Skip to content

With a little help from my friends? Cyber assistance and Ukraine’s successful cyber defence

As we reach one year into military hostilities in Ukraine, the utility of sharing intelligence and the limited impact of cyber actions for the success of conventional military operations has become somewhat apparent. Examples are plenty: In the early phases of the war, CERT-UA was able to mitigate the impact of the “Caddy Wiper/Industroyer2” malware and others through cooperation with the intelligence services of other states (e.g. UK, US and Poland) and cybersecurity companies such as ESET and Microsoft. More recently, reports of “offensive cyber operations” by US authorities have appeared publicly, though details (time, location, and means) of these are not available yet.

Providing (cyber) assistance to Ukraine has raised immediate concerns in many countries
about supporting governments becoming direct parties to hostilities (DPH), e.g., in Germany. While sharing some of these concerns about escalatory dynamics of cyber assistance to Ukraine, we beg to differ about the escalatory effects of cyber assistance. Politically, cyber operations tend to manipulate the access to or content of information, with very few operations involving kinetic effects. As such, cyber assistance may even constitute an “off-ramp” before, during, or towards the end of hostilities.

Sebastian Harnisch and Martin Müller argue that Russia’s attack on Ukraine is an unlawful use of force, an armed attack in direct and clear contravention of the UN Charter, which The attack, in our view, allows for two lawful responses in cyberspace: first, the party attacked, Ukraine, may defend itself individually or collectively under Article 51 of the UN Charter; second, for third parties, the (unprovoked) armed attack gives rise to either a status of non-belligerency, in which third parties may support the right to individual self-defence under Art. 51 (2) of the UN Charter or a status of co-belligerency, in which a third party directly participates in hostilities.

Other EuRepoC Articles

  • Research and Analysis
Right Thoughts, Right Words, Right Actions?: The EU’s Application of the Cyber Diplomacy Toolbox

1 February 2024
This analysis by Imke Schmalfeldt, Annika Sachs, and Kerstin Zettl-Schabath is the first to closely examine the actual application of the Cyber Diplomacy Toolbox's measures by EU institutions and actors over the last six years. Thiis paper sheds light on the question as to how far the EU has used the CDT as a vehicle to push for a strengthened Europeanisation of cybersecurity policies.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.