beijing government would do this.

"The answer, sadly, is yes."

Influencers rejoice, probably not.

"I doubt it. I don't see the Australian government banning TikTok in Australia," Mr MacGibbon said.

"I can see why you would makea decision about Huawei sitting inside 5G networks because ultimately that was down to the ability for essentially China to turn off our telephone systems.

"There's a big difference between that and an app on the telephone."

But Mr MacGibbon said there needed to be a greater conversation about the use of critical technologies in Australia.

"If we're ripping cameras out of Parliament House and we're banning politicians from being able to use TikTok, then we need to start asking why we're allowing these technologies much more broadly in the economy," he said.

View original post here:
TikTok is to be banned from government devices over security fears. How big is the threat and could it soon be banned for everyone? - ABC News

In this image from video provided by the Dossier Center, a London-based investigative group funded by Russian opposition figure Mikhail Khodorkovsky, Gleb Karakulov speaks during an interview in Turkey in December 2022. Karakulov, who was responsible for setting up secure communications for Russian President Vladimir Putin, said moral opposition to Russias invasion of Ukraine and his fear of dying there drove him to speak out, despite the risks to himself and his family. He said he hoped to inspire other Russians to speak out also. Our President has become a war criminal, he said. It is time to end this war and stop being silent. (Dossier Center via AP)

By ERIKA KINETZ (Associated Press)

LONDON (AP) On Oct. 14, a Russian engineer named Gleb Karakulov boarded a flight from Kazakhstan to Turkey with his wife and daughter. He switched off his phone to shut out the crescendo of urgent, enraged messages, said goodbye to his life in Russia and tried to calm his fast-beating heart.

But this was no ordinary Russian defector. Karakulov was an officer in President Vladimir Putins secretive elite personal security service one of the few Russians to flee and go public who have rank, as well as knowledge of intimate details of Putins life and potentially classified information.

Karakulov, who was responsible for secure communications, said moral opposition to Russias invasion of Ukraine and his fear of dying there drove him to speak out, despite the risks to himself and his family.

Our president has become a war criminal, he said. Its time to end this war and stop being silent.

Karakulovs account generally conforms with others that paint the Russian president as a once charismatic but increasingly isolated leader, who doesnt use a cellphone or the internet and insists on access to Russian state television wherever he goes.

He also offered new details about how Putins paranoia appears to have deepened since his decision to invade Ukraine in February 2022. Putin now prefers to avoid airplanes and travel on a special armored train, he said, and he ordered a bunker at the Russian Embassy in Kazakhstan outfitted with a secure communications line in October the first time Karakulov had ever fielded such a request.

A defection like Karakulovs has a very great level of interest, said an official with a security background from a NATO country, who spoke on condition of anonymity to discuss sensitive political matters.

That would be seen as a very serious blow to the president himself because he is extremely keen on his security, and his security is compromised, he said.

The Kremlin did not respond to requests for comment. Neither did Karakulovs father or brother.

As an engineer in a field unit of the presidential communications department of the Federal Protective Service, or FSO, Karakulov was responsible for setting up secure communications for the Russian president and prime minister wherever they went. While he was not a confidant of Putins, Karakulov spent years in his service, observing him from unusually close quarters from 2009 through late 2022.

Karakulov, his wife and his child have gone underground, and it was impossible to speak with them directly due to security constraints.

The Dossier Center, a London-based investigative group funded by Russian opposition figure Mikhail Khodorkovsky, interviewed Karakulov multiple times and shared video and transcripts of more than six hours of those interviews with The Associated Press, as well as the Danish Broadcasting Corporation DR, Swedish Television SVT, and the Norwegian Broadcasting Corporation NRK.

The Dossier Center confirmed the authenticity of Karakulovs passport and FSO work identity card, and cross-checked details of his biography against Russian government records, leaked personal data and social media postings, all of which the AP reviewed.

The AP also independently confirmed Karakulovs identity with three sources in the U.S. and Europe and corroborated his personal details, including passport numbers, date and place of birth, two registered addresses, and the names and ages of family members. The AP was unable to verify all details of his defection.

