Yurii Shchyhol doesn’t have a lot of time to spare.
The head of the Derzhspetszviazok, Ukraine’s version of the US Cybersecurity and Infrastructure Security Agency, can be forgiven for working quickly. His country is under attack—and with it, the world order. “This is the first time ever in history that we’ve had such a full-fledged cyberwar happening right now in Ukraine,” says Shchyhol, who’s tasked with keeping Ukraine’s cyber territory safe in the same way president Volodymyr Zelensky oversees the country’s physical armed forces
Skirmishes on the internet against Russian hackers were not new to Shchyhol, nor to the people he oversees as part of the Derzhspetszviazok, also known as the State Service of Special Communications and Information Protection. Before invading Ukraine on February 24, Russia had been testing the defenses of Ukraine’s cybersecurity. Mostly it was persistent, low-level attacks, but one larger attack was launched on January 14, when Russia targeted more than 20 Ukrainian government institutions. The attack, designed to disrupt government-linked websites, leached out into the wider Ukrainian internet. “We also identified that around 90 websites were not accessible as a result of that attack,” says Shchyhol. “The goal of the Russian hackers was to sow panic among the Ukrainian population, and to demonstrate to the outside world that Ukraine is a weak state that could not handle the attacks,” he says. This is why the Derzhspetszviazok rushed to relaunch the affected sites. “The longest it took us for one site was close to one week,” he says. “No data was lost, and the outcome of this attack was more psychological warfare.”
When Russian soldiers began intruding into Ukraine’s physical territory, the attacks in cyberspace stepped up. For a full month, Russia targeted communications nodes, media, logistics, and railways, says Shchyhol. “At that time, there were lots of civilians—noncombatant Ukrainians fleeing to safer places,” he adds. “That’s why the goal of those attacks was to disrupt the work of communications lines, and railways in particular.”
We’re now in the third stage of Russia’s cyberwar against Ukraine, says Shchyhol—one that’s ongoing and perpetrated “mostly against civilian infrastructure: utilities and companies that render services to civilians, since they failed to destroy in the second phase our communication lines and our ability to keep people abreast of what’s going on.” Russia’s digital war playbook is similar to its physical warfare strategy, says the cybersecurity chief. “Our attitude remains the same,” he says. “We treat them as criminals trying to destroy our country, invading it on the land but also trying to disrupt and destroy our lifestyle in cyberspace. And our job is to help defend our country.”
Ukraine’s defense of its cyber assets has surprised some, who feared Russia’s much-hyped hacker army could quickly wipe out the country digitally—just as many in the international community worried Russia’s ground invasion was a foregone conclusion. But Vladimir Putin has already played his hand when it comes to cyberattacks, says Shchyhol, and Ukraine learned lessons. A 2017 attack launched by Russia using the NotPetya virus decimated the country—and broke out into the wider world, causing chaos wherever it spread. “Afterward, there were a couple of years when they were quiet,” says Shchyhol. “We recognized that’s because they were getting themselves prepared for more active attacks against our country, so we used that pause time to get ourselves prepared for the potential attacks.” Ukraine’s success in repelling the worst of Russia’s cyberattacks in 2022 demonstrates well how much the country analyzed and learned from previous skirmishes, says the cyber chief.