At that time, numerous vulnerabilities were found in its operations, and a document was issued requiring their resolution. However, instead of addressing the identified issues and vulnerabilities, the enterprise opted to litigate against the governmental body that conducted the inspection. This situation is not an anomaly but rather a peculiar trend among the "new digitalizers" who did not believe in cybersecurity.
Subscribe to our Viber: news, humor, and entertainment!
SubscribeThis was reported by Informator.
Zap - originated from NAIS
The Ministry of Justice of Ukraine not only had to warn about a large-scale cyberattack on state registries that began on December 19, 2024, but it could have also prevented it. All that was needed was to comply with the requirements set by the regulatory authorities. These were formalized in a special directive and emerged after a comprehensive inspection of the state enterprise NAIS, operating under the "umbrella" of the Ministry of Justice, conducted back in November-December 2020 by the authorized body.
However, during the leadership of the Ministry by Denys Maliuska, the agency preferred other methods to address the situation with critical vulnerabilities in the system. Simply put, it went to court to annul this directive. Informator tracked down this lawsuit in court registries and decided to examine its contents.
Currently, part of the blame in the Ministry is placed on NAIS. This is inferred from the data revealed by "Ukrainska Pravda" regarding the dismissal of its CEO, Oleksii Berezhnyi: the official's contract, expiring on December 25, 2024, will simply not be renewed. NAIS is responsible for managing the state registries of the Ministry of Justice, including the Unified State Register (USR), the State Register of Civil Status Acts, as well as the "Bankruptcy and Insolvency" system.
Popular articles now Horoscope for December 24: everything may not go as you thought - but it’s for the best Pensioners in 2025 will receive more: who can expect a "raise" in payments of 10-12% Pensioners will get extra money in January: who will start receiving slightly more than 900 UAH Ukrainians urgently need to re-register their accounts: who should gather documents and go to the customer center Show more
The lawsuit was examined by the scandalous OASK
Berezhnyi led NAIS since 2019, making him the official under whose leadership the key registry-holding enterprise was inspected for vulnerabilities. Informator found data about this inspection in the Opendatabot system – it was conducted by the authorized government body from November 12 to December 4, 2020. Based on the results, an act and directive were prepared - a document containing requirements for NAIS to address deficiencies in the protection of the registries.
The contents of the inspection itself, as well as the requirements for NAIS, are not subject to disclosure (they are classified as "for official use only"). However, there is data in the judicial system about the lawsuit in which NAIS attempted to annul this directive, as well as to prohibit any other actions related to the inspection. It was filed on May 18, 2021, in the Kyiv District Administrative Court - the very court known for numerous corruption scandals and subsequently dissolved by the Verkhovna Rada on December 13, 2022, through a law specifically introduced by the president (the Kyiv City District Administrative Court was established in its place).
Form and deadlines: what the Ministry of Justice contested
Judge of the OASK, Volodymyr Donets, opened the proceedings. NAIS's arguments were based on the "lack of legal grounds" for the inspection and the assertion that the final act was drawn up "not in a standardized form" and was allegedly submitted "in violation of the deadline." Furthermore, the inspection itself was conducted following information from the Investigation Department of the Main National Police of Kyiv – this also, according to NAIS, indicated the "illegality" of the inspection.
The representative (NAIS - Ed.) also noted the existence of a justified risk of revocation of the certificate of compliance for the integrated information protection system of the Information System of Unified and State Registries of the Ministry of Justice of Ukraine, which would lead to the cessation of the operation of these registries for an indefinite period and the inability to not comply with the clearly unlawful demands outlined in the act," the court's ruling states from July 28, 2021.
However, Judge Donets concluded that NAIS's claims were unfounded and denied the measures to secure the lawsuit (i.e., he did not suspend the action of the act and directives). At the same time, NAIS retained all certificates of compliance – including the threats identified for the system according to the inspection. Although the judge had time to schedule the case for substantive review, due to the court's dissolution, it never fully delved into the examination of the case.
What Maliuska says and what Fedorov has to do with it
Ultimately, the baton was passed to the Kyiv District Administrative Court in the person of Judge Horobtsova in March 2023. However, the case did not progress beyond the appointment of the court composition at that time. It seems that due to NAIS's lawsuit, the Ministry of Justice managed to "ward off" the inspection and directives - but left all the vulnerabilities identified by specialists in the system.
The consequences of this were likely witnessed by the country in December 2024 - along with a large-scale cyberattack on the registries managed by NAIS. Now, Denys Maliuska assures that most of the information allegedly "stolen" by Russians was actually already publicly available. The only exception was the information from the State Register of Civil Status Acts, "one of the most closed registries" (as the former minister explains, this concerns the confidentiality of adoption, which is strictly protected by law).
It can be assumed that the cyberattack could have had different consequences, or could have been repelled entirely, had the Ministry of Justice during Maliuska's time and NAIS acted promptly, fulfilling the directives according to the security standards of state registries instead of contesting the inspection. However, the situation with the attack seems to align with the philosophy of combating threats in the IT sector, expressed by Deputy Prime Minister Mykhailo Fedorov back in November 2019. At that time, the official stated directly: after a series of cyberattacks (particularly in 2016), Ukraine has reached another level, therefore, "the role of cybersecurity is somewhat exaggerated."