Earlier this month my researcher Barbara Schluetter and I had the pleasure of attending the Kyiv International Cyber Resilience Forum 2025, in Kyiv, Ukraine. Over the course of two days the various presenters from the government of Ukraine, EU organizations, neighboring European nations and other private entities outlined the current situation with respect to cybersecurity resilience in Ukraine. What was clear, is the conference monikers were spot on, “Fortress of the free world and firewall of the free world.”
Maciej Stadejek, director for security and defense policy of the European External Action Service, emphasized in his keynote how, with the EU in mind, the “boundary between peace and conflict is blurred” and the cyber conflict will continue long after the war has concluded and “partnerships need to be long term.”
Cyberwar
The kinetic war is evident each day, often multiple times a day. This is evidenced by the wail of civil defense sirens announcing the impending arrival of Russian missiles or drones. Oleksandr Potii, chairman of the State Service of Special Communications and Information Protection of Ukraine commented how “Russia has been attacking Ukraine in an unprecedented scale,” targeting civilian infrastructure, apartment buildings, electric substations, communication nodes, etc. Every locale we had an occasion to visit had a plan in place in case of need to evacuate or shelter. This is the visible war taking place.
Each day the cyber defenders of Ukraine are addressing the unseen war taking place. The daily cyberattack on their energy networks, their communications systems, and information systems. Not just the defense and intelligence entities, but those which the citizens rely on for their daily needs.
Juhan Lepassaar, executive director of the European Union Agency for Cybersecurity, noted that the EU is benefiting from the Ukrainian cyber defense, and their cyber warriors were raising the resilience of all of the EU. The cyberwar is a two-way street, and Ukraine has built an impressive offensive cyber capability, which for obvious reasons were not delved into during the conference beyond acknowledging such exists.
Lepassaar added that Russia’s efforts in the misinformation, disinformation, and espionage arena targeting the EU and Ukraine are present and a daily occurrence, and through cooperation with Ukraine, the ability to defend has consistently improved.
Cybersecurity training
Potti also mentioned how others may benefit from Ukraine’s “unique wartime resilience.” He then noted that there are 27 bilateral agreements for information sharing. He continued how the cyberwar requires trained personnel, more than are currently available, stating bluntly, “There is a lack of experts in cyber” in Ukraine.
There are training programs both domestic, within Ukraine where veterans are being trained, as well as abroad, where over 400 individuals have been sent for training. They simply need more. The areas of expertise needed are across the board, with emphasis on creating secure DevOps and architecture. The gap continues to exist between larger enterprises and the small-to-medium businesses that are facing proportionately greater losses.
International cooperation
Nataliya Tkachuk, head of the Information and Cyber Security Directorate at the Office of the NSDC of Ukraine, Secretary of the NCSCC emphasized how Ukraine is a reliable partner, and a united front is necessary. She noted how Ukraine trusted the democratic world to unite and back Ukraine, and they did not disappoint. As the Ukraine’s cyber defense was successful through the international cooperation.
In addition, the Tallin Mechanism exists and is designed to coordinate and facilitate civilian short-term support and long-term cyber capacity building to Ukraine. It consists of 11 donor nations, and millions of dollars. The US continued engagement within the Mechanism is currently an unknown.
Call to action
During her keynote, Sandra Joyce, vice president of Mandiant Intelligence at Google Cloud, noted how Mandiant was present in the “first five minutes of the Russian attack against Ukraine and would be there through the last minute.”
Joyce went on to emphasize how information sharing is not the goal; it is step one. This first step must be followed by joint investigations involving both government and private entities resulting in coordinated take downs. Sharing simply isn’t enough; action must be taken.
CISOs both in the EU and elsewhere have an opportunity to make a difference. Engage in information sharing with Ukraine, engage in training their personnel, and learn from their cyber warriors who are adapting daily while engaged in an active cyberwar protecting their OT and IT infrastructure.
Craft the win-win and not only will your personnel’s knowledge be enriched, you will be an integral entity in the training of Ukraine’s next generation of cyber warriors.
See also:
Lessons learned about cyber resilience from a visit to Ukraine
The Trump administration made an unprecedented security mistake – you can avoid doing the same
No Responses