The AP also confirmed that Karakulov is listed as a wanted man in the Russian Interior Ministrys public database of criminal suspects. The ministry initiated a criminal investigation against Karakulov on Oct. 26 for desertion during a time of military mobilization, according to documents obtained by the Dossier Center and seen by the AP.

The FSO is one of the most secretive branches of Russias security services.

Even when they quit, they never talk, but they know a lot of details of the private life of the president and the prime minister, said Katya Hakim, a senior researcher at the Dossier Center.

Karakulov moved as part of an advance team, often with enough specialized communications equipment to fill a KAMAZ truck. He said he has taken more than 180 trips with the Russian president, and contrary to widespread speculation, Putin appears to be in better shape than most people his age. Putin has only canceled a few trips due to illness, he said.

Unlike the prime minister, Putin does not require secure internet access on his trips, Karakulov said.

I have never seen him with a mobile phone, he said. All the information he receives is only from people close to him. That is, he lives in a kind of information vacuum.

Karakulovs work brought him to luxury hotels for summits, beach resorts in Cuba, yachts and aboard a special armored train outfitted for the Russian president.

Putins train looks like any other, painted gray with a red stripe to blend in with other railway carriages in Russia. Putin didnt like the fact that airplanes can be tracked, preferring the stealth of a nondescript train car, Karakulov said.

I understand that hes simply afraid, he said.

Putin began to use the train regularly in the run-up to the February 2022 invasion of Ukraine, Karakulov said. Even last year, Putin continued to insist on strict anti-COVID-19 measures, and FSO employees took shifts in two-week quarantine so there would always be a pool of people cleared to travel with Putin on the train, he said.

Putin has set up identical offices in multiple locations, with matching details down to the desk and wall hangings, and official reports sometimes say hes one place when he is actually in another, according to Karakulov and prior reporting by a Russian media outlet.

When Putin was in Sochi, security officials would deliberately pretend he was leaving, bringing in a plane and sending off a motorcade, when he was in fact staying, Karakulov said.

I think that this is an attempt to confuse, first, intelligence, and second, so that there are no assassination attempts, he said.

Karakulovs defection was a surprising turn for a family steeped in patriotic military tradition. Karakulovs father is a former military man, and his brother is a local government official.

Karakulov said he couldnt tell his parents about his disillusionment, because their minds had been molded by years of watching Russian state television. So he never told them he was leaving.

But he denies that he is unpatriotic and urged others to break their silence to stop the war.

Patriotism is when you love your country, he said. In this case, our homeland needs to be saved because something crazy and terrible is happening.

___

Associated Press reporters Jamey Keaten in Geneva, Aamer Madhani in Washington and Joanna Kozlowska in London contributed to this report.

Read more from the original source:
Antiwar officer from Putins elite security team defects - Boston Herald

Cloudflare, Inc.: The Enigmatic Cloud Services Provider

Cloudflare, Inc. (NYSE:NET) is a well-known cloud services provider that has been gaining traction with businesses worldwide. Recently, it has garnered attention from investors, who have been buying and selling the stock based on their perceptions of its value. Since the company went public in 2019, it has received coverage from 23 research firms that are carefully watching its performance.

According to Bloomberg, the average rating for NET is Hold, but opinions differ among the analysts. While two analysts have rated the stock as a Sell, eight have assigned it a Hold rating and eight others have given it a Buy rating. But what does this mean for prospective investors?

One important metric to consider is the 1-year price target among brokers that have issued ratings on Cloudflares stock in the last year: $67.78. This number provides an insight into the potential future growth of the company and signals that most brokers believe its growth potential will continue.

In addition to analyst ratings, hedge fund activity sheds light on market sentiment towards NET shares. Several stakeholders recently increased or decreased their investment in Cloudflare stocks. Quadrant Capital Group LLC lifted its stake by 1,036.7% in shares of Cloudflare while First Horizon Advisors Inc raised theirs by 45.4% during Q4 2020 alone.

