SCHERERVILLE: Russia's war against Ukraine might seem to have begun just weeks ago, but that's not the whole story, cybersecurity expert Robert Johnson III said.

Johnson, president and CEO of Merrillville-based Cimcor, said Russia's attacks on Ukraine have been ongoing for years. Cimcor offers real-time cybersecurity monitoring and protection with clients including federal agencies and large corporations.

"This has always been a shadow war. This has been going on for a long time," he said.

Ukraine regained its independence in 1990 after decades of Soviet control.

In 2015, Russia's state-sponsored hackers brought down Ukraine's power grid, leaving 236,000 people without power, Johnson told Lake County Advancement Committee members at a luncheon at Teibel's Restaurant.

In 2017, Russia attacked Ukraine's financial systems, wiping out data. "It was literally to destroy the data and other information on these systems," he said.

That same attack caused the radiation monitoring system at the Chernobyl nuclear power plant to go offline. A 1986 accident at Chernobyl resulted in 30 deaths, according to the World Nuclear Association. The group blamed a flawed reactor design and inadequately trained personnel.

"Some of the sites for Russia have also been brought down by Ukrainian hackers," Johnson said.

Johnson is concerned about deepening diplomatic relations between China and Russia and their attacks on US computer networks. Those two countries along with North Korea and organised crime, are the four top sources of malware, he said.

Cyberattacks by state-sponsored hackers aren't limited to Russia, China and North Korea. A computer virus is credited with slowing Iran's development of nuclear weapons.

Here in the United States, cybersecurity threats are detected and contained an average of 287 days after the initial breach. Johnson put that in perspective. If a security breach happens on Jan 1, it wouldn't be detected and remediated until Oct 14.

"We hear about cybersecurity all the time, and yet we aren't making any progress," Johnson said. "In fact, it's getting worse."

The problem is so bad that cybersecurity insurance providers are losing money. In response, they're increasing premiums and raising the bar on what's considered best practices that clients must follow to be fully covered, Johnson said.

A security breach costs an average of US$4.24mil globally but US$9mil in the United States, he said.

Ransomware is a common problem. A hacker gains control of a computer system, deletes backups and demands payment to restore control to the owner. "We recommend don't pay the ransom. You're better off restoring to one of those old backups," Johnson said.

Victims who pay the ransom often don't get all their data back anyway.

Preparing for attacks like that includes having three backups on two types of media with one of them stored offsite - the 3-2-1 rule, he said.

Among the cybersecurity challenges Johnson is worried about is the increasing number of Internet-connected devices is a threat, too. Cable boxes and pacemakers have been hacked, he noted.

The skills gap is an issue, too. There are far too few cybersecurity professionals. Some are training for that career, but it will take time to get them out of college and up to speed.

 - TNS