During the war, Ukraine managed to maintain a balance between transparency and security of digital data in a mode constrained by time and financial resources. This was stated by Ihor Iaremchuk, a member of the Accounting Chamber, in his report at the 16th meeting of the EUROSAI IT Working Group, held in Poland.
The event was attended by more than 40 members of the EUROSAI IT Working Group, as well as INTOSAI members representing the Supreme Audit Institutions of the USA, Qatar, India and Pakistan. They discussed the balance between digital development and the right to maintain control over data and processes.
Referring to research data prepared with the assistance of the European Commission, Ihor Iaremchuk noted that Ukraine ranks second among European countries in terms of general indicators of the level of development of open data. During the martial law, 499 state registers are operating in the country, 14 of which are priority for the vital activities of society and the economy. More than 541 million transactions are carried out between them every quarter.
"During the war, Ukraine has not only ensured high availability of information systems that have become the basis of its economy, medicine, education, and civil society, but has also taken adequate legal, organisational, and technical measures to ensure data security and confidentiality," Ihor Iaremchuk emphasized.
The Accounting Chamber estimates that the total amount of information resources processed and stored in Ukrainian information systems is approximately 180-230 PBytes.
"It will take about 5 years to move this data using a fibre-optic cable with a bandwidth of, for example, 10 Gbps, which we did not have at the beginning of the large-scale Russian invasion. The countdown went on for hours," noted Ihor Iaremchuk, adding that part of the information infrastructure was damaged or captured by the enemy. Some information resources have been blocked by their owners due to fears of destruction, cyber-hacking or loss of information.
According to the member of the Accounting Chamber, in the first months of Russia's large-scale invasion of Ukraine, the situation in the banking sector was the most coordinated and organised.
"Since the beginning of the war, in 2014, the National Bank has obliged banks to have backup data processing centres to ensure their uninterrupted operation. In addition, the NBU has implemented a multi-level backup of its own information systems. Since then, the banking system has been operating stably, and customers have been receiving the necessary services using online services," summed up Ihor Iaremchuk.
The member of the Accounting Chamber noted that in 2022, the IT industry brought about $8 billion in export revenue to the Ukrainian economy, which is 10-12% more than in the same period in 2021. The share of IT services exports in GDP increased by 51% to 5.4%. Before the war, the public sector's share of the Data Processing Center (DTC) was about 20%, and now it is over 40%. 3-4% of commercial enterprises have temporarily switched to service only in European data centres. To protect their data during the war, 46 out of 67 Ukrainian banks have taken the opportunity to transfer or duplicate their data to clouds abroad.
"The state should pay more attention to issues related to the availability of data posted in state information resources, including the creation of stationary and mobile data backup centres and duplication of IT infrastructure using cloud technologies. Business entities should be encouraged to develop their IT infrastructure, including through wider use of their services. We should encourage periodic assessments of the critical infrastructure readiness level, which ensures the stability of data centres and other IT infrastructure facilities, and propose appropriate regulations and procedures," emphasized Ihor Iaremchuk.
The members of the EUROSAI IT Working Group agreed to develop a joint methodology for testing the uninterrupted, systematic operation of the IT infrastructure.
Background
The EUROSAI ITWG was established in 2002 to enhance the institutional exchange of experience and knowledge between SAIs in the European region and to facilitate the implementation of joint control activities in the field of information technology. The Working Group complements the initiatives of the INTOSAI Standing Committee on Information Technology and facilitates the exchange of experience between two organisations.