Ukraine seeks to bolster offensive cyber capabilities amid rising threats from Russia

KYIV, Ukraine — Ukraine's cybersecurity officials are warning of an urgent need to enhance the country’s offensive cyber capabilities in response to escalating threats from Russia.

Serhii Demediuk, deputy secretary of Ukraine’s National Security and Defense Council, said Ukraine is working on strengthening its offensive capacity and is encouraging its European partners to join these efforts.

“Defending ourselves is a thing of the past. We won’t be able to defend forever — we have to either fight back or run,” he said at the Kyiv International Cyber Resilience Forum on Tuesday.

“Russians only understand power. If we can’t push back, they won’t feel that there are any consequences for their actions.”

In his view, the lack of a global response to Russia’s actions allowed the Kremlin to use its unchecked power to destroy civilian infrastructure, undermine global trust and interfere in elections.

“As a former police officer, I can tell you that impunity breeds crime,” Demediuk said.

He also made a distinction between offensive cyberattacks, which are mostly conducted by the military, and active cyber defense — which aims to prevent attacks by, for example, targeting the infrastructure that threat actors use to carry them out.

According to Demediuk, offensive operations should shift from the military to law enforcement agencies so they can fight back against cybercrime.

Western researchers have previously said that Europe's cybersecurity strategy must evolve to include both offensive and defensive capabilities to counter Russia’s threats.

“Recent Russian actions in the digital sphere indicate that Europe’s deterrence will require both sword and shield to avoid disaster,” Charlie Edwards, senior advisor at the London-based International Institute for Strategic Studies, wrote recently.

Legal hurdles remain a significant obstacle in the proactive disruption of cyber threats, particularly when it comes to attribution and defining the roles and responsibilities of civilian agencies, such as law enforcement, versus the military.

Without clear attribution, cyber responses risk being ineffective, politically damaging, or even misdirected. Attribution, however, remains one of the biggest challenges in cyber warfare because attackers can easily hide their identities and manipulate evidence.

The distinction between the role of law enforcement in “active cyber defense” and that of the military — which traditionally handles national security threats, including cyber warfare — is also important as it determines who has the authority to respond to different types of cyber threats, under what legal frameworks they operate, and how their actions align with international norms. 

The U.S. has led the way in this regard, adopting a new cyber defense strategy in 2018 that emphasized a "defending forward" approach aimed at disrupting adversaries before they can launch attacks on U.S. territory or critical assets.

Another U.S. approach with an international focus, called “hunt forward,” helped Ukrainian and American specialists discover at least 90 malware samples infiltrating Ukraine’s critical networks before the invasion began.

The discussion about the growing need to bolster both defensive and offensive cyber capabilities to counter Russian threats comes amid talks about a potential 30-day ceasefire between Ukraine and Russia.

Kyiv officials are concerned that regardless of the outcome of ceasefire talks, cyberspace will still be an active front.

"If there are peace talks and Russia temporarily halts direct combat operations, where do you think the budget freed up from supporting Russian military actions will go?” said Natalia Tkachuk, head of cyber and information security at Ukraine’s National Security and Defense Council.

“I can guarantee that this budget will be redirected toward hybrid capabilities, particularly cyber operations and information warfare. Europe needs to be ready for this."