Ukraine joins Nato cyber knowledge hub

Nato’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) has unanimously approved the accession of Ukraine to the organisation as a contributing participant in a vote held at a meeting of its Steering Committee.

CCDCOE, which is based in the Estonian capital Tallinn, said Ukraine’s experience from previous state-backed cyber attacks orchestrated by Moscow would provide significant value to the organisation, which is tasked with interdisciplinary applied research, consultations, training and exercises in cyber security.

“Ukraine’s presence in the Centre will enhance the exchange of cyber expertise between Ukraine and CCDCOE member nations,” said CCDCOE director Jaak Tarien. “Ukraine could bring valuable first-hand knowledge of several adversaries within the cyber domain to be used for research, exercises and training.”

Estonian defence minister Kalle Laanet said: “Capability and knowledge comes from experience, and Ukraine definitely has valuable experience from previous cyber attacks to provide significant value to the Nato CCDCOE.

“Estonia as a host nation of the CCDCOE has been a long-term partner for Ukraine in enhancing its cyber security capacity and cyber resilience and we welcome the decision of the members of CCDCOE agreeing to Ukraine’s membership.”

Initially proposed by the Estonian government prior to Tallinn’s accession to Nato, the CCDCOE unit was established in 2008 following a series of cyber attacks on Estonian government bodies that were attributed to Russia.

As of February 2022, it counts 27 of the 30 Nato states as it members – including the UK, which joined in 2014 – and five non-Nato members with the same status as Ukraine (Austria, Finland, South Korea, Sweden and Switzerland).

It is one of 21 accredited centres of excellence that focus on technically sophisticated aspects of Nato’s wider operations. Its core mission is to support the alliance with “unique interdisciplinary expertise” in cyber defence research, training and exercises across four focus areas – technology, strategy, operations and law.

Ukraine’s accession to CCDCOE is likely to prompt further ire from Russia’s rogue government, which now finds itself fighting a war that its leadership appears to have badly miscalculated strategically, and has led to near-universal condemnation and ostracism of Russia.

Although any cyber dimension to the war in Ukraine has yet to spill over into Nato states in any meaningful sense, analysts still believe some form of retaliatory cyber action is highly likely.

Mandiant’s James Sadowski and Ryan Hall said that high-profile Russian threat actors, such as Sandworm or Voodoo Bear, would continue or increase cyber espionage against Nato and Ukrainian targets.

“The nature and length of Nato and Western sanctions and responses likely will heavily influence Russia’s perception of high-priority targets for retaliation,” said Sadowski and Hall. “Organisations making public statements condemning Russian aggression and/or supporting Ukraine and organisations taking actions to restrict Russian participation in international commerce, competitions and events face elevated risk of future reprisal.”