Belpointe Asset Management LLC and TFC Financial Management Inc also bought fresh stakes in NET during Q4, valued at $31k and $29k respectively. Meanwhile, Exos TFP Holdings LLC had acquired new stakes back in Q3-2020 estimated at approximately $44k.

Overall institutional investors presently own nearly 70% of Cloudflares available shares today; demonstrating significant confidence levels regarding its long term prospects relative to similar publicly traded companies operating within its sector of infrastructure-based technology services.

The company provides an integrated cloud-based security solution that can secure a range of combinations of platforms, including public cloud, private cloud, on-premise software-as-a-service applications, and IoT devices. This flexible infrastructure is then supported by a global network of data centers strategically placed at key locations around the world.

Cloudflares remarkable fusion of internet security, performance optimization and scalability delivered through a suite of innovative application programming interfaces (APIs) makes it an exceptional company to watch as it continues to expand its offerings and gain a broader share in the public cloud services market.

Cloudflare continues to be in the spotlight as it provides cloud-based security solutions to businesses across the globe. The companys recent surge of attention came after a number of analysts issued reports on NET shares, resulting in a fluctuation of the price target for Cloudflare stock.

One notable report came from Cantor Fitzgerald, who raised their target price from $55.00 to $65.00 in a research report on Friday, February 10th. Needham & Company LLC also reissued a buy rating and issued a $77.00 target price on shares of Cloudflare in a research report released on Wednesday, March 22nd. However, Citigroup raised their target price from $50.00 to $59.00 and gave the stock a neutral rating in another report published on Monday, February 13th.

Despite these positive ratings, Guggenheim cut Cloudflare from a neutral rating to a sell rating and set a low price target of $36.00 for the company in their research report released on Tuesday, January 17th. The negative trend continued when Morgan Stanley reduced their price target on Cloudflare from $52.00 to $47.00 and set an equal weight rating for the company in another research report published on Tuesday, January 24th.

Adding fuel to the fire was news that CEO Matthew Prince sold 74,710 shares of Cloudflare stock worth over $2 million in early January this year while CFO Thomas J Seifert sold off his own stake later that same month at average prices of just over $45 per share.

Cloudflare still remains optimistic with its range of cloud services offered and recent earnings report released last February with figures very close to analysts consensus estimates despite having reported negative earnings per share during that quarter due mostly to investment costs,, the business had generated revenue upwards of $274 million during its latest quarter.

As of today, shares in Cloudflare currently trade at around $61.23 each, after having reached highs of $126.82 within this past year, signifying a high degree of fluctuation in the market for these shares. Nonetheless, insiders appear confident in the companys future prospects as company insiders themselves own almost 16% of the companys stock.

Cloudflare continues to be a player to watch amidst the ever-evolving digital landscape and its suite of cloud-based solutions make it an exciting entity for further growth and investment despite the presently fluctuating trends.

Read the original:
The Rise of Cloudflare, Inc.: An Enigmatic and Innovative Cloud ... - Best Stocks

European Democracy Hub

The conventional military dimension of Russias aggression against Ukraine and the need for Western defense assistance to Kyiv remain dominant in public and expert debates. Hybrid or gray zone operations have received less attention, but they remain an indispensable element of Russias warfare in Ukraine. Forced deportations of Ukrainians, passportization in the newly occupied territories, attacks on critical infrastructure, disinformation operationsthese and other instances of weaponization fit well in the Kremlins strategy. They aim at breaking Ukraines will to resist and at poisoning peoples trust in their government, independent media, and other democratic institutions. But Russias approach has so far had little success. If anything, it has proved that Ukraine is far from being the failed state the Kremlins propaganda has been portraying for years and that the countrys leadership is capable of governing effectively even in wartime.

