The Russia-Ukraine war is leading to a host of lessons learned in cybersecurity and artificial intelligence in what experts are calling the first full-scale drone war and the first AI war.
Illia Vitiuk, the head of the cyber department at the Security Service of Ukraine, said that his team responds to 10 to 15 serious cyberattacks each day, often at the same time as conventional military operations such as missile strikes, all the while Russia continues to improve its cyber capabilities and techniques.
Speaking Thursday at a cybersecurity summit in Washington, D.C., Vitiuk recounted the impact of Russian cyber operations on Ukraine, how his team has worked to develop resiliency against daily cyberattacks, what private-public partnership looks like in a cyber war zone and lessons that he has learned from 10 years of defending Ukrainian critical infrastructure.
"I remember back then, there were many experts denying the term cyber war … but after Ukraine, after what happened, especially in 2022, it has changed. And we see how doctrines and documents of different countries and international organizations are changing because they understand the real damage that cyber weapons and these actions can really bring to their country," Vitiuk said.
The number of cyberattacks has been steadily rising every year. According to Vitiuk, the Ukrainian security services encountered around 800 cyberattacks in 2020, which rose to 1,400 in 2021. After the full-scale invasion in 2022, cybercrime skyrocketed to 4,500 cyberattacks that year.
"It's very important to say that by saying cyberattack, we don't count every phishing email or every notification ... otherwise, it would be millions. It's really something serious that happened," Vitiuk said.
Earlier this month, Ukraine's computer emergency response team reported that cyber experts prevented an attack against a critical energy facility in Ukraine. The Russian cyberespionage group, also known as Fancy Bear, attempted to gain initial access to the facility using phishing emails.
There was also an attempt to penetrate Ukraine's military systems by attacking officers' Android tablet devices using a new type of malware in an attempt to gather intelligence.
This year, the Security Service has already encountered 3,000 cyberattacks, according to Vitiuk. As the war drags on, Russian hackers continue to evolve their tactics and techniques, he warned.
"They changed their strategy. They focused more on combining cyberattacks with kinetic attacks, focused on getting important intelligence, penetrating into what they call decision-making centers in order to get important intelligence, precious for them," he said. "They are focused on logistics, of course, on power grid, internet providers, telecom operators."
"We receive a lot of intelligence because we also penetrate their systems," he added. "Now we clearly see that there is a national cyber offensive program there in Russia. … Now they implement offensive disciplines in their higher education establishments ... so they start to teach students how to attack state systems."
Vitiuk also called for action, calling for partners from around the world to visit Ukraine and help them assess their critical infrastructure vulnerabilities.
"In the area of cyber defense and cyber protection … we ask cybersecurity companies to come to Ukraine and to help us to assess our own objects of critical infrastructure. So, what do we need, actually, from your perspective, from your expertise," said Vitiuk.