Ukraine’s cyber defense shows why resilience may matter more than prevention
An expert says Ukraine’s cyber defense offers a hard-earned lesson for the United States: stop assuming good defense means stopping every attack.
On a recent episode of Cyber Focus, Greg Rattray argued that the more important test is whether a country or company can keep operating, recover quickly and adapt under pressure. Drawing on his work with the Cyber Defense Assistance Collaborative, or CDAC, Rattray described how private-sector cyber support helped Ukraine withstand Russian attacks and what U.S. leaders should take from that experience.
Rattray, who leads CDAC, said the organization has helped facilitate more than $30 million in support to Ukraine since the early days of Russia’s full-scale invasion. Ukrainian officials identifiedneeds, and private-sector companies moved quickly to help meet them. That speed, he suggested, was one of the biggest advantages of providing support through a nongovernmentalorganization.
One of the most important contributions, Rattray said, was visibility. As global cyber companies shared intelligence with Ukrainian defenders, Russian operators had a harder time working unseen. He used a phrase that captures the point neatly: Russia was no longer operating in the dark. The cyber battlespace had become a “brightly illuminated cyberspace.” In his telling, that broader awareness helped blunt the effectiveness many expected from Russian cyber operations at the start of the war.
That point fed into the episode’s larger theme: resilience. Rattray pointed to the December 2023 attack on Kyivstar, Ukraine’s largest telecommunications provider, as a revealing example. He said he expected the company to be down for weeks after its infrastructure was effectively leveled. Instead, it was back online in two days. Ukraine’s ability to restore telecom service, recover systems and keep critical functions moving under both cyber and physical attack, he argued, is one of the clearest lessons for the U.S.
For American CEOs and national security officials, that may mean thinking less in absolutes. Rattray said even strong teams cannot guarantee they will never suffer a major incident. The real question is whether they are prepared for the bad day that eventually comes. He argued that resilience remains “under-thought, under-exercised [and] under- invested in” because security strategies still lean heavily toward prevention.
Rattray also made a broader policy argument about the role of industry in cyber defense. He said much of the operational front line already sits in private hands because the infrastructure, platforms and technical expertise are largely there. In his view, governments should focus less on directing every action and more on setting guardrails, enabling private-sector activity and supporting faster operational collaboration.
For more on this and other important cyber topics, check out the full catalog of Cyber Focus podcasts.