Yet, the Russian regime has not given up on its obsessive goal of conquering Ukraine, and it has no shortage of instruments, resources, and tricks to pursue this imperialist goal. For Ukraine and its partners, this presents the challenge of how to strengthen its resilience in nonmilitary domains while the primary focus still lies on physical survival and conventional warfare. Ukraines functional democracy has always been a key feature that distinguished the country from authoritarian Russia and helped it to gain support and assistance across the globe. The widespread expectation today is that the war, rather than serving as an excuse for holding back on democratic reforms, should be treated as a trigger to further modernize and strengthen Ukraines governing institutions by making them less vulnerable to Russias malign influence. Reflecting the imperative to fight on both fronts, Ukrainian policymakers pursue an integrated response that can be described as total democratic resilience. By focusing on democratic reforms as part of its whole-of-society resistance to Russian attacks, Ukraine has adopted a much broader approach to resilience than currently exists in many EU states.

Unable to defeat Ukraine on the battlefield, Russia reverted to terrorist attacks against civilians. Shortly before the past winter, its military started massive missile and drone strikes on Ukraines energy grid and power plants, combined with simultaneous cyber attacks on telecommunication infrastructure and local authorities. In December, Ukraines Security Service reported there had been more than 4,500 cyber attacks since the beginning of the all-out war, with between ten and fifteen incidents per day. Russias aim is to traumatize Ukraines civilian population with energy shortages, digital and financial disruption, and disruptions to transport and healthcare. But the assaults on civilian infrastructure also pursue broader goals. By denying the population access to electricity, the internet, and other basic services, the Kremlin bets on breaking the will of Ukrainians to resist and forcing the government to sit at the negotiation table. It also believes that its massive bombing campaign will cause a new wave of refugees to the EU, similar to the effect of Russian shelling in Syria in 2015.

Iulian Romanyshyn is a fellow at the Academy of International Affairs NRW and a senior fellow at the Center for Advanced Security, Strategic and Integration Studies at the University of Bonn.

Russias attacks have achieved the opposite of what the Kremlin expected, however. Its bombing campaign left millions of people without heat, electricity, and water in the winter, but Ukrainian engineers outdid themselves in fixing the damaged electricity grid under wartime conditions. Until the massive missile attack on March 9, Ukraine had not experienced power outages in weeks. Western support is another factor that accounts for the country winning the winter energy battle. European countries have provided Kyiv with equipment to repair damaged power plants and electricity grids, but most importantly there have been enhanced efforts by partners to supply Ukraine with modern air defense and missile defense systems.

Russias brutal terror has boosted societal cohesion in Ukraine and stiffened the publics resolve. In February, more than 90 percent of Ukrainians said they continued to believe in Ukraines victory on the battlefield, while in December 85 percent said they would reject any territorial concessions to Russia to end the war. The high morale of the population, boosted interpersonal bonds, and bottom-up will to resist the external aggression are crucial elements of the total resilience approach that Ukraine has successfully adopted.

For years, Russia bet on its agents of influence to meddle into Ukraines internal affairs. Russian oligarchs traditionally had significant economic interests in the country and many of them continued running their businesses there even after the first invasion in 2014. For example, Mikhail Fridman, a Ukraine-born oligarch with close ties to President Vladimir Putin, owns various assets in the country worth billions of dollars, including the major telecommunication company Kyivstar and one of the largest banks. Since the scale of the wars destruction will mean a major reconstruction effort, Ukraines government stresses that the wealth of the Kremlin-linked oligarchs should cover parts of the mounting bill. But while the government was forceful in urging the EU, the United States, and other partners to freeze assets of wealthy Russians, at home it has not been leading by example. Even though the required legal instruments have been in place since May 2022, the authorities have dragged their feet on seizing well-documented assets of Russian oligarchs in Ukraine, to the fury of many anticorruption activists. The authorities eventually seized assets from one Russian oligarch, Vladimir Yevtushenkov, in August 2022, six months after Russias full invasion. Just like its Western partners, Kyiv struggles with the challenge of setting up legally sound instruments and adequate resources to manage confiscated Russian assets and to channel them toward Ukraines recovery.

