The parliament held the first readings of several informatization-related bills on September 20. The first of them, which addressed issues of electronic communications, was defeated. Accordingly, draft amendments to the electronic communications provisions of the Budget and Customs Codes were not considered at all. However, there were some positive news as well. The MPs finally passed laws on electronic trust services and on amendments to some legislative acts of Ukraine regarding the information processing in cloud computing systems. And very importantly, the bill dealing with the basic principles of cybersecurity in Ukraine got preliminary approval.
What is the purpose of the latter document? The explanatory note to the bill states it in a verbose but comprehensive manner: “The purpose of the law is to create the national system of cybersecurity as a combination of political, social, economic, and information relations together with organizational and administrative as well as technical and technological measures through a comprehensive approach in close collaboration between the public and private sectors and civil society.”
What issues do the experts see with it? “The worst problem in the field of information and cyber security is the lack of a common conceptual strategy for the creation of appropriate infrastructure,” head of the International Center for Combating Cybercrime Oleksii Komar commented for The Day. “Essentially, these legislative initiatives are good thing, but how will they be applied in practice? I find it hard to believe that the proposed rules will be really needed, well-enforced and beneficial for our society. In fact, the National Strategy on Cybersecurity was developed by 2010, and Ukraine ratified the Convention on Cybersecurity back in 2005. Nothing was implemented, however. What I see now is a confrontation between the National Security and Defense Council (NSDC) and the State Service of Special Communication and Information Protection, who quarrel over division of responsibilities and the right to draft the cybersecurity budget and spend the money.”
“Good international practice calls for clearly defined relations which form a public-private partnership,” Komar continued. “Without this practice, we will not succeed in the slightest. Cybersecurity experts are very few in this country. When the National Police’s Cybersecurity Directorate says they will increase staff salaries to 7,000-8,000 hryvnias, it is laughable because a good IT professional, say, a web designer, earns 20,000 hryvnias in a private company. Therefore, it is clear which jobs such professionals will prefer. So, we definitely need a public-private partnership, regulation of legal relations and a motivation system. Otherwise, nothing will be done.”
How are our politicians going to solve these problems? First of all, it should be noted that back in March 2016, the president signed a decree enacting the NSDC’s resolution “On the Cybersecurity Strategy of Ukraine.” It states that the national cybersecurity system should include as its basic elements the Ministry of Defense, the State Service of Special Communication and Information Protection, the Security Service, the National Police, the National Bank, and intelligence agencies. The Cybersecurity Strategy of Ukraine calls for creating conditions for safe functioning of cyberspace and its use for the benefit of individuals, society, and the nation.
“Ukraine has been at war for more than two years, but no regulation of cybersecurity has been enforced, making this bill extremely important,” co-author of the bill, chairman of the Parliamentary Committee on Informatization and Communications Oleksandr Danchenko commented for The Day. “It is fully consistent with the presidential strategy on cybersecurity. There are very important things in it concerning the description of the critical infrastructure which was not done before at all. This bill is the first step towards a fully-fledged law on cybersecurity, which is being drafted by a large group now. And we will hurry up to get it on the Verkhovna Rada’s agenda as soon as possible.”
Thus, the authorities are gradually moving towards solving the nation’s cybersecurity problems, but considering that we are at war, their pace is much too slow. It seems that the authorities just cannot learn to act proactively. Meanwhile, the Russian aggressor acts quickly and without any slow starts. Moreover, not satisfied with protecting its own cyberspace, Russia uses this mechanism to further its geopolitical objectives as well.