Ukraine's information technology sector is functioning normally despite the war, said panelists Tuesday on a DigitalEurope webinar. It may be the only expert sector in the country that continues to work, said IT Ukraine Association Executive Director Konstantin Vasyuk. Internet coverage is generally good, he said. About 2% of IT workers, those with military experience, have joined in defending against the Russian invasion, and companies respect that choice and are holding their jobs open. Others are staying put, and companies have moved them to safe locations in European countries, Ukraine or the U.S. Women, who make up 26% of the IT workforce, can transfer to Europe, while men must remain in-country. Vasyuk urged clients to support the sector by maintaining their contracts and considering new ones. Asked where the IT industry might be in 10 years, he said if Ukraine survives, its existing IT work in the global market will continue. Ukraine Avenga Managing Director Marta Romaniak said the war didn't catch her company unprepared: It transferred data and infrastructure to safe places such as the U.S. and relocated 300 female staffers and spouses of male IT workers. The firm's human resources department calls employees daily to check on them and ask if they need help. Avenga hasn't lost any clients. Grid Dynamics has moved 95%-97% of its workers to western parts of Ukraine and is shifting women and families to its offices in Poland, Moldova, Serbia, the Netherlands, Germany and elsewhere, said Senior Director Igor Tkach. In addition to continuing business support from clients, the sector needs informational support: He urged everyone to spread the word about what's really happening in Ukraine. Asked how the country's telecom network is holding up, Digital Europe Director-General Cecilia Bonefeld-Dahl told us it's still up and running, but infrastructure in battle zones is suffering. DigitalEurope is trying to bring components from Europe needed to keep the networks open, and is also helping with ICT and humanitarian initiatives. In February, President Volodymyr Zelenskyy signed a law establishing the National Commission for State Regulation of Electronic Communications, Radio Frequency Spectrum and Provision of Postal Services. Earlier this month, mobile operators Kyivstar, Vodafone Ukraine and lifecell, plus the newly created telecom regulator, government, state information protection services and the Ukrainian Association of Telecom Operators, reportedly launched a national roaming pilot to ensure continuity of communications services.
The invasion of Ukraine challenges the concept of multistakeholder internet infrastructure governance, said representatives from ICANN, academia, the European Parliament, civil society, security organizations and others. At such pivotal times, "we must decide as a community whether Internet self-governance has matured sufficiently to address such newly encountered issues." Governments have historically imposed sanctions but the global Internet community hasn't developed a process for doing so, they said. Principles they set out Thursday for sanctions include: (1) Don't disconnect a country's population from the internet because that hampers access to information that might lead people to withdraw support for acts of war. (2) Make sanctions focused and precise, and minimize the possibility of unintended consequences. (3) Military and propaganda agencies are potential targets of sanctions. (4) While it's inappropriate for governments to try to compel internet governance mechanisms to impose sanctions outside the multistakeholder process, there are some effective and specific sanctions that could be considered. Signers backed forming of a "new, minimal, multistakeholder mechanism ... which after due process and consensus would publish sanctioned IP addresses and domain names in the form of public data feeds ... to be consumed by any organization that chooses to subscribe to the principles and their outcome." They urged the community to launch a dialogue on a mechanism to decide whether the IP addresses and domains of the Russian military and its propaganda arms should be sanctioned. After analyzing Ukraine's requests for various ICANN actions (see [2203020002), they concluded that blocklisting is the most effective solution.
To counter malicious domain name registrations involving Russia's invasion of Ukraine, ICANN has begun adding terms in English, Ukrainian, Russian, Polish and other languages to its domain name security threat information collection and reporting system, it said. The watchlist, originally rolled out to fight COVID-19 DNS security threats, searches for phishing or malware names that match a set of related keywords. When evidence of malice appears, the results are reported to the corresponding registrars. Measures European telecom companies are taking to help Ukraine are updated here. Telcos welcomed governments' call to reinforce cybersecurity measures (see 2203090038) and promised to "remain trusted partners to public institutions in countering cyber threats to digital infrastructure." The European Telecommunications Network Operators Association stressed, however, that critical IT infrastructures in sectors such as energy, finance and transport will be increasingly in the sights of cyberattackers, and that there, too, "adequate regulatory precautions must be taken." It urged officials to consider the need to allocate more responsibility for risk management in digital infrastructures to providers of ICT products and services that become integral parts of communication networks.
EU officials agreed Wednesday to help keep Ukraine's telecom services operational and provide IT equipment to allow its government to continue functioning, the French Presidency announced. Telecom ministers urged private sector companies that can to provide the needed equipment. Officials also stepped up the fight against disinformation, saying online platforms, particularly social media companies, "have a decisive role to play in this area." All 27 EU countries urged tech companies to take additional voluntary actions to combat online disinformation and information manipulation. They also noted that while the telecommunications sector is one of the most advanced in cyberthreat preparedness, the Body of European Regulators for Electronic Communications and the EU Agency for Cybersecurity should identify the risks jeopardizing communications networks and infrastructure and determine how to make them more resilient. Officials also agreed to accelerate work on revising the network and information security directive. Meanwhile, the European Parliament published a report that criticized the bloc for its "general lack of awareness of the severity of foreign interference and information manipulation, overwhelmingly carried out by Russia and China," which is "exacerbated by loopholes in legislation and insufficient coordination" among EU members.
