Strengthening Cyber Defenses: Belgium’s Response to the Ukraine War
The outbreak of the war in Ukraine in 2022 sent shockwaves through Europe, not only due to its geopolitical implications but also because of the heightened cyber threats that emerged as a result. As Russian aggression escalated, so did the risk of cyberattacks targeting Ukraine’s allies. In this context, many European nations, including Belgium, began to reassess and fortify their cyber defenses.
The Leonidas Project: A Strategic Initiative
In response to these growing threats, Belgian Prime Minister Alexander De Croo launched the Leonidas project in 2022. This initiative aimed to bolster national cyber defenses and enhance governmental support for Belgian organizations facing increased cyber risks. The project was entrusted to the Centre for Cybersecurity Belgium (CCB) and its Cyber Threat Research and Intelligence Sharing (CyTRIS) division.
During the Predict 2024 event hosted by Recorded Future in London, Pedro Deryckere, head of CyTRIS, elaborated on how the Leonidas project has significantly improved Belgium’s national cyber resilience.
Decoding the CCB’s ‘Spear Warning’ Strategy
Before delving into the specifics of the Leonidas project, Deryckere introduced the CCB’s proactive defense strategy known as the ‘Spear Warning’ service. This initiative is designed to directly inform vulnerable organizations in Belgium about critical cyber issues they may face.
“Our goal with our Spear Warning tactic is to ensure that whoever received the phishing email or clicked the malicious link understands exactly what they need to do,” Deryckere explained.
Every two weeks, CCB staff convene to identify and prioritize exploited vulnerabilities, credential leaks, and potential pre-ransomware activities. This collaborative effort involves gathering information from both internal sources and external partners, including private sector entities.
When a new cyber threat is identified, the CCB promptly notifies the affected organization through one of three channels: email, a physical letter to the leadership team or CEO, or a phone call. Deryckere noted that while some might view this approach as aggressive, many system administrators have expressed gratitude for the direct communication, as it helps them advocate for urgent system patches to their leadership teams.
Additionally, each beneficiary of the Spear Warning service is granted access to a personalized dashboard, enabling them to track and prioritize the issues they need to address.
Unpacking the Leonidas Project
The Leonidas project was conceived in direct response to the war in Ukraine, with a clear mandate from Prime Minister De Croo to act swiftly. “The project had to be 100% related to the war in Ukraine, and the PM wanted us to start quickly,” Deryckere remarked.
Developed in collaboration with law enforcement agencies, national computer security and response teams (CSIRTs), and private cybersecurity providers like Recorded Future and Arctic Security, the Leonidas project aims to achieve several key objectives:
- Protecting Belgian companies from targeted cyber-attacks
- Safeguarding organizations against distributed denial-of-service (DDoS) attacks orchestrated by Russian-aligned hacktivists
- Monitoring the geopolitical situation in Ukraine
- Keeping tabs on dark web activities
The project is structured around several pillars, including:
- A national vulnerability management initiative based on the Spear Warning service
- A national attack service management project
- An anti-DDoS feature
- Geopolitical monitoring
- Dark web monitoring
- Threat landscape reporting
Deryckere emphasized the importance of continuous vulnerability scanning, stating, “As part of the Leonidas project, we scan vulnerabilities every other week until we achieve a 75% success rate in patching across Belgian organizations.” Since the project’s inception, the CCB has issued thousands of Spear Warnings, with 16,000 individual warnings projected for 2024 alone. Notably, there has been a decline in the number of Belgium-based hosts vulnerable to critical vulnerabilities since the project began.
Lessons Learned from the Leonidas Experience
Reflecting on the past two years of running the Leonidas project and the Spear Warnings initiative, Deryckere shared valuable insights. “The main takeaway for me is that the public and private sectors might seem different, but they have a lot in common,” he noted. “They share a common enemy and a common goal. Working together increases our impact.”
He highlighted the crucial role of private companies in rapidly establishing a framework for the Leonidas project, enabling swift and actionable results, especially in contrast to the often slower processes found in the public sector.
Conclusion
Belgium’s proactive response to the cyber threats stemming from the war in Ukraine exemplifies the importance of collaboration between public and private sectors in enhancing national cyber resilience. The Leonidas project and the Spear Warning service not only protect Belgian organizations but also serve as a model for other nations grappling with similar challenges. As cyber threats continue to evolve, the lessons learned from Belgium’s experience will be invaluable in shaping future cybersecurity strategies across Europe and beyond.