Cyber specialists will be watching — and learning from — Ukraine’s election

Regardless of what unfolds during Ukraine’s election, there will likely be data points that analysts at DHS and Cyber Command can learn from.
Ukraine cyber assistance
Gamaredon has overwhelmingly focused its hacking efforts on Ukraine (Getty Images).

From power outages to the crippling NotPetya wiper worm, Ukraine has been ground zero for disruptive cyber-operations linked to Russia in recent years.

The weeks leading up to Ukraine’s presidential election have only reinforced that narrative. The country’s president accused the Russian government of conducting a denial-of-service attack on the country’s election commission. Only Moscow took issue with that claim.

With that context in mind, the eyes of cybersecurity practitioners around the world – from officials in allied governments to private-sector specialists – will be on Kiev on Sunday as millions of Ukrainians go to the polls to pick a president.

The Atlantic Council, a Washington, D.C.-based think tank, has assembled a team of analysts in Ukraine and the U.S. to watch for any signs of foul play on election day.


“There is always a strong correlation between malware propagation and geopolitics,” said Kenneth Geers, a senior fellow at the council who is part of its Ukrainian Election Task Force. The group will provide live updates on cybersecurity and disinformation incidents during the vote.

Whether any increase in malicious cyber-activity will translate into a significant cyberattack on election day is far from clear.

“I predict it will be quiet, because everyone is watching and there are no serious pro-Moscow candidates,” Geers, a former National Security Agency employee, told CyberScoop.

Olga Polishchuk, senior manager of investigations at LookingGlass Cyber Solutions, said that in Ukraine’s previous election cycles there were more “obviously Russian-backed candidates” than there are in 2019. “It is likely that if nation-state attacks do take place, they will be focused on the election process and not overt and vocal candidate support,” she added.

In the runup to the election, Ukraine’s cyber police chief has accused Russian hackers of stepping up their targeting Ukrainian election officials.


Nikolay Lakhonin, a spokesperson for the Russian Embassy in Washington, D.C., responded to the allegation by saying: “Non-interference in the internal affairs of states is a fundamental principle of international law and of the Russian foreign policy.”

After protesters overthrew Ukraine’s pro-Russia president in 2014, Russian forces annexed the Ukrainian peninsula of Crimea. For the five years since then, Kiev has been at war with Kremlin-backed separatists in eastern Ukraine.

‘Road-testing’ for 2020

Regardless of what digital activity unfolds during Ukraine’s election, there will likely be data points that analysts at places like the Department of Homeland Security and U.S. Cyber Command can use to improve American election security.

“We will be closely monitoring the upcoming elections, looking out for unusual activity that may be a testing ground for future U.S. elections, and building defensive measures based on what we learn,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop.


“We’re also working closely with our European partners to exchange information and best practices as they get ready for their parliamentary elections this spring, and stand ready to support any of our international partners should they request it,” Krebs added.

As for Cyber Command, its mandate covers offensive and defensive cyber operations. That means, if authorized, the command could conduct operations to support allies whose elections are threatened by foreign adversaries.

In the aftermath of Russian intervention in the 2016 U.S. election, the command has shown an increased willingness to coordinate with allies like Ukraine on election security. Some of the command’s defensive teams traveled to Ukraine before the 2018 U.S. midterm elections to collaborate on network defense and study cyberthreats. .

“Our operations allowed us to identify and counter threats as they emerged to secure our own elections and prevent similar threats [from] interfering in those of our partners and allies,” Gen. Paul Nakasone, head of U.S. Cyber Command, told Congress this month.

A Cyber Command spokesperson did not respond as of Friday afternoon to questions on the level of support the command would be willing to provide Ukraine for its election defense.


Jason Healey, who was head of cyber infrastructure protection at the White House from 2003 to 2005, said a case could be made for Cyber Command to actively help defend Ukraine’s election from cyberthreats as part of a broader effort to support allies holding elections this year.

“We [could] say the best time and place to start disrupting election interference is in Europe in 2019 rather than waiting for 2020 and fighting them here,” said Healey, an adjunct professor at Columbia University’s School of International and Public Affairs. “If we allow [Russia] this chance to practice without practicing ourselves, then they’re going to have a leg up.”

Sen. Mike Rounds, R-S.D., told CyberScoop that Cyber Command is “better positioned now than we have been in the past” to help assist allies threatened by advanced hackers.

“Our national policy should be such that we are able to respond when we think it’s appropriate to assist our allies,” said Rounds, who chairs the Senate Armed Services subcommittee on cybersecurity.

With European officials warning about the possibility of Russian interference in EU parliamentary elections in May, 2019 could be a big test for America’s willingness to help allies defend their electoral processes from digital threats.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts