By Raphael Satter and James Pearson
(Reuters) – The Ukrainian government is preparing for the potential need to move its data and servers abroad if Russia’s invading forces push deeper into the country, a senior cybersecurity official told Reuters on Wednesday.
Victor Zhora, the deputy chief of Ukraine’s State Service of Special Communications and Information Protection, emphasized his department was planning for a contingency, but that it is being considered at all suggests Ukrainians want to be ready for any Russian threat to seize sensitive government documents.
“We are preparing the ground,” Zhora said. Plan A was to protect IT infrastructure within Ukraine. Removing it to a another country would only be a “Plan B or C”.
The move could only happen after regulatory changes approved by Ukrainian lawmakers, Zhora said.
Government officials have already been shipping equipment and backups to more secure areas of Ukraine beyond the reach of Russian forces, who invaded on Feb. 24 and are laying siege to several cities.
Last month Zhora told https://www.politico.com/news/2022/02/22/ukraine-centralized-its-data-after-the-last-russian-invasion-now-it-may-need-to-evacuate-it-00010777 Politico there were plans to move critical data out of the capital Kyiv should it be threatened, but preparations for potentially moving data abroad go a step further.
Ukraine has received offers to host data from a variety of countries, Zhora said, declining to identify them. For reasons of proximity “a European location will be preferred,” he said.
“There are a lot options,” he said. “All the proposals are highly welcome and worth considering.”
Zhora gave few details of how such a move might be executed, but he said past efforts to keep government data out of Russia’s grasp involved either the physical transport of servers and removable storage devices or the digital migration of data from one service or server to another.
PROTOCOL
Even if lawmakers agreed to lift the restriction on sending Ukrainian data abroad and a protocol for the removal of IT assets were established, it would not necessarily mean that all or even most of the government’s data or network equipment would immediately be sent out of the country, Zhora said.
Government agencies would have to decide on a case by case basis whether to keep their operations running inside the country or evacuate them.
What to do in wartime with piles of data gathered by governments became a topic of international concern following the Taliban’s lightning offensive in Afghanistan last August that took city after city as U.S. and other foreign forces withdrew.
The Taliban conquest of Kabul meant that their forces were in a position to inherit sensitive data – such as payroll information for Afghan government employees and soldiers – which they could potentially mine for leads on how to arrest or eliminate domestic opponents.
Similar concerns are at play in Ukraine. Russia possessing Ukrainian government databases and intelligence files could be helpful if Russia wanted to control Ukraine.
Pavol Jakubec, a historian at Sweden’s University of Gothenburg, said Ukraine was not necessarily planning for a potential government in exile, usually a last resort.
“It may be that they want to forestall potential Russian efforts to block their operations, analogue and digital,” he said.
In 1940 Norway physically sent the bulk of its Foreign Ministry archives to the north of the country and then eventually to Britain as German forces invaded, Jakubec said.
Beyond trying to protect citizens under occupation, Ukrainian officials would want to deny Russian forces the opportunity to possess documents “which could otherwise be doctored by the enemy and used for propaganda purposes,” Jakubec said.
(Reporting by Raphael Satter and James Pearson; editing by Chris Sanders and Grant McCool)