identity Identiverse

Identity in times of conflict: In response to the invasion of Ukraine

Nat 2022-06-13 No Comments

On June 6st, I will be holding a workshop titled "Identity in Conflict" at Identiverse 21, which will be held near Denver, Colorado, USA.

Identity in Conflict

  • Tuesday, June 21, 11:30 am – 12:20 pm MDT (2:30 AM – 3:20 AM Japan time)
  • In times of instability and uncertainty, the reliability and trustworthiness of our identity systems become especially important. This workshop examines two areas in particular—identity management for displaced people, and the protection of government identity systems—and seeks to establish some ground rules to ensure that critical identity systems are robust and fit for purpose.

This session was proposed to the organizers by me in response to the invasion of Ukraine that began on February 2th. I am extremely grateful to the organizers for squeezing it into the already full program.

There are two main issues surrounding identity in conflict situations:

  1. Identity management for refugees
    1. How to provide them with assistance and other services (such as banking)
    2. How to protect displaced people and those around them from targeted misinformation
  2. Identity Management for Government Systems
    1. How to fend off enemy attacks and protect government and aid organizations' systems
    2. Business continuity and revitalization strategies

There is much to say about each of these topics, but unfortunately we only have 50 minutes, and since a person in charge of government system defense has come to the United States at short notice to join this session, I think we will mainly be discussing item XNUMX.

Since the start of this invasion, phishing and other attacks against the Ukrainian government have increased by 3000%. In response, aid has arrived from various sources, including Yubico sending 20,000 Yubikeys. On the other hand, the encryption algorithm currently used by the Ukrainian government was developed by GOST (the Russian equivalent of NIST), and this, combined with information from a certain source that almost all government systems have already been hacked, gives us some cause for thought.

Please join us when you visit Identiverse.

(Added later: Session summary)

Identity Management and Cybersecurity in Conflict

This briefing document summarizes key themes, key ideas, and facts from a panel discussion on identity management and cybersecurity in the Ukraine conflict.

1. Introduction: Partnering to Support Ukraine

Several organizations, notably the OpenID Foundation and the Financial Data and Technology Association, are working together to make a systematic and meaningful contribution to Ukraine, centered around helping build a "modern digital infrastructure with ID at its core" that addresses not only the current state of the conflict but also the future.

“It’s about helping countries like Ukraine build a modern digital infrastructure, not just looking at the present but looking beyond the horizon, so they can develop things like banking systems with ID at their core.”

The panel discussion was led by Nat Sakamura of the OpenID Foundation and included John Bradley of Yubico.

2. Two Key Challenges of Identity Management in Conflict

The presentation breaks down identity management in conflict into two broad categories:

2.1. ID management for refugees

Managing the identities of displaced people poses multiple challenges.

  • Difficulty in verifying identity: "Verifying basic identification information such as name and date of birth is often problematic."
  • Rebuilding a life in a new place: It is difficult to identify necessary information such as bank account, telephone, electricity, and housing details.
  • Re-establishing professional qualifications: Many people are displaced without diplomas or certificates, and re-establishing professional qualifications will be a challenge.
  • Targeted attacks and the spread of misinformationRefugees are at risk of being targeted using collected or observed attributes and subjected to misinformation and disinformation, especially if they are fleeing to a country where their native language is not spoken.
  • "In a situation where Russia is detaining Ukrainians, forcibly transporting them to Russia, and putting them in filter camps, your identity carries a lot of weight," Yuri Eckerman said. "Even if you served in the military decades ago, it can be grounds for detention and even death."
  • Attacks on aid agencies: There have been cases of aid supplies being stolen through fraudulent identification and impersonation, and terrorists infiltrating refugee communities.
  • Diverse situations of refugees: Various scenarios need to be considered, including refugees taking refuge in donor homes, refugee camps, and oppressed and forgotten people within the country.

2.2. Identity Management for Government and Critical Infrastructure Systems

Protecting the systems of government agencies and critical infrastructure is a particularly pressing issue in Ukraine, where cyberattacks are on the rise.

  • Defending against adversarial attacks: How you respond to and protect your systems from attacks is important.
  • Authentication and Provisioning Challenges: User authentication and user provisioning are challenges.
  • Remote access from unusual locations: You need to manage remote access from unusual locations.
  • Algorithm Considerations: The choice of cryptographic algorithm to use is also important.
  • Business Continuity Planning (BCP) and Data Backup: It is essential to have a BCP in place to back up data in a safe place and recover your systems.
  • Yuri Eckerman emphasized the importance of data protection, saying, "Before the war began, many government services and private companies moved their backup systems to safe locations in the EU. This was a temporary measure, and they also moved to cloud services such as G Suite and Azure."

3. Current Status and Issues of Cybersecurity

The current state of cybersecurity in Ukraine and its challenges are discussed, with a particular focus on the rise of phishing attacks and Russia's cyber capabilities.

