Purdue cyber security experts coached guardians of Ukrainian critical infrastructure

Purdue University, a leading seat of cybersecurity expertise, may have helped the cyber security personnel guarding power plants, the electrical grid and other critical infrastructure in the Ukraine to successfully fend off recent cyber attacks.

CERIAS, the Center for Education and Research in Information Assurance and Security at Purdue, has provided programs in cyber security training, education and research support to Ukrainian government, public sector and higher education institutions since 2019. This work has been done through the non-governmental organization CRDF Global, which receives support from the U.S. Department of State.

Indicating the need for training, the Ukrainian National Security and Defense Council, which coordinates cybersecurity activities in the country, referred more than twice the originally expected number of professionals to participate in a series of four 2-day workshops held virtually in 2020. Based on the results, CERIAS prepared a report for the U.S. State Department identifying areas of strength and weakness and opportunities for additional training.

Across the board, Joel Rasmus, managing director for CERIAS, said that during the trainings he observed recurring areas where the participants excelled and common areas where additional training is probably warranted. All the evaluators observed that more should be done to focus on fundamental cyber defense; skills CERIAS taught in its programs with Ukraine.

“They have talented cyber professionals in Ukraine, but much of their approach to cyber security is different from what many western companies or public utilities would use,” said Rasmus. “They put a lot emphasis on learning to break and harden systems, instead of looking to design new architectures and technologies to protect systems.”

The capabilities of critical infrastructure cyber security personnel mirrored the curriculum at many Ukrainian universities, which similarly often focuses on reverse engineering, ethical hacking and penetration testing to find out how a network can be entered.

In the virtual workshop series, CERIAS taught cyber-security professionals from state-run critical infrastructure facilities defensive tactics and skills in secure operations, intrusion detection, digital forensics and penetration testing. CERIAS had originally planned 18 slots per workshop, but ultimately worked with more than 40 professionals in each workshop.

Each workshop included a day of training and a day-long challenge testing cyber skills. Ukrainian personnel might be charged with defending a network as CERIAS introduced different vulnerability and risk scenarios, for example. Or CERIAS might have the Ukrainians investigate a breached network, detailing where and when the breach happened, what the cyber intruders did and backtrack to try to identify the bad actor who broke in.

In April, Ukrainian officials announced that they had fended off a Russian cyberattack on Ukraine’s power grid. The attack is the latest in a series in which Russia has been implicated as part of its invasion of Ukraine. Ukrainian banks have been hit with denial-of-service attacks, “wiper” malware has been used against Ukrainian government offices, and the day the invasion began, ViaSat satellite broadband in Eastern Europe suffered outages, affecting Ukrainian armed forces, police and the country’s intelligence service.

“Following the Russian invasion of Ukraine, most experts predicted a significant cyber component to the conflict. There has been numerous attacks, but the impact we are seeing is  far less than anticipated,” said Rasmus. “It’s a testament to the skill of the Ukrainian professionals, and certainly a ‘nod’ to all the assistance and training provided through U.S. Department of State programs, including the training of front-line cyber professionals.” 

About Purdue University

Purdue University is a top public research institution developing practical solutions to today’s toughest challenges. Ranked in each of the last four years as one of the 10 Most Innovative universities in the United States by U.S. News & World Report, Purdue delivers world-changing research and out-of-this-world discovery. Committed to hands-on and online, real-world learning, Purdue offers a transformative education to all. Committed to affordability and accessibility, Purdue has frozen tuition and most fees at 2012-13 levels, enabling more students than ever to graduate debt-free. See how Purdue never stops in the persistent pursuit of the next giant leap at https://stories.purdue.edu

                       Writer: Mary Martialay

Image provided by Purdue Research Communications

Cyber Security Image
Purdue University, a leading seat of cybersecurity expertise, may have helped the cyber security personnel guarding power plants, the electrical grid and other critical infrastructure in the Ukraine to successfully fend off recent cyber attacks.