Prior to the February Russian expanded military invasion of Ukraine, cyber attacks on Ukrainian public and private institutions accelerated in number and intensity. Two former U.S. government officials and leading experts on cyber security and Ukraine, Greg Rattray and Matthew Murray, had been working with CRDF Global to help Ukraine create the nation’s first national Cybersecurity Strategy. After the invasion took place, they voluntarily began to mobilize an extensive network of cyber defense leaders across a range of U.S. companies and organizations to help Ukraine.
Rattray is a retired U.S. Air Force Colonel, former National Security Council director, former Chief Information Security Officer for JP Morgan Chase, and author of Strategic Warfare in Cyberspace. Murray is a former Deputy Assistant Secretary of Commerce for Europe, the Middle East and Africa and Adjunct Professor at the Columbia University School of International & Public Affairs and Harriman Institute.
Based on their discussions with U.S. and Ukrainian government officials, Rattray and Murray saw an urgent need to help galvanize and organize the U.S. private sector to meet Ukraine’s wartime demands for support of cyber defense. “We were working with CRDF Global and the Ukraine National Cyber Security Coordination Center (NCSCC) through much of 2021 to help Ukraine draft its national Cybersecurity Strategy,” Rattray says. “It is a solid, forward-looking Strategy, but with the invasion, the Ukrainian government and critical infrastructure operators urgently needed to deal with immediate threats posed by cyber attacks. Operational cyber defense assistance provided by private companies has proven highly effective for Ukraine in helping sustain the ability to operate in the digital space.”
Rattray with others reached out to contacts and received support from Avast, the Cyber Threat Alliance, LookingGlass Cyber Solutions, Mandiant, Next Peak, Palo Alto Networks, Recorded Future, Symantec/Broadcom, ThreatQuotient, and others. Murray worked with Ukraine’s NCSCC to build a trusted channel to expedite delivery of cybersecurity assistance to fill specific needs on a daily basis. As Russian tanks rolled across Ukraine, specialists from the world’s top cyber security companies committed to help under the Cyber Defense Assistance Collaborative rubric. “The concept of operational collaboration and deeper public-private cyber defense efforts is a major focus in the U.S.” Rattray says. “Homeland Security’s Joint Cyber Defense Collaborative is a good example, but it focuses on threats to U.S. institutions. It does not have a foreign security assistance mandate.”
Volodomyr Pavelko, founder of Ukraine’s Global Cyber Cooperative Center (GC3), a think tank and cyber security trust hub, notes, “Ukraine needed urgent help to defend critical infrastructure. Collaborating with CDAC to meet specific demands from our government ministries and state-owned enterprises quickly became the way we could obtain that help, and we’ve already seen a significant impact in some of our most important sectors.”
Since March, more than a dozen companies have devoted thousands of hours and cutting-edge tools to help Ukraine cyber defenders secure networks, hunt for and expel malicious cyber intruders, improve attack surface monitoring, and provide cyber threat intelligence to protect critical infrastructure.
“Initially, we pulled the collaboration together with the help of just a couple teammates,” continues Rattray. “A growing set of Ukrainian requests and the outpouring of volunteer expertise demanded a stronger hub to orchestrate what we are doing. To have a strategic impact, we needed a platform, ideally within an organization that already had strong Ukraine connections, cyber awareness, and not-for-profit credentials. Craig Newmark Philanthropies was also prepared to offer generous funding support, but to receive it we needed an established not-for-profit. CRDF Global provides the ideal fit.”
CRDF Global, formed in 1995 to support the U.S. WMD and counterproliferation cooperative threat reduction mission after the fall of the Soviet Union, has been resident in Ukraine since 1997. In 2019, it took on a cybersecurity resilience and capacity building role with funding from the Department of State Office of Coordinator of U.S. Assistance for Europe and Eurasia (EUR/ACE). It has run hackathons, built cyber curriculums for university courses, delivered training courses in cybersecurity for veterans of the 2014 conflict, and convenes a regular “cyber cluster” meeting with the participation of over 100 national and international stakeholders on behalf of Ukraine’s National Security and Defense Council.
“We’ve done and are continuing to do good things in Ukraine on the cyber front,” noted Mike Dignam, CRDF Global’s CEO. “By providing the platform for CDAC, we are now able to help companies bring operational cyber defense assistance to Ukraine in an accelerated fashion. I couldn’t be happier to support this effort and further expand CRDF Global’s capabilities in the cyber security realm.”