The war effectively spells the end for the domestic oligarchic clans that have been at the center of Ukraines economy since 1991. Some of them have lost their assets in the occupied eastern and southern parts of the country while others have fled abroad. Thanks to their effective management of the war, the government and the public institutions have strengthened their legitimacy and trust in the peoples eyes at the expense of oligarchic groups. In addition, the EU has been pushing Ukraine for years to adopt rules that would introduce safeguards against oligarchs business activities and reduce their footprint in the political, public, and economic spheres. The European Commission has also included passing anti-oligarchic legislation among the seven criteria against which it will evaluate Ukraines progress as a candidate for EU accession.

In 2021, Ukraines parliament adopted a bill requiring the creation of a registry of individuals who enjoy undue influence on public policy due to their business assets and status. Even as the modalities of this law still await an assessment by the Council of Europe and international experts, it has already had a far-reaching effect. Last year, Rinat Akhmetov, Ukraines richest oligarch, gave up his enormous media assets to avoid being included in the registry. The key task for Ukraines reformers and their international partners is to strengthen the institutional safeguards, such as anticorruption institutions, to consolidate this achievement. The risk that the old oligarchic system of influence will strike back in some form or other is real, especially in the context of Ukraines future reconstruction, which will involve billions of euros of financial investment that will need to be managed with full transparency and accountability.

The weaponization of information has been part of Russias hybrid operations in Ukraine since 2014. What makes the current invasion different is the rapid rise in internet coverage and social media consumption. According to the Economist, Ukraine is the most wired country ever to be invaded, with 75 percent of its population using the internet and 92 percent having access to 4G mobile networks. Following its invasion in February 2022, Russia unleashed a full-scale propaganda campaign, relying on a mix of official state media sources, anonymous accounts in social media, and its paid army of internet trolls to flood comments sections and discussion forums on news websites and online sources. The Russian disinformation narratives have broadly sought to demoralize Ukrainians in their defense efforts, to exploit societal splits and sow new divisions, and to poison trust in the independent media and public institutions. In the newly occupied regions in the south and east, the Kremlins propaganda agents together with local collaborators actively promote the messages of Ukraines inevitable defeat and Russias mission to defend locals against the Nazi regime in Kyiv.

Compared to Russias invasion in 2014, this time Ukraine was better prepared to counter the disinformation attacks. President Volodymyr Zelenskyy engages in constant public communication about progress on the battlefield. Established within the National Security Council in 2021, the Center on Countering Disinformation debunks Russias manipulative and misleading narratives, including through social media platforms. This is a formidable task as many of these platforms, especially Telegram, have become a safe haven for disinformation due to lack of scrutiny and proper moderation policies. Investigative journalists and civil society organizations, such as StopFake and Detector Media, complement governmental efforts in checking facts and providing accurate information. A December opinion poll found that Ukrainians, including in the most vulnerable southern and eastern regions, decisively reject Russian narratives of internal divisions and Western betrayal of the country.

Ukraines resilience in the information war has created momentum for deepening reforms to preserve media freedom and pluralism of views. As a part of the conditionality for membership, the EU called for introducing legislative norms that would regulate the media sector in accordance with its directives in this field. In December 2022, the parliament passed the required law. If properly implemented, the law would not only strengthen the instruments to counter Russian disinformation but also develop norms to ensure transparency and the independence of media from undue political influence.

With Ukraine having the biggest number of Orthodox believers outside of Russia, religion has a special place in the Kremlins hybrid tool kit in the country. Even though the Orthodox Church of Ukraine received a formal endorsement of autonomy from the Constantinople patriarch in 2019, the process of separation from the Russian Orthodox Church (ROC) has never taken off. As a result, the latter has continued to operate in Ukraine uninterrupted, even after Russias aggression in February 2022. The head of the ROC, Patriarch Kirill, has openly supported Russias war and blessed aggression in Ukraine.

