Ukraine’s cyber success prompts call for U.S. to shore up its defenses

Despite Russia’s long history of potent cyberattacks against international targets, primarily in the U.S., Ukraine’s internet infrastructure remains highly resilient. As Oleksandr Bornyakov, Ukraine’s deputy minister of digital transformation, said Wednesday during a virtual event, according to the Wall Street Journal: “You can conduct business, you can pay taxes, you can go to the bank. The payment system is working. So they were not able to disrupt massively anything.”

The precise reasons for the federation’s fecklessness are debatable: One theory goes that Russia’s top hackers are strategically waiting to launch larger attacks when needed, while another suggests Russia wants to keep communications infrastructure intact for post-invasion operations—but Ukraine’s defensive posture certainly deserves praise. 

For that, Ukrainians can deliver some credit to the U.S. military and private sector. The Financial Times reported Wednesday that the U.S. Army’s Cyber Command, federal contractors, and American companies banded together in recent months to bolster Ukraine’s cybersecurity defenses.

“Experts warn that Russia may yet unleash a devastating online attack on Ukrainian infrastructure of the sort that has long been expected by Western officials. But years of work, paired with the past two months of targeted bolstering, may explain why Ukrainian networks have held up so far,” according to the FT.

Now, that kind of successful public-private partnership is already drawing calls in the U.S. for closer ties between the government and the tech industry—setting the stage for a classic battle between supporters of regulation and free markets.

In recent weeks, several prominent cybersecurity officials have seized on the Russian invasion to call for new legislation aimed at centralizing and standardizing U.S. cyber defenses. 

Perhaps most notably, the first U.S. National Cyber Director, Chris Inglis, declared last month that the U.S. “needs a new social contract for the digital age—one that meaningfully alters the relationship between public and private sectors and proposes a new set of obligations for each.”

“The private sector must prioritize long-term investments in a digital ecosystem that equitably distributes the burden of cyberdefense,” Inglis wrote in a Foreign Affairs op-ed with Harry Krejsa, a fellow at the Center for a New American Security think tank.

They continued: “Government, in turn, must provide more timely and comprehensive threat information while simultaneously treating industry as a vital partner. Finally, both the public and private sectors must commit to moving toward true collaboration—contributing resources, attention, expertise, and people toward institutions designed to prevent, counter, and recover from cyber-incidents.”

So far, the tech industry hasn’t much responded to calls for deeper government involvement in light of Russia’s invasion. But resistance—and inertia—could prove powerful.

Look no further than the U.S. Cyberspace Solarium Commission, appointed by Congress to study and recommend changes to the nation’s cyber bureaucracy. While federal officials enacted a couple dozen commission proposals, drawing bipartisan praise from prominent members of Congress, many of those did not require much private sector collaboration. 

Meanwhile, several recommendations that would involve shifting power from businesses to bureaucrats, such as passing a national data security and privacy protection law, haven’t gained traction. (One higher-profile proposal, which would increase hacking and ransomware reporting requirements, is on track to reach President Joe Biden’s desk.) 

The Information Technology Industry Council’s strategic legislative priorities for 2022 also prove instructive. The council, which represents dozens of the largest U.S. and foreign tech companies, primarily asks federal officials to “streamline requirements between the various cybersecurity compliance regimes.” Notably, it doesn’t call on Washington to add extensive cybersecurity requirements or take significantly more responsibility for private-sector regulation.

The public-private defense of Ukraine proves that both sides can work together to fend off a common enemy. But will that partnership thrive on American soil and in the halls of government?

Want to send thoughts or suggestions for Data Sheet? Drop me a line here.

Jacob Carpenter

NEWSWORTHY

A split decision. Amazon shares rose 5% in midday trading Thursday after the e-commerce giant’s board signed off on a 20-to-1 stock split and $10 billion share buyback. The split, which comes as a single Amazon share approached $3,000, could help the company attract more interest from retail investors scared off by the expensive stock price. Amazon shares are down 4% over the past 12 months, lagging behind fellow tech behemoths Apple, Alphabet, and Microsoft.

Beating the blockade. Twitter has launched a version of its service that lets Russian users circumvent government efforts to block them from the platform amid the invasion of Ukraine. Twitter officials said their long-awaited Tor Onion service, which encrypts online traffic and routes it in a way that avoids government censorship tools, has been in the works for several years. The restored access could help Russians get access to information about the war outside state-sponsored media outlets, which are reporting false propaganda designed to usher support for the incursion.

The hits keep coming. The corporate retreat from Russia continued on Wednesday, with Alphabet suspending payment features on its YouTube and Google Play services inside the country and two video game giants withdrawing from the country. Reuters reported that Alphabet’s pause on monetization followed its suspension of online ads in Russia, where most companies have cut off profit-seeking services. CNBC also reported that Sony’s PlayStation unit and Nintendo have stopped shipping products to Russia, joining Xbox maker Microsoft in halting video game sales.

In the line of fire. The congressional committee investigating the Jan. 6 attack on the U.S. Capitol has subpoenaed Salesforce, putting the software company in the middle of a political battle between investigators and the Republican National Committee, Axios reported Wednesday. A copy of the subpoena, reviewed by Axios, shows the Democrat-led committee is seeking documents from Salesforce relating to RNC fundraising practices. The RNC uses Salesforce products to communicate with potential donors, meaning the company’s servers could contain emails and other records tied to the political organization.

FOOD FOR THOUGHT

Dead on arrival. Meta’s failed drive to create a global cryptocurrency, known as Diem, could never overcome one fatal flaw: It was created by the company formerly known as Facebook. An investigation by the Financial Times, based on 30-plus interviews with sources familiar with the Diem drive, found that regulators and politicians involved in green-lighting the cryptocurrency couldn’t get past Facebook’s history with disinformation, content moderation, and consumer privacy. Diem unceremoniously died in January as federal officials continued to stonewall approval of the cryptocurrency.

From the article:

What emerges is a picture of Silicon Valley executives who thought they could charge into finance and make billions, if only they could surmount technical and regulatory barriers.

What [Meta] failed to realize was that the very fact Facebook had conceived the idea, doomed it. As one government official involved in the process puts it: “Diem spent years trying to reverse engineer their project to fix all of its faults. But they could never fix being linked to Facebook. It was their original sin.”

IN CASE YOU MISSED IT

Some 61% of women say online harassment is a problem. Google Jigsaw wants to give them back control, by Emma Hinchliffe

Tesla email shines light on how SpaceX delivered Starlink internet to Ukraine only days after Musk said it would, by Nicholas Gordon

Augmented-reality specialist Magic Leap is back with a new headset as interest in the metaverse soars, by Jonathan Vanian

Bored Apes and CryptoPunks help jolt NFT market to over 21,000% growth and $17.6 billion in sales last year, by Marco Quiroz-Gutierrez

Unveiling its vegan electric bus, Volkswagen taps into the spirit of America’s 1960s counterculture, by Christiaan Hetzner

Why Stryker is going all in on A.I. in health care, by Susie Gharib and Stephen Merenes

BEFORE YOU GO

You’re up, Sunny. Two months after a federal jury convicted Theranos founder Elizabeth Holmes on four felony counts, her ex–business partner and ex–romantic partner is getting his turn in the courtroom. Jury selection began Wednesday in the case of Ramesh “Sunny” Balwani, who faces the same 12 counts related to allegations of defrauding investors and patients tied to the disgraced blood-testing company. The New York Times has a full rundown of what to expect from Balwani’s trial, which should include more details about the lesser-known force behind Theranos’s rise and fall.