  • Dramatic increase in phishing attacksWhile the types of attacks remain unchanged at 80-90% phishing and password brute force attacks, the number of attacks has "increased 500-1000 times."
  • One critical infrastructure provider reported a surge in security events from 2021 for all of 21,000 to 1 in the first month of the war.
  • The evolution and limitations of Russian cyber attacks:
  • It has been pointed out that in the early stages of the war, cyber attacks were not complicated because rocket attacks were easier than hacking.
  • Attacks are becoming more strategic, for example, brute-force password attacks are becoming more sophisticated, with spaced attempts rather than multiple attempts in a short space of time.
  • However, Yuri Eckerman points out Russia's limitations, saying, "Physically, Russia does not have sufficient cyber capabilities compared to China."
  • Russia's cyber sector is facing a brain drain of talented people, with even cybercriminals unwilling to cooperate with the Russian government.
  • Sanctions have made it difficult to obtain servers and other hardware, which severely limits Russia's cyber capabilities.
  • The Russian military hackers are described as "today like so-called script kiddies" (inexperienced hackers who only use tools created by others).
  • Strengthening Ukraine's Cyber Defenses:
  • Ukraine has learned about the need for cyber defense and has been working on it for the past eight years.
  • Compared to the massive blackout attacks carried out by Russia in 2015-2016, the current Russian attacks have been less successful.
  • Radical policy changes have been made within the government, such as building local SOC (security operations center) teams and setting up coordination centers, resulting in strong collaboration.
  • Massive support from security vendors such as Microsoft has also played a major role in thwarting malware attacks.
  • Yuri Eckerman expressed gratitude for the international support, saying, "The Ukrainian government has been very transparent in saying that all the people they are helping are a big part of why Ukraine still exists."

4. Specific examples of support and challenges

Yubico's donation of security keys is one concrete example of their support.

  • Support from YubicoYubico initially donated 20,000 security keys and then added another 10,000, bringing the total to 30,000 keys for Ukraine. This includes technical support, such as translating the deployment guide into Ukrainian.
  • Implementation challenges:
  • Compatible with existing infrastructure: Many systems in Ukraine run Active Directory rather than Windows 11, and require support for existing non-FIDO infrastructure, such as smart card support.
  • Complexity of implementation: A task that is already complex under normal circumstances, such as deploying a Microsoft certificate server, becomes even more difficult under ongoing attacks and physical threats.
  • Salary support: There are also efforts to supplement the salaries of IT managers, helping them to continue their projects while ensuring their living expenses.

5. Challenges in ID Technology and the Importance of Localization

The panel discussion emphasized the importance of standardization and localization of ID technology.

  • Use of the old algorithm: Ukraine and other former Soviet bloc countries still mandate the use of Soviet-era algorithms like GOST, creating the ironic situation where targets of attacks are forced to use technology from their former enemies.
  • The need for uniform standards: Due to distrust of NNSA and NIST algorithms, there is a need for a more widely accepted standard (e.g., ed25519) that can meet the needs of each country.
  • The Importance of Localization:
  • "Where we as an ID community have failed is in localization," said Yuri Eckerman, pointing to the digital divide in non-English-speaking regions.
  • In addition to translating technical documents and guides, it is essential to "localize" solutions that take into account local social structures, government organizations, and infrastructure conditions such as electricity and internet connections.
  • Even basic terms like "YubiKey touch sensor" may not have an appropriate translation in Ukrainian, requiring creative expression that is tailored to the culture and level of understanding.
  • In Ukraine, choosing an ID solution is "literally a matter of life and death for some people," and they cannot afford to try out questionable solutions.

6. Ukraine's Cyber Resilience and Future

Ukraine continues to maintain its digital infrastructure and the livelihoods of its people during the conflict.

  • Resilience as a digital nation: Ukraine's success is largely due to military reforms as well as the strong development of a digital identity framework.
  • The smartphone app "Dia" consolidates "all of government into one app," allowing users to obtain a passport, open a bank account, apply for university, and more.
  • This digital infrastructure has allowed many Ukrainians to receive their pensions, apply for new certifications, and attend school online, even as their cities are destroyed.
  • Impact on the international community: Yuri Eckerman said, "The more you help Ukraine, the more Ukraine will protect all of you, all of the West," suggesting that Ukraine's successful cyber defense model could contribute to improving international cybersecurity.
  • Future goals and support requests:
  • Heidis Group aims to make Ukraine "the most cybersecure country on Earth."
  • The goal is to deploy 10 security keys, and they are seeking further funding in addition to the 3 donated by Yubico.
  • They also need funding to hire engineers, secure solution engineers, and support with hardware such as laptops, servers, and physical equipment such as bulletproof vests and helmets.
  • Cyber Help Website: We plan to launch a cyberhelp website (cyberwar.com.ua) to transparently share what Ukrainian ministries are asking for and to facilitate the donation process.

7. Conclusion

The conflict in Ukraine has highlighted the importance of identity management and cybersecurity. Challenges range from assisting displaced people to protecting national digital infrastructure. International cooperation, particularly technical assistance and attention to localization, is essential. Ukraine's resilience demonstrates that the resilience of digital identities is essential to the survival of nations, and its experience offers valuable lessons for cybersecurity strategies across the international community.

Leave a comment

This site uses Akismet to reduce spam.For details of how to process comment data, please click here.