Ukrainian officials and activists point to the mounting evidence that the ROC clergy has cooperated with the Russian authorities in the occupied Zaporizhzhia and Kherson regions, justified the occupation and the orchestrated referendums there, and continued spreading the Kremlins narrative about Russians and Ukrainians being one people. Many of the most senior ROC priests have Russian passports and links with the Russian intelligence services. The government has taken steps to reduce the activity of the ROC in Ukraine by imposing personal sanctions on its top priests, but it has stopped short of banning the church. Even though the ROC presents a clear risk for Ukraines national security, the government continues to adhere to its commitment to protect freedom of religion.

Ukraine faces the challenge of simultaneously holding off Russias aggression and reforming key areas of public life and governance. Strengthening whole-of-society resilience is the best strategy to bridge these two existential tasks. Total democratic resilience means that withstanding the wide array of Russian hybrid attacks intended to disrupt the country from within is an integral part of the democratic reforms and institution building that Ukraine needs to accomplish to become a member of the EU.

There are several ways in which the EU and its partners can help Ukraine to better resist and deter Russias nonmilitary attacks. The first line of effort is capacity building. Kyiv would welcome intelligence sharing and cooperation in learning about cyber threats, assistance in securing governmental communications and critical infrastructure, and joint exercises on cyber and disinformation threats. This can be pursued through the EU-Ukraine Cyber Security Dialogue established in 2021 or through bilateral channels with committed and capable EU and NATO members.

A second area of action concerns sanctions. The EU can expand the application of its personal sanctions targeting Russian individuals involved in deliberate violence against Ukrainian civilians and attacks on critical infrastructure. Even though the Russian leadership has been hit with such sanctions, ROC head Patriarch Kirill has not. The EU, in coordination with the G7, should also intensify its efforts in confiscating the frozen assets of Russian oligarchs in order to invest them in Ukraines reconstruction.

Finally, sharing best practices is another avenue of support. Ukraine can draw on the Code of Practice on Disinformation that the EU developed in cooperation with private stakeholders in the digital sector. There is also room for improvement when it comes to galvanizing operational ties and cooperation between Ukraine and the EU Agency for Cybersecurity or the European Center of Excellence for Countering Hybrid Threats.

These steps can make Ukraine less vulnerable to Russian malign influence, but it is important that the countrys enhanced capacity to resist and push back goes hand in hand with democratic reforms. Upholding a professional justice system that is free of political influence will continue to play an important role, as it is up to courts to rule on measures to take against Russian agents of influence or sanctioned Russian assets. Just as important will be continued support for independent, high-quality journalism to defend free speech and other democratic values. Russias war has triggered an unprecedented amount of internal cohesion and unity in Ukraine. It has also boosted peoples trust in public institutions, the military, the media, and local authorities. In other words, it has created momentum for a democratic transformation unlike any other crisis in the countrys modern history. Ukraines influential civil society will be a major driving force in this process as a watchdog over the Zelenskyy administrations commitments to reforms and a safeguard against the return of the old oligarchic system. For example, the public outcry following the recent allegations of misuse of funds in the Ministry of Defense was a powerful trigger for leveraging new anticorruption measures across the government.

The actions taken and the lessons learned in Ukraine will inform larger efforts to reinforce democracies against external aggression. In the past, Russia regarded Ukraine as a testing ground for its hybrid warfare activities before exporting them to the West. Ukraine now has the potential to be a model of total democratic resilience that the EU can promote to counter Russian and other autocratic interference in Eastern Europe and the Western Balkans. This would signal a true shift in the EUs strategic approach that would amount to assuming the need for full understanding of and responsibility for security challenges in its neighborhood, compared to its previous half-hearted policies to contain the Russian threat.

Iulian Romanyshyn is a fellow at the Academy of International Affairs NRW and a senior fellow at the Center for Advanced Security, Strategic and Integration Studies at the University of Bonn.

This article is part of theEuropean Democracy Hubinitiative run by Carnegie Europe and the European Partnership for Democracy.

This document was produced with the financial assistance of the European Union. The views expressed herein are the sole responsibility of the authors and can in no way be taken to reflect the official opinion of the European Union.

Originally posted here:
Ukraine's Total Democratic Resilience in the Shadow of Russia's War - Carnegie Europe