In early March 2022, a security expert found a way to strengthen Ukraine’s protection for cybersecurity by replacing one of the weakest links – passwords – with security keys.
Hideez CEO Oleg Naumenko saw the need at the start of the war for a better certification system for government agencies and critical infrastructure organizations. He asked Yubiko for help in deploying the security keys to the Ukrainian government.
“We should have had a lot of keys to deploy, but we didn’t have that many keys in our warehouse,” he said. “When we asked for help, we received an answer from Stina the same day.”
Yubico has distributed 10,000 keys at the moment and plans to donate another 10,000.
Stina Erensvard, CEO and founder of Yubico, said the collaboration with Hideez and the Ukrainian government combines smart card technology with FIDO security keys to create a single access point for all services.
“With a smart card, you can access computers, but you can’t access G Suite or Twitter or cloud services, so we’ve added both features to the same key,” she said.
The Hideez authentication server now supports smart cards, FIDO authentication and YubiKeys. The keys are used in many organizations, including:
- SSSCIP, State Service for Special Communication and Information Protection of Ukraine
- Ministry of Digital Transformation, Head of IT Modernization and Next Generation Government Electronic Services
- State energy companies and power plants
- Ukrainian Domain Management Organization .UA Hostmaster.UA
Executive Director of Cybersecurity at a Power Plant in Ukraine says in a blog post on the site Yubico Power plant operators could not rely on legacy or mobile-based authentication due to advanced types of phishing and mid-range attacks, as well as the overall volume of cyber attacks.
“An important aspect of YubiKey is that it is built as a multifunctional and multi-protocol device that allows us to use the same authenticator for computer login, VPN access, cloud performance, e-mail systems, ERP system and mobile devices. applications, “said the CEO.
The factory workers changed their passwords every day as an additional security measure and due to the stress of working in a military zone.
“YubiKeys has significantly increased security and made access to many IT systems faster and easier, which has been a great relief for our employees,” said the CEO. “We believe that YubiKeys are as important to our cyber defense as the bulletproof vests that protect soldiers and others on the front lines of ground warfare.
SEE: Destructive malware “HermeticWiper” hits Ukraine
Ehrensward said that 2FA through text messaging and authentication applications are not strong enough to withstand the current level of cyber attacks.
“We started this work 10 years ago and this is proof that we have developed something that works, that is scalable and that makes a difference,” she said.
Stolen credentials are the biggest single problem in Internet security, and the same goes for war, Ehrensward said.
“Half of the war is in the physical world and half is in the cyber world, and if heating and communication systems fail, one country will not function,” she said.
Deployment of security keys in a military zone
Hideez is a cybersecurity company that specializes in authentication and identity management. The Hideez key is an all-in-one digital key for wireless authentication, password management and RFID locks. Naumenko started the company when his bank account information was stolen along with his savings. Hideez has offices in Virginia and a development office in Kyiv.
Yuri Ackerman, vice president of military efforts at Hideez, said Yubico’s engineers worked closely with his company and Ukrainian officials.
“We are dealing with a lot of stressed people and the Yubico key fits perfectly in this context,” he said, especially given the legacy technology used by government agencies.
Hideez works with the State Service for Special Communications and Information Protection of Ukraine to certify the YubiKey 5 Series for use in government agencies.
Alexander Potiy, Deputy Head of SSSCIP, said in a blog post on the Yubico website that his agency has accelerated the normal certification process of six months plus to receive the YubiKey 5 certification for use in all government and military agencies in Ukraine and their employees. The agency also has 3,000 Yubikey for its employees to use in the electronic document management system.
The SIPCC had a security policy framework for government ministries and agencies that guided the deployment of keys.
Ackermann said implementing the keys requires some user training, especially for people who are used to using passwords. Hideez and Yubico engineers streamlined the recording process to make it easier to implement.
“The key uses the device’s pin code, and that’s a huge advantage because users just have to remember the pin,” he said.
Ackermann said traditional cybersecurity measures could be very expensive, while Yubico’s keys are not.
“The reality is that authentication protection is much more critical and not such a huge expense,” he said. “This work will be a great example of how you develop great defenses.”
Ackermann said people are beginning to realize that the current state of ongoing cybersecurity war around the world requires a better solution than passwords.
“When evaluating future security policy, passwords are not only bad for security in general, but will actually cause more problems as employees struggle much more under pressure,” he said.
Ackermann said the war in Ukraine put cybersecurity work in a very different context, when this experience is vital to protecting national security.
Oleg said that life in Ukraine changed completely on February 24, 2022, when he woke up to a powerful explosion. Despite the loss of homes, jobs and even family members due to the war, Ukrainians are determined to defend and rebuild the country, he said.
“We have a huge goal to create a new life and a new state in Ukraine,” he said. “Many companies change their business model when they start thinking about how to build a new country.