Three digital boxes that saved Ukraine’s government data

As Russian tanks and troops rolled westwards into Ukraine in February, a small team of digital security experts from Amazon’s AWS (Amazon Web Services) team was heading east, with three boxes of digital trickery.

These boxes, about the size of a suitcase and known in true spy code word fashion as a “snowball”, were spirited across the border between Ukraine and Poland and began the process of saving the Ukrainian government’s digital data. Everything from birth certificates to land registries – more than 10 petabytes in all – was successfully pulled out of the country by a combination of these three snowballs and more, and wired connections when and where that was possible.

It won AWS the Ukrainian government’s peace prize, and the company is now rolling the service out to other governments who might be interested, under the title of Continuity of Government IT on AWS, or CGIT for short.

Speaking at AWS’s annual re: Invent conference in Las Vegas, Ukraine’s deputy prime minister and minister for digital transformation Mykhailo Fedorov said: “AWS made a decision that saved the Ukrainian government and the Ukrainian economy. You can calculate that this would cost millions of dollars, but let me be honest with you – this is priceless. Registers, databases: this is critical information infrastructure. This is core for the operation of the economy, of the tax system, of banks, and of government overall. This war proves that digital infrastructure is the most resilient one – you cannot destroy it easily with bombs.”

Will consumers benefit from Aviva entering the Irish health insurance market?

---

A €5bn electricity bill, an apology from CRH and the price of a pint

---

The world’s richest countries must invest in effective, cheap technologies to tackle climate change

---

The man behind the digital recuse of Ukraine is Liam Maxwell, formerly the national technology adviser to the UK government, and now the director of government transformation at AWS.

Softly spoken, and with a bearing that’s closer to George Smiley than James Bond, Maxwell told The Irish Times: “The Ukrainians had obviously done some preparation, they could see that the invasion was coming. But when we needed to go and actually help them with the extraction, that was all done pretty quickly.”

AWS was itself partly prepared. Maxwell’s team – and he was keen to honour the work of Maggie Carter, AWS’s director of social impact in this effort – already has some experience of this sort of database rescue, as it has done similar work in areas hit by hurricanes and other natural disasters. This was different, though. This was extracting and safeguarding all of the digital data of an entire government as a ruthless aggressor gathered over the horizon with tanks and troops.

“The snowballs are rugged,” Maxwell says. “These three literally went into the hold of an aircraft and were picked up from Krakow airport from the normal luggage carousel. They’re cool devices.”

The spy story elements of the story are clearly atavistically appealing, but they do open the door for bigger, more serious questions in a world now much more aware of data security and the vulnerability of personal data. Amazon is a private company, one set up to use such data for profit motives, so how can it ensure the security and sanctity of the data of an entire government?

“Our security model is that we look after the security of the cloud. We make sure that all of the services are there, that they are secure, that they are running, and that they have the integrity and security that people need. Our customers, be they a bank or be they a government, they own their data.”

Maxwell speaks those last four words slowly and deliberately, for emphasis. “They own the services and the applications that they build using our systems. They are responsible for the security and integrity of that data, and that data is under their complete control. If you think of it as running on a series of chips, the chips have one section that links into the cloud, and one section that holds the data, and the two don’t meet. The governments or the companies have their own encryption keys, and we don’t see those or know what they are. We don’t have a master key.”

It also means that the data can be essentially stored anywhere in the world, as the only people who can read it and access it are the people who own it. Maxwell gives the example of the UK government’s Cloud First policy, which he enacted as chief technology officer in 2013. It involved moving endless bytes of sensitive personal data, including security-sensitive data from the Home Office to cloud-based storage and the location chosen was actually Dublin. “We moved that data to the best-performing region we could find, which was Dublin,” says Maxwell. “So it doesn’t matter where the data is, really, the issue is the key and we had the key. So we were totally confident about it.”

The analogy that Maxwell agrees on is that of a delivery van – the van carries around the data, but the driver has no access to the storage compartment. Only the owner of the cargo can get in there.

Cyber security is clearly a huge concern, though. Not only is AWS dealing with the regular sort of cyberattacks from criminal organisations looking for quick profits, it’s also now fending off nation-state attacks, from Russia and others.

“The nation-state attacks are very well-funded,” Maxwell says. “And so it’s a constant game, ensuring that you’re able to keep things secure. From a personal level, I wouldn’t have moved to AWS from a very nice and interesting government job if I hadn’t been completely secure about our security. We run a really successful business and customers trust us for the level of security that we provide, and we work with some of the most demanding customers in the security world. I’m very confident in the security team here, and I think it’s right at the basis of everything we do.”

There is a further concern, though. Amazon getting involved at the highest reaches of national governments will unquestionably raise the hackles of many who criticise the company for its employment and job security policies and its treatment of staff, especially those not represented by a union.

At this suggestion, Maxwell bristles. “It’s not like you get that with other companies such as Fujitsu or IBM,” he says. “We as a company have a set approach, we have a set of standards and we behave ethically at all times in everything that we do. Really what you’re saying is that involving any private company in the delivery of public services creates an issue. We are asked by governments to go and deliver those services, and it is governments that choose to do this. The governance model around procurement transparency and the openness around that is something that we massively support. Being open and transparent about procurement, and the way that you work, and the way that you deliver services and work with the community is something that all companies are judged upon. And I think our record is very strong.”

Ukraine is fast being held up as an exemplar of the digitisation of government, especially through its Diia app, which has been praised for creating a simple, direct digital link between individual citizens and government representatives. The country was a leader in digital technology before the Russian invasion and is set to be so again in the future – AWS is also busy setting up teaching programmes for displaced Ukrainians to set them up as cloud computing technicians and give them a new career for a postwar future.

Beyond that, the CGIT programme is now being rolled out to other governments. Maxwell demurs when I suggest that its potential for data transfer and rescue is ‘limitless’ but he is prepared to say that “it is for governments around the world, and we like to think big”.

“There is a really strong opportunity for governments to do this, not least because of what it costs. It’s not going to break the bank, but with great ability to speed and scale the process, with cloud levels of security. And this is just the early days.”