The twelve years of cyber warfare that have accompanied Russia’s escalating invasion of Ukraine have transformed the country’s digital environment into a proving ground for modern conflict. Persistent cyber attacks against government systems, critical infrastructure, energy networks, media outlets, and the financial sector have become a defining feature of Ukraine’s wartime reality. Amid this sustained pressure, Ukraine has demonstrated an ability to defend itself and has developed a degree of cyber resilience that is now embedded in the digital state.
Russian aggression in the cyber sphere has forced Ukraine into rapid and often improvised defense. Coordination mechanisms have emerged across government agencies, volunteer networks, and private sector IT firms, with operational responses conducted under constant pressure. Permanent mobilization, however, is not sustainable. Instead, the goal is to codify the next phase of reform in Ukraine’s evolving cyber security strategy.
For Ukraine, the strategic objective is no longer limited to repelling cyber attacks. It is to ensure continuity of state functions even when attacks succeed. This requires a national cyber resilience framework that encompasses government, business, and civil society. It demands continuous professional training along with strengthened legislative and risk management frameworks. It also implies a culture of cyber hygiene at the citizen level. Together, these measures represent a shift from episodic defense to durable digital statehood.
Stay updated
As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.
Ukraine’s experience over the past twelve years underscores a central truth of cyber defense: People play a decisive role in cyber security. Since 2014, thousands of professionals from the private sector, volunteer networks, and academia have mobilized to defend Ukraine’s digital front. Sustaining this momentum requires institutional support and a long-term talent strategy.
Priority areas include integrating cyber education across schools, universities, and military institutions. Partnerships between industry and academia should undergo expansion through education and internships. Workforce development is not merely a labor market issue; it is a pillar of cyber sovereignty and continuity of government. It is also crucial to establish a national cyber reserve supported by access to cyber ranges and allied training platforms.
Wartime conditions have already accelerated innovation in Ukraine. Cloud-based backups, relocation of critical data to secure environments abroad, and decentralized platforms for citizen services are now routine. These practices must be institutionalized to endure beyond the war. Priorities include embedding innovations into permanent government processes and establishing applied cyber research centers at universities.
The convergence of academia, defense institutions, and the technology sector in wartime Ukraine is enabling a distinct national cyber security model to emerge rooted in operational experience and continuous adaptation. It is a model that complements existing frameworks while reflecting Ukraine’s realities. As a result, Ukraine has become an integral actor within the Euro-Atlantic cyber ecosystem.
At the international level, cooperation with the EU, NATO, United States, United Kingdom, Canada, and Japan has evolved from ad hoc assistance to structured partnerships. Core focuses include joint threat intelligence-sharing mechanisms; harmonization with EU and NATO standards; participation in multinational exercises; and the development of a shared resilience space in which national resilience contributes to collective defense. Ukraine’s expertise positions it not only as a recipient of assistance, but increasingly as an exporter of operational resilience models to partners confronting hybrid threats.
Ukraine’s progress demonstrates the importance of embedding cyber resilience in institutional architecture rather than treating it as a reactive function. A resilience-by-design model entails distributed system architecture to reduce single points of failure. It requires adoption of open standards and transparent protocols, along with continuous training and simulations embedded in institutional life cycles.
Psychological resilience training for cyber professionals operating under sustained pressure and information warfare conditions is also crucial. This should position cyber security as a governance principle, framing Ukraine not only as a state under attack but as a testing ground for next generation digital resilience.
Eurasia Center events
Since the onset of Russia’s invasion in 2014, Ukraine has become the world’s most consequential real-time laboratory for cyber resilience. The country’s experience demonstrates that effective cyber security is an integrated system encompassing governance, education, law, diplomacy, and economic resilience. Institutionalizing these lessons into a durable national cyber resilience ecosystem will underpin postwar recovery and long-term digital sovereignty.
For partners, Ukraine’s experience offers much more than a narrative of resistance. It represents a practical plan for collective security for the coming decades of international military conflicts, each of which will have a mandatory digital component.
As Ukraine develops its forthcoming National Cybersecurity Strategy 2.0, several priorities should guide the next phase of institutional reform. First, Ukraine should expand the doctrine of active cyber protection, enabling defensive operations that proactively detect, disrupt, and neutralize threats before they impact critical systems.
Second, the continued Euro-integration of Ukraine’s cyber regulatory framework will be essential. This should include alignment with EU directives such as NIS2, the Critical Infrastructure Resilience framework, and the Digital Operational Resilience Act (DORA), ensuring interoperability with European cyber governance standards.
Third, Ukraine should actively participate in the development of a European cyber shield. The goal should be a collective resilience architecture built on shared threat intelligence, joint incident response mechanisms, and coordinated defensive capabilities across the continent.
Fourth, long-term resilience requires sustained investment in cyber workforce development aligned with the NIST Cybersecurity Framework 2.0. This should include standardized training pathways, public-private talent pipelines, and the expansion of national cyber reserve capacities.
Fifth, strengthening cyber security capacity at the regional administration level across Ukraine will be vital. This can help ensure that local governments and regional critical infrastructure operators possess the operational capabilities and resources necessary to implement national cyber resilience policies effectively.
Finally, Ukraine’s next cyber strategy should also define a clear wartime framework that establishes legal authorities, operational coordination mechanisms, and public–private responsibilities for defending national digital and operational infrastructure during periods of armed conflict or hybrid attack.
With each subsequent international conflict, the digital component will grow in importance and become an increasingly critical part of the battlefield. This is already becoming clear in the current context of revolutionary progress in robotics, the development of AI, big data, parallel computing, and ever-accelerating data transmission technologies.
In this evolving environment, success will no longer depend on greater human or conventional military resources, but on an innovative, flexible, and progressive approach toward the development and use of the latest technologies. In these conditions, cyber resilience is not only a security strategy but also the foundation of freedom.
Dr. Oleksandr Bakalinskyi is a Senior Researcher at the G. E. Pukhov Institute for Modeling in Energy Engineering at the National Academy of Sciences in Ukraine. Maggie McDonough is the Senior Vice President and Chief Innovation Officer at the Baltimore Development Corporation. She was previously affiliated with the Purdue Applied Research Institute (PARI) and Purdue’s Center for Education & Research in Information Assurance and Security (CERIAS), where she served as a technical advisor on global cyber security resilience programming.
Further reading
The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.
The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values, and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia, and Central Asia in the East.
Follow us on social media
and support our work
Image: Figurines with computers and smartphones are seen in front of the words "Cyber Attack", binary codes, and Russian and Ukrainian flags, in this illustration taken February 15, 2022. (REUTERS/Dado Ruvic/Illustration)