Strengthening cybersecurity capabilities in Ukraine

The conflict between Ukraine and Russia also extends to cyberspace. Propaganda campaigns, cyber intrusions, and attacks against critical infrastructure, such as electricity networks and telecommunication centres: Ukraine was already targeted by numerous Russian cyberattacks back in 2014. It has received support and assistance from its European allies to strengthen its cyber defence capabilities. However, Russia moved into cyberspace at a very early stage, back in the mid-2000s, getting an edge over Ukraine.

Since the Russian invasion of Ukraine in February 2022, there has been a growing number of Russian cyberattacks. Building on what it has learned in the past, Ukraine has shown resilience to these attacks and has managed to limit their impact. However, they continue to disrupt Ukraine’s critical infrastructure. In December 2024, a major Russian cyberattack targeted State registers and temporarily suspended access to certain government documents.

In this context, it is essential to strengthen Ukraine’s response capabilities in the digital field.

France joined the Tallinn Mechanism on 20 December 2023 to support Ukraine in cyberspace. The Tallinn Mechanism aims to coordinate and facilitate civilian capacity building in Ukraine in the field of cybersecurity by identifying the country’s needs. It does not have its own funds, but coordinates the assistance that member countries provide to Ukraine. In this context, France decided to provide mAIDan financing for the cybersecurity capacity building project in Ukraine.

The cybersecurity capacity building project in Ukraine has been designed in conjunction with the Ukrainian authorities to ensure it fully meets their needs. Its objective is to support the development of Ukraine’s cyber resilience and promote its alignment with international best practices and standards for cybersecurity. To achieve this objective, specialised training will be organised to build the capacities of the following groups:

• Managers responsible for a pool of public assets, or the supervision and protection of these public assets and networks;
• The networks/systems technicians and engineers responsible for a pool of public assets or the supervision and protection of these assets and networks, with a focus on security operations, penetration testing, incident response, threat hunting, and digital forensics.

The project aims to organise a structured programme of high-quality training to enable the participants to acquire knowledge and relevant experience in their field of activity. The target groups for this support are:

• Technical staff from the CERT (Computer Emergency Response Team), SOC (Security Operations Centre) and operators of SIEM (Security Information and Event Management);
• Other Ukrainian specialists involved in the protection of critical infrastructure from the following ministries: Ministry of Digital Transformation, Ministry of Economy, Ministry of Finance, Ministry of Justice, Ministry of Energy.