Main Image Credit Cyber defenders: Ukrainian President Volodymyr Zelensky meets with servicemen from the State Service for Special Communications and Information Protection of Ukraine (SSSCIP). Image: President of Ukraine / Wikimedia Commons / CC BY 4.0
On 25 April, senior Ukrainian cyber official Victor Zhora joined RUSI for a conversation on Ukraine’s cyber defence, explaining why Russian cyber operations have achieved limited effect and what Ukraine needs to continue its success in cyberspace.
Russian cyber operations in Ukraine have not met expectations that a ‘cyber Pearl Harbour’ would form part of the next large-scale military confrontation. Explanations for why a cyber catastrophe has not materialised vary. Speaking at RUSI, Victor Zhora, Deputy Chairman and Chief Digital Transformation Officer of the SSSCIP (the State Special Communications Service of Ukraine), provided his perspective on the lack of Russian success in the cyber domain.
Ukraine, having long been targeted by Russian cyber operations, has been subject to an uptick in attacks both before and since the Russian invasion in February 2022. These can be divided into three types of cyber operations: cyber espionage that seeks to collect information and data; subversive operations including propaganda, influence and information operations; and destructive and disruptive operations – for example, those seeking to disrupt communications systems. Zhora’s contribution focused primarily on Russian destructive and disruptive operations against Ukraine and their limited success to date.
Zhora suggested that some key Russian accesses to Ukrainian networks were compromised before the February 2022 invasion. This denied Russia the ability to leverage these to deliver cyber operations. Attempts to secure new accesses are time-consuming and complicated, thereby delaying any potential impact operations.
Further, Zhora identified several resource challenges to Russian operations that he argued have limited their effectiveness. He argued that the emigration of Russian tech professionals has seen a ‘brain drain’ of vital skills from Russia, which has constrained its ability to deploy sophisticated hacking capabilities against Ukraine as the war has unfolded.
Zhora also asserted that Western sanctions have played a part in limiting Russia’s cyber effectiveness. Many states, led by the EU and the US, have imposed increased sanctions against Russia since February 2022, including in the area of technology. Zhora argues these sanctions have made it challenging for Russia to expand sovereign cloud systems. Instead, Russia has to rely on servers abroad, an unattractive choice given that many Western tech companies have stopped selling cloud services in Russia, and that the Kremlin also fears that data stored on foreign cloud services is more easily monitored by foreign intelligence agencies. Zhora believes that, among other things, this has hampered Russia’s ability to launch cyber operations.
Private sector support is a vital part of Ukraine’s cyber defence, and cooperation with international partners has been key to Ukrainian success
In addition, Zhora acknowledged the fundamental point that in a brutal kinetic conflict like Russia’s war against Ukraine, destructive cyber operations are simply much less relevant. Russia is using traditional kinetic weapons to achieve desired effects on critical infrastructure, rather than attempting to undertake complex cyber operations.
Alongside Russia’s issues, Zhora highlighted the strength of Ukrainian cyber defence as a decisive factor limiting Russian successes in cyberspace. As Russian weaknesses and Ukrainian strengths are two sides of the same coin, it makes sense to take a closer look at what makes Ukraine’s cyber defence successful. He highlighted two factors: continued private sector support, and the support of overseas governments and volunteers who have joined Ukrainian efforts in cyberspace.
Ukrainian cyber defence has been bolstered by the rapid delivery of cyber capacities and capabilities by the private sector. This has, broadly, materialised in two ways. First, companies have provided direct support to the Ukrainian government ecosystem. In this case, big tech companies such as Microsoft, Google and Amazon have been forward-leaning across diverse areas including the provision of licenses, threat hunting and cloud migration. Second, companies have been contracted by foreign governments to provide support. The UK Ukraine Cyber Programme, for example, has engaged partnerships with industry to provide incident response to support Ukrainian government entities against malicious attacks and tools to limit attacker access to vital networks. Private sector support is a vital part of Ukraine’s cyber defence, and cooperation with international partners has been key to Ukrainian success.
Throughout his talk, Zhora repeatedly stressed the importance of efforts by ‘volunteers’ to Ukrainian successes – including in cyberspace. Zhora explicitly mentioned private sector-led schemes which allow volunteers to identify vulnerabilities in Ukrainian networks; however, the label also encompasses Ukrainian patriotic hackers who launch offensive cyber operations, including against Russian civilian infrastructure. The level of involvement by the Ukrainian government with these networks is problematically unclear, given that the extent of government control has consequences under international law. While Ukrainian officials frequently claim there is no coordination, there has at the very least been encouragement from the authorities. For example, Ukrainian Vice Prime Minister Mykhailo Fedorov urged ‘digital talents’ to join the ‘Ukrainian IT army’ – essentially a loosely organised movement made up of members of a Telegram chat who not only identify and patch Ukrainian vulnerabilities, but also target Russian and Belarusian infrastructure. The Ukrainian IT army has raised questions concerning international law, including fears that the civilianisation of cyber operations is ‘a risky trend’. Throughout the conversation, Zhora was careful not to refer directly to the ‘Ukrainian IT army’, but instead spoke exclusively of the supporting role of volunteers and Ukrainian plans to incorporate a cyber reserve into military structures, a proposal that is reportedly inspired by the Estonian Cyber Defense Unit.
While there have been no overwhelmingly destructive cyber attacks in Ukraine so far, the cyber front is far from ‘quiet’
The absence of a strategically significant destructive cyber campaign targeting Ukraine does not mean that the role of cyber operations in interstate relations should be underestimated. On the contrary, countries will continue to monitor the effectiveness of cyber operations in Ukraine, as it represents a pivotal case study. Both China and Taiwan will doubtless be looking for lessons to improve their respective capabilities. More broadly, other countries need to ask themselves what they can do to strengthen their cyber defences. Zhora spoke about a number of measures taken to improve Ukrainian cyber defences, repeating often heard but nonetheless vital calls for greater cyber security awareness, education and training. However, implementing procedures and protocols requires a trained cyber workforce – a global problem which is not unique to Ukraine.
When asked whether he expects destructive Russian cyber attacks will continue to have minimal impact, Zhora stressed that this depends largely on Ukrainian defence capabilities. He warned that Russia persists in seeking greater effect through its cyber operations, pointing to ongoing efforts to identify vulnerabilities in Ukrainian systems. For Ukraine’s allies, this means that support for the country’s cyber defence must be maintained. Continued support from international partners – notably those within the NATO alliance like the US and UK – and support from the private sector remain pivotal. Zhora explained, for example, that Ukrainian budgets for cyber defence have decreased given the need to purchase kinetic weapons. Without the necessary resources – whether it is money, people or technology – Ukraine’s cyber defence risks faltering.
While there have been no overwhelmingly destructive cyber attacks in Ukraine so far, the cyber front is far from ‘quiet’. Cyber remains a key domain across which Russia seeks operational effects to impact and disrupt Ukraine, as well as to influence and undermine its position. As such, continued efforts towards cyber defence must remain crucial for Ukraine, its supporters and its allies – be they in the public or private sector.
The views expressed in this Commentary are the author’s, and do not represent those of RUSI or any other institution.
Have an idea for a Commentary you’d like to write for us? Send a short pitch to commentaries@rusi.org and we’ll get back to you if it fits into our research interests. Full guidelines for contributors can be found here.
Research Analyst for Cyber, Technology and National Security
Cyber
View profile
Research Fellow
Cyber
View profile