The FCC and the National Communications Commission of Georgia signed a memorandum of understanding Wednesday pledging bilateral cooperation in telecommunications and media policy. FCC Chairwoman Jessica Rosenworcel and Georgian Commissioner Ekaterine Imedadze signed the agreement at the Mobile World Congress in Barcelona. The MOU "establishes a non-binding framework for the mutually beneficial exchange of ideas in the field of telecommunications regulatory policy, with the purpose of contributing to the development of advanced communications in the respective countries," the FCC said.
European telcos and internet companies are acting to help Ukraine after the Russian invasion, they said this week. EU Internal Market Commissioner Thierry Breton discussed the need to counter Russian state-sponsored disinformation with Netflix CEO Reed Hastings, who confirmed the company won't comply with new Russian obligations to stream 20 federal TV stations, according to a European Commission readout of the Tuesday call. The European Telecommunications Network Operators Association said Monday its members "are rolling out measures to ease communications and support people in distress." Measures so far include free international calls to Ukraine; free Wi-Fi in refugee camps; and distribution of SIM cards to refugees arriving in neighboring countries. For the time being, the war isn't likely to have a significant impact on European telcos or ISPs, emailed telecom consultant Innocenzo Genna: COVID-19 has been much more disruptive because of the increased traffic and the disruption of maintenance/repair supply chains. But he told us some European telecom operators may now face uncertainties when dealing with Russian clients such as carriers, banks and corporations: Can they continue to trade with them? Will the payment system supporting contracts continue? Is there an embargo on the horizon? The most important concern now is cyberwarfare, Genna said. Attacks may become more frequent and Russia itself is under attack by Anonymous. Western companies are realizing they may have a digital sovereignty problem with Russian services and products: The most controversial are Telegram (messaging) and Kaspersky (anti-filter). The latter, commonly used by European companies and public bodies, now risks being banned, he said. An ICANN spokesperson confirmed it received a letter from Ukraine asking it to ban Russia from the domain name system. The letter wasn't available on the ICANN website.
China’s Hikvision told the FCC it shouldn’t be included on the agency’s “covered list” of equipment that threatens U.S. networks, in a filing posted Thursday in docket 21-232. The company’s video surveillance equipment doesn’t pose “any unique or material cybersecurity threat either to the nation’s telecommunications infrastructure or to American businesses or end users,” Hikvision said: “Its equipment can be, and frequently is, set up in configurations that are not connected to the Internet or any outside network, and thus are protected against the possibility of inbound cybersecurity attacks because there is no point of entry from which a third party could attempt to access the equipment, and are also protected against outbound data transmission because the system is not connected to any outside network.”
Data is an "untapped potential," the European Commission said Wednesday. As part of its European strategy for data, it floated new rules for use of data, saying its volume has grown from 33 zettabytes generated in 2018 to 175 zettabytes expected in 2025. The Data Act will address the legal, economic and technical issues causing its under-usage, the EC said. The rules will make more data available for reuse and are expected to create 270 billion euros ($306 billion) additional GDP by 2028. Proposals include measures to allow users of connected devices to gain access to the data generated by them, often harvested exclusively by manufacturers, and to share it with third parties to provide after-market services such as predictive maintenance; and provisions to rebalance the negotiating power for small and mid-sized enterprises by preventing abuse of contract imbalances in data-sharing agreements. It provides for ways for public sector bodies to access and use data held by the private sector when needed for exceptional circumstances such as public emergencies, and it allows customers to switch between different cloud data-processing services providers while safeguarding against unlawful data transfer. The proposal is "well-intended but in need of improvements," said the Computer & Communications Industry Association. It "will serve the EU's digital ambitions if it protects confidential business information, treats all companies equally, and avoids creating new data flow restrictions," said Public Policy Director Alexandre Roure. The proposal is "essential to consumers," said the European Consumer Organisation: People originate much of the data via their use of connected devices and digital services and must be able to control how and with whom their data is shared.
The U.K. Office of Communications proposed tighter rules against robocalls and texts. Nearly 45 million people were targeted by spoof calls and texts last summer, and almost a million of them fell for the scammers' instructions, it said Wednesday. Ofcom works with phone companies to help them block calls that imitate the numbers of legitimate organizations such as banks and government offices, but "fraudsters quickly adapt to changing circumstances and technology." The regulator proposed requiring all phone networks involved in transmitting a call to block clearly spoofed numbers, plus new guidance to help companies stop scammers from accessing valid phone numbers: Among other things, they will have to run "know your customer" checks on business customers. Ofcom is also examining how technology can help prevent scam calls at the source. For calls originating in the U.K., for example, the network from which the call is made would have to "authenticate" the caller's ID information before connecting the call, a requirement that "should be achievable" when the country's transition to digital landlines is complete.
Comments are due March 4 on World Radiocommunication Conference Advisory Committee draft recommendations it adopted last week and on NTIA recommendations (see 2202150030), said an FCC International Bureau docket 16-185 public notice Tuesday. The bureau said it "generally support[s]" most of the committee draft recommendations.