Ukraine’s case: Building cyber resilience under fire
In the conditions of full-scale war, Ukraine is gaining unprecedented experience in protecting critical infrastructure. Every day, Ukrainians face challenges no other country has ever encountered: Russia wages war on land, at sea, in the air, and in cyberspace. This forces us to continuously improve our security systems — from the physical protection of facilities to countering cyberattacks.
Despite the enemy’s relentless attempts to harm the country, Ukraine has managed to preserve its defence capability and maintain the uninterrupted operation of public services and digital systems. At the same time, Ukraine draws on the experience of partners with advanced cybersecurity systems. Estonia, for example, built its public-private partnership after the 2007 attacks, while Finland has integrated the protection of digital and physical systems into a unified national security model.
Cyber resilience is a shared effort between the state, businesses, and citizens. Experts from Ukraine, Estonia, and Finland emphasise: only a comprehensive, multi-layered approach enables effective defense against modern threats.
This article brings together practical cases from Ukraine, Estonia, and Finland – along with expert advice on strengthening personal and institutional cyber resilience, from everyday habits to large-scale digital protection.
The Ukrainian Experience: Critical Infrastructure Under Attack
Russia launched its full-scale digital offensive even before the first missiles struck Ukrainian cities. A year before the invasion, cyber activity intensified. On January 14, 2022, a wave of cyberattacks began: first, a massive breach of government websites, then, on February 15, DDoS attacks on banks and state institutions; and finally, on February 23–24, an attempt to disable the Viasat satellite network.
These attacks did not break Ukraine, but they showed that war on the ground and war online occur simultaneously. Since then, the country has lived under constant cyber threats, where every unprotected server or careless click can become an entry point for the enemy.
In modern warfare, cyberattacks are part of hybrid threats, alongside air strikes and sabotage. “No state has had experience countering simultaneous kinetic and cyberattacks,” notes Valerii Novak of the Critical Infrastructure Protection Department of Ukraine’s Special Communications Service.
Trends in Cyberattacks on Ukraine (2021–2025)
In the first half of 2025 alone, over 3,000 cyber incidents were recorded – 17% more than during the same period in 2024. Many were deliberate hostile operations targeting hospitals, energy and transport systems, government services, and local authorities.
Total Number of Incidents
| Year | Incidents | Change |
|---|---|---|
| 2021 | 1,348 | — |
| 2022 | 2,185 | +62% |
| 2023 | 2,541 | +16% |
| 2024 | 4,293 | +69% |
| 2025 (to date) | 4,867 | +13% vs. 2024 |
Most Targeted Sectors
| Year | Sectors | Share |
|---|---|---|
| 2021 | Government Agencies / Security | 65% |
| 2022 | Government Agencies / Security | 75% |
| 2023 | Government Agencies / Security | 70% |
| 2024 | Local Authorities / Government / Security | 75% |
| 2025 | Local Authorities / Security / Government | 80% |
(Source: CERT Ukraine, 2025)
The State of Ukraine’s Critical Infrastructure Protection
Ukraine’s critical infrastructure in numbers:
- 24 critical sectors
- Over 4,000 facilities designated as critical since the start of the invasion
- Most vulnerable sectors:
⚡ energy
🛡 defense industry
🚊 transport
💧 life-support systems
“Ukraine faces unprecedented challenges in protecting critical infrastructure. Physical, technical, and organisational threats impact facilities essential for millions,” says Oleksandr Potii, Head of the Special Communications Service of Ukraine.
The full-scale war has shown that defending the country requires simultaneous protection in both cyberspace and the physical environment. This combination makes systems resilient. In cyberspace, Ukraine has made a strategic shift from a policy of “total protection” to the concept of cyber resilience. “You can’t protect everything 100%, but you can ensure rapid recovery after an attack,” explains Dmytro Pakholchenko, Head of the Cybersecurity Department at the State Special Communications Service.
To achieve this, the National Backup Center was established, where critical infrastructure operators store backup copies of their data. The Backup Centre enables the quick restoration of system operations even after large-scale cyberattacks.
In the physical domain, Ukrainian resilience relies on three components: engineering fortification of facilities (by operators), electronic warfare (by operators), air defense and fire response (by the state). The model is based on shared responsibility: operators invest in physical protection and electronic warfare, while the state provides air defence. This approach works: less massive missile-drone attacks in 2022–2023 caused greater damage to the energy system than more intense attacks today. Strikes on critical infrastructure still occur today, but their scale is nowhere near what it was in late 2022.
And although no system can make infrastructure completely invulnerable, Ukraine’s model — combining cyber defense with physical protection — has already proven effective. It not only reduces the destructive impact of attacks but also enables specialists to restore damaged systems quickly.
Building a Culture of Security Through Partnership
Ukraine is not alone. “Our strongest partners are the United States, the United Kingdom, and the EU, especially Germany,” says Pakholchenko. The UK supported engineering protection efforts; Germany by training specialists. But Ukraine also shares its own unique wartime expertise. At the Copenhagen summit, Ukrainian specialists advised Denmark on countering enemy drones.
Lauri Luht, the Deputy Secretary General of Estonia’s Ministry of Justice and Digital Affairs, emphasises also the value of mutual learning: “Estonia has spent years building its cybersecurity expertise, and we’re truly proud to share that experience with Ukraine. But it’s not a one-way exchange. Watching Ukrainian specialists continue defending their systems in the middle of a war teaches us lessons no textbook ever could,” says Lauri Luht. “Strengthening Ukraine’s cybersecurity isn’t just one country’s task — it’s about protecting our shared digital future, something we all depend on,” says Lauri Luht.
One example is the “Cybersecurity Readiness for Ukraine’s Critical Infrastructure” project by the e-Governance Academy (eGA) in partnership with Ukraine’s Special Communications Service, supported by the U.S. government and Estonia’s ESTDEV.
The project included:
- development of training programmes and materials,
- a handbook of best practices on protecting critical infrastructure,
- 13 training courses for 386 specialists across 50+ institutions,
- study visit to Estonia focused on crisis centers, industrial systems, and digital infrastructure protection.
Estonia’s Approach: Public-Private Partnership
Estonia was one of the first EU countries to face large-scale cyberattacks. In 2007, those attacks disabled more than fifty online resources, including websites of government institutions, banks, and media outlets. They became some of the first cyberattacks in world history aimed at disrupting an entire society. In response, Estonia adopted Europe’s first national cybersecurity strategy.
“Estonia created a state institution responsible for national cybersecurity and passed laws that the European Union later used as a model when developing the NIS1 directive, which sets cybersecurity requirements for key sectors and digital services,” says Taimar Peterkop, a former Director General at the Information System Authority, now a cybersecurity expert at the e-Governance Academy.
According to Taimar, the key pillar of the Estonian model is close cooperation between the public and private sectors. The Estonian Defence League plays a particularly important role — a volunteer organisation with a cyber unit made up of specialists from private companies. “When I was Director General of the Information System Authority in 2017, we faced a crisis related to national ID cards. The government was only able to handle it with the help of the private sector. Every company I reached out to stepped up,” Peterkop recalls.
He previously oversaw the country’s digitalisation efforts and served as Estonia’s State Secretary. “It’s essential to build relationships between the public and private sectors in peacetime, so that when a crisis comes — even a wartime one — you can rely on them.”
Finland’s Approach: Security as a National Culture
Finland has embraced a comprehensive security model that addresses not only cyberthreats but all possible crises — from epidemics to natural disasters. Minna Ålander, a researcher at Chatham House, explains the philosophy behind this approach: “Responsibility doesn’t lie only with the government — it lies with the whole society. In this comprehensive security model, citizens are viewed as a resource, not a problem.”Preparing citizens for this begins in childhood. “Finnish children start learning basic media literacy skills from an early age, both in school and even in preschool,” Ålander says. “It’s a crucial component of overall resilience.”
For people in key positions, Finland holds national defense courses four times a year. “These are almost month-long trainings built around different scenarios, bringing together representatives of government agencies, local administrations, private companies, critical infrastructure providers, journalists, academics, NGOs, and even churches and cultural figures,” Ålander explains.
The result is a high level of trust and readiness for threats. “When people know that if something happens, they have food and supplies for at least 72 hours, and they know where to find shelter, it has a real psychological effect,” she says. This kind of mobilisation and readiness to act is a clear example of how a security culture is formed. It begins with understanding one’s personal responsibility — both in the physical world and in cyberspace. When everyone recognises that the country’s security also depends on their own actions, society develops a strong, collective immunity.
The Future of Cybersecurity: New Challenges
Technology is rapidly reshaping our lives and making them more convenient — but with every new advantage comes a new set of risks. Artificial intelligence, quantum computing, and increasingly complex digital systems are not only innovative tools; they are also potential instruments of modern warfare.
Both Ukrainian and international experts agree that the greatest challenges are still ahead. Many of them stem from artificial intelligence. “AI is both a very good and a very dangerous tool,” says Minna Ålander. “It enables adversaries to be more effective in their attacks, but it can also help in defense — by scanning threats faster and automating key processes.”
Quantum computing poses an equally serious risk. “From an encryption standpoint, it’s a huge potential threat. Finland is investing heavily in quantum research and development,” Ålander adds.
Estonian expert Taimar Peterkop highlights another growing concern: “We know less and less about the origins of the software we use. And that means malicious actors can plant all kinds of ‘surprises’ in it.”
Even so, he advises ordinary citizens to focus on the threats we face today. While states and corporations work on solving quantum encryption and AI-related challenges, individuals can already make a meaningful contribution by following basic cyber hygiene practices.
Ukrainian experts emphasise that the government is doing extensive work to prevent cyberthreats and mitigate the consequences of cyberattacks. “Not everything can be shared publicly, but the actors within the national critical infrastructure protection system are doing enormous work,” explains Valerii Novak from the State Special Communications Service.
However, he stresses that this work will only be effective if everyone understands that cybersecurity is not just about technology — it’s about people, trust, and each individual’s readiness to take responsibility for their own safety and the security of their country.
Cyberthreats are not abstract. They can hide in an unexpected message, a fake call from a “bank,” or a suspicious password-reset notification. However, even the most basic cyber-hygiene habits can dramatically lower the risks.
The article was prepared and launched in the Hromadske portal within the project “Cybersecurity Readiness for Critical Infrastructure in Ukraine” supported by the Government of the United States through the Development Cooperation Partnership (DCP) Programme and by the Government of Estonia through the Estonian Centre for International Development (ESTDEV).