The database Shchyhol and his institution developed helped Ukraine repel an attack against a Ukrainian energy-generating company Russia launched earlier this year. “They used the same virus for that that they used back in 2017,” he says. Back then, Russia used the Industroyer virus; the country deployed an updated version, called Industroyer 2, earlier this year. “Since we were ready for this type of attack, we were successful in repelling it, and thus prevented damage being caused to this company,” Shchyhol says. This prevented power blackouts for 2 million people, he adds.
Ukraine’s cybersecurity lead admits that at least one Ukrainian database has been wiped as a result of Russia’s reported widespread use of wiper malware: the government’s motor insurance policy bureau, responsible for issuing coverage for Ukrainian drivers. “For two weeks, this bureau wasn’t able to issue the insurance policies to their clients,” says Shchyhol. But the bureau—like many in Ukraine—was warned about the risks and had a backup that enabled it to return to normal operations relatively quickly.
“The efficiency of any cyber combat efforts should be judged not by the fact that we make it impossible for the attackers to attack us,” says Shchyhol. “The real test of how well we perform is the [speed] with which services can be relaunched, and the fact no important data is stolen by perpetrators.”
Ukraine’s defenses have also been bolstered by covering fire in the cyberwarfare field by pro-Ukraine hacktivists—here, he’s more willing to use the term. “I’m talking not only about the Ukrainian IT Army,” a Telegram group set up at the start of the invasion that had at its peak more than 300,000 subscribers, “but other hacktivists worldwide that joined the effort at the beginning of the invasion.” Shchyhol says that those hacktivists have provided much-needed help—even if there’s little proof that the hacktivist army made any meaningful impact. Indeed, one recent academic analysis compared their work to breaking into a disused shopping center in a small city and spray-painting “Putin sux” on the walls.
“Being a military person, I believe anything that weakens our enemy is good for us,” he says. But Shchyhol is keen to make it clear that’s his personal opinion—wanting to avoid any suggestion of collusion or organization by the Ukrainian state. “They are a self-organized community, operating by setting their own goals,” he says. “There is no coordination of their activities coming from the government of Ukraine, and no sponsoring of their activities. We, as the government of Ukraine, are not giving them any direct order to target, for instance, infrastructure.” Even if they were to do so, Shchyhol says, Russia and its infrastructure would be lawful targets because of “all the crimes they perpetrated here.”
But rather than targeting key infrastructure for offensive attacks from hacktivists, Shchyhol suggests that targeted moves by IT businesses can cause as much damage. In July, he called for international companies servicing Russia to withdraw from the country. “Our enemy currently employs tactics like hordes did back in the Middle Ages,” he says. “Trying to attack territory and modify countries to how they want them to look using blunt force. In order for them to continue using this blunt force, they rely on continuous access to modern technologies.”
Without that access, Shchyhol says, “they will be thrown back to the Middle Ages. Any technology that comes into Russian hands, they’ll immediately try to use it for military purposes.” He estimates that 95 percent of tech companies his agency, Ukraine’s vice-president, and other government officials have approached have already withdrawn from the Russian market. Those that have include Cisco, HP, IBM, and Dell.
As for companies that haven’t, Shchyhol has a simple message. “The whole civilized world needs to recognize that the threat goes beyond Ukraine,” he says. “Cyberspace has no boundaries. If there’s any attack perpetrated against the cyberspace of one country, by default it’s affecting and attacking other countries as well.”