Ukraine's resilience in the face of cyber attacks offers a lesson to us all
4 min read
Weeks before Russia’s full-scale invasion of Ukraine last year, a threatening message popped up on almost every Ukrainian government website.
“Be afraid and expect the worst,” said the post, which appeared in Ukrainian, Russian and Polish. “Ukrainians! … All information about you has become public … it’s your past, present and future.”
The threat formed the first of two cyber-attacks by Russia on Ukraine in the run-up to war, and was intended to sow discord and panic in the general population. The second, which took down multiple government and bank services, came just days before the Kremlin ordered its troops to invade its neighbour and tip the world on its axis.
Having the misfortune to be located next to a former superpower suffering a nervous breakdown means Ukraine has been forced to grow accustomed to Russian cyber-attacks, often targeted at civilian infrastructure. In 2015, suspected Russian hackers took out parts of the country’s power grid, which led to almost 250,000 Ukrainians losing power and heat. The same thing happened one year later. Then, in 2017, suspected Russian hackers unleashed the NotPetya virus, causing mayhem. Banks, newspapers and leading companies were targeted.
Of course, Ukraine is not the only country grappling with Russian-backed cyber-attacks. Just last week, tens of thousands of employees at some of Britain’s biggest companies – including British Airways, Boots and the BBC - had their personal data compromised in a hack by a Russian-speaking criminal gang.
I also have personal experience of such matters. Last year, my company in London was the victim of a “distributed denial of service” attack which saw millions of computers around the world coerced to bombard the company’s website with multiple requests, in an attempt to crash its systems. The cyber-attack occurred after I publicly announced that I would donate £1m to Ukrainian charities and pull my operations out of Russia in protest against the horrific and unlawful invasion.
Falling victim to a cyber-attack is a strange experience. The best way to describe it is like somebody trying to break down your front door, every second of every day, for three long months.
Earlier this month, I travelled to Kyiv to take part in a cyber-security conference to discuss this historic and unprecedented change in global conflict with senior corporate leaders, defence and security officials. It’s a battlefield which is increasingly targeting the private sector, and the critical infrastructure which underpins basic civilian life. The persistent onslaught of targeted cyberattacks and the strategic manipulation of information have taken the concept of warfare to new heights of sophistication.
Over the past few months, leaders in Ukraine have shared information about Russian cyber-attacks with the International Criminal Court (ICC) in an attempt to persuade it to investigate them as war crimes. Article 8 of the Rome Statute that defines war crimes describe physical, “real” actions such as willful killing, torture and extensive destruction of property. However, in the modern world, cyber-attacks can wreak similar levels of harm.
Destruction of civilian infrastructure through cyber-attacks can have the same effect as physical destruction of the same assets. A cyber-attack on a transport network, for example, could lead directly to death or injury. The ICC may wish to consider how the law should be interpreted to apply to 21st century “hybrid” warfare.
In 2022, the UK government launched its latest Cyber Security Strategy which was a valiant attempt to significantly augment the nation’s ability to respond to increasing attacks from cyber-criminals and nation-state actors. However, the paper seemed light on suggestions regarding the legislation that is desperately needed to improve cyber-security. For example, the Computer Misuse Act needs an urgent update to address gaps in combating existing and emerging cyber-crimes. Other areas of importance include data protection, online child protection, critical infrastructure protection, and intellectual property.
As the UK ponders its next move , Ukraine's resilience in the face of such turmoil offers a glimmer of hope, and lessons for all. With every attack, Ukraine has bolstered its defences, showed its innovation, its adaptability, and resilience.
The government of President Zelenskyy is a shining example of Ukrainian resilience. It has leveraged the power of its citizens to build a volunteer cyber force - an innovative solution born out of crisis. As Ukraine forges its path towards a secure digital future, it sets a precedent for other nations to collectively build our resilience. By applying the lessons learned on the digital battlefield, we can build a future economy, that is integrated, modern and fortified against cyber threats.
Viktor Prokopenya is an entrepreneur and founder of Capital.com
PoliticsHome Newsletters
Get the inside track on what MPs and Peers are talking about. Sign up to The House's morning email for the latest insight and reaction from Parliamentarians, policy-makers and organisations.