For the last month of 2022 we featured Mykhailo Koltsov of YouControl, part of Ukraine’s Cyber Defence Team and a Presidential Advisor since 2016 who gave us his 5 Lessons.
This month we have Kyrylo Goncharuk, CIO of Ukrtelecom, who has 20+ years of experience in IT and 15+ years of experience in management, who shares the case “How to survive in the middle of the cyber war”.
N.B. The full presentation is available by messaging me ( use chriswindley@substack.com ) or Ukrtelecom Communications Manager Olga Nosyk ( o.nosyk@ukrtelecom.ua ) and feel free to ask questions.
JSC Ukrtelecom ensures telco services for critical infrastructure units, local authorities and the Armed Forces of Ukraine.
Its network includes 660 000+ B2C households, 105 000+ B2B customers, 5 000+ B2O customers. It is getting up to 10 attempts of cyber attack each week.
Ukrtelecom still maintains connectivity in approximately 87% of the territories covered by its network.
The provider re-establishes connection for 1,000,000 people in 1,200 settlements.
On March 28, a massive cyberattack was conducted by the enemy on the Ukrtelecom’s infrastructure (slide 10).
To maintain services for our clients, Ukrtelecom utilizes the 2N+ principle of redundancy. During the first months we started building a 3D instance and actively exploit cloud services. The capacity of Internet access channels was quadrupled. Thus, Ukrtelecom has secured redundancy of resources to meet the needs of clients at least three times (slides 13, 14)
Ukrtelecom reacted to the attack with this procedure:
- Temporary disconnection of our subscribers from the company’s services.
- As the priority task, communication for special subscribers was provided.
- Ukrtelecom Co-operated with Western partners to identify and eliminate the consequences of the attack.
- Swift and sharp response of the security center.
- We protected the infrastructure (slides 16,17)
As a result, we have acknowledged:
- Cooperation and communication are the key points
- Zero-trust infrastructure is a crucial element of a company’s cyber security system;
- Corporate resources should be isolated from users.
And insights:
The Team is a core asset;
To monitor the clients’ activity in order to see if they have been compromised;
Stockholders should be informed about hostile activities conducted against company;
To be ready for tough decision-making and impact assessment.
See this tweet HERE to hear Kyrylo talk about this topic.
Dr. Bilyana Lilly appears on the Mriya Report twitter space.
About Dr. Bilyana Lilly
Dr. Bilyana Lilly is a cybersecurity expert and an adjunct researcher at the RAND Corporation. Dr. Lilly helps clients to detect and respond to ransomware threats and information warfare. Bilyana led a team that developed a threat-based risk assessment framework to prioritize vulnerabilities in critical infrastructure which the U.S. Department of Homeland Security now uses in all 50 states. She is a speaker at DefCon, CyCon, Executive Women’s Forum, and the Warsaw Security Forum, and the author of two books and a dozen publications, translated in Russian and Chinese. Dr. Lilly has been cited in the Wall Street Journal, Foreign Policy and ZDNet and has been denounced by Russia’s Ministry of Foreign Affairs. Lilly has a Ph.D. from Pardee RAND Graduate School, and master’s degrees from Oxford University (distinction) in England and the Graduate Institute in Switzerland.
This is a fabulous interview with Bilyana. Her books HERE.
Online Event Jan 18
Biz Bites – Cyber Security, Telecoms and IT Industry Specific Networking
Biz Bites – Cyber Security, Telecoms and IT Industry Specific Online Networking Event
When and where
Date and time
Wed, 18 Jan 2023, 12:00 GMT
More optionsWed, Jan 18 (12:00 GMT)Wed, Feb 15 (12:00 GMT)Wed, Mar 15 (12:00 GMT)Wed, Apr 19 (12:00 BST)Wed, May 17 (12:00 BST)Wed, Jun 21 (12:00 BST)Wed, Jul 19 (12:00 BST)Wed, Aug 16 (12:00 BST)Wed, Sep 20 (12:00 BST)Wed, Oct 18 (12:00 BST)Wed, Nov 15 (12:00 GMT)Wed, Dec 20 (12:00 GMT)Wed, Jan 17 (12:00 GMT)Wed, Feb 21 (12:00 GMT)Wed, Mar 20 (12:00 GMT)
Location
Online
