Learning From Ukraine's Pioneering Approaches to Cybersecurity

Ukraine's tactical and strategic cybersecurity approach in the intense warfare environment offers a blueprint for organizations aiming to fortify their cyber defenses.

Dr. Sean Costigan, Director of Cyber Policy, Red Sift

January 23, 2024

5 Min Read
Colors of Ukraine flag with computer code superimposed
Source: Mykhailo Polenok via Alamy Stock Photo


Overshadowed by geopolitical tumult and an escalation in sophisticated cyberattacks, a paradigm shift in cybersecurity toward enterprise risk management is becoming increasingly evident. Moving cyber to the "left of bang" highlights an essential need within organizations to astutely discern and methodically prioritize their most valuable assets.

At the heart of this strategic approach is protecting crown jewels — the assets most crucial for an organization's operations and success. Compromise of these key assets could lead to significant financial loss, reputational damage, or legal consequences. Today, the imperative for both public and private sector organizations is to identify these crucial assets and devise robust resilience measures.

The concept of prioritizing the defense of crown jewels is not novel. After all, as McGeorge Bundy, National Security Adviser to Presidents Kennedy and Johnson in the 1960s, once famously quipped: "If we guard our toothbrushes and diamonds with equal zeal, we will lose fewer toothbrushes and more diamonds." However, in the world of cybersecurity practice the effort is fraught with challenges. Worse still, the global landscape reveals a troubling trendline: Many nations and organizations are failing in their cyber-defense efforts, frequently due to neglect of fundamental practices.

In seeking a model for effective cybersecurity, security leaders should take a page from Ukraine's experiences in its ongoing conflict. Since Russia's unprovoked invasion, Ukraine has been engaged in a formidable struggle against an exceptional adversary. Despite Russia's sophisticated and well-funded cyber initiatives and some notable recent successes, its apparent impact on the conflict has been notably muted. Instead, Ukraine's resilience against cyber threats stands out. A product of hard-earned lessons and an astutely refined cyber-defense strategy, Ukraine's tactical and strategic approach in this intense environment offers a blueprint for organizations to fortify their cyber defenses.

Ukraine's "Defender Advantage" in Cyber Warfare

The constrained success of Russia's cyber offense is testament in large part to Ukraine's formidable defenses, cultivated over a decade of unyielding cyber confrontation. While Ukraine knows its attackers well, the situation suggests the emergence of what can be termed a "cyber defender advantage."

Ukraine's Principles of National Cybersecurity

Ukraine's cyber-defense strategy, emphasizing partnerships, information sharing, and the protection of its crown jewels, led to the development of a swift information-sharing network and comprehensive response mechanisms involving both public and private sectors. The nation's development of dynamic public–private cyber-defense partnerships has been exemplary. As a knock-on effect, multinational corporate entities involved in these partnerships have gained invaluable knowledge at an unprecedented pace, with their kit and personnel being tested in the crucible of war. Additionally, the Ukrainian government's proactive stance in organizational readiness serves as a model for governments and organizations globally.

The Fulcrum of Cybersecurity

In Ukraine we see how a unified defense strategy in action, emphasizing threat information sharing, as called for in the White House's Executive Order on cybersecurity, is pivotal in safeguarding public and private networks. Effective cyber resilience must be rooted in robust foundational practices, including:

  • Securing the crown jewels: Tailoring risk management strategies to an organization's unique needs is imperative. A methodical approach using key risk indicators (KRIs) can help organizations pinpoint and prioritize their most critical assets, aligning security measures with asset-specific requirements.

  • Mastering the attacker's view for advanced defense: Adopting a preemptive stance in system hardening and viewing an organization's attack surface through an attacker's perspective can unveil hidden vulnerabilities. Basic preventive measures should address security weaknesses such as misconfigured digital certificates, open ports, and DNS server issues, to name but a few.

  • Establishing continuous risk management: Given the inevitability of cyber incidents, organizations should invest in knowing and protecting their assets through advanced attack surface management. This should include domain threat intelligence, certificate lifecycle management, and vulnerability management, complemented with no-blame training for all and regular testing of written processes.

The Critical Role of Organizational Readiness and Collaboration

Organizational readiness in cybersecurity involves a holistic approach integrating various aspects of cyber defense. This readiness is not solely about technological solutions but also encompasses the cultivation of a security-aware culture within the organization. Here, advances in cognitive cybersecurity best practices are essential in creating a proactive and continuous defense against cyber threats using the talent you have in your organization.

Rapid and continuous collaboration, within and outside the organization, is another critical element in effective cyber defense that any organization can do. Information sharing between different departments within an organization and with external partners can provide substantive insights and early warnings about potential threats. Such collaboration is evident in Ukraine's strategy, where a coordinated effort between government agencies and the private sector has been instrumental in fortifying the nation's cyber defenses.

A Template for Cyber Resilience

The lessons from Ukraine's cyber-warfare experiences experiences extend beyond national defense, offering actionable understanding for organizations in all sectors. Embracing the principles of prioritizing critical assets, establishing strong foundational cybersecurity practices, promoting organizational readiness, and fostering collaboration are essential for an effective cyber-defense strategy.

As geopolitical conflict plays out or spills over onto corporate infrastructure, organizations will find that adopting these lessons is not just beneficial but imperative. By following Ukraine's example, organizations can remain vigilant, adaptable, and resilient in protecting their viability against an increasingly dynamic threat landscape.

About the Author(s)

Dr. Sean Costigan

Director of Cyber Policy, Red Sift

Sean Costigan is an expert in emerging security challenges and a highly sought-after speaker on technology and national security. He is the lead for NATO’s cybersecurity curriculum and is widely published on national security matters relating to information security and hybrid threats. He is also a Professor at the George C. Marshall Center, where he educates on global cybersecurity, hybrid warfare, crime, and national security.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights