Defending Ukraine’s Critical Infrastructure from Cyber Threats


lana ramer

9 months ago | 8 min read

Tags: technology, stability

Developments

Modern wars reach far beyond trenches and tanks to include political, informational, and cyberattacks designed to weaken the opponent and diminish its ability to resist. Peacemaking, reconstruction, and development work must account for all types of destabilizing efforts and operate in ways that not only mitigate the immediate damage but build sustainable and resilient systems for the future.  

Given the digitalization of the modern networked economy, cyberattacks are a particularly potent weapon, and Ukraine has been the testing ground for Russia’s cyber warfare since the annexation of the Crimean Peninsula and initial invasion in 2014, with attacks focused on the banking system, government agencies, and critical infrastructure. 

Russia’s full-scale invasion of Ukraine in 2022 precipitated a sharp increase in the frequency and scope of these attacks. For example, Russia’s attempts to breach the IT perimeter of the key electricity transmission system operator in Ukraine—Ukrenergo—tripled compared to peacetime, and the Computer Emergency Response Team of Ukraine (CERT-UA) detected 1,123 cyberattacks in the first six months of Russia’s full-scale invasion. Targeted, large-scale cyberattacks on IT infrastructure continue to number in the hundreds, and phishing campaigns remain prevalent. Ukrainian telecommunications company Kyivstar notes that by late 2022, the number of phishing attacks attempting to infiltrate their networks had tripled, while distributed-denial-of-service (DDoS) attacks aimed at overwhelming their websites doubled.  

Understandably, the immediate priority for Ukraine and its allies is to counter those attacks. And that’s happening. But just as Russia’s cyber aggression long predates 2022 and will likely outlast the current war, Ukraine must be equipped for the long haul. If Ukraine is to mitigate the impact of cyberattacks and thrive over the long term, it must combine effective emergency response with structural investments that position the country to develop its own cybersecurity capacity. This dual approach, combining emergency assistance with investments in Ukraine’s cyber resilience, is a hallmark of the U.S. Agency for International Development (USAID) Cybersecurity for Critical Infrastructure in Ukraine Activity (USAID Cybersecurity Activity).  

Implemented by DAI, the Activity is designed to reduce cybersecurity vulnerabilities in critical infrastructure sectors and transform Ukraine from a reactive cybersecurity actor to a proactive cybersecurity leader.  

Repairing equipment for the Internet Association of Ukraine. Photo: USAID Cybersecurity Activity.

Starting at the Top: Equipping the State for Long-Term Resilience 

Recognizing the complexity of the threat posed by Russian hybrid warfare, the Activity has adopted a multisector approach that engages government, businesses, and academia. Enacting change at the national government level and safeguarding Ukrainian state agencies are key priorities. The USAID Cybersecurity Activity works with the State Special Communications Service of Ukraine (SSSCIP) to offer enhanced emergency cyber assistance to government organizations and critical infrastructure facilities that provide vital services to citizens through its “Cyber First Aid” project. It provides technical capacities to quickly react to critical infrastructure industries’ cyber emergencies as well as scheduled maintenance and audit. 

The Activity also works with SSSCIP and the Ministry of Digital Transformation to propose technologies to improve the cyber resiliency of around 30 state registries, including the Ministry of Justice and the State Migration Service; supports deployment of endpoint detection and response solutions for approximately 10,000 civil servants across 13 government agencies; developed the web-based CyberTracker as a monitoring tool for the National Security and Defense Council of Ukraine; and created the innovative Malware Information Sharing Platform in collaboration with the Ministry of Energy.  

In addition to assisting government agencies, the Activity provided specialized equipment for the Internet Association of Ukraine, thereby building the capacity of more than 220 Association members to repair crucial telecommunication services in 24 cities across the country. The Activity provisioned 30 fiber optic repair and maintenance laboratories and toolkits to boost regional expansion and restore damaged fiber optic lines, including in the frontline oblasts of Kharkiv, Donetsk, Zaporizhzhia, Kherson, and Dnipropetrovsk. 

SSSCIP to offer enhanced emergency cyber assistance to government organizations. Photo: USAID Cybersecurity Activity.

Raising the Next Generation: Enhancing Cybersecurity Education 

The continuing and growing cyber threat means that Ukraine must have a capable, experienced, and innovative workforce to staff agencies responsible for safeguarding the country’s critical infrastructure and ready to take leadership positions in the future. Accordingly, the USAID Cybersecurity Activity engages with institutions of higher education to support and enhance higher education offerings in the field of cybersecurity.  

The Activity addressed the urgent equipment and software needs of 25 institutions displaced or damaged by Russia's invasion of Ukraine to help them organize their facilities to accommodate in-person studies in the 2023-2024 academic year. With the Activity’s support, eight Ukrainian universities updated 11 cybersecurity educational programs and developed a new program aligned with the country’s new cybersecurity professional standards, adopted in late 2023. In December 2023, Ukraine’s National Qualification Agency approved 14 new cybersecurity professional standards, marking the culmination of a 12-month effort by the Activity in support of SSSCIP. Since September 2023, more than 200 students at six Ukrainian universities have enrolled in programs based on these standards, with plans to expand enrollment significantly in the coming years. This advancement marks a significant stride in fortifying Ukraine’s cybersecurity capabilities through education. 

In early January 2024, the Activity announced an Internship Program to facilitate cooperation between higher education institutions' cybersecurity faculties and critical infrastructure operator institutions, and thereby close the workforce gap. That same month, the Activity launched its Higher Education Institutions Instructors Upskilling Program, a practical educational initiative to empower 10 selected instructors with the knowledge, skills, and industry connections necessary to deliver high-quality cybersecurity education. Combined with state support, these efforts are poised to turn Ukraine into a leader in innovative approaches to cybersecurity workforce development. 

Delivering cybersecurity equipment to 25 displaced institutions of higher education. Photo: USAID Cybersecurity Activity.

Building the Future: Creating an Internal Cybersecurity Market  

While it is appropriate to rely on external services and partner support in extraordinary times, the ultimate mandate of development projects is to foster local, self-sustaining systems that allow for ongoing progress and improvement. The USAID Cybersecurity Activity aims to achieve sustainability by supporting the development of a domestic cybersecurity market and bringing foreign best products to the market. For example, the Activity is launching a Cyber Voucher Program to stimulate the development of the cybersecurity market in Ukraine by offering new business opportunities for providers and affordable services to eligible businesses. In the long run, the Cyber Voucher Program will encourage businesses to spend more on cybersecurity through increased awareness and trust.

On December 14, 2023, the Activity—in cooperation with the Ministry of Digital Transformation—held the Innovations Summit where Mykhailo Fedorov, Deputy Prime Minister for Innovation, Education, Science, and Technology Development, presented Ukraine’s National Innovations Strategy and Innovations brand, both of which are supported by the Activity. The Strategy lays out the vision for Ukraine’s innovation ecosystem and identifies high-priority sectors crucial for the country, from both a domestic and international perspective. It establishes a robust foundation for maintaining a cybersecurity agenda at the national level and adopts a comprehensive approach to address Ukraine's specific cybersecurity needs and withstand current and future cyber threats.  

Cybersecurity is a fundamental part of that agenda, and the USAID Cybersecurity Activity looks forward to playing its part in Ukraine’s emergence as a leading player in this critical field. By helping Ukraine’s critical infrastructure defend itself against cyber-attacks, the Activity contributes to the country’s resiliency, prosperity, and safety, now and in the future.

Lana Ramer is a Senior Manager of Communications for DAI's Ukraine Management Unit.