Ukraine’s extensive experience defending against a large-scale cyber war with Russia would be invaluable in forming an alliance with the UK and the EU to better protect Europe.
In a paper for the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), Dr Nataliya Tkachuk proposes creating a “Cyber Alliance” that would bring together Ukraine, the UK, and EU countries. The recommendation follows years of Russian cyber operations that have expanded beyond Ukraine’s borders and now pose a direct threat to critical systems across Europe.
Forged in the fire of cyber war
Ukraine’s resilience against persistent digital attacks grew from hard lessons learned in conflict. The cyber confrontation with Russia began in 2014 and accelerated into what Tkachuk’s paper describes as the world’s first large-scale cyber war.
A pivotal incident occurred in December 2015, when the BlackEnergy malware was used against Ukrainian energy firms, cutting electricity to about 80,000 households and businesses. That attack exposed how vulnerable civilian infrastructure was to cyber aggression and became a catalyst for reform.
Recognising those vulnerabilities, Ukraine started building a national cyber defence architecture. It published its first National Cybersecurity Strategy in 2016 and enacted a foundational Cybersecurity Law in 2017. These policies were more than statements of intent; they established coordinated governance and operational frameworks, aligning agencies from the security services to the central bank under a central cyber authority, the National Cyber Security Coordination Center (NCSCC).
As the risk of a full-scale invasion rose in late 2021, Ukrainian cyber professionals ran strategic exercises and tabletop simulations that foreshadowed many of the attacks that followed. The experience gained on the digital battlefield has produced practical lessons in resilience and response that could benefit other European countries facing increasingly sophisticated threats.
A new army to fight a new war
When Russia launched its full-scale invasion in February 2022, Ukraine’s response included the rapid formation of an unusual force. On 26 February 2022, the Ministry of Digital Transformation announced the creation of the IT Army: a global network of volunteers that at its height numbered in the hundreds of thousands.
This citizen-led cyber contingent carried out distributed denial-of-service (DDoS) operations, website defacements, and other disruptive activities aimed at degrading Russian online capabilities and economic functions. While their efforts were sometimes uncoordinated, they tied up adversary resources and helped dispel assumptions about Russian cyber dominance.
Beyond volunteers, Ukraine’s formal security institutions have been the backbone of its cyber defence. They have faced an adversary whose tactics have evolved from disruptive attacks toward more covert intelligence-gathering operations. Groups linked to the Russian state—such as Sandworm and Armageddon—have increasingly synchronized cyber operations with missile and drone strikes, and have used compromised cameras and sensors to assess physical damage in near real-time.
The human toll remains a central objective for the attackers. For example, a major cyberattack on mobile operator Kyivstar in December 2023 disrupted communications for millions and prevented many people from receiving critical air-raid warnings, demonstrating the tangible risks to civilian safety that cyber operations can create.
The cyber war comes to Europe
The danger is no longer confined to Ukraine. Dr Tkachuk’s analysis warns that Russia is conducting an expansive information and cyber campaign across Europe, including the UK and EU member states. Incidents targeting critical infrastructure, government agencies, and political figures have increased, signaling a broader regional threat.
Russian actors are also experimenting with hybrid techniques, combining cyberattacks with electronic warfare to disrupt satellite services and GPS signals. Those tactics have the potential to degrade navigation and communications services, with implications for civilian aviation and other critical sectors across Europe.
In May 2024, a high-profile example of information manipulation occurred when satellite and telecommunications disruptions led to the broadcasting of Russian military parade footage in parts of Latvia and Ukraine. That incident illustrated both Russia’s technical reach and its willingness to use information operations for political signalling.
Given the escalating threat environment, the Cyber Alliance concept aims to pair Ukraine’s battlefield-hardened experience with the technological capacities and resources of the UK and EU. Such collaboration would focus on shared intelligence, coordinated incident response, and collective resilience-building to deter and mitigate cyber aggression before it escalates into wider harm.
A united framework could standardise information sharing, create interoperable defence measures, and enable rapid coordinated action during large-scale incidents. By integrating Ukraine’s operational knowledge with European partners’ technical and policy resources, a Cyber Alliance could strengthen deterrence and accelerate improvements in cyber hygiene across critical sectors.
Ukraine’s cyber defences were forged through sustained crisis. The question now is whether European partners will act on those lessons and form the cooperative structures needed to protect shared digital infrastructure and civilian populations.
(Photo by Evgeny Ozerov)
See also: UK seeks cyber defence interoperability beyond NATO allies
Want to learn more about cybersecurity and cloud technologies from industry experts? Attend Cyber Security & Cloud Expo, held in Amsterdam, California, and London, which brings together events focused on digital transformation, IoT, blockchain, and AI and big data technologies.
Explore other upcoming enterprise technology events and webinars powered by TechForge.