The ongoing Russian invasion of Ukraine is among the most technologically advanced wars the world has ever seen. But while the rapid developments taking place in drone warfare tend to attract most attention, the cyber front of the conflict also offers important lessons for international audiences.
The Russian state and affiliated groups have been refining their cyber warfare tactics in Ukraine ever since the initial onset of Russian aggression in 2014. In January 2022, Ukrainian government sites and other critical elements of the country’s digital infrastructure experienced a series of major cyber attacks in a precursor to the full-scale invasion, which began weeks later.
This escalating cyber war has made Ukraine both a critical source of intelligence on Russia’s evolving cyber capabilities and a front line arena for cyber defense strategies. Cyber operations have become integral to Russia’s campaign of aggression, with cyber attacks and kinetic strikes frequently coordinated. Today’s Russian cyber strategy involves continuous, adaptive, and multi-vector operations encompassing malware, phishing, and disinformation.
Ukraine’s cyber defense is critical to international security and the stability of the global digital environment. As a testing ground for Russian cyber tools, Ukraine faces attacks that, once refined, can be directed against allied governments, critical infrastructure, and private sector entities. The question is not whether such attacks will occur, but when this will happen, how costly these attacks will be, and how quickly recovery can be achieved.
Stay updated
As the world watches the Russian invasion of Ukraine unfold, UkraineAlert delivers the best Atlantic Council expert insight and analysis on Ukraine twice a week directly to your inbox.
Unlike conventional warfare, cyberspace has no borders. A criminal or adversary can strike targets in Kyiv, Washington, or New York with equal ease. Sustained collaboration between Ukrainian, United States, and allied cyber specialists is therefore critical, especially given the escalating cyber threat posed by China, North Korea, Iran, Belarus, and their state-backed proxy groups.
Despite the growing threat, institutional capabilities for a coordinated response by Ukraine, Europe, the US, and other allies are still underdeveloped. The NIS2 Directive, the legal framework that sets minimum cyber security standards across the EU, was an important step toward increasing coordination around risk management, threat sharing, and supply chain security. However, the process of building a dynamic cyber defense coalition has been slow, given the large number of jurisdictions in Europe.
To compound these challenges, Western governments have often been hesitant to share sensitive information with Ukrainian counterparts, or even with each other. Thankfully, there are measures that can be adopted to offer more effective support to Ukraine while still safeguarding classified information. These include sharing tiered or sanitized intelligence reports, conducting joint cyber security operations, and expanding advisory access to expertise. Sustained knowledge exchange, international assistance, and cooperative engagement remain essential to countering the breadth and sophistication of Russian cyber operations.
Eurasia Center events
Ukraine’s experience highlights the importance of increased investment in critical infrastructure protection. Since 2014, Russia has repeatedly targeted Ukraine’s critical infrastructure with cyber offensives designed to disrupt vital services. The cyber defense of these assets is highly specialized and requires specific strategies.
Cooperation between the public and private sectors is crucial in the fight against Russian cyber warfare. Civilian engagement and private sector partnerships have played important roles in Ukraine’s cyber defense, with both groups filling gaps that government and military structures cannot fully cover, especially under conditions of relentless hybrid warfare. However, there are a number of problematic related issues that need to be resolved.
One of the most difficult topics in terms of legislation is the issue of cyber volunteers. Ukrainian initiatives such as the IT Army have shown that civilians are prepared to work long hours to protect their country. Meanwhile, Ukraine’s private sector and international companies have provided a multi-layered defense by combining technical expertise, rapid incident response, and coordination with state authorities and civilian volunteers.
These contributions have proved vital in the struggle to preserve Ukraine’s digital sovereignty, protect citizens, and support the broader war effort. But many questions remain. How can large numbers of volunteers be effectively vetted? How should they be organized, when in many cases they are not cyber security specialists? Who should lead? Do volunteer cyber defenders become legitimate military targets? One solution could be to formalize a framework for civil-military-tech collaboration integrating vetted civilian volunteers with appropriate oversight.
There is a strong case for strengthening sanctions against Russia’s IT sector. Sanctions already play a critical role in constraining the Kremlin’s offensive cyber capabilities, but additional measures could further limit access to advanced technologies and signal the risks of collaboration with sanctioned entities, thereby reducing opportunities for knowledge transfer.
Potential measures include technology export bans, targeted entity designations, secondary sanctions, restrictions on software and cloud services, limitations on talent pipelines, and the financial isolation of IT firms. Implemented multilaterally, these steps could weaken Russia’s ability to innovate in cyber warfare, increase the Kremlin’s reliance on less advanced domestic technologies, and raise the cost of sustaining long-term cyber operations against Ukraine and its allies.
Finally, it is important to underscore that people remain the central element of effective cyber defense. Even with regular training designed to strengthen the skills of cyber defenders, individuals remain vulnerable to cyber fraud and social engineering techniques. Addressing these risks requires not only technical safeguards but also robust organizational policies and a sustained commitment to individual vigilance. Continuous awareness, preparedness, and adaptability are therefore essential components of a comprehensive cyber security posture.
Dr. Oleksandr Bakalinskyi is a Senior Researcher at the G. E. Pukhov Institute for Modeling in Energy Engineering at the National Academy of Sciences in Ukraine. Maggie McDonough is currently affiliated with the Center for Education & Research in Information Assurance and Security at Purdue University, where she serves as a technical advisor on global cyber security resilience programming.
Further reading
The views expressed in UkraineAlert are solely those of the authors and do not necessarily reflect the views of the Atlantic Council, its staff, or its supporters.
The Eurasia Center’s mission is to enhance transatlantic cooperation in promoting stability, democratic values, and prosperity in Eurasia, from Eastern Europe and Turkey in the West to the Caucasus, Russia, and Central Asia in the East.
Follow us on social media
and support our work
Image: Russian flag displayed on a laptop screen and binary code code displayed on a screen are seen in this multiple exposure illustration photo taken in Krakow, Poland on February 16, 2022. (Photo illustration by Jakub Porzycki/NurPhoto)
