Managing cyberattacks in wartime: The case of Ukraine

Abstract

Cybersecurity specialists face continual challenges in protecting organizations and societies from ever‐evolving cyberattacks. These challenges intensify dramatically in the context of war, yet our understanding of cyberattacks during wartime is limited. This is in part because it is difficult to gather information about cyberattacks and cybersecurity in highly tense wartime environments. Against this backdrop, we present evidence from a unique case study that examines cyberattacks and cybersecurity issues in the context of the Russian‐Ukraine war. Compared with peacetime, the nature of cyberattacks in wartime both intensifies and expands. During armed conflict, nation‐state funded cyberattacks are typically better financed, more prolonged, and have concrete aims, including to disrupt military operations, sabotage infrastructure, spark civil unrest, and spread disinformation. Countries at war experience extreme pressures due to resource scarcity, poverty, and societal conflicts, all of which make it difficult to effectively manage cyberattack threats and experiences. Based on interviews with public authority representatives in Ukraine, our study found four main challenges to managing cyberattacks during wartime. First, limited financial resources were a major hindrance. Decision‐makers said that they were forced to set tough economic priorities and to oscillate between allocating resources to physical assets (e.g., conventional military operations and rebuilding infrastructure devasted by bombing) and to cybersecurity. In such situations, cybersecurity came in second to more immediate wartime needs; this complicated sufficient investment in IT infrastructure, cyber‐awareness training, and implementing response plans. Second, the country faced serious recruitment difficulties. Attracting IT and cyber personnel has been hard—and sometimes impossible—as the war forced people to leave the country or parts of it, and many IT professionals left the field to become soldiers. Further, salary disparities between the public and private sectors, as well as regional differences, thwarted recruitment efforts in certain areas of the country. Inappropriate human behaviors, such as clicking insecure links, poor password practices, and using risky apps, always pose significant cyberattack risks. War magnifies these challenges due to lack of training, as well as to increased financial incentives for employees to compromise security. Unclear cybersecurity guidelines added an extra layer of complexity in managing cyberattacks. Public authority representatives at the local level said that they lacked the clear, actionable guidelines they needed for cyberattack management in a wartime situation plagued by resource scarcity. These four challenges are not unique to wartime situations; all are recognized in the cybersecurity literature covering routine IT contexts. However, our study illustrates how these four cyberattack challenges are magnified, entail critical dilemmas, and are more difficult to manage during wartime, not least because prioritizing cybersecurity is a challenge in itself. Hence, while Ukraine had upgraded its digital government capacities before the war, and government actors have attempted to continue managing ongoing cyberattack challenges—including adapting legislation and providing cyber‐awareness training for public servants to decrease inappropriate human behaviors—effectively managing cyberattack threats has remained extremely difficult. Our article contributes new insights into the challenges of managing cyberattacks in extreme situations. We showcase the challenges and dilemmas in wartime and offer practice‐based knowledge on cyberattacks and cybersecurity efforts in highly tense environments.