The unheralded success story of Ukraine's cyber-defences

Viewed through a wider policy lens, this migration of data highlights a basic tenet about cyber resilience -while defences might be overcome, having a backup for critical data that is separate can offset the consequences of an attack.

For Ukraine, cyber resilience is a priority. It has been a victim of Russian cyber-attacks for some time now with energy grids and election infrastructure being frequent targets. Since the invasion, Russian actors — both with suspected links and known links to the government — have maintained a high operational pace of cyber-attacks.

Electrical substations, public administration, media entities, satellite internet terminals have been targeted with destructive malware. Despite this, there has been a general underemphasis on cyber operations during the war, as detailed in Globsec's latest report The War on Ukraine: A Look at (Underemphasised) Russian Cyber Operations.

One plausible explanation for why Russia's malicious cyberspace activity since the war has been underemphasised could be because its effects have been largely muted — owing to Ukraine's bolstered cyber-defences. Ukraine's own efforts towards building its cyber-defences and the collective contributions of the European Union, US, and Nato are yielding results.

These efforts — both predating the invasion and since the invasion — have been crucial in limiting the effects of Russian cyber operations during conflict. Furthermore, this early success of a transatlantic effort to pushback against Russia is indicative of the level of cooperation forged between Ukraine and the EU, US, and Nato countries on cyber resilience.

The contribution of the private sector — where a huge chunk of the capability and technical superiority lies — has also been critical in supporting not only the government (as seen in the migration of data) but also Ukrainian citizens (providing free security services, for example).

The transatlantic response to Russia's aggression in cyberspace has been swift, mirroring their efforts to support Ukraine in all other domains including humanitarian aid, physical resources, and financial resources. That support has entailed deploying experts to boost Ukrainian cyber-defence, donating telecommunications equipment, and facilitating Ukraine's admission in key European institutions as well as Nato centres to bolster their access to critical information.

Here, two aspects are pivotal — firstly, the support offered is wide-ranging and across categories. This includes physical resources, financial aid, operational cooperation, public advocacy via diplomatic efforts including political and technical attributions of cyber-attacks, and support in the domains of policy and institutions.

Secondly, many key programs that facilitated foundational developments towards Ukraine's cyber resilience predate the war. A noteworthy example is the $38m [€35.6m] cybersecurity reform programme under USAID, launched in 2020, to strengthen Ukraine's cybersecurity legal and regulatory environment and build its cyber workforce.

Initiatives of the European Union — like the EU4Digital Cybersecurity East Project launched in 2019 — have sought to significantly bolstered the operational capacities for cybersecurity incidents management in Ukraine.

Seven years ago in Wales

Furthermore, at the Nato's summit 2014 in Wales, five trust funds were created with streamlined focus intended to help Ukraine modernise its defence capabilities including on cyber-defence. The Nato Trust Fund on Cyber Defence was established and declared operational in 2014 — with the specific target of developing its defensive capabilities in cyberspace.

The first phase of the project under the fund was successfully completed with Romania as lead — with a focus on protecting Critical Information Infrastructure (CIIs) as a priority.

With concrete steps of Western unanimity against Russia comes the very real threat of escalation in cyberspace as the war continues with no signs of abating.

As the war progresses, specific elements of critical infrastructure in the energy and financial sectors are particularly vulnerable targets for Russia's cyber operations — there is already increasing evidence of broad-based targeting of energy facilities against Western countries.

This also extends to space and communication infrastructure.

In addition to these threats, the risk of spill-off effects to European and North American networks is high. 2017's NotPetya ransomware, attributed to Sandworm (a group affiliated to Russia's GRU) is a stark reminder of the level of economic damage that spill-off effects can cause. In the coming months, therefore, transatlantic allies must also jointly identify the areas in which actionable progress can be made to protect their own networks.

This piece is based on GLOBSEC's latest briefing, The War on Ukraine: A Look at (Underemphasised) Russian Cyber Operations, published as part of the GLOBSEC Future of Cyberspace Initiative: Transatlantic Chapter.