Oleksandr Potii was appointed to lead Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) in November. A brigadier general and former information security professor with over 25 years in the Ukrainian armed forces, Potii’s role shifted from overseeing a few policy areas to managing more than a dozen, including the critical tasks of protecting national infrastructure and coordinating cyberdefense efforts amid a full-scale war. His promotion made him the third person to hold this position since the Russian invasion began in 2022, a testament to the ongoing challenges Ukraine faces on both the battlefield and in cyberspace.
In an interview, Potii was candid about Russia’s cyber capabilities, stating that their technical level is high and their potential is strong. He emphasized that Ukraine cannot afford to underestimate them, noting that Russia has both the means and the motivation to use its resources for destructive purposes. He observed that their intellectual resources are not aimed at constructive development for their own nation but are instead focused on sabotage and destruction. Potii made these remarks during an interview with Recorded Future News at the SSSCIP office in Kyiv, where he discussed Ukraine’s evolving cyber defenses and its cooperation with Western allies. He stressed that Moscow’s hackers remain well-resourced, highly motivated, and politically driven even as the war enters its third year.
According to Potii, there’s been a noticeable shift in Russia’s cyber strategy. The number of large-scale “critical” cyberattacks intended to paralyze key infrastructure has decreased since the early months of the war. He attributes this change to Ukraine’s strengthened defenses and the increased effort required to mount such significant operations. He explained that these large-scale attacks demand extensive preparation, resources, and coordination, suggesting that Russia may lack the resources for such operations as Ukraine’s defenses continue to improve. This has made it more difficult for Russia to launch successful attacks, increasing the time and effort needed for each attempt.
Data from Ukraine’s Computer Emergency Response Team (CERT-UA) supports this observation, with a significant drop in critical and high-level cyber incidents. The number of incidents fell from 1,048 in 2022 to 367 in 2023, and to just 59 in 2024, according to a report by the SSSCIP. While critical attacks have decreased, non-critical cyber operations, such as espionage and distributed denial-of-service (DDoS) attacks, have increased.
Potii offered a few possible explanations for this shift: Russia might be saving its resources, it could be waiting for a more opportune moment, or Ukraine’s improved defenses are effectively preventing these attacks from reaching a critical level. This ongoing cat-and-mouse game highlights the dynamic and ever-evolving nature of cyber warfare, where both sides are constantly adapting their strategies to gain an advantage.
Reference:
