In its second year, the Kyiv International Cyber Resilience Forum gathered the leading experts and practitioners of cybersecurity in the capital of Ukraine, itself now a major cyber battleground.

The forum adopted a broad definition of cyber resilience. It included conventional topics such as defence against cyber sabotage, but also broadened into information warfare and digital transformation in regional governance. The audience included Ukrainian government officials, military officers, foreign diplomats, startup founders, researchers, and, most importantly, Ukrainian cybersecurity professionals, whose battle-hardened experience is now a source of valuable learning for the sector.

The security was as very tight, as is now common at events in Ukraine. Indeed, I had the scissors from my first-aid kit confiscated at the bag search.

Everyone is sober about the immense challenges Ukraine and its allies are facing. I was told by a European cybersecurity expert, seconded to the embassy of their home country in Ukraine, that they are in Kyiv “because this is where the future of cyber warfare is made.”

Ukraine is under immense pressure in this field. Ihor Malchenyuk, the Director of the Cyber Defence Department of the State Special Communications Service, said that the number of the major cyber incidents in 2024 was so high that he needed a calculator to compute the per day rate. Last year, Ukrainian cyberspace faced 12 incidents every day. “I'm not talking about merely getting some fishing message in my mailbox”, he told the attendees. Instead, Malchenyuk referred to the incidents of such scale that they may result in “100,000 residents of Lviv having no heat and hot water.”

Going after central heating is a textbook example of sabotage. But Russian attackers do not stop there. A bizarre example was given by the State Service for Transport Safety They manage a network of ‘weighing-in-motion’ machines that weight trucks on the Ukrainian highways and issues fine to the overloaded ones. This brings roughly 5mUSD to the Ukrainian budget annually.

Russian hackers broke into this system and encrypted the data, Valeriy Kulyk-Kulichenko, the Deputy Head, told the audience. But the aim of the attackers was not only to sabotage the service. Weighing-in-motion systems also include real-time video feeds. Getting access to these streams could allow the Russians to gather the data on the movement of military vehicles, Kulyk-Kulichenko said. His organisation was not able to decrypt the data and instead just redeployed the system.

State Service for Transport Safety is a small agency and rather new to digitalisation so it was less prepared. The larger organisations had their bitter experiences before February 2022, and were better prepared. For instance, in 2016 Ukrenergo, the national electricity transmission operator became arguably one of the most famous casualties to cyber warfare when its substation was knocked off for an hour by a group associated with Russian military intelligence, leaving parts of Kyiv dark. “After this incident we started investing more effort in the cybersecurity”, Sergiy Galagan, a Board Member of Ukrenergo, explained at the forum.

His company was shoring up cyber defences ahead of 2022. When the Ukrainian electricity grid was scheduled to desynchronise its operations from the Russian and Belarusian systems, the cybersecurity team of Ukrenergo believed the Russians would attack it to wreak additional havoc during the desynchronisation. According to the timetable, the disconnection was to take place on the night of February 24^th. The first air raid against Ukraine started around the time when tired grid operators tried to go to bed after cutting the ties to Russia and Belarus.Despite that, the ensuing Russian cyberattacks failed to cause substantive damage to Ukrenergo. “Sadly, I have no interesting cases to tell you,” Galagan said with a smile.

The allies will follow Ukraine in rethinking their cybersecurity strategies, argued General Serhii Demediuk, Deputy Secretary of the National Security and Defence Council. When attacked, a state should be capable of not only defending itself but also counterattacking against the foreign-based infrastructure of the perpetrator, he said.

Once, Ukraine tried to achieve this end by the means of law enforcement cooperation with a foreign state. The process took 40 minutes, “a great result when it comes to such cooperation.” In the meantime, the perpetrators were able to clear up the crime scene of any the evidence.

Therefore, there must be other ways to counter-attack. Ukraine is developing such capabilities now and working with the private sector is important because “the state bodies of Ukraine, as well as of many other European countries, are not capable of performing this on their own.”

It is not the only example of public-private partnerships which emerged in the Ukrainian cyber sector. The most enduring ones resulted from the need for defensive instruments against Foreign Information Manipulation and Interference. Such Ukrainian startups as Osavul and Mantis Analytics, which employ artificial intelligence to monitor the information space, have been long-term partners of the National Security and Defence Council. We will write more about this sector in the future.

Molfar, an intelligence firm, also uses technological innovations to support businesses and the Ukrainian state. Using a publicly available index of all commercial satellite images ever sold, it proved that private satellite companies made around 600 photos of locations in Ukraine that were subject to Russian air raids within a week after the images had been procured. In other words, it is possible that the Russian army relied on commercial satellites while preparing these attacks.

To test this hypothesis, “we created a website of a fake Russian agricultural company and used this identity to buy satellite images of the Congo, Kazakhstan and, ultimately, Ukraine,” Molfar’s founder and CEO Artem Starosiek explained. The Russian origin of the customer did not bother the sellers. “We were just sent the invoices,” Starosiek said. Before going public with this finding, Molfar crafted a model for the Ukrainian state that could forecast potential Russian air raids based on the ongoing purchases of the images.

During the two days of the conference, its underground venue was overflowing with people. “All the 30-minutes slots to use the negotiation rooms here are booked,” Yegor Aushev, the managing partner of the forum, told me.

A cybersecurity entrepreneur, he believes that the role of the forum is to “create a platform for intergovernmental meetings to happen at the sidelines and behind the close doors.”

At the same time, he felt that the European private sector should have shown more eagerness to attend. “We reached out to roughly 300 companies and only got a few replies,” he said. If you would like to visit Ukraine’s capital next year, feel free to contact Aushev on LinkedIn.