with support from
Lessons from Ukraine in the Heat of an Ongoing Hybrid War
MYKHAILO FEDOROV is the Vice Prime Minister for Innovations, Development of Education, Science, and Technologies and Minister of Digital Transformation of Ukraine
For the first time in history, a full-scale war between two countries has taken its fight online. The war in Ukraine is multidimensional: It’s happening not only on an actual battlefield but also in cyberspace in the information arena. And we cannot underestimate either front.
On the day of Russia’s full-scale invasion into Ukraine, February 24, 2022, I described our digital fight on the Telegram messaging app: “All night long we were defending cyberspace. Attacks on all basic information resources have been and are ongoing non-stop. Now everything is stable. All teams are on the ground. We remain calm and do not panic!”
To this day, we continue strengthening our digital resilience. What’s the secret?
Because the fight against Russian attacks in cyberspace has been going on for more than nine years (you may remember the large-scale NotPetya cyberattack that struck Ukraine and then spread internationally in 2017), Ukraine understood the need to be resilient long before the full-scale war began in February 2022. Throughout 2021, we monitored various attacks on both the public and private sectors; that year, Ukraine ranked second in the number of cyberattacks against a specific country. Two weeks before the 2022 Russian invasion, we survived the largest distributed denial-of-service cyberattack in Ukraine’s history. It was aimed at the banking sector and government websites—primarily those of the Ministry of Defense and Armed Forces and the Diia e-services portal, which provides Ukrainian citizens with access to online government services. But even that comprehensive attack could not break us.
Cyberattacks intensified on the eve of the Russian invasion when the Russia-based threat actor Iridium deployed FoxBlade malware to destroy around 300 systems across more than a dozen government, IT, energy, agricultural, and financial-sector organizations in Ukraine. Jointly with Microsoft’s Threat Intelligence Center, which had detected the launch against 19 government and critical infrastructure entities across Ukraine on February 23, 2022, we successfully reacted to the threats, and very little actual damage was sustained.
Overall, in 2022, more than 7,000 cyberattacks were detected in Ukraine, most of which were likely carried out by Russia. They were accompanied by increasing disinformation campaigns and coordinated with missile assaults. Such attacks are designed to commit espionage, spread lies through propagandistic operations—primarily to discredit the authorities—and destroy critical information infrastructure.
One vivid example: On April 1, 2022, an attack was carried out on Ukraine’s governmental hotline center, which had been created to assist civilians during times of crisis and those affected by kinetic warfare. The attack involved injecting false data into the registry, aiming to falsely incriminate the Armed Forces of Ukraine for law violations in Bucha in March 2022. However, the reality was that Russian soldiers occupied the area and committed war crimes. This misinformation was then spread on social media to undermine international support for Ukraine. From January to March 2023, Ukraine registered far fewer cyber incidents: around 572, or two and a half times fewer than during the same period in 2022 when Russia’s cyberwar against Ukraine heated up. Why? Both the government and Ukraine’s businesses have significantly improved their cyber resilience; many institutions that disregarded the matter of cyber defense before the war have now made it a priority.
Strategies for Cyber Defense
Ukraine has managed to build an effective system of cyber defense at all levels, and it is based on three principles. The first is to deter cyberattacks with national incident management, response, and post-incident recovery systems. The second is to gain cyber resilience, which means strengthening national cyber preparedness for any possible attacks and creating a reliable cyber defense system. The third is to improve the interaction and strengthen the coordination system among all authorities responsible for the state’s cybersecurity and Ukraine’s allies to share information and collectively build global resilience against cyber threats.
Before the full-scale invasion, one of Ukraine’s fundamental solutions to cyber warfare was the creation of the Red Team of the Ministry of Digital Transformation, which crash-tests state information systems around the clock to find vulnerabilities. In December 2021, the Red Team’s monitoring of the Ukrainian energy sector helped to improve the protection of information systems, and in the end, the energy sector withstood all hacker attacks with no damage.
In addition to the Red Team, the Ukrainian volunteer IT army has been essential; since February 2022, thousands of people from around the world have been helping Ukraine defend its digital borders. The Ukrainian government does not communicate directly with these IT soldiers, but in the beginning, the ministry helped with its coordination; anyone can join a Telegram channel to volunteer.
Another crucial key to Ukraine’s success is cooperation. In order to secure the state, there must be permanent, systematic cooperation among the government and private and public companies. Transferring data registers to the cloud was one of the solutions that made it possible to work even when governmental agencies were attacked. By now, more than 100 state and critical information registers have been transferred due to cloud solutions and agreements with our foreign partners (among them, Microsoft Azure, Google, Amazon Web Services, Oracle, and the government of Poland). For instance, Amazon Web Services provides access to 10 million gigabytes of its cloud storage to back up Ukrainian government workloads to ensure the continuity of critical services.
As Ukraine has weathered blackouts caused by Russia’s continued attacks on its infrastructure, cloud solutions and alternative communication methods—such as the Starlink internet satellite—have been critical to operating in the darkest of times. Literally.
Prevention Is Key
Governments and businesses can and should learn from Ukraine’s experience fighting on the digital front lines. The prevailing lesson is this: It is easier to work to prevent attacks than to suffer their consequences. Just as governments rely on air defense systems to repel missiles, they should invest in creating cybersecurity iron domes to repel cyberattacks. They should hunt for and train the best cyber specialists. They should be constantly improving their cybersecurity and pursuing the most innovative solutions. And they should constantly be keeping their cybersecurity systems a few steps ahead. As attacks grow in complexity, it won’t be long before artificial intelligence is used in this arena. The question is: Who will get there first—the governments or their attackers?
Governments and businesses that don’t make cybersecurity a number-one priority won’t survive. If it isn’t a priority now, what are they waiting for?
Mykhailo Fedorov is the Vice Prime Minister for Innovations, Development of Education, Science, and Technologies and Minister of Digital Transformation of Ukraine. At age 28, he became the youngest minister in the history of Ukrainian politics. With the Ministry of Digital Transformation’s goal to make Ukraine the most convenient state for receiving public services, Fedorov oversaw the launching of the Diia project in 2020. This one-stop shop for public services and e-documents is used by 19 million Ukrainians. Since the start of Russia’s full-scale invasion, Fedorov also has helped with launching a number of important projects, including the UNITED24 fundraising platform; the Army of Drones; and the Brave1 defense tech cluster. Before working in government, Fedorov ran a business in the digital marketing sphere. In December 2019, he was appointed as Head of Digital for Volodymyr Zelenskyy’s presidential campaign.
Chris Inglis
Cyber Attribution Is Critical to Ensuring Accountability
As cyberattacks become increasingly common, calling out perpetrators is fundamental to imposing sanctions and taking countermeasures.
Comfort Ero
Tech Companies Are Fighting for Ukraine. But Will They Help Save Lives in Other Global Conflicts?
Social networks and tech corporations have become significant actors in hybrid warfare, but much work is needed to determine how they can contribute to the broader efforts of preventing and resolving deadly conflicts.
Annie Fixler
Cyber Resilience Helps Democracies Prevail Against Authoritarian Disinformation Campaigns
The key is to mitigate attacks on communications systems and unmask attempts to corrupt the information environment.
Tom Burt
The Face of Modern Hybrid Warfare
Russia has aligned its cyber, military, and information operations in an unprecedented campaign.