Category
Opinion

Inside Ukraine's New Digital Defense Strategy to Counter Russian Cyber Onslaught

Ukraine's Digital Defense Against Russian Cyber Warfare

A surge in Russian cyberattacks is pushing Ukraine to rewrite its cybersecurity playbook—fast. The government is taking decisive steps to harden digital defenses, restore trust, and bring its laws in line with Europe’s most advanced standards.

5 min read
Authors
Oleksandr Potii, Head of Ukraine’s State Special Communications Service
Oleksandr Potii
Head of the State Service of Special Communications and Information Protection of Ukraine

In the first quarter of 2025 alone, the Computer Emergency Response Team CERT-UA, under Ukraine’s State Service of Special Communications and Information Protection , recorded over 1,500 cyber incidents. That’s already more than a third of the 4,300 incidents logged in all of 2024—a year that saw a record-setting 70% jump.

The trajectory is clear: Russia’s cyberwarfare campaign against Ukraine is accelerating. It’s broad, coordinated, and designed to destabilize the country, paralyze critical infrastructure, erode public trust, and steal information that could tilt the battlefield.

Russian hackers continue to refine their tactics and toolkits, making their cyberattacks increasingly complex and well-coordinated. Recent attacks on Ukraine’s Justice Ministry and Kyivstar, Ukraine’s largest telecom provider, showed how social engineering alone can disrupt national communications and disable government registries for days. A newer cyberattack on Ukrzaliznytsia, Ukraine’s state railway company, demonstrates Russia’s resource capability for technically sophisticated operations.

But these attacks also tell another story. 

Ukraine has proven it can respond and recover its systems fast, and it’s learning even faster. Within a week of major Russian attacks, core registries were back online. In such a fast-changing cyber environment, standing still is not an option—Ukraine must continue strengthening its defenses. System owners have already enhanced their cyber resilience, and with sweeping new legislation in place, the country is already reshaping its cyber defense architecture to meet today’s threats—and tomorrow’s.

Law No. 4336-IX, a timely and strategic step forward

Russian hackers are learning from our systems, testing methods, and scaling them up, which is why Ukraine can no longer operate under outdated cybersecurity paradigms.

Ukraine’s Parliament passed on March 27 Law No. 4336-IX, a landmark reform of the national cybersecurity system. This is not just another cybersecurity measure. It is the state’s response to a new reality—one that establishes a new architecture for protecting state information resources and critical infrastructure systems. This new framework is adaptive, flexible, aligned with top European practices, and designed to ensure long-term cyber resilience. President Volodymyr Zelenskyy signed it into law on April 17.

The legislation clearly defines the roles of all actors in the national cybersecurity system. The functions of key stakeholders are now much more precisely articulated, which will significantly improve coordination. At the same time, the law introduces a shift in the underlying philosophy of cyber defense.

Oleksandr Potii, Head of the State Service of Special Communications and Information Protection of Ukraine, speaks during discussion “Strengthening The Resilience Of The National Cyber Security System Through Education And Capacity Building” on February 7, 2024 in Kyiv, Ukraine. (Photo: hurricanehank via Getty)
Oleksandr Potii, Head of the State Service of Special Communications and Information Protection of Ukraine, speaks during discussion “Strengthening The Resilience Of The National Cyber Security System Through Education And Capacity Building” on February 7, 2024 in Kyiv, Ukraine. (Photo: hurricanehank via Getty)

Modern approaches to strengthening cyber resilience

Instead of a centralized and outdated Comprehensive Information Protection System (CIPS), Ukraine is transitioning to a risk management model—one that allows for flexibility and adaptation, which are critical during wartime. Organizations will now be able to develop their own security profiles based on system criticality, specific risks, and industry nuances. System owners are empowered to choose the approach that best fits their protection needs.

The second fundamental shift is institutional: for the first time, the law mandates the creation of cybersecurity units or officer positions within government bodies and critical infrastructure entities. These individuals will be given real authority, qualifications, and responsibilities to ensure cyber protection within their respective organizations.

In the long term, this law will also strengthen the protection of citizens’ personal data stored in state registries and make digital public services safer. It’s about more than just IT systems—it’s about building public trust in a digital state.

Another crucial point: Ukraine has chosen to strive to be part of the European community. Law No. 4336-IX implements the EU’s NIS2 Directive, incorporating its most advanced cyber resilience standards.

Shared responsibility: government and business

This legislation marks a new chapter in state-private sector relations. We are establishing mechanisms for effective cooperation without coercion or interference in business operations. The private sector stands to gain real benefits from working with the government. Together, we will safeguard the nation’s cyber resilience.

Private Computer Security Incident Response Teams—CSIRTs —can now become part of the national response network. Businesses may integrate with data-sharing platforms like MISP .

Infrastructure owners now have tools to demand cybersecurity compliance from providers of information products and services—vendors who often serve as entry points for threats. At the same time, companies can independently design security profiles for their supply chains, depending on the criticality of their systems.

Perhaps one of the most impactful developments ushered in by this legislation is the de facto launch of a modern cybersecurity services market—one that will drive competition, lower costs, improve quality, spur innovation, and fuel growth, jobs, and the development of a digital post-industrial economy.

Risks remain, but consequences can be minimized

Does this mean Ukraine is now fully protected? No. Cyberspace is a dynamic environment, and no system offers absolute guarantees. But we are building an architecture that can withstand even the most sophisticated attacks—an architecture capable of rapid system recovery and continuous improvement through iterative upgrades.

It is vital that Law No. 4336-IX becomes more than just a state governance tool—it must serve as a signal to society as a whole that cybersecurity is a shared responsibility. Only through collective effort can we not only endure the pressure but also become a model of resilience for other nations.

See all

Established in 2006, the agency is Ukraine’s central authority for secure communications and cybersecurity policy. It was formed to modernize and coordinate national cyber defense in accordance with international standards.

A specialized team of IT experts that helps organizations detect, manage, and prevent cyber threats, while coordinating swift, effective responses to security incidents.

Malware Information Sharing Platform and Threat Sharing, an open-source platform that enables organizations to collect, store, share, and correlate cyber threat intelligence.