Ukrainian government officials have begun storing sensitive data outside the country to protect against Russian cyber and physical attack, and are in talks with several European countries to move more databases abroad.
Since the start of the war, about 150 registries from various government ministries and offices, or their backup copies, have been moved abroad or are in discussion to be relocated, said Georg Dubinsky, Ukraine’s deputy minister for digital transformation.
Previously, most government information was held in data centers in Ukraine, and backup copies needed to be moved to the cloud first, he said. He said the government preferred the critical databases to be moved from old legacy data-storage systems, and copies of those registries for storage in the clouds outside Ukraine.
“To be on the safe side, we want to have our backup abroad,” Dubinsky said.
Moving the database to the cloud adds a layer of security because government officials can still access it, even if a data center in Ukraine is demolished by Russian weapons, he said. He said the government has specified legal and security provisions to help protect the database from cyber and other threats.
For example, in the early days of the war, a government data center was damaged by Russian missiles, Mr. Dubinsky said. But no data was lost because backups were available.
“It was certainly a red flag for us that we have in place anyway to protect and secure our important data storage,” he said.
This threat is gone since the invasion began. Russia attacked a military base outside Kyiv on 24 February, the first day of the invasion, and Ukrainian government buildings attacked since. Last month, US, UK, EU and other countries Russia blamed for cyber attack days of an attack on a satellite-communications company that shut down internet service for thousands of Ukrainians and Europeans and Disrupted remote-control systems for wind farms in Germany,
Russia has consistently denied launching cyberattacks. But its siege quickly crystallized the Ukrainian government’s thinking on data security: “In case of emergency, we need to ensure that our IT systems continue to function,” according to the country’s specialized communications and information protection service. State Service Deputy Chief Viktor Zora said last month.
Ukraine is already storing some government data in Poland, in a specially designed private cloud, Dubinsky said. He declined to elaborate on the technology, but said the server only hosts Ukrainian information, and Ukrainian and Polish officials tested it together. He is working on similar arrangements with other countries including Estonia and France.
A military base in Brovry, Ukraine, after being hit by a missile on the day Russia invaded Ukraine.
photo:
Christopher Ochicon for The Wall Street Journal
Mr. Dubinsky’s office preferred “VIP” databases – which are essential to support Ukraine’s economy – to be transferred first. He said that even during the war, services like digital identities for citizens need to continue and the government needs access to tax data and other information.
“We are responsible for the personal data of our citizens, we are responsible for all sensitive data,” he said. Whatever the cost, “it’s a question of safety.”
Chris Kubeka, a cyber warfare expert at the Middle East Institute, a think tank in Washington, said governments run the risk of losing data entirely or being manipulated by hackers if they keep only one copy, and only physical and cyber risks during war. increase.
“If someone attacks that single point of failure, great, great. But not for you, the government. It’s become a serious problem,” said Ms. Kubeka, who visited Ukraine in the early weeks of the war. Did, to consult on cyber security.
How the government classifies data and determines what may be sensitive or risky during war, Ms Kubica said. Russia may maliciously use Ukrainian personal data for strategic goals in the regions it seeks to occupy. For example, information on individuals can make it easier to track their activities and contacts.
Moving sensitive government databases abroad requires a review of legal and security requirements to protect data, such as the level of encryption, Dubinsky said. He said some government registries are massive, with around 1.5 petabytes of data, and in some cases officials spent weeks designing a data storage system, testing it, then adjusting it.
Ms Kubeka said government officials overseeing the transfer of data overseas need to consider whether they can rely on telecommunications networks that enable them to sync data held in the cloud. They said they should also clarify with their counterparts in the host country whether domestic cyber defense teams will step in to assist in the cyber attack.
This process can be costly, and will require additional support staff to monitor the exported data. “It’s not an overnight thing,” she said.
Videos showed Russian tanks crossing the border, carrying out airstrikes in several cities and long lines of cars running after Russian President Vladimir Putin announced a military operation in Ukraine. The US and its allies condemned the invasion and announced further action against Russia. Photo: Sergei Grits / The Associated Press
write to Katherine Stupp Catherine.Stupp@wsj.com
Copyright © 2022 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8