When Russia annexed Crimea in 2014, it launched cyberattacks against Ukraine’s key media, banks, and energy infrastructure. That same year, pro-Russian hacktivists infiltrated the Ukraine Central Election Commission network, deleted files, and attempted to change the presidential election results.
The attacks failed.
Ukraine’s Central Election Commission discovered and removed Russian malware. Although the cyberattacks produced power blackouts, they proved temporary and limited. Since the 2014 attacks, Ukraine has boosted its cybersecurity, working with the US and European allies. Instead of crippling Ukraine, the Russian cyberattacks motivated the country to toughen its networks and pushed the country to the West.
The US Department of Defense deployed “hunt forward” teams to Ukraine to assist local defenders. The force enabled Ukraine to go after Russian hackers before they could do damage, not just react to their attacks. US cyber soldiers discovered and destroyed Russian wiper malware and 90 examples of malicious code. In May 2020, USAID launched a four-year, $38 million Cybersecurity for Critical Infrastructure in Ukraine that, among other projects, funded the upgrading and patching of election systems.
European allies helped. After the Russian invasion, the European Union dispatched to Kyiv a team of 10 national cybersecurity officials from six European countries: Croatia, Estonia, Lithuania, the Netherlands, Poland, and Romania. The EU Agency for Cybersecurity established a formal working arrangement with their Ukrainian counterparts. Today, the EU touts Ukraine as a model cyber student, saying its efforts to adopt the bloc’s best practices and rules outstrip many of its own members.
Another crucial change has been moving key services onto the cloud, where Western tech companies could reinforce security. Microsoft spent $107 million transferring Ukrainian government data outside of the country, and cloud provider VMware kept Ukraine’s financial system online by moving data into other European locations. The success of keeping key services working after the invasion demonstrates the dangers of localizing data inside one’s country. It is safer to disperse data abroad in multiple redundant cloud services.
The moves broke Ukraine’s unhealthy umbilical cord with Russia. Before 2014, Ukraine’s electric network was integrated into the Russian system, a holdover from the Soviet Union. After Russian cyberattacks targeted it, Kyiv began to decouple its grid and pivot west. By the time Russia invaded, the grid was in “island mode,” operating autonomously. EU transmission operators stepped in and agreed to emergency synchronization, clearing Ukraine to import and export electricity.
Russia inadvertently made Ukraine stronger. Russian hackers helped Ukraine understand its own network weaknesses so they could improve their defenses. Since the Russian attacks prior to the invasion were not paired with troop movements, they proved an irritation, not decisive.
Networks are hardened through experience. Netflix famously adopted an ingenious concept called “chaos engineering.” The engineers self-inflict server crashes, network failures, and high traffic loads to observe how their services respond and recover. Twilio, LinkedIn, Facebook, Google, Microsoft, and Amazon have adopted chaos engineering. Ukrainian network defenders use Russian attacks in a similar fashion, locating vulnerabilities, bringing in allies, and building a more robust network.
The results are visible. As the war continues, Russia is increasing the number of cyber-attacks, but their effectiveness and success are declining. During the first half of 2023, Russian cyber-attacks increased by 123% compared to the second half of 2022. Yet Ukraine’s State Service of Special Communications and Information Protection says critical incidents fell by 81%.
Instead of undermining Ukraine and forcing it to bow to Moscow, Russia’s cyberattacks jolted the Ukrainian government and pushed the country to harden their networks, Ukraine turned West, not East.
Emily Otto is a non-resident Fellow with CEPA’s Digital Innovation Initiative and Transatlantic Defense and Security program.
Bandwidth is CEPA’s online journal dedicated to advancing transatlantic cooperation on tech policy. All opinions expressed on Bandwidth are those of the author alone and may not represent those of the institutions they represent or the Center for European Policy Analysis. CEPA maintains a strict intellectual independence policy across all its projects and publications.
Tech 2030
A Roadmap for Europe-US Tech Cooperation
